RevEngi

Commands

Detailed information about all available commands for RevEngiBot.

Start

The /start command is the default command that displays the bot's start page, nothing special but a must for every bot to interact with users.

Help

The /help command is used to display the help page, which contains all the commands that the bot has.

AAB to APK Conversion

No need for additional tools! Convert AAB files to APK format directly with the /aab2apk command, simplifying the process for developers and testers.

Status: All test passed ✅

Usage: Use this cmd while replying to a .aab file to convert that to .apk file.

NOTE

The converted apk file is not signed.

APK Analysis

APK Analysis provides a comprehensive way to interact with APK files. You can extract resources, permissions, activities, services, and more. This feature is essential for reverse engineers and developers working with Android applications.

Status: All tests passed ✅

This command allows you to interact with APK files.

NOTE

You must register an APK before doing anything. To register an APK, reply to an APK file by sending /apk.

Commands:

  • Get APK Info:
/apk info

This will give you basic information about the APK, such as package name, version, etc. for example:

App info:
Name: `MPatcher` <!-- Name of the app -->
Package: `ru.maximoff.sheller` <!-- Package name -->
Icon path: `res/mipmap-anydpi-v21/ic_launcher.xml` <!-- Icon path -->
Version: `4.9` <!-- Version name -->
Version code: `49` <!-- Version code -->
Min SDK: `14` <!-- Minimum SDK version -->
Target SDK: `28` <!-- Target SDK version -->
Effective SDK: `28` <!-- Effective SDK version -->
Main activity: `ru.maximoff.sheller.MainActivity` <!-- Main activity -->
Signed: `False` <!-- Whether the APK is signed or not -->
  • Get Permissions:
/apk info permissions

This will give you a list of permissions requested by the APK. For example:

Requested permissions:
 
- `com.android.launcher.permission.INSTALL_SHORTCUT`
- `android.permission.INTERNET`
- `android.permission.FOREGROUND_SERVICE`
- `android.permission.READ_EXTERNAL_STORAGE`
- `android.permission.WRITE_EXTERNAL_STORAGE`
- `android.permission.MANAGE_EXTERNAL_STORAGE`
- `android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS`
 
Implied permissions:
None found.
  • Get Activities:
/apk info activities

This will give you a list of accessible activities in the APK. For example:

Activities:
 
- ru.maximoff.sheller.MainActivity
- ru.maximoff.sheller.EditActivity
- ru.maximoff.sheller.Settings
- ru.maximoff.sheller.Shortcut
- ru.maximoff.sheller.CreateShortcut
  • Get Signature Information:
/apk info sign

This will you the information on Signing Block of the APK. For example:

APK Signature info by @RevEngiBot

——— v1 signature block ———
* CERT #1:
  Certificate version: v3
  Serial: 90970645
  Sign algorithm: sha256_rsa
  Creation: 2016-10-23 20:10:05+00:00
  Expiry: 2044-03-10 20:10:05+00:00
  CRC32: 0XB05C962C (2958857772)
  MD5: 2AE9969644853C4BCFB771C0155AD969
  SHA1: 5D08264B44E0E53FBCCC70B4F016474CC6C5AB5C
  SHA256: 1E08A903AEF9C3A721510B64EC764D01D3D094EB954161B62544EA8F187B5953
  Sign Algo.: rsassa_pkcs1v15
  Owner:
    Common Name(CN): Android Debug
    Organizational Unit(OU): Android
    Organization(O): US
    Locality(L): US
    State(ST): US
    Country(C): US
    CRC32: 0x5f9ab33d (1603973949)
    MD5: E9B67516EE3B06903386500C44B87B16
    SHA1: C6F633B9F663E039A936960BC3144E695EC36E15
    SHA256: DE9DEA6539BEA9A7E9C9242E731FC39FE11C03A2D3EE4DE3D11916A87894C0CA
    Public Key Info:
      Algorithm: rsa
      Algorithm params: None
      Public Key:
        Modulus: 20548748681539643661378627124493003910098588949943724843151035513170939924787923623660029846674356859178725236890664132666492987592698141949596287484636811256363830613214210272131602181231653110863140793565805239455855905233548412631104148044872219314493403538838544795636154157872657979139329092760471831174440750348088466603628911693874835536959084542549929549756633693715292691492118151286508257335760195747576851541741414007385591611336103455399635585947142041447526685259869034635240920269797120864588259598526920719502080374966365402458299202560622925251228526810050136805094884487650445013365420726402313632257
        Exponent: 65537
  Issuer:
    Self-issued by the certificate owner
——— v2 signature block ———
* CERT #1:
  Certificate version: v3
  Serial: 90970645
  Sign algorithm: sha256_rsa
  Creation: 2016-10-23 20:10:05+00:00
  Expiry: 2044-03-10 20:10:05+00:00
  CRC32: 0XB05C962C (2958857772)
  MD5: 2AE9969644853C4BCFB771C0155AD969
  SHA1: 5D08264B44E0E53FBCCC70B4F016474CC6C5AB5C
  SHA256: 1E08A903AEF9C3A721510B64EC764D01D3D094EB954161B62544EA8F187B5953
  Sign Algo.: rsassa_pkcs1v15
  Owner:
    Common Name(CN): Android Debug
    Organizational Unit(OU): Android
    Organization(O): US
    Locality(L): US
    State(ST): US
    Country(C): US
    CRC32: 0x5f9ab33d (1603973949)
    MD5: E9B67516EE3B06903386500C44B87B16
    SHA1: C6F633B9F663E039A936960BC3144E695EC36E15
    SHA256: DE9DEA6539BEA9A7E9C9242E731FC39FE11C03A2D3EE4DE3D11916A87894C0CA
    Public Key Info:
      Algorithm: rsa
      Algorithm params: None
      Public Key:
        Modulus: 20548748681539643661378627124493003910098588949943724843151035513170939924787923623660029846674356859178725236890664132666492987592698141949596287484636811256363830613214210272131602181231653110863140793565805239455855905233548412631104148044872219314493403538838544795636154157872657979139329092760471831174440750348088466603628911693874835536959084542549929549756633693715292691492118151286508257335760195747576851541741414007385591611336103455399635585947142041447526685259869034635240920269797120864588259598526920719502080374966365402458299202560622925251228526810050136805094884487650445013365420726402313632257
        Exponent: 65537
  Issuer:
    Self-issued by the certificate owner
——— v3 signature block ———
* CERT #1:
  Certificate version: v3
  Serial: 90970645
  Sign algorithm: sha256_rsa
  Creation: 2016-10-23 20:10:05+00:00
  Expiry: 2044-03-10 20:10:05+00:00
  CRC32: 0XB05C962C (2958857772)
  MD5: 2AE9969644853C4BCFB771C0155AD969
  SHA1: 5D08264B44E0E53FBCCC70B4F016474CC6C5AB5C
  SHA256: 1E08A903AEF9C3A721510B64EC764D01D3D094EB954161B62544EA8F187B5953
  Sign Algo.: rsassa_pkcs1v15
  Owner:
    Common Name(CN): Android Debug
    Organizational Unit(OU): Android
    Organization(O): US
    Locality(L): US
    State(ST): US
    Country(C): US
    CRC32: 0x5f9ab33d (1603973949)
    MD5: E9B67516EE3B06903386500C44B87B16
    SHA1: C6F633B9F663E039A936960BC3144E695EC36E15
    SHA256: DE9DEA6539BEA9A7E9C9242E731FC39FE11C03A2D3EE4DE3D11916A87894C0CA
    Public Key Info:
      Algorithm: rsa
      Algorithm params: None
      Public Key:
        Modulus: 20548748681539643661378627124493003910098588949943724843151035513170939924787923623660029846674356859178725236890664132666492987592698141949596287484636811256363830613214210272131602181231653110863140793565805239455855905233548412631104148044872219314493403538838544795636154157872657979139329092760471831174440750348088466603628911693874835536959084542549929549756633693715292691492118151286508257335760195747576851541741414007385591611336103455399635585947142041447526685259869034635240920269797120864588259598526920719502080374966365402458299202560622925251228526810050136805094884487650445013365420726402313632257
        Exponent: 65537
  Issuer:
    Self-issued by the certificate owner
  • Get Decompiled AndroidManifest.xml File:
/apk manifest decompile

This will give you the decompiled AndroidManifest.xml file. For example:

<!--  AndroidManifest.xml decompiled by RevEngiBot  -->
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="49" android:versionName="4.9" android:compileSdkVersion="32" android:compileSdkVersionCodename="12" package="ru.maximoff.sheller" platformBuildVersionCode="32" platformBuildVersionName="12">
<uses-sdk android:minSdkVersion="14" android:targetSdkVersion="28"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<application android:theme="@7F0B0007" android:label="@7F0A0006" android:icon="@7F030000" android:name="ru.maximoff.sheller.App" android:allowBackup="true" android:largeHeap="true" android:usesCleartextTraffic="true" android:resizeableActivity="true" android:roundIcon="@7F030001" android:requestLegacyExternalStorage="true" android:preserveLegacyExternalStorage="true">
<activity android:label="@7F0A0006" android:icon="@7F030000" android:name="ru.maximoff.sheller.MainActivity" android:exported="true" android:launchMode="2" android:configChanges="0x00000FB4" android:windowSoftInputMode="0x00000012">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.BROWSABLE"/>
<category android:name="android.intent.category.DEFAULT"/>
<data android:scheme="file"/>
<data android:scheme="content"/>
<data android:host="*"/>
<data android:mimeType="*/*"/>
<data android:pathPattern=".*.mpatch"/>
<data android:pathPattern=".*..*.mpatch"/>
<data android:pathPattern=".*..*..*.mpatch"/>
<data android:pathPattern=".*..*..*..*.mpatch"/>
<data android:pathPattern=".*..*..*..*..*.mpatch"/>
<data android:pathPattern=".*..*..*..*..*..*.mpatch"/>
<data android:pathPattern=".*..*..*..*..*..*..*.mpatch"/>
<data android:pathPattern=".*.mpatch.zip"/>
<data android:pathPattern=".*..*.mpatch.zip"/>
<data android:pathPattern=".*..*..*.mpatch.zip"/>
<data android:pathPattern=".*..*..*..*.mpatch.zip"/>
<data android:pathPattern=".*..*..*..*..*.mpatch.zip"/>
<data android:pathPattern=".*..*..*..*..*..*.mpatch.zip"/>
<data android:pathPattern=".*..*..*..*..*..*..*.mpatch.zip"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<data android:mimeType="application/ru.maximoff.sheller-patch"/>
</intent-filter>
</activity>
<activity android:label="@7F0A0003" android:icon="@7F030000" android:name="ru.maximoff.sheller.EditActivity" android:configChanges="0x00000FB4" android:windowSoftInputMode="0x00000014"/>
<activity android:label="@7F0A006D" android:icon="@7F030000" android:name="ru.maximoff.sheller.Settings" android:exported="true" android:configChanges="0x00000FB4" android:windowSoftInputMode="0x00000012">
<intent-filter>
<action android:name="android.intent.action.APPLICATION_PREFERENCES"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
<activity android:theme="@7F0B0008" android:label="@7F0A0006" android:icon="@7F030000" android:name="ru.maximoff.sheller.Shortcut" android:exported="true" android:excludeFromRecents="true" android:configChanges="0x00000FB4" android:windowSoftInputMode="0x00000012"/>
<activity android:theme="@7F0B0008" android:label="@7F0A001D" android:icon="@7F030000" android:name="ru.maximoff.sheller.CreateShortcut" android:excludeFromRecents="true" android:configChanges="0x00000FB4" android:windowSoftInputMode="0x00000012"/>
<service android:name="ru.maximoff.sheller.OngoingService">
<intent-filter>
<action android:name="ru.maximoff.sheller.OngoingService.ACTION_START"/>
<action android:name="ru.maximoff.sheller.OngoingService.ACTION_UPDATE"/>
<action android:name="ru.maximoff.sheller.OngoingService.STOP_SERVICE"/>
</intent-filter>
</service>
</application>
</manifest>
  • Get Decompiled resources.arsc File:
/apk arsc decompile

This will give you XML decompiled resources.arsc file. For example:

<!--  XML decompiled arsc  -->
<!--  Decompiled by RevEngiBot  -->
<!--  Package: ru.maximoff.sheller  -->
<resources>
<public type="drawable" name="dialog_border_black" id="0x7f020000"/>
<public type="drawable" name="file" id="0x7f020001"/>
<public type="drawable" name="file_white" id="0x7f020002"/>
<public type="drawable" name="folder" id="0x7f020003"/>
<public type="drawable" name="folder_white" id="0x7f020004"/>
<public type="drawable" name="ic_add" id="0x7f020005"/>
<public type="drawable" name="ic_add_white" id="0x7f020006"/>
<public type="drawable" name="ic_dotsmenu" id="0x7f020007"/>
<public type="drawable" name="ic_dotsmenu_white" id="0x7f020008"/>
<public type="drawable" name="ic_menu" id="0x7f020009"/>
<public type="drawable" name="ic_menu_white" id="0x7f02000a"/>
<public type="drawable" name="ic_paste" id="0x7f02000c"/>
<public type="drawable" name="ic_paste_white" id="0x7f02000d"/>
<public type="drawable" name="ic_play" id="0x7f02000e"/>
<public type="drawable" name="ic_play_white" id="0x7f02000f"/>
<public type="drawable" name="ic_redo" id="0x7f020010"/>
<public type="drawable" name="ic_redo_disable" id="0x7f020011"/>
<public type="drawable" name="ic_redo_white" id="0x7f020012"/>
<public type="drawable" name="ic_save" id="0x7f020013"/>
<public type="drawable" name="ic_save_disable" id="0x7f020014"/>
<public type="drawable" name="ic_save_white" id="0x7f020015"/>
<public type="drawable" name="ic_settings" id="0x7f020016"/>
<public type="drawable" name="ic_settings_white" id="0x7f020017"/>
<public type="drawable" name="ic_star" id="0x7f020018"/>
<public type="drawable" name="ic_star_white" id="0x7f020019"/>
<public type="drawable" name="ic_undo" id="0x7f02001a"/>
<public type="drawable" name="ic_undo_disable" id="0x7f02001b"/>
<public type="drawable" name="ic_undo_white" id="0x7f02001c"/>
<public type="drawable" name="scrollbar_handle" id="0x7f02001d"/>
<public type="drawable" name="toast_border_black" id="0x7f02001e"/>
<public type="drawable" name="ic_notification" id="0x7f02000b"/>
<public type="drawable" name="ic_notification" id="0x7f02000b"/>
<public type="drawable" name="ic_notification" id="0x7f02000b"/>
<public type="drawable" name="ic_notification" id="0x7f02000b"/>
<public type="drawable" name="ic_notification" id="0x7f02000b"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<public type="mipmap" name="ic_launcher" id="0x7f030000"/>
<public type="mipmap" name="ic_launcher_round" id="0x7f030001"/>
<!-- Redacted for Brevity  -->
<public type="id" name="list" id="0x7f0d0039"/>
<public type="id" name="list" id="0x7f0d003a"/>
<public type="id" name="list" id="0x7f0d003b"/>
<public type="id" name="list" id="0x7f0d003c"/>
<public type="id" name="list" id="0x7f0d003d"/>
<public type="id" name="list" id="0x7f0d003e"/>
</resources>
  • Get Decompiled Source of the APK (using jadx):
/apk src decompile

This command will decompile the APK using jadx and return the decompiled source code.

  • Unregister APK:
/apk_exit

This command will unregister the APK from the bot.

NOTE

All APK files will be unregistered after 30 minutes.

APKiD 

/apkid

You can use this command to identify the packer, protector, obfuscator, or oddities used in an APK file.

Smali Grammar

This command allows you to fetch detailed information about Smali instructions, helping you understand their syntax, usage, and behavior.

Usage:

/smali <instruction>

Example:

/smali invoke-virtual

Detailed Information

When you use the /smali command, the bot will guide you through the process of retrieving information about the specified Smali instruction. Here’s how it works:

  1. Exact Match vs. Partial Match:

    • The bot will first ask whether you want to perform an exact match or a partial match.
    • Exact Match: If you choose an exact match, the bot will provide detailed information about the specified instruction.
    • Partial Match: If you choose a partial match, the bot will provide a list of instructions that contain the specified string. You can then select one of the instructions from the list to get detailed information about it.

  2. Interactive Selection:

    • After choosing the type of match, you will be presented with relevant options.
    • For an exact match, you will receive comprehensive details about the instruction.
    • For a partial match, you will see a list of matching instructions, and you can select one to get detailed information.
    • If no response is received within 20 seconds, task will be cancelled.

Example Workflow

  1. Command Execution:

    /smali invoke-virtual

  2. Bot Prompt:

    Do you want to perform an exact match or a partial match for 'invoke-virtual'?
- Exact Match
- Partial Match

  3. User Choice:

    • If you choose Exact Match, the bot will provide detailed information about the invoke-virtual instruction:
    • If you choose Partial Match, the bot will list instructions that contain the string invoke-virtual, allowing you to select one for detailed information.

APK Protector 

/apkprotect

This command allows you to protect your APK files using various tools, packers, obfuscators, and techniques. Currently, the following tools are supported:

More tools will be added in the future.

APK Signer

This command signs an APK file using various signing schemes. The command must be used as a reply to an .apk file.

Usage:

/apksign [options] [reply to .apk file]

Options:

  • v1: Signs the APK with the v1 signing scheme.
  • v2: Signs the APK with the v2 signing scheme.
  • v3: Signs the APK with the v3 signing scheme.
  • (None) or v1+v2+v3: Signs the APK with all v1, v2, and v3 signing schemes. This is the default if no options are specified.
  • Combinations: You can combine options using + to specify multiple signing schemes. For example:
    • v1+v2: Signs with v1 and v2.
    • v1+v3: Signs with v1 and v3.
    • v2+v3: Signs with v2 and v3.

Examples:

  • /apksign [in reply to an APK file] (Signs with v1, v2, and v3)
  • /apksign v1 [in reply to an APK file] (Signs with only v1)
  • /apksign v2+v3 [in reply to an APK file] (Signs with v2 and v3)

ASK AI

This command allows you to interact with an AI model. You can start a conversation, reset it, or exit it.

Starting a Conversation:

Use the following command to begin a conversation with the AI:

/askai <your prompt>

Example:

/askai What is the capital of France?

Subsequent messages you send will be treated as part of the ongoing conversation with the AI. The AI's responses will be displayed as replies to your messages.

Important Considerations:

  • The AI will ignore messages that resemble commands (those starting with / or !).
  • In groups, only /askai prefixed messages will be sent to the AI.

Managing Your Conversation:

  • Resetting the Conversation: To start a fresh conversation, use: /askai_new
  • Exiting the Conversation: To end the current conversation, use: /askai_exit
  • Changing the AI Model: Use /askai_model to (potentially) change the underlying AI model. Available models are: Gemini, Cohere and Groq.

Group Usage:

  • Enabling/Disabling: This feature is disabled in groups by default. Group admins can enable it using /askai_enable and disable it using /askai_disable.
  • Group Restrictions: Within groups, you must use the /askai prefix for all AI queries.

Timeout:

Conversations will automatically end after 10 minutes of inactivity.

ASM

This command converts assembly code to various ARM assembly hexadecimal representations.

Usage:

Use the following command to convert your assembly code:

/asm <assembly code>

Example:

/asm mov r0, r1

Output:

The command will return a response containing hexadecimal representations for different ARM architectures:

⁃ arm: `0100A0E1`
⁃ armbe: `E1A00001`
⁃ thumb: `0846`
⁃ thumbbe: `4608`

NOTE

The specific output formats may vary depending on the input assembly code and its compatibility with different architectures.

DISASM

This command disassembles ARM assembly hexadecimal code into its corresponding assembly instructions.

Usage:

Use the following command to disassemble your hex code:

/disasm <hex code>

Example:

/disasm 0100A0E1

Output:

The command will return a response containing disassembled assembly instructions for different ARM architectures, where possible:

⁃ arm: `mov r0, r1`
⁃ armbe: `smlatteq r0, r1, r0, sl`
⁃ thumb: `movs r1, r0`
`b #0x346`
⁃ thumbbe: `lsls r0, r0, #4`
`adr r0, #0x384`
⁃ arm64: `.BYTE 0x01, 0x00, 0xa0, 0xe1`

NOTE

The disassembled output may vary depending on the provided hexadecimal code and its compatibility with different ARM architectures.

Base Converter

This command allows you to convert numbers between different bases.

Usage:

The command supports several formats depending on the type of conversion you need.

1. Base 10 to Common Bases:

Convert a base 10 number to binary, octal, decimal, and hexadecimal.

/base <number>

Examples:

/base 100
/base 1337

2. Other Base to Common Bases:

Convert a number from a specified base to common bases (binary, octal, decimal, hexadecimal).

/base <base> <number>

Examples:

/base 2 1100100  # Binary to common bases
/base 8 777     # Octal to common bases

3. Other Base to Another Base:

Convert a number from one specified base to another specified base.

/base <base_a> <base_b> <number>

Examples:

/base 10 3 238   # Base 10 to Base 3
/base 4 9 112   # Base 4 to Base 9

4. String to Base64/Base32 Encoding:

Encode a string to Base64 or Base32.

/base e <b32|b64> <string>

Examples:

/base e b32 Hello
/base e b64 "Heplikopter xD"

5. Base64/Base32 to String Decoding:

Decode a Base64 or Base32 encoded string back to its original string representation.

/base d <b32|b64> <encoded_string>

Examples:

/base d b64 SGVsbG8=
/base d b32 JBSWY3DP

NOTE

Ensure that the input number and encoded strings are correctly formatted for the specified base. Errors may occur if the input is invalid.

Blutter Integration

Blutter Integration facilitates quick analysis of Flutter APKs and .so files. Detect Dart versions, extract necessary files, and generate detailed analysis reports within seconds.

Usage:

This command extracts Dart code from an APK, ZIP, or 7Z file. Use it as a reply to the file.

Basic Extraction:

To extract Dart code without compression, reply to the file with:

/blutter

Custom ZIP Filename:

To extract Dart code to a custom ZIP filename, reply to the file with:

/blutter <zip_filename>.zip

Replace <zip_filename> with your desired filename. The .zip extension is optional; you can omit it. If no filename is provided, the output will be named out.zip.

Examples:

  • /blutter (Extracts Dart code to out.zip)
  • /blutter my_dart_code.zip (Extracts Dart code to my_dart_code.zip)
  • /blutter my_analysis (Extracts Dart code to my_analysis.zip)

Note

The input file must be an APK, ZIP, or 7Z file containing libflutter.so & libapp.so.

Control Flow Flattening (Obfuscation)

This command applies control flow flattening obfuscation to DEX files using BlackObfuscator. This makes reverse engineering more difficult.

Usage:

This command must be used as a reply to a DEX file.

/cff <args>

Arguments:

Arguments specify classes and packages to include or exclude from obfuscation.

  • + <package_or_class>: Includes the specified package or class.
  • - <package_or_class>: Excludes the specified package or class.

Examples:

  • /cff +com.example.app -com.example.app.debug: Includes everything in com.example.app except the com.example.app.debug package.
  • /cff +com.example.app.MainActivity: Only obfuscates the MainActivity class within the com.example.app package.
  • /cff +com.my.app: Obfuscates the entire com.my.app package.

Important Notes:

  • Reply to DEX: This command must be used as a reply to a DEX file.
  • Case Sensitivity: Package names are case-sensitive. Incorrect casing will lead to unexpected results.

Cocos2d JSC Decryption

This command decrypts a Cocos2d .jsc (encrypted JavaScript) file to a .js (plain JavaScript) file.

Usage:

This command requires the decryption key and must be used as a reply to the .jsc file.

/cocos2d <key>

Replace <key> with the correct decryption key for the .jsc file.

Example:

/cocos2d MySecretDecryptionKey

Important

You must know the correct decryption key for this command to work. Providing an incorrect key will result in failure.

DEX to Java

This command converts DEX (Dalvik Executable) files to Java source code. It supports multiple decompilers to allow you to choose the best option for your needs.

Usage:

This command must be used as a reply to a DEX file.

/dex2java

Decompiler Selection:

After sending the command, the bot will prompt you to select a decompiler from the available options.

Important

The success and quality of the conversion depend heavily on the chosen decompiler and the complexity of the DEX file. Some decompilers may produce better results than others for specific DEX files.

Dex Repair

It fixes the DEX magic number and updates the checksum and signature in the DEX header.

Usage:

This command must be used as a reply to a DEX file.

/dexrepair

Frida Script Compilation & Obfuscation 

/frida_compile

This command compiles and obfuscates JavaScript Frida scripts into a Frida-compatible bytecode format.

Note

This feature is under development and is not yet suitable for real-world or production use. Results may be unpredictable, and the output may not always be compatible with all Frida versions.

Hash Generator

This command generates various cryptographic hashes for input text or files.

Usage:

For Text Input:

/hash <text>

For Files: Use this command as a reply to the file you want to hash.

/hash

Output:

The command will return a list of hashes, including:

  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • SHA3_224
  • SHA3_256
  • SHA3_384
  • SHA3_512
  • SHAKE_128 (with length 64)
  • SHAKE_256 (with length 64)
  • BLAKE2B
  • BLAKE2S
  • CRC32
  • Adler32

Note

The output will vary depending on the input text or file. For large files, processing time may increase.

Java/Smali Conversion

With Java to Smali and Smali to Java conversions, you can seamlessly transition between these two languages.

Usage:

For Java to Smali:

/java2smali

For Smali to Java:

/smali2java

Note

These commands must be used as a reply to the corresponding file.

Regex Maker

Regex Maker allows you to craft complex regular expressions for Smali code. Whether for searching or extracting data, this tool simplifies regex creation.

Usage:

Either use it with an input:

/regex <input>

OR reply to a message with the command:

/regex <reply to input>

Smali2Frida

This command generates Frida hooks directly from .smali files, simplifying the process of setting up dynamic analysis.

Usage:

Reply to a .smali file with the following command:

/s2f

Important

This command must be used as a reply to a .smali file. The output will be Frida script(s) designed to interact with the functions defined in the provided .smali code.

JNI Function Information

This command extracts and displays JNI (Java Native Interface) function signatures from an APK file.

Usage:

Reply to an APK file with the command:

/jni_info

The bot will then process the APK and return a list of identified JNI function signatures.

Important

This command requires an APK file as input and must be used as a reply to that file. The accuracy of the results depends on the structure and complexity of the APK.

MT Enhanced Hook

This command generates an MT enhanced hook for APK files. This is typically used for bypassing signature checks during application analysis or modification.

Usage:

Reply to an APK file with the command:

/mthook

Warning

Modifying APK files in this way can have unintended consequences and may lead to instability or malfunction of the application. Use this command cautiously and only on APKs you have permission to modify.

APK Scan

This command scans an APK file to assess its security posture using third-party tools.

Usage:

This command can be used in two ways:

Method 1: Specifying the Scanner

Use this method to explicitly select the scanner you wish to use.

/scan <scanner_name>

Replace <scanner_name> with one of the following:

  • androbugs: Uses AndroBugs for the scan.
  • deeplens: Uses APKDeepLens for the scan.

Method 2: Replying to an APK File

Reply to an APK file with the /scan command. The bot will then prompt you to select the scanner you wish to use from a list of available options.

Examples:

  • /scan androbugs (Scans using AndroBugs)
  • /scan deeplens (Scans using APKDeepLens)

Important

This command must be used as a reply to an APK file.. The accuracy and detail of the results will depend on the capabilities of the chosen scanner and the complexity of the APK.

APK Converter

This command converts various Android application package formats (.apks, .xapk, .apkm) to the standard .apk format.

Usage:

Reply to a .apks, .xapk, or .apkm file with the command:

/toapk

The bot will process the input file and generate a corresponding .apk file.

Important

The resulting .apk file will not be signed. You will need to sign it separately before installing or distributing it. This command must be used as a reply to a supported package file.

XML Tools

This command provides tools for interacting with XML and AXML (Android XML) files.

Current Functionality:

  • AXML Decompilation: Decompile an AXML file into a standard XML format.

    /xml decompile

    Use this command as a reply to an AXML file.

  • XML Compilation: Compile an XML file into the AXML format.

    /xml compile

    Use this command as a reply to an XML file.

Note

This command requires an AXML or XML file as input and should be used as a reply to that file. Additional XML manipulation tools will be added in future updates.

Credits

This command lists the third-party libraries used in this project. You can also view this information by using the command /credits.

Core Functionality & Plugins:

Previous

Overview

Next

Support Us

On this page

Start Help AAB to APK Conversion APK Analysis APKiD Smali Grammar Detailed InformationExample WorkflowAPK Protector APK SignerASK AI ASM DISASM Base Converter Blutter Integration Control Flow Flattening (Obfuscation) Cocos2d JSC Decryption DEX to Java Dex Repair Frida Script Compilation & Obfuscation Hash Generator Java/Smali Conversion Regex Maker Smali2Frida JNI Function Information MT Enhanced Hook APK Scan APK Converter XML Tools Credits