REVAMP

Reverse Engineering Vulnerability Assessment Mobile Penetration

A native desktop GUI for end-to-end mobile (Android & iOS) security assessment.

⬇ Download for macOS • ⬇ Download for Linux (.deb)

---

What is REVAMP

REVAMP consolidates the daily toolchain of a mobile pentester into a single offline desktop application. Instead of juggling separate terminal sessions for adb, frida, jadx, apktool, ssh, and ad-hoc scripts, REVAMP gives you one interface for the whole mobile assessment lifecycle — from device discovery to dynamic instrumentation.

Everything runs locally. No telemetry. No network calls beyond the device under test.

Capabilities

📱 Device Management

• Detect Android devices (USB and Wi-Fi via ADB) and jailbroken iOS devices (SSH) side-by-side in one list.
• Add iOS devices manually with password / identity-file / SSH-agent authentication.
• TCP-connect to remote ADB endpoints; forward and reverse ports per session.
• Live device status badges, online/offline tracking, and capability gating per platform.

📦 App Management

• Browse all installed packages (system + user) with searchable list.
• Resolve real localized app names — falls back through dumpsys, aapt dump badging, and cmd package resolve-activity until a clean label is found.
• Tabbed sub-view per app: App Details (package, version, SDK, size, install path) and Activities.
• Launch any activity, including non-exported ones — automatic su escalation on rooted devices.
• One-click Extract APK, Decompile, Hook with Frida, Analyze.

🔍 APK Analysis

• One-click static analysis pipeline (manifest, packers, compilers, obfuscators, anti-analysis indicators).
• Searchable, filterable result tables.
• Direct hand-off to the decompiler for any APK on disk or pulled from device.

🛠 Decompilation

• Run JADX or Apktool with progress tracking and queueable jobs.
• Built-in file explorer with lazy directory loading — opening a 300+ MB / 50,000+ file output is near-instant; subdirectories load in the background as you expand them.
• Read-only source viewer with syntax highlighting (Java, Smali, XML, JSON, YAML, etc.) and find-in-file (literal or regex, case-insensitive).
• Stale-load protection: rapid file clicks never race or stomp content.

🔬 Frida Instrumentation

• Spawn new processes or attach to running ones.
• Manage a script library; bundled SSL-pinning bypass scripts for Java, OkHttp, Flutter, native connect(), and TLS.
• Stream console.log output live, kill sessions, and run in tabs.
• Per-platform script collections (Android / iOS).

💻 Terminal

• Tabbed interactive shells — same UI for adb shell and SSH sessions to jailbroken iPhones.
• ANSI-aware output rendering, command history, and Ctrl+C / kill-session controls.
• Multiple parallel sessions across multiple devices.

📜 Logging & Settings

• Unified log viewer with per-task output, severity filters, and copy-to-clipboard.
• Configurable tool paths (adb, jadx, apktool, frida, aapt, ssh, sshpass, apkid).
• Persistent SSH device list (identity-file devices saved across restarts; password devices session-only by design).
• Customizable output directories for extracted APKs and decompilation results.

Why REVAMP

• Native performance — Rust + Iced/wgpu rendering. Single self-contained binary. Not Electron.
• One window, full assessment — no context switching between five terminals and three tools.
• Offline-first — every external tool is invoked locally. No cloud, no API keys, no account.
• Cross-platform — macOS Universal binary (Apple Silicon + Intel) and Linux .deb (x86_64 / arm64).
• Mixed-fleet aware — Android and iOS in the same list, with correct capability gating per device kind.

Installation

macOS

1. Download the latest REVAMP-<version>-universal.dmg (or -arm64.dmg / -x86_64.dmg) from the Releases page.
2. Open the .dmg, drag REVAMP.app into Applications.
3. First launch: right-click the app → Open → confirm (the build is ad-hoc signed).
4. Requires macOS 12 (Monterey) or newer.

Linux (Debian / Ubuntu / Kali / Pop!_OS / Mint / …)

# Download the latest .deb from Releases:
wget https://github.com/insomn14/REvamp/releases/latest/download/revamp_<version>_amd64.deb

# Install:
sudo dpkg -i revamp_*.deb
sudo apt-get install -f      # resolves runtime dependencies

# Launch:
revamp

For arm64 hosts (Raspberry Pi 64-bit, ARM laptops): use the _arm64.deb artifact instead.

Note for VM users: Iced uses GPU rendering (wgpu). VirtualBox VMs without 3D acceleration may need to launch with software rendering:

WGPU_BACKEND=gl LIBGL_ALWAYS_SOFTWARE=1 revamp

Runtime requirements

REVAMP shells out to industry-standard tools rather than reimplementing them. Each missing tool only disables its dependent feature; the rest of the app keeps working.

Tool	Used by	Required?
adb (Android Platform Tools)	Device Management, App Management, Terminal	for Android
aapt / aapt2	App labels, activity enumeration, APK analysis	recommended
jadx	Java decompilation	for that feature
apktool	Resource & manifest decoding	for that feature
frida / frida-server	Dynamic instrumentation	for Frida
ssh	iOS / jailbroken iPhone control	for iOS
sshpass	Optional, only for SSH password auth	optional

Tool paths are auto-detected on PATH at startup and can be overridden in Settings.

iOS / Jailbroken iPhone

REVAMP does not require libimobiledevice. The iOS workflow uses standard SSH:

1. Install OpenSSH on the device from Sileo / Zebra.
2. Either connect over Wi-Fi, or USB-forward with iproxy 2222 22.
3. In REVAMP: Device Management → + Add SSH Device, enter host/port/user, choose auth (password / identity / agent), click Test & Add.

Screenshots

Coming soon to this README. For now, see the Releases page for screenshots in changelog notes.

Roadmap

Shipped in v1.0

• ✅ Android ADB device management (USB + TCP)
• ✅ iOS jailbroken device management via SSH
• ✅ App Management with activity launcher (incl. non-exported via root)
• ✅ APK static analysis pipeline
• ✅ JADX + Apktool decompilation with lazy file tree
• ✅ Source viewer with syntax highlighting and find-in-file
• ✅ Frida spawn / attach with script library
• ✅ Tabbed multi-device terminal
• ✅ macOS .app/.dmg (Universal) + Linux .deb (x86_64 / arm64)

Planned

• 🔜 iOS App Management — installed-app list, Info.plist inspection, entitlements dump (parity with Android via SSH-only commands).
• 🔜 Auto-discovery for jailbroken iPhones — mDNS / idevice_id, no libimobiledevice runtime dep.
• 🔜 Per-device terminal history persisted across sessions.
• 🔜 Plugin loading for custom Frida script collections + community script index.
• 🔜 Network capture integration — one-click mitmproxy / Burp / Charles setup with cert push to device.
• 🔜 APK diffing — compare two versions of the same package side-by-side.
• 🔜 Scriptable CLI mode for headless CI use.
• 🔜 Windows build (long-term, depending on Frida tooling availability).

Under consideration

• 💭 Tree-sitter-based class/method navigator on top of the decompiled source viewer.
• 💭 Built-in HTTPS proxy with PCAP export.
• 💭 Hardware breakpoint / debugger integration for native libraries (LLDB / GDB attach).

Have a feature you'd like to see? Open an issue with the enhancement label.

FAQ

Is the source code open?
The compiled binaries are publicly downloadable here. Source code is currently maintained in a separate repository.

Does it phone home?
No. REVAMP makes zero outbound network calls of its own. Anything that goes over the wire is a result of you explicitly connecting to a device or running a tool that does (e.g., frida-server over TCP).

Can I use it on Windows?
Not yet. The toolchain (Frida, ADB) runs on Windows but REVAMP itself is currently built for macOS and Linux only. See Roadmap.

It crashes on launch in my VM with a wgpu shader error.
Run with software rendering: WGPU_BACKEND=gl LIBGL_ALWAYS_SOFTWARE=1 revamp. VirtualBox without 3D acceleration cannot satisfy modern GPU shader capabilities.

The Linux .deb won't install — missing dependencies.
Run sudo apt-get install -f after dpkg -i to auto-resolve. Required runtime libs include libxkbcommon0, libwayland-client0, libfontconfig1, and standard X11 libs.

Reporting issues

Please file bugs at Issues with:

• OS + version (sw_vers on macOS, lsb_release -a on Linux)
• REVAMP version (revamp --version)
• Steps to reproduce
• Relevant log output (Settings → open log directory)

License

See the LICENSE file in this repository.

Disclaimer

REVAMP is intended for authorized security research and assessment only. You are responsible for ensuring you have explicit permission to test any device, application, or service you connect it to. The authors accept no liability for misuse.