Reverse engineering Android apps with ACVTool
2024-10-25 , Europe - Main Room

ACVTool is a sophisticated bytecode instrumentation tool designed for highlighting instruction coverage in Android apps. In 2024, ACVTool received a major update unlocking smali coverage analysis for modern complex Android apps. Now, ACVTool supports Multidex and Multi-APK applications of any size. Secondly, ACVTool can highlight a particular feature, e.g. to see the code actually executed when tapping a button. To further depict selected app behavior, ACVTool may partially shrink not executed code. ACVTool works on 3rd-party Android without source code, and it does not require a rooted device.


ACVTool was initially developed within University of Luxembourg with an idea of driving the coverage guided fuzzing and other automated testing frameworks for closed-source Android apps. Turned out, Android bytecode has many interesting peculiarities, which made ACVTool a highly challenging project. Over the past year, ACVTool project underwent a major revision. ACVTool has evolved into a well defined tool capable of effectively depicting executed code when reverse engineering Android apps.

The 2024 ACVTool release solved the major Multidex instrumentation challenge making it possible to handle modern Android apps. ACVTool also has learnt to deal with multiple APKs as Google Play nowadays delivers bundles apps in several APKs. This requires maintaining same signature over all APKs when repackaging only one of them. When it comes to repackaging, we learnt that Apktool, the most widely used repackaging tool, fails too often on complex applications. Therefore, ACVTool now implements more effective solution moving away from Apktool to the baksmali project. ACVTool runs baksmali to rewrite instrumented DEX files, and then we patch and rewrite AndroidManifest right inside the APK, which was apparently another challenge.

Additionally, ACVTool now allows for highlighting a particular feature execution. This may help reverse engineers significantly narrow the scope of analysed code and also better depict a feature execution. We demonstrate how it works on a preselected app.

Finally, ACVTool includes an experimental shrinking functionality to further limit the analysis surface. From our experience, an average app may run less than 20% of its code when tested exhaustively. Usually, this still results in a huge pile of smali code to examine. Thus, instruction coverage of a single feature combined with shrinking gives a perfect slice of just executed code. Convenient to analyse!

ACVTool is freely available on GitHub under Apache 2.0 License. The Multidex instrumentation technique was patented, however, its implementation is free and fully available under ACVTool repository https://github.com/pilgun/acvtool.

See also:

Aleksandr Pilgun is an independent Computer Scientist specialising on Android apps reverse engineering.

Initially, Aleksandr has got Cyber Security education. He had an intense Software Engineering experience building enterprise level web solutions before moving to Luxembourg for PhD studies.

In 2020, Aleksandr defended his doctoral thesis at the University of Luxembourg. During this research, he developed ACVTool, - an efficient instruction coverage measurement tool, and the coverage-backed shrinking technique for Android apps. He repackaged and run tons of Android apps and performed an extensive analysis for the instrumentation technique from size, performance and automated testing perspective. Aleksandr continues development of ACVTool searching to emerge his academic project closer to industry needs.

In recent years, Aleksandr was focusing on examining Android apps including technical analysis of fraudulent applications and reverse engineering. He assisted a few FinTech startups to improve their service interoperability through reverse engineering. Last year, Aleksandr moved to Portugal to enjoy sunny days and ocean views around Lisbon.