# Android Application Testing ### server side: ``` /usr/bin/frida-server -l 192.168.1.4 ``` client side: ``` frida-ps -H 192.168.1.4 ``` Just tried with latest frida 12.1.0 and everything works fine.Connect to Device/GenyMotion Virtual Device using ADB **Install ADB (Linux):** ``` sudo apt-get install android-tools-adb ``` **Windows:** ``` ``` #### Retrieve the virtual device IP address. It is displayed on top of the virtual device window: #### From another computer, open a command prompt and run: ``` adb connect :5555 ``` #### Find and Pull APK File: Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name. ``` adb shell pm list packages ``` Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name. ``` ──(root㉿kali)-[~] └─# adb shell pm path com.marshmallow.marshmallow.test Output: package:/data/app/..3WOc6TigEw-A==/com.package.test-sesdss4UbPA==/base.apk ``` ``` Using the full path name from Step 2, pull the APK file from the Android device to the development box. ``` ``` adb pull /data/app/com.example.someapp-2.apk path/to/desired/destination ``` ### How to use ADB Shell when Multiple Devices are connected ``` $ adb devices List of devices attached emulator-5554 device 7f1c864e device ``` ``` adb -s 7f1c864e shell ``` ### ADB Connect: ```perl adb tcpip 5555 adb connect 192.168.0.101:5555 ``` ### ADB Disconnecting: Be sure to replace `192.168.0.101` with the IP address that is actually assigned to your device. Once you are done, you can disconnect from the adb tcp session by running: ```sql adb disconnect 192.168.0.101:5555 ``` ### To tell the ADB daemon return to listening over USB ``` adb usb ``` ### Testing with Frida: #### Install Frida on Windows/Linux: ``` pip install frida ``` ``` pip install frida-tools ``` Make Sure GenyMotion is in **Bridged** mode and proxy is set to the Windows/Linux testing Machine IP and Port. Install Frida Server on Mobile Device: **frida-server-15.0.8-android-x86** **OR: (Android ARM for One Plux X E1003 Physical Device):** {% embed url="" %} Copy Frida server file into the android phone tmp directory using adb push command as shown in fig. Here I have used Genymotion as an android emulator. After the copying the file change the permissions of the frida server files. ``` adb push frida-server-downloaded /data/local/tmp/ ``` Now go to ADB Shell and change permissions of Server file on the mobile device: ``` adb shell ``` ``` cd /data/local/tmp chmod 777 frida-server-downloaded # Run the Frida Mobile Server ./frida-server-downloaded ``` ## unable to connect to remote frida-server #### Server side: ``` /usr/bin/frida-server -l 192.168.1.4 ``` #### Client side: ``` frida-ps -H 192.168.1.4 ``` #### Run Frida on Your Machine and Check for packages: ``` frida-ps -Ua OR frida-ps -U ``` ### To connect Frida on Remote device: ``` └─# frida-ps -H 192.168.1.37 ``` ### Using Frida Scripts: ``` frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.testapp.app -U ``` ``` %resume ``` or use **No Pause** in script like: ``` frida --no-pause --codeshare dzonerzy/fridantiroot -f YOUR_BINARY -U ``` ### Frida LOCAL JS Unpiinning Script: {% embed url="" %} ``` On Device: wget https://raw.githubusercontent.com/httptoolkit/frida-android-unpinning/main/frida-script.js ``` ``` frida -l frida-script.js -f com.MyApp.android -H 192.168.1.3 ``` #### Copy Pasting from Host to GenyMotion Emulator: * **Long press the right click of your mouse until the paste sign appears** ## **Errors Troubleshooting:** ### Android: adb: Permission Denied ```makefile D:\android-sdk-windows\platform-tools>adb shell test test: permission denied ``` #### Restarts the adb daemon with root permissions: ```csharp $ adb root ``` **Push Burp Cert to SD Card Downloads Folder:** ``` adb push burp.cer /data/tmp ``` #### ABD Connect: ``` adb connect 192.168.1.37:5555 ``` ### Check for Application Package Name: ``` adb shell pm list packages adb shell pm list packages | grep MyAppName ``` ## Why can't I get root access from shell? You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get: root access is disabled by system setting - enable in settings -> development options root access is disabled by system setting - enable in settings -> development options Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line. You might need to activate adb root from the developer settings menu. If you run `adb root` from the cmd line you can get: ```csharp root access is disabled by system setting - enable in settings -> development options ``` Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line. ### Run Frida Server Manually on Android: ``` onyx:/data/tmp # chmod 777 frida-server onyx:/data/tmp # ./frida-server -l 192.168.1.37 ``` ## No module named frida ```python sudo pip3 install frida-tools ``` ```python $ unlink /usr/local/bin/python $ ln -s /usr/local/bin/python3.7 /usr/local/bin/python ``` ### Alternative ```python $ cd ~/ $ open -e .bash_profile ``` paste to the editor, to the top ```python alias python='python3' ``` save, then run ```python $ source ~/.bash_profile ``` ## Get Minimum SDK from Android APK build ``` └─# aapt dump badging Your.APK package: name='com.yourapp' versionCode='1' versionName='1.0' compileSdkVersion='31' compileSdkVersionCodename='12' sdkVersion:'21' targetSdkVersion:'31' uses-permission: name='android.permission.INTERNET' uses-permission: name='android.permission.ACCESS_NETWORK_STATE' uses-permission: name='android.permission.READ_EXTERNAL_STORAGE' uses-permission: name='android.permission.VIBRATE' uses-permission: name='android.permission.USE_BIOMETRIC' uses-permission: name='android.permission.USE_FINGERPRINT' ...truncated for brevity ``` ## Decompile an Android Application with Dex2jar and Jd-GUI ### Download Links: | \_ | Mirror | Wiki | Downloads | | -: | --------------------------------------- | :-----------------------------------------------: | :-----------------------------------------------------: | | gh | | [Wiki](https://github.com/pxb1988/dex2jar/wiki) | [Releases](https://github.com/pxb1988/dex2jar/releases) | | sf | | [old](https://sourceforge.net/p/dex2jar/wiki) | [old](https://sourceforge.net/projects/dex2jar/files/) | | bb | | [old](https://bitbucket.org/pxb1988/dex2jar/wiki) | [old](https://bitbucket.org/pxb1988/dex2jar/downloads) | | gc | | [old](http://code.google.com/p/dex2jar/w/list) | [old](http://code.google.com/p/dex2jar/downloads/list) | If bundled with kali then dont need to specify file/extension and just run with `dex2jar` ``` d2j-dex2jar.dh you-apk.apk ``` If everything goes OK, then you’ll get a **you-apk-dex2jar.jar** file in same folder. Now open **jd-GUI** tool which you can download from Open **you-apk-dex2jar.jar** file in jd-GUI tool and you’ll see something like this. ## GenyMotion Error with VirtualBox ### /dev/vboxnetctl: no such file or directory This worked for me (macOS Monterey). This reloads all VirtualBox's kernel extensions. ``` sudo kmutil load -b org.virtualbox.kext.VBoxUSB sudo kmutil load -b org.virtualbox.kext.VBoxNetFlt sudo kmutil load -b org.virtualbox.kext.VBoxNetAdp sudo kmutil load -b org.virtualbox.kext.VBoxDrv ``` ## ADB : unable to connect to 192.168.1.10:5555 ``` adb usb ``` ``` adb tcpip 5555 ``` ``` adb connect 192.168.10.1:5555 ```