An educational tool for the reverse engineering and security assessment of Android apps
We initially experimented with reverse engineering to explore vulnerabilities of our own apps. We learned how hackers find security gaps in our apps. Looking other apps on our phone, we also learned how seemingly legitimate apps invade our privacy.
This is an early release, DeepDive is still in BETA. We need your donations to help support research, development and testing.
Finally, a workflow you can live with
Android is the server. Access the details of reverse engineering from your handheld device or from the convenience of your large Mac or PC screen. How we use DeepDive:
- Join the same WiFi on your Android phone or tablet as your Mac or PC.
- Install and start DeepDive on your Android phone or tablet.
- Note the IP address on the home screen and go to that address from your Mac or PC.
Notes On Security
Configure a user login from app Settings. All communications are encrypted with a self signed security certificate. All communications are AES encrypted via TLS 1.2 HTTPS however your browser is unable to associate the certificate with a domain name or static IP address, consequently you will see a security warning or error message.
Lucene, Ultra-fast search
A decompiled app can have hundreds of thousands of files and millions of lines of code. That's why DeepDive has Lucene, a near-instant search capability, the search engine behind Amazon, AOL, LinkedIn, and Twitter. You can index the source code from a single app or index the entire virtual filesystem and search across hundreds of apps.
Search dozens of keywords at a time
Search Sets are collections of Lucene Searches. Search for dozens of keywords at a time. The app comes with default Search Sets and you can create your own.
- The source code is at your fingertips using the elFinder "Mac-like" file manager.
- Your code is secure on your hardware, not on an unknown server in the Cloud.
- Device details, app details and permissions
- APK extraction and unpacking
- DEX optimization
- Convert Android DEX to Jar
- Decompile most Android apps
- Private and crypto file storage
- File manager and finder
- Instant search and search sets
- Shell, Logcat & Keystore utilities
- Android API 24+ (Nougat+)
- Root not required
- APK parser by Jared Rummler
- DEX disassembler by Jeasus Freke
- DEX2JAR by Bob Pan
- CFR by Lee Benfield
- Jadx by Skylot
- Fernflower by JetBrains
- Lucene search engine
- Nanohttpd web server
- elFinder file manager
- Apache Lucene
- DeepDive is offered for free under conditions of the GPLv3 open source software license.
- Contact Nuvolect LLC for a less restrictive commercial license if you would like to use the software without the GPLv3 restrictions.
Contributing, Bug Reports
- We use GitHub for bug tracking. Please search the existing issues for your bug and create a new one if the issue is not yet tracked. https://github.com/Nuvolect/DeepDive-Android/issues
- Want to contribute? By all means, dive in! See CONGRIBUTING.md. The UI could use some help with Angular and other web skills. The Lucene search engine is great but we are not using all it can do. Are you into Android security? Help us expose vulnerabilities and exploitations.
- For troubleshooting and support information, please visit the wiki. https://github.com/teamnuvolect/DeepDive-Android/wiki
- Consider making a donation to help fund support and development efforts.
Copyright Nuvolect LLC