Open Source · Apache 2.0

Find Any Method in
Any APK, Instantly

Cross-platform APK/DEX method & field reference finder with call chain tracing, ProGuard/R8 deobfuscation, and Android hidden API detection. 5x faster than veridex.

Install Now View on GitHub
dexfinder — Terminal
dexfinder demo showing call chain tracing, ProGuard deobfuscation, and hidden API detection in terminal

Everything You Need to Analyze APKs

A single tool that replaces multiple workflows for Android reverse engineering and compliance.

Multi-Format Query

Search by Java class name, DEX/JNI signature, or simple keyword. dexfinder auto-detects the format and converts between them.

Call Chain Tracing

Trace callers up to N levels deep. Merged tree view or flat list (Java crash style). Automatic cycle detection.

ProGuard/R8 Deobfuscation

Load mapping.txt to auto-deobfuscate. Query with original names, display both obfuscated and original side by side.

Hidden API Detection

Load hiddenapi-flags.csv to detect blocked and unsupported Android APIs. Includes reflection-based detection via class/string cross-matching.

Flexible Output Formats

Text, JSON, HTML, SARIF — all orthogonal with tree/list layout and java/dex naming style. Perfect for humans and CI pipelines.

CI/CD Integration

--fail-on blocked exits non-zero when restricted APIs are found. SARIF output integrates with GitHub Code Scanning.

APK Diff

Compare two APK versions side by side. Detect added, removed, and changed API references between releases.

Zero Dependencies & Fast

Pure Go implementation with self-contained DEX parser. No external dependencies. Cross-platform: macOS, Linux, Windows.

Config File Support

Create .dexfinder.yaml for project defaults. Set mapping path, class filter, API flags once — CLI flags always override.

How It Works

dexfinder builds a reverse index of all DEX bytecode references, enabling instant lookups and deep call chain tracing.

Parse

Read APK/DEX/JAR, extract all classes, methods, fields, and strings

Index

Build reverse index mapping callees to callers for O(1) lookup

Query

Match by keyword, Java name, or DEX signature with auto-detection

Trace

Walk call graph N levels deep with cycle detection

Output

Render as text, JSON, HTML, or SARIF with deobfuscation

See It in Action

From simple lookups to deep call chain analysis.

Call Chain Tracing (Tree View) 
# Trace who calls getDeviceId
dexfinder --dex-file app.apk \
  --query "getDeviceId" --trace

TelephonyManager.getDeviceId()
└── aopsdk.TelephonyManager.getDeviceId()
    ├── PhoneInfo.getImei()
    ├── ClientIdHelper.initClientId()
    │   └── ContextInfo.<init>()
    │       ├── LogStrategyManager.getInstance()
    │       └── LogContextImpl.<init>()
    ├── DeviceInfo.k()
    │   └── DeviceInfo.getInstance()
    └── WXEnvironment.getDevId()
Hidden API Detection 
# Detect blocked & unsupported APIs
dexfinder --dex-file app.apk \
  --api-flags hiddenapi-flags.csv

#1: Linking unsupported
Unsafe.allocateInstance()
  UnsafeAllocator.create()

#2: Reflection blocked
ILocationManager.getCurrentLocation
  LocationMonitor.hookSystemLocation()

# CI gate — fail on blocked APIs
dexfinder --dex-file app.apk \
  --api-flags hiddenapi-flags.csv \
  --fail-on blocked
# Exit: 0 = clean, 2 = violations
ProGuard/R8 Deobfuscation 
# Query with original names
dexfinder --dex-file app.apk \
  --query "KotlinCases" \
  --mapping mapping.txt \
  --show-obf --trace

KotlinCases.fetchLocationAsync()
└── KotlinCases$testCoroutines$3
   .invokeSuspend() [obf: G7.e]
    └── KotlinCases$testCoroutines$3
       .create() [obf: G7.b]
APK Version Diff 
# Compare two APK versions
dexfinder --dex-file new.apk \
  --diff old.apk \
  --query "getDeviceId"

+ 1 added method(s)
  + Feature.trackDevice()

- 1 removed method(s)
  - Legacy.getIMEI()

Summary: +1 added, -1 removed, ~0 changed

Output That Fits Your Workflow

Five formats, two layouts, two naming styles — all orthogonal and freely combinable.

Text

Colored terminal output with tree connectors

JSON

Structured data for scripting and automation

Model

Full MethodInfo types for IDE & CI integration

HTML

Interactive report with search & dark theme

SARIF

GitHub Code Scanning & VS Code integration

Blazing Fast

Reverse-index optimization makes dexfinder 5x faster than veridex on large APKs.

APK Size DEX Files Classes Method Refs Scan Time
~1 MB1~2K~18K24ms
~10 MB2~25K~100K335ms
~300 MB30+~180K~1.2M3.9s

~300 MB APK — Hidden API Detection

Lower is better

dexfinder
5.4s
veridex (precise)
27s
veridex (imprecise)
>32m

Flexible Search Scope

Control what kind of references to match — callees, callers, strings, or everything.

--query "API" scope=callee "Who calls this API?" scope=caller "What does it call?" scope=string "Where is this string?" scope=everything "Full picture"

Get Started in Seconds

Choose your preferred installation method.

Homebrew

macOS / Linux
brew install junelegency/tap/dexfinder

Script Install

Auto-detects OS & architecture
curl -sSL https://raw.githubusercontent.com/JuneLeGency/dexfinder/main/install.sh | bash

Go Install

Requires Go 1.21+
go install github.com/JuneLeGency/dexfinder/cmd/dexfinder@latest

Binary Download

All platforms
github.com/JuneLeGency/dexfinder/releases

Quick Start

Start analyzing your APK in one command.

Getting Started 
# Show APK overview
dexfinder --dex-file app.apk --stats

# Find all calls to a method
dexfinder --dex-file app.apk --query "getDeviceId"

# Trace call chains as merged tree
dexfinder --dex-file app.apk --query "getDeviceId" --trace

# Hidden API detection
dexfinder --dex-file app.apk --api-flags hiddenapi-flags.csv

# Generate HTML report
dexfinder --dex-file app.apk --query "getDeviceId" \
  --trace --format html --output report.html

Ready to Analyze Your APK?

Open source, zero dependencies, and fast. Get started now.

Install dexfinder Star on GitHub