Tool

CLI

Mobile Security

APKiD

by rednaga

2.3Kstars

324forks

63watchers

Updated 5 months ago

About

APKiD is a tool that identifies compilers, packers, obfuscators, and other anomalies in Android APK files.

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Primary Use Case

APKiD is primarily used by security analysts and researchers to analyze Android applications for signs of packing, obfuscation, or other modifications that may indicate malware or pirated apps. It helps in understanding how an APK was constructed and identifying potential security threats.

Key Features

Identifies compilers, packers, and obfuscators in APK files
Supports recursive scanning of directories
Outputs results in JSON format for easy integration with other tools

Installation

pip install apkid
git clone https://github.com/rednaga/APKiD
cd APKiD/
docker build . -t rednaga:apkid

Usage

>_ apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH] [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j] [-o DIR] FILE [FILE ...]

Runs APKiD on specified APK, DEX, or directory with various options.

>_ docker/apkid.sh ~/reverse/targets/android/example/example.apk

Runs APKiD using Docker on a specified APK file.

Security Frameworks

Defense Evasion

Discovery

Execution

Persistence

Initial Access

Usage Insights

{"Repurposing":"APKiD can be used to identify trends in obfuscation techniques across different APKs, providing insights into the evolution of mobile malware tactics."}
{"Chaining":"Combine APKiD with dynamic analysis tools like Frida to not only identify obfuscation but also observe runtime behavior of suspicious APKs, enhancing threat detection capabilities."}
{"Evasion/Detection":"Attackers might attempt to bypass APKiD by using custom or less common obfuscation techniques. To counter this, regularly update APKiD's signatures and integrate with a threat intelligence platform to detect novel obfuscation patterns."}
{"Data Fusion":"Correlate APKiD's output with network traffic analysis tools to identify communication patterns of obfuscated APKs, potentially revealing command-and-control servers or data exfiltration attempts."}
{"Automation":"Integrate APKiD into a CI/CD pipeline for mobile app development to automatically scan APKs before deployment, ensuring that no unauthorized obfuscation or packing is present."}

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about APKiD. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team80%

Blue Team30%

Purple Team50%

Details

LicenseOther

LanguageYARA

Open Issues284

Topics

android

antivirus

machine-learning

malware-detection

malware-analysis

malware-research

yara

yara-forensics

packers

android-protection

Related Tools

Mobile-Security-Framework-MobSF

MobSF/Mobile-Security-Framework-MobSF

Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

20.5K

about 1 month ago

mastg

OWASP/mastg

Documentation

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

12.7K

3 months ago