The tutorial does leave out https://frida.re which offers a runtime no-root reverse engineering mechanism, which I'm currently using it to MiTM apps with cert-pinned TLS.
There's also the excellent FlowDroid and Androguard, the latter of which I've used for static analysis .
I recall NateLawson founded a YC startup, SourceDNA , that offered intelligence on reverse engineered iOS and Android apps (based on static analysis). I wonder what tools they used.
1) Decompile App -> smali
2) Decompile App -> Java (non-reversible, but easier to read)
3) Search the app for certificate pinning code (check for network_security.xml or grep for OKHttp pinning functions)
4) Find the code I just found in java, in the smali version
5) Remove the pinning code
6) Recompile smali -> apk
7) Fix whatever was causing the smail not to recompile
8) Recompile again
10) Install on device
11) Run app (that hopefully doesn't crash)
12) Pipe connection through Charles proxy
13) Read api calls!
I'll definitely give it a go.
In general I think there are nowhere near enough resources on decompilation, particularly on a purportedly "open" platform like Android. Really looking forward on the rest of the tutorial coming online.
Most apps are definitely not 'open' and unfortunately most of 'reverse engineering' has nefarious intentions.
Once one has had key code stolen from them, it changes one's perspective a little.
Surely if you're running something that has to be that "closed", most of the key code is server side and the client is just calling APIs.
Reverse engineers are not your enemy.
Of course, but doesn't obviate the illegality of stealing protected code.
"Reverse engineers are not your enemy."
Yes, many of them are.
Many of these resources and individuals are involved in illegal and immoral acts around stealing code and IP, and justify it to themselves on some kind of skewed logic.
Nobody really cares that folks are hacking code for fun, and nobody cares that people would use resources for this purpose. This is fine and possibly helpful.
But IP theft is a big deal, and it's very damaging.
"Surely if you're running something that has to be that "closed", most of the key code is server side and the client is just calling APIs"
Unfortunately, this isn't possible in a variety of cases, especially new and upcoming scenarios that require AI to be 'on device'. There are many other such scenarios.
It's very oppressive to a major class of innovation - particularly to those who've worked very hard to assemble something exceptional and useful.
Even worse, he then reported back the original author for stealing his apps.
What he did, is to steal resources and put his Ads into the stolen app.
I'm not sure if Google could track those things.
That's why i always consider most of Vietnamese apps on Android store are "stolen" in some cases.
In Vietnam, "stealing apps" is a real dark business.
Add to it that lots of repackaged apps are distributed outside channels that Google controls and you've got a hard problem.
(IDA’s decompiler has all of this too, but it costs a lot more!)
It is sort of like a flow chart, with the assembly shown for each chunk. I've loaded up functions with over 5000 blocks of code, including one function that was a third of a megabyte in size. Navigation becomes important.
Ghidra is supposedly slow at this scale.
I'm also told that Ghidra seems to not do struct offsets in that view, forcing the use of the decompiler. With IDA the struct offsets can be chosen and viewed, all without involving the decompiler.
1.Dare + JD Decompiler +Cavaj (or) DJ Decompiler
2.dex2jar + JD Decompiler + Cavaj (or) DJ Decompiler
3.AndroChef Java Decompiler
And for selective decompilation, Smali (or) Backsmali with deodexing for system applications.
They all were plagued by different decompilation & retargeting issues of those time. I would love to see how things have changed now.
(I've tried them both for different RE purposes and they also have the latest updates for a lot of apps) APKCombo  & APKPure .
 : https://apkcombo.com/
 : https://apkpure.com
I know of gplaycli (https://github.com/matlink/gplaycli/) but its reliability leaves a lot to be desired afaik.