Labsco
SecFathy logo

Apktool

โ˜… 39

from SecFathy

A server for Android APK analysis and reverse engineering using Apktool.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

Apktool MCP Server

A powerful Model Context Protocol (MCP) server that exposes Apktool functionality for Android APK analysis and reverse engineering. Integrates seamlessly with Gemini CLI to provide AI-powered APK security analysis, privacy auditing, and reverse engineering guidance through natural language commands.

๐Ÿš€ Features

๐Ÿ” Comprehensive APK Analysis

  • Decompile APKs to extract resources, manifest, and smali code
  • Analyze permissions and app components for security assessment
  • Extract string resources and detect hardcoded secrets
  • Search smali code for specific patterns and security vulnerabilities
  • Recompile modified APKs after making changes

๐Ÿค– AI-Powered Workflows

  • Natural language commands for complex APK analysis tasks
  • Automated security audits with AI-generated insights
  • Privacy compliance checking and GDPR/CCPA analysis
  • Step-by-step reverse engineering guidance
  • Intelligent vulnerability detection and risk assessment

๐Ÿ›  8 Core Tools

ToolDescription
decode_apkDecompile APK files to extract all components
build_apkRecompile APK from modified source directory
install_frameworkInstall system frameworks for system app analysis
analyze_manifestParse AndroidManifest.xml for permissions and components
extract_stringsExtract string resources with locale support
list_permissionsEnumerate all requested permissions
find_smali_referencesSearch for patterns in decompiled smali code
get_apk_infoGet basic APK metadata and information

๐Ÿ“‹ Specialized Analysis Prompts

  • Security Analysis: Comprehensive vulnerability assessment
  • Privacy Audit: Data collection and compliance analysis
  • Reverse Engineering Guide: Step-by-step analysis workflows

๐Ÿ“ Project Structure

apktool-mcp-server/
โ”œโ”€โ”€ apktool_server.py          # Main MCP server implementation
โ”œโ”€โ”€ requirements.txt           # Python dependencies
โ”œโ”€โ”€ config.json               # Example Gemini CLI configuration
โ”œโ”€โ”€ README.md                 # This file
โ”œโ”€โ”€ GEMINI.md                 # AI assistant context file
โ”œโ”€โ”€ LICENSE                   # MIT license
โ”œโ”€โ”€ examples/                 # Usage examples and samples
โ”‚   โ”œโ”€โ”€ sample_analysis.py    # Example analysis scripts
โ”‚   โ””โ”€โ”€ workflows/            # Common workflow examples
โ”œโ”€โ”€ tests/                    # Unit tests
โ”‚   โ”œโ”€โ”€ test_server.py        # Server functionality tests
โ”‚   โ””โ”€โ”€ test_tools.py         # Individual tool tests
โ””โ”€โ”€ docs/                     # Additional documentation
    โ”œโ”€โ”€ SECURITY.md           # Security guidelines
    โ”œโ”€โ”€ CONTRIBUTING.md       # Contribution guidelines
    โ””โ”€โ”€ TROUBLESHOOTING.md    # Common issues and solutions

๐Ÿ”’ Security Considerations

โš ๏ธ Important Security Notes

  • Legal Compliance: Only analyze APKs you own or have explicit permission to analyze
  • Malware Risk: Unknown APKs may contain malicious code - use in isolated environments
  • Data Privacy: Decompiled APKs may contain sensitive user information
  • Workspace Isolation: Configure dedicated workspace with restricted permissions
  • Process Limits: Server includes timeouts to prevent resource exhaustion

Best Practices

# Use dedicated workspace
export APKTOOL_WORK_DIR="/secure/isolated/workspace"

# Set appropriate permissions
chmod 750 /secure/isolated/workspace

# Monitor resource usage
htop  # Watch memory and CPU during analysis

# Clean up after analysis
rm -rf /secure/isolated/workspace/*

๐Ÿงช Testing

Run Unit Tests

# Install test dependencies
pip install pytest pytest-asyncio

# Run all tests
pytest tests/

# Run with coverage
pytest --cov=apktool_server tests/

Manual Testing

# Test server startup
python3 apktool_server.py

# Test with sample APK
# Download a sample APK and test basic functionality

Integration Testing

# Test Gemini CLI integration
gemini
> /tools  # Should list apktool tools
> Use decode_apk to analyze sample.apk

๐Ÿค Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

Development Setup

# Clone and setup development environment
git clone https://github.com/SecFathy/APktool-MCP.git
cd APktool-MCP
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
pip install -r requirements-dev.txt

# Run tests
pytest

# Format code
black apktool_server.py