Introduction: Dynamic binary instrumentation tool designed for Android application and powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
More: Author   ReportBugs   

npm dependencies Docker Automated build

See the latest news here :

Show Dexcalibur videos : Less than 1 minute to hook 61 methods ? Not a problem. (youtube)


1. Installation

Follow installation guide :

Or use Docker (See docker guide):

(MacOS + Dexcalibur docker + Android emulator (host) = DONT WORK (it could works, but it need some configuartion efforts. Contributors are welcome :D ))

docker pull frenchyeti/dexcalibur
docker run -it -v <workspace_path>:/home/dexcalibur/workspace -p 8080:8000 --device=<device_path> frenchyeti/dexcalibur
# ./dexcalibur --app=<target> --port=8000 [--pull]

2. Screenshots

Following screenshots illustrate the automatic update of xrefs at runtime.

Xref auto update

3. Getting started

The Dexcalibur GUI can be launch from the console by using the dexcalibur script.

The first time, connect the device to your computer, run the following command, and open your browser (localhost:) :

./dexcalibur --app=<appname> --port=<webapp_port> --pull

If you have already scanned the app, just exec the following command (without --pull) and open your browser (localhost:) :

./dexcalibur --app=<appname> --port=<webapp_port>

4. See more on the wiki :

About Me
GitHub: Trinea
Facebook: Dev Tools