Summary

Androidmeda is an LLM-powered tool designed to deobfuscate Android application code and identify potential vulnerabilities. It targets developers and security researchers seeking to understand the logic of obfuscated Android apps, including potential malware. The tool offers a significant benefit by simplifying complex code, suggesting clearer names for program elements, and highlighting security issues, thereby accelerating analysis and improving code comprehension.

How It Works

Androidmeda leverages Large Language Models (LLMs) to analyze decompiled Android source code. It identifies obfuscated patterns, suggests more readable names for variables, methods, and classes, and adds comments to clarify application logic. The approach embraces the inherent unpredictability of LLMs while aiming for improved code readability. It supports both cloud-based LLM APIs (OpenAI, Gemini, Anthropic) and local LLM inference via Ollama, providing flexibility in analysis environments and data privacy.

Quick Start & Requirements

• Installation: Clone the repository, then install dependencies using pip3 install -r requirements.txt.
• Decompilation: Use JADX (https://github.com/skylot/jadx) to decompile APKs into Java source files, which are then used as input.
• Execution:
  • API Models: python3 androidmeda.py --llm_provider <provider> --llm_model <model> -output_dir <path> -source_dir <path> (e.g., google, gemini-1.5-flash, openai, gpt-4.1). Requires API key environment variable.
  • Local Models (Ollama): python3 androidmeda.py --llm_provider ollama --llm_model <model> -output_dir <path> -source_dir <path> (e.g., llama3.2). Requires Ollama setup (https://github.com/ollama/ollama).
• Prerequisites: Python 3, JADX, LLM API keys or Ollama installed.
• Resource Requirements: Local LLM inference demands significant RAM: 7B models require at least 8GB (16GB recommended), 13B models require 16GB (32GB recommended), and 33B models require 32GB (64GB recommended).
• Documentation: Installation and usage details are provided in the README.

Highlighted Details

• LLM-Powered Deobfuscation: Intelligently renames code elements and adds comments for enhanced readability.
• Flexible LLM Integration: Supports major LLM APIs and local inference via Ollama for privacy and cost control.
• Vulnerability Reporting: Generates a JSON report of identified vulnerabilities and labels security issues directly in the deobfuscated code.
• Malware Analysis: Explicitly mentioned as a potential use case for deobfuscating Android malware.

Maintenance & Community

Contributions are welcomed, with instructions provided in CONTRIBUTING.md. No specific community channels (like Discord/Slack) or roadmap links are detailed in the README.

Licensing & Compatibility

The project is licensed under the Apache 2.0 license, which is generally permissive for commercial use and integration into closed-source projects.

Limitations & Caveats

This is an experimental project, and the owner disclaims liability for its use. Users must provide specific decompiled code directories as input, avoiding entire packages. Significant RAM is required for local LLM execution, and LLM output should be reviewed with an understanding of their inherent unpredictability.