Home Original page

GitHub - Mkadir/APKLab: Android Reverse-Engineering Workbench for VS Code


🔬 HexLab

Advanced Android Reverse-Engineering Workbench right inside your VS Code.

Forked from APKLab — extended with additional ADB tooling, configurable JVM heap sizing, root-bypass tooling, and more.

HexLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer, apk-mitm and more to the excellent VS Code so you can focus on app analysis and never leave your IDE.

✨ Features

  • Decode all the resources from an APK
  • Disassemble the APK to Dalvik bytecode aka Smali
  • Decompile the APK to Java source via Jadx
  • Interactive Malware Analysis Report (via Quark-Engine)
  • Initialize project dir as a Git repo
  • Excellent Smali language support with Smalise
  • Apply MITM patch for HTTPS inspection
  • Patch common string-based root / emulator checks and exact MyID SDK detections in smali
  • Build (and rebuild) an APK from Smali and resources
  • Rebuild an APK in Debug mode for dynamic analysis
  • Sign the APK seamlessly during the build
  • Install the APK directly from VS Code via ADB
  • ADB: Uninstall app from connected device
  • ADB: Launch app on connected device
  • ADB: Stream Logcat filtered to your app
  • Configurable JVM Max Heap Size for large APK decompilation
  • Support for Apktool-style projects (apktool.yml)
  • Support for most Apktool CLI arguments
  • Support for user-provided keystore for APK signing
  • Download and configure missing dependencies automatically
  • Supports Linux, Windows, and macOS

📋 Requirements

  • JDK 11+

    Run java -version in your shell. If not found, download from Adoptium.

  • ADB (optional — for install / uninstall / launch / logcat)

    Run adb devices in your shell. If not found, check this guide.

  • quark-engine ≥21.01.6 (optional — for malware analysis)

    Run quark in your shell. If not found, check official docs.

🚀 Getting Started

Open APK or Apktool project

  • Open the Command Palette (Ctrl+Shift+P) ➜ APKLab: Open an APK
  • Or simply open an existing Apktool project folder

Apply MITM patch

  • Right-click on or inside apktool.ymlAPKLab: Prepare for HTTPS inspection

Apply root bypass patch

  • Right-click on or inside apktool.ymlAPKLab: Patch APK for Root Bypass
  • Exact MyID SDK methods are patched when uz/myid/android/sdk/capture/core/MyIdStore is present
  • Common string-based detector constants such as su, test-keys, emulator markers, shell-channel labels, and selected SELinux checks are mutated in app-side smali with rebuild validation support

Rebuild and Sign APK

  • Right-click on or inside apktool.ymlAPKLab: Rebuild the APK

Install APK to device

  • Right-click on .apk file (in dist/ directory) ➜ APKLab: Install the APK

ADB Utilities

  • Command Palette ➜ APKLab: ADB Uninstall App
  • Command Palette ➜ APKLab: ADB Launch App
  • Command Palette ➜ APKLab: ADB Stream Logcat

Clean ApkTool frameworks dir

  • Command Palette ➜ APKLab: Empty ApkTool Framework Dir

⚙️ Extension Settings

Dependency Paths

  • apklab.apktoolPath: Full path of apktool.jar. Override to use a specific version:

    "apklab.apktoolPath": "/home/user/downloads/apktool_2.9.0.jar"

  • apklab.apkSignerPath: Full path of uber-apk-signer.jar.

    "apklab.apkSignerPath": "/home/user/downloads/uber-apk-signer-1.3.0.jar"

  • apklab.jadxDirPath: Full path of jadx-x.y.z directory.

    "apklab.jadxDirPath": "/home/user/downloads/jadx-1.4.7"

    On Linux and macOS, HexLab will automatically repair execute permissions for the bundled Jadx launcher scripts and run them through bash when needed.

Keystore Configuration
  • apklab.keystorePath: Absolute path of your Java keystore (.jks / .keystore).
  • apklab.keystorePassword: Password of your keystore.
  • apklab.keyAlias: Alias of the used key in the keystore.
  • apklab.keyPassword: Password of the used key.
Advanced Configuration
  • apklab.jvmHeapSize: JVM Max Heap Size for decompiling very large APKs (e.g. -Xmx4g). Leave blank for the JVM default.
  • apklab.initProjectDirAsGit: Automatically initialize the project output directory as a Git repository.
  • apklab.updateTools: Whether HexLab should check for tool updates on startup.
  • apklab.rootBypassVerifyRebuild: Rebuild immediately after a root bypass patch to catch smali issues early.
  • apklab.rootBypassScope: Root bypass scan scope. app-only focuses on the app package, all scans all smali classes.
  • apklab.rootBypassAdditionalPackages: Extra Java package prefixes to include in root bypass analysis.

🐛 Known Issues

Please open an issue at our GitHub repository.

🤝 Contributing

Bug reports, feature requests, and PRs are always welcome. Open an issue here.

📜 Changelog

See CHANGELOG.md for the full release history.

🙏 Credits

HexLab is built on the shoulders of giants: