PulseAPK

🌍 Languages
English | Deutsch | Español | Français | עברית | 한국어 | Беларуская | Suomi | Latviešu | Eesti | Lietuvių | Čeština | Slovenčina | Magyar | العربية | Português | Русский | Українська | 中文

PulseAPK is a professional-grade, cross-platform GUI for Android reverse engineering and security analysis, built with Avalonia and .NET 8. It combines the raw power of apktool with advanced static analysis capabilities, wrapped in a high-performance, cyberpunk-inspired interface. PulseAPK streamlines the entire workflow from decompilation to analysis, rebuilding, and signing.

Watch the demo on YouTube

PulseAPK is organized into a single-window workflow with top navigation for each tool: Decompile, Build, Patch APK, Analyser, Settings, and About. Each section focuses on one stage of the APK lifecycle so you can move from decoding to analysis, patching, and signing without leaving the app.

Key Features

• 🛡️ Static Security Analysis: Automatically scan Smali code for vulnerabilities, including root detection, emulator checks, hardcoded credentials, and insecure SQL/HTTP usage.
• ⚙️ Dynamic Rule Engine: Fully customizable analysis rules via smali_analysis_rules.json. Modify detection patterns on the fly without restarting the application. Uses caching for optimal performance.
• 🚀 Modern UI/UX: A responsive, dark-themed interface designed for efficiency, with real-time console feedback.
• 📦 Complete Workflow: Decompile, Analyze, Edit, Recompile, and Sign APKs in one unified environment.
• ⚡ Safe & Robust: Includes intelligent validation and crash prevention mechanisms to protect your workspace and data.
• 🔧 Fully Configurable: Manage tool paths (Java, Apktool), workspace settings, and analysis parameters with ease.

Advanced Capabilities

Security Analysis

PulseAPK includes a built-in static analyzer that scans decompiled code for common security indicators:

• Root Detection: Identifies checks for Magisk, SuperSU, and common root binaries.
• Emulator Detection: Finds checks for QEMU, Genymotion, and specific system properties.
• Sensitive Data: Scans for hardcoded API keys, tokens, and basic auth headers.
• Insecure Networking: Flags HTTP usage and potential data leakage points.

Rules are defined in smali_analysis_rules.json and can be customized to your specific needs.

APK Management

• Decompile: Select an APK, choose decode options (resources, sources, manifest handling), and extract to an output folder or the APK’s own folder.
• Build: Recompile from a project folder, set output name and location, toggle AAPT2, and optionally sign the APK in one step.
• Patch APK: Use the dedicated patcher tab to automate APK patching workflows, including Frida setup with one-click Inject frida-gadget support.
• Analyser: Point to a decompiled project folder, run the Smali analysis, and export the report when needed.

Prerequisites

1. Java Runtime Environment (JRE): Required for apktool. Ensure java is in your system PATH.
2. Apktool: You can download apktool.jar directly from PulseAPK by pressing the download button in Settings, or provide it manually from ibotpeaches.github.io.
3. Ubersign (Uber APK Signer): Required for signing rebuilt APKs. You can download the latest uber-apk-signer.jar automatically in Settings, or still provide it manually from the GitHub releases.
4. .NET 8.0 Runtime: Required to run PulseAPK on supported platforms (Windows, Linux, and macOS).

Quick Start Guide

1. Download and Build

   dotnet build
   dotnet run

2. Setup

   • Open Settings.
   • Link your apktool.jar and uber-apk-signer.jar paths.
   • PulseAPK will display the Java runtime it detects from your environment variables.
   • Use the built-in download shortcuts if you need to grab dependencies quickly.

3. Analyze an APK

   • Decompile your target APK using the Decompile tab.
   • Switch to the Analyser tab.
   • Select your decompiled project folder.
   • Click Analyze Smali to generate a security report.
   • Save the report from the footer action when you are ready.

4. Modify & Rebuild

   • Edit files in your project folder.
   • Use the Build tab to recompile into a new APK.
   • Toggle signing during the build step to sign the output APK.

Screenshots

1) Decompile workflow

• Use this screen to pick an input APK and output folder, then run decompilation.
• Simple flow: select APK -> set output path -> click decompile.

2) Build workflow

• Use this screen to rebuild a decompiled project into a new APK.
• Simple flow: select project folder -> choose output name/path -> click build (and enable signing if needed).

3) Static analysis results

• This view shows security findings from Smali/static analysis.
• Simple flow: decompile first -> open analysis tab/output -> review findings and export report.

Technical Architecture

PulseAPK utilizes a clean MVVM (Model-View-ViewModel) architecture:

• Core: .NET 8.0, Avalonia (cross-platform UI).
• Analysis: Custom Regex-based static analysis engine with hot-reloadable rules.
• Services: Dedicated services for Apktool interaction, file system monitoring, and settings management.

License

This project is open-source and available under the Apache License 2.0.

Attribution and Copyright

• Licensing terms are defined by LICENSE.md (Apache-2.0).
• Contributor licensing and ownership terms are defined by CLA.md.
• Project-level copyright and attribution practices are documented in NOTICE.
• Per-file copyright/license headers are optional unless a file requires an explicit third-party notice; repository-level LICENSE.md and NOTICE remain authoritative.
• Contributors do not need to add themselves to a separate acknowledgements list in this repository; attribution is handled through Git history, pull request metadata, and signed CLA records.

❤️ Support the project

If PulseAPK is useful for you, you can support its development by pressing the "Support" button at the top

Starring the repository also helps a lot.

Contributing

We welcome contributions! Please note that all contributors must sign our Contributor License Agreement (CLA) to ensure that their work can be legally distributed. By submitting a pull request, you agree to the terms of the CLA.