Reverse Engineering & Security Tools
Open Source

TinkerMole: Automated Reverse Engineering & Static Analysis Pipeline

PythonShellTkinterconcurrent.futuresGhidra HeadlessBlutterReflutterdex2jarFridaIntelliJ IDEA

A multi-threaded, GUI-driven Android reverse engineering pipeline. It automates APK extraction, deep Flutter engine analysis, static vulnerability scanning, and Ghidra workspace initialization.

Tech Stack

PythonShellTkinterconcurrent.futuresGhidra HeadlessBlutterReflutterdex2jarFridaIntelliJ IDEA

System Metrics

Asynchronous inter-thread log queuing prevents UI thread blocking and lock contention during aggressive subprocess execution
Parallel target processing via `ThreadPoolExecutor` for concurrent analysis of multiple APKs
Memory-safe binary string extraction enforces strict file size constraints to prevent OOM errors on massive payload dumps
LRU caching applied to compiler environment resolution (`vcvarsall.bat`) minimizing redundant OS-level polling

Why Did I Build This?

"Handling complex mobile targets—especially AOT-compiled Flutter apps—traditionally requires juggling disjointed CLI tools and writing tedious boilerplate. I built TinkerMole to consolidate this fragmented workflow into a single, cohesive desktop application. It automates the entire static analysis and decompilation pipeline, drastically reducing my time-to-analysis while eliminating manual overhead."

Architecture & Decisions

The core is a decoupled, multi-threaded engine written in Python. To ensure the Tkinter desktop interface remains responsive during heavy I/O and CPU-bound operations (like decompilation), I implemented an asynchronous inter-thread queuing system. External binaries like Ghidra, Blutter, and dex2jar are orchestrated via strict subprocess wrappers that pipe `stdout` directly to the GUI for real-time telemetry. The system also features a hardened ZIP extraction routine to actively mitigate Path Traversal (Zip Slip) attacks.

Key Features

  • 01.Responsive Tkinter desktop GUI with real-time asynchronous log ingestion
  • 02.Automated APK/XAPK/APKM extraction with active Zip Slip vulnerability mitigation
  • 03.Deep Flutter analysis pipeline automating Dart snapshot decompilation via Blutter
  • 04.Automated network interception prep via Reflutter patching for SSL unpinning
  • 05.Headless Ghidra integration for automated native library (.so) importing and project initialization
  • 06.Multi-threaded static vulnerability, API key, and cloud secret scanning across binaries and source text
  • 07.Automated DEX-to-JAR decompilation mapping directly to an auto-generated IntelliJ project structure
TinkerMole is designed as a complete engineering workbench. It proactively detects cross-platform frameworks (Flutter, React Native, Cordova), isolates target architectures, and executes necessary tooling to generate targeted Frida hook scripts and Dart symbol maps. The bespoke visual interface allows me to monitor aggressive subprocess executions in real-time without locking up the OS. All outputs are systematically structured into distinct workspaces, giving me an immediate, ready-to-use environment for dynamic instrumentation, IDE inspection, and deep Ghidra analysis.