Droidsaw: A Rust Tool for Byte-Perfect Android DEX/Hermes RE
Droidsaw is a Rust-based Android reverse engineering tool that reconstructs DEX and Hermes files byte-for-byte, with built-in security auditing.
Droidsaw is a Rust-based Android reverse engineering and security auditing tool that takes apart a DEX file or Hermes bundle and reassembles it byte-for-byte. Version 2.0.0 targets Rust 2024 and ships with a validation suite recovering 5,767 DEX files from F-Droid bit-identically in preservation mode, plus Hermes bytecode round-trips verified on v84, v96, v98, and v99. When the format model has a gap -- a wrong string-table offset, a missed alignment rule, a forgotten padding byte -- the re-emitted bytes diverge and the test points to exactly where.
While most Android RE tooling works layer by layer, droidsaw traces a JS value through the React Native bridge into Java as a single taint path. Pointing it at an APK unpacks the container, decompiles every layer, and can pipe output through Semgrep and TruffleHog in one pass via audit --mode=full; the CLI and an MCP server share the same command surface.
Output is deterministic JSON or NDJSON, with SARIF 2.1.0 and CycloneDX SBOM support for CI integration. Installed via cargo auditable, the binary embeds its own dependency inventory so it can be checked against the RustSec advisory database long after the build environment is gone. Pure Rust, BSD-3-Clause licensed, and requires no Java or Android SDK -- making it a lightweight fit for CI gates and fleet-wide audits.