LLM-powered scanning
Targeted scans hunt for specific behaviors — exfiltration, credential theft, persistence — with an agent that reads bytecode the way an analyst reads code.
Open source · MIT licensed
An AI agent for finding malware in mobile apps.
AppReagent is a reverse engineering operative for Android. It tears apart APKs, traces data flows, and pulls the mask off suspicious behavior — with receipts, not vibes.
“Scan my phone for malware, make no mistakes.”
What you get
A full reverse-engineering toolkit,
wired to an agent that knows how to use it.
Static-analysis toolbelt
Decompile APKs, disassemble smali and ELFs, grep and xref across the project, query the database with raw SQL. All the tools a human analyst reaches for.
Receipts, not vibes
Every finding comes with evidence: class names, method names, API calls, string constants, data-flow paths. No ghost findings. No hallucinated indicators.
How it thinks
A five-phase playbook, run like
a seasoned analyst would.
AppReagent doesn't wander. Every investigation follows a deliberate sequence — cheap tools first, LLM calls where they earn their cost.
-
01
Recon
Decompile the APK, read the manifest, map the terrain. Know what you're dealing with before you open a single smali file.
-
02
Triage
Fast, free passes first. Pull URLs, IPs, hardcoded secrets, reflection targets, and crypto constants. Flag anything sketchy for deeper work.
-
03
Deep dive
Targeted LLM scans for specific behaviors. Disassemble suspicious methods, follow the bytecode, trace from entry points to sinks.
-
04
Correlate
Connect findings across files. One indicator is a clue. Two correlated indicators are a pattern. Three are a verdict.
-
05
Report
Structured markdown with the full kill chain: entry → collection → processing → exfiltration. Every claim backed by evidence.
The toolbelt
Twenty-plus primitives,
composable under one agent.
DECOMPILECrack open an APK into smali, resources, and manifests.
MANIFESTRead AndroidManifest.xml — permissions, components, intents.
STRINGSYank URLs, IPs, secrets, and crypto constants. Fast, no LLM.
DISASMRead the actual bytecode of a suspicious method.
SCANTargeted LLM-powered behavioral analysis against a specific goal.
CALLGRAPHTrace execution from entry points to sinks.
XREFSFollow the breadcrumbs across the whole project.
GREPRegex across decompiled source before you burn LLM calls.
FINDSearch behavioral findings across all scanned methods.
SIMILARPattern-match against known malicious techniques.
SQLRaw SQL over the scan database for cross-file patterns.
REPORTEmit a structured markdown report with receipts.
Rules of engagement
Opinionated about
how to do this well.
Hypothesize, then test.
Every tool call has a theory behind it. After the result, did it confirm or bust the theory? This keeps investigations sharp and stops aimless wandering.
Cheap tools first.
STRINGS and GREP are free. SCAN costs tokens. Narrow the field with static analysis before burning LLM calls on files that weren't the targets.
Triangulate findings.
One indicator is a clue; three are a verdict. A single suspicious API call isn't malware — trace its callers, the data flow, and the sink before you call it.
Rule out the boring explanation.
Before you cry malware — could it be an ad SDK? Crash reporter? OTP flow? Kill the mundane explanation first, then escalate.
Call it like you see it.
Three tiers, no sugarcoating: relevant = malicious, partially_relevant = suspicious, not_relevant = clean. No hedging.
Own your uncertainty.
“Reads SMS and the same class has a network sink — possible exfil, tracing XREFS to confirm” beats “this exfiltrates SMS.”
Get started
Build it, run it,
point it at an APK.
1
Clone
$ git clone https://github.com/AppReagent/AppReagent.git
$ cd AppReagent
2
Build
$ make
3
Run
$ ./area
Requires CMake, a recent C++ compiler, libpq, libcurl, and libssl.
Configure your LLM provider in config.json —
see config.example.json
for the schema.