← 返回 Skills 市场
165
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install apk-decompiler
功能描述
Android APK 逆向工程工具集,支持反编译、修改和重新打包。使用场景:(1) 反编译 APK 查看 Smali/Java 源码 (2) 分析应用架构和权限 (3) 修改 UI 文本、功能、逻辑 (4) 重新打包并签名 APK (5) 提取字符串、权限、组件等信息。触发词:反编译 APK、逆向 Androi...
使用说明 (SKILL.md)
APK Decompiler
Android APK 逆向工程工具集,支持完整的反编译、修改和重新打包流程。
快速开始
1. 设置工具
首次使用需要下载必要工具:
cd /path/to/apk-decompiler/scripts
chmod +x setup_tools.sh
./setup_tools.sh
这会下载:
- baksmali/smali - DEX ↔ Smali 转换
- apktool - 资源解码/打包
- dex2jar - DEX → JAR 转换
- uber-apk-signer - APK 签名
2. 反编译 APK
python3 scripts/decompile.py app.apk
输出目录结构:
app-decompiled/
├── smali-out/ # Smali 源码(可编辑)
├── apktool-out/ # 解码的资源文件
│ ├── AndroidManifest.xml
│ ├── res/
│ └── assets/
└── extracted/ # 原始 APK 内容
3. 修改代码/资源
编辑相关文件:
smali-out/- 修改 Smali 代码apktool-out/AndroidManifest.xml- 修改配置apktool-out/res/values/strings.xml- 修改文本
4. 重新打包
python3 scripts/rebuild.py ./app-decompiled
输出:app-rebuilt.apk(已签名)
脚本说明
| 脚本 | 功能 |
|---|---|
setup_tools.sh |
下载并设置反编译工具 |
decompile.py |
反编译 APK |
rebuild.py |
重新打包并签名 |
analyze.py |
分析 APK 结构 |
常用命令
反编译选项
# 基本反编译
python3 decompile.py app.apk
# 同时生成 JAR(可用 jadx 查看 Java 源码)
python3 decompile.py app.apk --java
# 只解码资源
python3 decompile.py app.apk --resources-only
# 只反编译 Smali
python3 decompile.py app.apk --smali-only
分析选项
# 完整分析
python3 analyze.py app.apk
# 只看权限
python3 analyze.py app.apk --permissions
# 查看 Activities
python3 analyze.py app.apk --activities
# 查看应用类(需要先反编译)
python3 analyze.py app.apk --smali ./smali-out --classes
重新打包选项
# 打包并签名
python3 rebuild.py ./project-dir
# 只签名 APK
python3 rebuild.py ./project-dir --sign-only app.apk
# 跳过签名
python3 rebuild.py ./project-dir --no-sign
修改示例
修改字符串
- 找到字符串定义:
grep -r "原始文本" ./apktool-out/res/values/
- 编辑
strings.xml:
\x3Cstring name="app_name">新名称\x3C/string>
修改逻辑(Smali)
- 找到目标类:
find ./smali-out -name "MainActivity.smali"
- 编辑 Smali 代码:
# 修改返回值
.method public isEnabled()Z
const/4 v0, 0x1
return v0
.end method
- 参考 references/smali-syntax.md 了解 Smali 语法
修改 AndroidManifest
编辑 apktool-out/AndroidManifest.xml:
- 添加/移除权限
- 修改应用名称
- 添加 Activity
- 启用调试模式
参考 references/android-manifest.md
工具目录
设置完成后,工具存储在 ~/.apk-tools/:
~/.apk-tools/
├── baksmali.jar # DEX → Smali
├── smali.jar # Smali → DEX
├── apktool.jar # 资源解码/打包
├── dex2jar/ # DEX → JAR
└── uber-apk-signer.jar # APK 签名
可设置环境变量:
export TOOLS_DIR=/custom/path
工作流程
┌─────────────┐
│ app.apk │
└──────┬──────┘
│ decompile.py
▼
┌─────────────────────────┐
│ app-decompiled/ │
│ ├── smali-out/ │ ← 编辑 Smali 代码
│ └── apktool-out/ │ ← 编辑资源/Manifest
└──────┬──────────────────┘
│ rebuild.py
▼
┌─────────────────────┐
│ app-rebuilt.apk │
│ (已签名,可安装) │
└─────────────────────┘
注意事项
-
签名限制:重新打包后使用调试密钥签名,与原应用签名不同
- 无法覆盖安装原应用
- 需要先卸载原应用
-
完整性校验:某些应用会校验签名或文件完整性
- 需要额外处理绕过校验
-
混淆代码:ProGuard/R8 混淆后的代码:
- 类名/方法名会被重命名
- 需要手动分析理解逻辑
-
法律风险:仅供学习研究,请勿用于非法用途
环境要求
- Java 运行时 (JRE 8+)
- Python 3.6+
- unzip (通常已预装)
安全使用建议
This skill appears to do what it says: decompile, inspect, modify and rebuild APKs. Before installing or running: (1) review setup_tools.sh to confirm the download URLs and versions (it uses curl to fetch jars/zips and will write to ~/.apk-tools or TOOLS_DIR); (2) run the scripts in an isolated environment (VM/container) if you will process untrusted APKs; (3) verify you have Java and unzip installed; (4) be aware of legal/ethical constraints — modifying and redistributing apps can violate licenses or law; (5) when rebuilding, the tool signs with debug keys (not suitable for publishing). If you want stronger assurance, replace download URLs with checksummed releases or preinstall the required tools from trusted package managers before using the skill.
功能分析
Type: OpenClaw Skill
Name: apk-decompiler
Version: 1.0.0
The skill bundle provides a functional environment for Android APK reverse engineering and modification. It is classified as suspicious primarily because `setup_tools.sh` automatically downloads and executes multiple third-party binary artifacts (JAR files) from remote repositories (Bitbucket and GitHub) without verifying their integrity via checksums. While the Python scripts (`decompile.py`, `rebuild.py`, and `analyze.py`) appear well-written and use safe execution patterns for these tools, the automated retrieval of external code and the high-risk nature of APK repackaging constitute a significant supply chain and security risk.
能力评估
Purpose & Capability
Name/description match the provided scripts and references: decompile.py, analyze.py, rebuild.py and setup_tools.sh implement decompilation, analysis, modification and repackage/sign workflows described in SKILL.md. Required capabilities (Java, unzip, Python) are appropriate and no unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions are scoped to operating on local APK files and editing Smali/resources. The SKILL.md tells the agent to run setup_tools.sh and the Python scripts which read/write local files under the output/project directories. There are no instructions to read unrelated system files or to transmit analysis results to external endpoints. Note: setup_tools.sh and the scripts will create ~/.apk-tools (or TOOLS_DIR) and download tools — review these downloads before running.
Install Mechanism
No packaged install spec; setup_tools.sh downloads required tooling (baksmali/smali/apktool/dex2jar/uber-apk-signer) from Bitbucket/GitHub releases via curl and unzips dex2jar. These are well-known project hosts, but the script performs network downloads and writes executables/jars to disk (moderate risk if the sources or versions are not verified). This behavior is expected for the skill's purpose.
Credentials
The skill requests no environment variables or credentials by default. It optionally respects TOOLS_DIR for tool storage; this is reasonable. No secret exfiltration or unrelated tokens are requested.
Persistence & Privilege
always is false and the skill does not request forced persistent presence. It writes its own tools into ~/.apk-tools (or TOOLS_DIR), which is normal for a tooling script and limited in scope to its own directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install apk-decompiler - 安装完成后,直接呼叫该 Skill 的名称或使用
/apk-decompiler触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of apk-decompiler.
- Provides an integrated toolkit for Android APK reverse engineering, including decompilation, editing, rebuilding, and signing.
- Includes scripts for tool setup, APK decompilation, resource/code editing, static analysis, and APK repackaging.
- Supports Smali editing, resource/manifest modification, permission/component analysis, and APK/JAR extraction.
- Step-by-step commands and workflow guidance for typical reverse engineering tasks.
- Tool dependencies are managed with an automated setup script.
- Usage documentation and examples included for common modification scenarios.
元数据
常见问题
Apk Decompiler 是什么?
Android APK 逆向工程工具集,支持反编译、修改和重新打包。使用场景:(1) 反编译 APK 查看 Smali/Java 源码 (2) 分析应用架构和权限 (3) 修改 UI 文本、功能、逻辑 (4) 重新打包并签名 APK (5) 提取字符串、权限、组件等信息。触发词:反编译 APK、逆向 Androi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 165 次。
如何安装 Apk Decompiler?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install apk-decompiler」即可一键安装,无需额外配置。
Apk Decompiler 是免费的吗?
是的,Apk Decompiler 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Apk Decompiler 支持哪些平台?
Apk Decompiler 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Apk Decompiler?
由 tonakic(@tonakic)开发并维护,当前版本 v1.0.0。
推荐 Skills