Skip to content
View AbhiTheModder's full-sized avatar
:octocat:
Focusing
:octocat:
Focusing

Organizations

@radareorg @AMCommunity @The-MoonTg-project @RevEngiSquad @sys-adm1ns

Block or report AbhiTheModder

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
AbhiTheModder/README.md

Abhi / AbhiTheModder

GitFut profile card for AbhiTheModder

Mobile security researcher and reverse engineer focused on Android internals, application security, Dalvik/Smali, Flutter/Dart, Frida/Pine instrumentation, radare2, and Termux-first tooling.

I build tools around the problems I hit while reversing: DEX and Smali exploration, runtime hooking, APK analysis, Android-native YARA, radare2 workflows, and automation for repeatable mobile security work.

Occasionally dabbling in web security.

Research Focus

  • Android application security assessments, obfuscated APK reversing, malware behavior analysis, and threat intelligence.
  • Dalvik bytecode, Smali, ART runtime behavior, Java/Kotlin Android internals, JNI, native code, and Flutter/Dart AOT analysis.
  • Dynamic analysis and instrumentation with Frida, PineHook, radare2, custom agents, and Android/Termux-native workflows.
  • Reverse-engineering tooling, security automation, and AI/MCP-assisted analysis pipelines.

Public Research

  • CVE-2026-33989: arbitrary file write via path traversal in @mobilenext/mobile-mcp, fixed in 0.0.49 and published through GHSA-3p2m-h2v6-g9mx.
  • CVE-2026-33989 writeup: technical analysis of mobile_save_screenshot and mobile_start_screen_recording path handling in a mobile MCP server.
  • r2con2025 talk: Accessing r2 from anywhere anytime.
  • Research notes and writeups: Android reversing, Flutter SSL analysis, Dart AOT internals, Frida on Termux, Smali patching, signature matching, and CTF writeups.

Selected Work

RevEngi

  • RevEngiBot: Telegram-based reverse-engineering toolkit.
  • revengi-app: Flutter app for Smali grammar, DexRepair, Flutter analysis, Blutter integration, APK tooling, and related workflows.
  • RevEngi docs: documentation for the bot, API, and app.
  • yarax_android: native Android JNI bindings for yara-x.

Android, Smali, and DEX

  • understand-smali: learning and reference material for Smali and Android bytecode.
  • smalisp: lightweight Smali language server with definitions and completion.
  • smalig: Dalvik/Smali bytecode grammar and information fetch tool.
  • java2smali: command-line tool for compiling Java into Smali.
  • MT-NotepadPlus: Smali syntax highlighting for Notepad++.

Runtime Instrumentation

  • PineHookPlus: PineHook-based helper for hooking classes and methods with less repeated code.
  • Fine: Pine and Frida integration experiments around Android component factory behavior.
  • NewPineExample: Pine hook proof of concept using the Android android:name manifest attribute.
  • frida-python: Frida Python bindings variant with devkit support.
  • frida-agent-api: lightweight Frida agent compiler and API.

Binary Analysis and radare2

  • r2web: web interface for accessing radare2 from anywhere.
  • warrp: native radare2 plugin for Binary Ninja WARP signatures.
  • nyxstone-r2: nyxstone assembler plugin for radare2.
  • r2garlic: Android/DEX decompiler work around radare2.

Termux, Automation, and APIs

  • termux-scripts: scripts for installing and using reverse-engineering tools on Android/Termux.
  • termux-hermes: build notes and releases for Hermes on Termux.
  • blutter-termux: maintained Termux-oriented B(l)utter workflow with enhancements.
  • dex2c: maintained method-based Dalvik bytecode to JNI native code compiler.
  • apksearch: APK search engine.
  • playstoreapi: unofficial Google Play Store API wrapper in Python.
  • pyxamstore: unpack and repack Xamarin assembly store blobs, including V2 and V3 formats.
  • LYADI: MCP server for reverse-engineering assistance, with an Android/Termux focus.

Writing

My blog is qbtau.in, where I publish technical notes on Android reversing, Flutter/Dart internals, Frida, Smali, mobile tooling, CVEs, and CTFs.

Recent topics include:

  • Building Frida natively on Android/Termux.
  • Matching Java classes and methods across APK versions.
  • Identifying ssl_verify_peer_cert in Android Flutter binaries.
  • Overriding Android constructor parameter defaults at runtime.
  • Dart object pool behavior on ARM64 and ARM32.

Links

Platform Link
Mail abhi@revengi.in
Website / Blog qbtau.in
GitHub github.com/AbhiTheModder
RevEngi github.com/RevEngiSquad, revengi.in
Telegram @AbhiTheM0dder, RevEngi Chat, RevEngiBot
Mastodon @AbhiTheModder@defcon.social
Bluesky @qbtau.in
X @AbhiTheModder, @Qbtaumai
LinkedIn linkedin.com/in/abhisom
GitLab gitlab.com/AbhiTheModder
YouTube @AbhiTheModder
GitHub stats and badges

An image of @abhithemodder's Holopin badges, which is a link to view their full Holopin profile

Stats Streak Top Langs
AbhiTheModder Stats GitHub Streak AbhiTheModder Top Languages

trophy

Detailed GitHub contribution metrics

Pinned Loading

  1. apksearch apksearch Public

    Your APK Search Engine

    Python 49 4

  2. RevEngiSquad/revengi-app RevEngiSquad/revengi-app Public

    Your all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

    Dart 186 24

  3. termux-scripts termux-scripts Public

    Some scripts created for easier installation/usages of tools

    Python 137 27

  4. radareorg/r2web radareorg/r2web Public

    Access radare2 from anywhere, anytime.

    TypeScript 49 12

  5. smalisp smalisp Public

    A very simple language server for smali with definition support & auto-completion.

    Python 36 2

  6. radareorg/warrp radareorg/warrp Public

    A native radare2 plugin for the WARP signature format

    Rust 12