RevEng-IDE: One Tool to Rule Every Android APK

If you've spent any time doing Android reverse engineering, you know the drill. Six terminal windows open. Three different tools running. Copying file paths between all of them like it's 2012. APKTool in one tab, JADX output in another, Frida CLI somewhere, ADB somewhere else, and a hex editor for when things get native. It's a mess. We built RevEng-IDE because we were tired of living in that mess.

This post covers everything: what RevEng-IDE actually is, who it's for, how to install it, and how to use it day-to-day. No fluff.

What Is RevEng-IDE

RevEng-IDE is a native desktop IDE for Android reverse engineering, written entirely in Rust. It brings APKTool, JADX, Frida, ADB, a hex editor, a disassembler, an ELF parser, and a signing pipeline into one unified interface, wrapped in a VS Code-style layout that feels immediately familiar.

The core workflow it supports

• Open APK → Decode Smali → Decompile Java → Analyze → Edit → Patch → Build → Sign → Install

Everything in that chain happens inside the same window. No switching tools. No losing context. No copy-pasting file paths between applications.

Think of it as an Android-native IDA Pro + VS Code + Frida Console, except it's free, open-source, and built for performance.

Who Is This For

• Bug bounty hunters testing Android apps. Fast manifest analysis, string extraction, and Frida hooks. RevEng-IDE does all three without leaving the tool.
• Security researchers and malware analysts. Cross-references, packer detection, obfuscation scoring, and native code disassembly. All built-in.
• Reverse engineers and APK modders. Read Smali, verify what the decompiler got wrong, patch things, rebuild, and push to device. Exactly the workflow this is designed around.
• Flutter app researchers. Flutter hides everything inside compiled Dart snapshots. RevEng-IDE detects Flutter apps automatically, disassembles libapp.so, and binary-patches libflutter.so for SSL pinning bypass.

Static Analysis

• One-click APK pipeline. Open an APK and RevEng-IDE runs APKTool and JADX in the background automatically. By the time you've looked at the manifest, the Java decompilation is already done.
• AndroidManifest security analysis. Permissions are color-coded by danger level. Exported components are flagged. Deep links enumerated. Debuggable flags, backup-enabled settings, cleartext traffic. All surface immediately with no manual grep.
• String extraction. Every string from the APK is extracted and auto-categorized: URLs, API endpoints, hardcoded API keys, email addresses, IPs, base64 blobs, file paths. Find secrets in seconds.
• Smali cross-reference database. Find every caller of a method, every place a field is accessed, class hierarchies, interface implementors. Built and indexed in parallel with Rayon so even 10,000+ class APKs are indexed in seconds.
• APKiD integration. Detects packers, protectors, obfuscators, anti-VM, and anti-debug signatures the moment you open the APK. Know what you're dealing with before you start.
• DEX statistics. Class count, method count, field count, 65K method limit gauge, obfuscation score based on name entropy and string distribution. Visual, glanceable, useful.
• XAPK support. Split APKs are handled automatically. No manual extraction needed.

Code Editor

• Split editor: Java + Smali. Java decompilation on the left, Smali bytecode on the right, simultaneously. The decompiler is always wrong about something. Having the Smali right next to it tells you what's actually happening.
• Bidirectional Java ↔ Smali navigation. Ctrl+J jumps from Java to the corresponding Smali. Ctrl+K goes back. Line-accurate, fast.
• Smali autocomplete. Opcodes, register notation, class names from the xref database. Context-aware.
• In-editor search. Ctrl+F opens a floating find/replace bar. Ctrl+Shift+P opens the command palette. Ctrl+P is quick file open. Familiar to anyone coming from VS Code or JetBrains.
• Syntax highlighting. Java, Smali, XML, JSON all properly highlighted via the syntect library.
• Minimap with click-to-scroll. Saves a lot of scrolling in large Smali files.

Native & Binary Analysis

• ELF parser. Inspect .so files directly: imports, exports, sections, demangled C++ symbols. No external tools needed.
• Multi-arch disassembler. ARM, ARM64, x86, x86_64 via Capstone. Works on native libraries inside the APK.
• Hex viewer. For DEX, ODEX, OAT, ARSC binary formats.
• Flutter support. Automatic detection, libapp.so disassembly, binary SSL pinning bypass for libflutter.so (ARM64 + ARM32 with auto-backup).

Dynamic Analysis

Requires a connected device or emulator.

• ADB integration. Device listing, APK install, file push/pull, shell commands, screenshot capture. All from inside the IDE.
• Real-time Logcat. Streaming with log level detection. No more adb logcat | grep.
• Frida integration. Process listing, attach/spawn, script execution. Auto-setup of frida-server on device.

9 built-in Frida script templates

• SSL Pinning Bypass
• Root Detection Bypass
• Method Tracer
• Anti-Debug Bypass
• Enumerate Classes
• Hook Native Export
• Dump SharedPreferences
• Intent Monitor
• Blank template

You pick a template, it opens in the editor, you modify it if needed, hit run. No CLI juggling.

Build & Sign Pipeline

• APKTool rebuild. apktool b with one click.
• Uber APK Signer. Zipalign + debug keystore signing, fully automated.
• One-click install to connected device via ADB.

The whole patch → rebuild → sign → install loop is a single workflow inside the tool.

App Studio

App Studio is the advanced analysis layer. It includes:

• API Abuse Scanner
• Deobfuscation Assistant. Rename classes and methods across the whole call graph.
• Anti-Tamper Scanner
• Endpoint Intelligence
• JNI Bridge Map
• Signing Forensics
• Call Graph Visualization
• Frida Script Generator
• Patch Recipes. SSL bypass, root bypass, force debuggable. One click each.
• Rule Engine
• Session Notes
• Plugin System

Installation

Prerequisites

• Rust toolchain. Install from rustup.rs.
• Java JDK 11+. Required for APKTool and JADX.
• Python 3.x. Required for Frida and APKiD.
• ADB. Auto-detected from your existing Android SDK, or bundled in tools/platform-tools/.

Clone and build

• git clone https://github.com/levython/reveng-ide
• cd reveng-ide
• cargo build --release

The build pulls all Rust dependencies automatically. First build takes a few minutes. The binary is at target/release/reveng-ide. Or install with cargo install --path .

External Tools

RevEng-IDE bundles or auto-detects the following. Place them in the tools/ directory or let the built-in Tool Manager download them:

• apktool.jar | APK decode/rebuild | auto-download
• jadx / jadx-gui | Java decompilation | auto-download
• uber-apk-signer.jar | APK signing | auto-download
• adb | Android Debug Bridge | auto-download
• frida-server | Runtime instrumentation | manual setup
• apkid | Packer detection | pip install apkid

For Frida server, push it to your device: adb push frida-server /data/local/tmp/ && adb shell chmod +x /data/local/tmp/frida-server. RevEng-IDE can also handle this automatically from the Runtime panel.

Opening an APK

Two ways to open

• Drag and drop. Drop an APK directly onto the RevEng-IDE window.
• File menu. File → Open APK, or Ctrl+O.

After opening, RevEng-IDE automatically

• Runs APKTool to decode the APK into Smali + resources
• Runs JADX to decompile the Java
• Indexes cross-references in the background
• Extracts and categorizes strings
• Analyzes the AndroidManifest.xml
• Computes DEX statistics
• Runs APKiD detection

All of this happens in parallel. The progress shows in the bottom OUTPUT panel.

Navigating the Interface

The layout follows VS Code conventions

• Activity Bar (left icon strip). Switch between Explorer, Search, Runtime (Frida/ADB), and other views.
• Sidebar. File tree, or whichever panel is active.
• Editor Area. Your main working area. Supports split view.
• Bottom Panel. TERMINAL, OUTPUT, PROBLEMS tabs.

Key shortcuts

• Ctrl+J | Jump to Smali from Java
• Ctrl+K | Jump to Java from Smali
• Ctrl+P | Quick file open
• Ctrl+Shift+P | Command palette
• Ctrl+F | In-file search
• Ctrl+O | Open APK

Bug Bounty Workflow

Here's the complete mobile bounty recon flow, step by step

• Open the APK and wait ~10-15 seconds for analysis to complete
• Click Manifest in the sidebar to check exported components, permissions, deep links
• Click Strings to scan for API keys, hardcoded endpoints, credentials
• Open a suspicious class in the editor. Java on left, Smali on right
• Ctrl+J to verify decompiler output against actual Smali
• Connect device, go to Runtime panel, start Frida session
• Load SSL Pinning Bypass template and run it
• Intercept traffic with your proxy

One tool, one window. That's the entire flow.

Patching Workflow

• Open the APK
• Find the method you want to patch (use Strings or xref search)
• Edit the Smali directly in the split editor
• Use Patch Recipes for common patches (SSL bypass, root bypass, force debuggable) if applicable
• Hit Build in the toolbar. APKTool rebuilds.
• Hit Sign. Uber APK Signer zipaligns and signs with debug keystore.
• Hit Install. ADB pushes to connected device.

Why Rust?

APK analysis is CPU-heavy work. A large APK can have 10,000+ Smali classes. Indexing every method call, field access, and class relationship is a lot of computation. In RevEng-IDE, that runs on Rayon's thread pool, saturating every available core. A full xref index on a large APK finishes in a few seconds on modern hardware.

Beyond performance, Rust gives us memory safety without a garbage collector. No GC pauses while you're scrolling through a 50MB disassembly. No unexpected hangs. The GUI (egui, running on OpenGL) is immediate-mode and redraws only when needed, so the interface stays responsive even when background analysis is running.

Single-binary distribution is also a real benefit. The RevEng-IDE binary has no runtime dependencies. No JRE required. No virtualenv. One file.

The Tech Stack

• Language: Rust 2021 edition
• GUI: egui 0.31 / eframe 0.31 (OpenGL backend)
• Async: Tokio 1.x
• Parallelism: Rayon 1.10
• Binary analysis: Goblin 0.9 (ELF)
• Disassembly: Capstone 0.12
• Syntax highlighting: syntect 5.x
• Serialization: serde + serde_json
• File dialogs: rfd 0.15
• External tools: APKTool, JADX, Uber APK Signer, ADB, Frida

Open Source, No Strings Attached

RevEng-IDE is MIT licensed. The full source is on GitHub at github.com/levython/reveng-ide. There's no enterprise tier, no analytics, no account creation, no phoning home. Use it, fork it, integrate it into your own research tooling.

Security tools should belong to the community. That's the principle this project is built on. Issues, pull requests, and feature requests are open. If something doesn't work for your use case, open an issue or submit a fix.

What's Coming Next

Active development, near-term roadmap

• Interactive call graph visualization. Node-edge graphs for method call chains, navigable from within the editor.
• Plugin API. Community-extensible analysis modules.
• Enhanced Frida script editor. Syntax highlighting, autocomplete, and a snippet library for Frida JS.
• DEX-to-DEX compiler. Modify and recompile Java/Smali without leaving the IDE.
• Cross-platform builds. Linux, Windows, and macOS with consistent toolchain bundling.

RevEng-IDE isn't trying to replace every individual tool in Android security research. APKTool, JADX, and Frida are battle-tested and they're still doing the actual work under the hood. What RevEng-IDE replaces is the friction between those tools. The window switching, the path copying, the context loss, the "wait which terminal has the Frida session running" problem.

If you're doing any serious amount of Android reverse engineering, give it a shot. Clone the repo, build it, drop an APK in. See if the workflow clicks.

We built this tool because we needed it ourselves. Hopefully you do too.

Built by Levython Technologies. Security tooling for security researchers.