Quite often I find myself reverse engineering Android applications when I try to review the security of applications. A good reverse engineering tool is critical to perform a good security assessment. DroidSec is a reverse engineering tool, specifically build for reverse engineering Android applications, and features are built in, which from my experience, have proven to be useful. However, DroidSec is not a silver bullet, it’s more like a Swiss army knife.
How to get DroidSec
DroidSec is hosted at my GitHub account, which can be found here: https://github.com/DarioI/DroidSec
The GitHub page displays a README.md, or it can be viewed at the homepage: https://darioi.github.io/DroidSec/
Under the hood
DroidSec is built using the AndroGuard codebase, and developed in Python. It uses the DAD decompiler to decompile Android to .java sources.
If you are a security researcher in need of assistance or if you would like to see additional features added, please contact me at firstname.lastname@example.org and we’ll discuss it further. Please keep in mind that the project is just being bootstrapped, the code is far from optimal and a lot of refactoring will be done once I work towards a first release candidate. I’ll try however to keep the master branch in a building state, so everyone can experiment with nightly builds.
This tool is build for educational purposes only, keep in mind that reverse engineering applications is illegal in most countries and use this tool on your own risk.