MASTG-TOOL-0018: jadx

jadx is an open-source Dex and Java decompiler available both in a CLI (jadx) and GUI (jadx-gui) form. It's actively developed and offers an extensive range of features to help you analyze Android applications:

• Decoding of resources and Manifest
• Refactoring of symbols
• Finding cross-references
• Search features for classes, symbols, resources and code
• An API for creating custom extensions
• Support for debugging applications
• Generation of Frida and LSPosed snippets

Techniques

MASTG-TECH-0020: Retrieving Cross References MASTG-TECH-0023: Reviewing Decompiled Java Code MASTG-TECH-0017: Decompiling Java Code MASTG-TECH-0145: Working with XAPK Files MASTG-TECH-0117: Obtaining Information from the AndroidManifest

Tests

MASTG-TEST-0013: Testing Symmetric Cryptography MASTG-TEST-0029: Testing for Sensitive Functionality Exposure Through IPC MASTG-TEST-0028: Testing Deep Links MASTG-TEST-0039: Testing whether the App is Debuggable