Android Application Testing

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.Connect to Device/GenyMotion Virtual Device using ADB

Install ADB (Linux):

sudo apt-get install android-tools-adb

Windows:

<https://dl.google.com/android/repository/platform-tools-latest-windows.zip>

Retrieve the virtual device IP address. It is displayed on top of the virtual device window:

From another computer, open a command prompt and run:

adb connect <virtual_device_IP>:5555

Find and Pull APK File:

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

adb shell pm list packages

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

──(root㉿kali)-[~]

└─# adb shell pm path com.marshmallow.marshmallow.test

Output:
package:/data/app/..3WOc6TigEw-A==/com.package.test-sesdss4UbPA==/base.apk

Using the full path name from Step 2, pull the APK file from the Android device to the development box.

adb pull /data/app/com.example.someapp-2.apk path/to/desired/destination

How to use ADB Shell when Multiple Devices are connected

$ adb devices
List of devices attached 
emulator-5554   device
7f1c864e    device

adb -s 7f1c864e shell

ADB Connect:

adb tcpip 5555
adb connect 192.168.0.101:5555

ADB Disconnecting:

Be sure to replace 192.168.0.101 with the IP address that is actually assigned to your device. Once you are done, you can disconnect from the adb tcp session by running:

adb disconnect 192.168.0.101:5555

To tell the ADB daemon return to listening over USB

adb usb

Testing with Frida:

Install Frida on Windows/Linux:

pip install frida

pip install frida-tools

Make Sure GenyMotion is in Bridged mode and proxy is set to the Windows/Linux testing Machine IP and Port.

Install Frida Server on Mobile Device:

frida-server-15.0.8-android-x86

OR: (Android ARM for One Plux X E1003 Physical Device):

Copy Frida server file into the android phone tmp directory using adb push command as shown in fig. Here I have used Genymotion as an android emulator. After the copying the file change the permissions of the frida server files.

adb push frida-server-downloaded /data/local/tmp/

Now go to ADB Shell and change permissions of Server file on the mobile device:

adb shell

cd /data/local/tmp
chmod 777 frida-server-downloaded

# Run the Frida Mobile Server
./frida-server-downloaded

unable to connect to remote frida-server

Server side:

/usr/bin/frida-server -l 192.168.1.4

Client side:

frida-ps -H 192.168.1.4

Run Frida on Your Machine and Check for packages:

frida-ps -Ua

OR 

frida-ps -U

To connect Frida on Remote device:

└─# frida-ps -H 192.168.1.37

Using Frida Scripts:

frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.testapp.app -U

%resume

or use No Pause in script like:

frida --no-pause --codeshare dzonerzy/fridantiroot -f YOUR_BINARY -U

Frida LOCAL JS Unpiinning Script:

On Device:

wget https://raw.githubusercontent.com/httptoolkit/frida-android-unpinning/main/frida-script.js

frida -l frida-script.js -f com.MyApp.android -H 192.168.1.3

Copy Pasting from Host to GenyMotion Emulator:

Long press the right click of your mouse until the paste sign appears

Errors Troubleshooting:

Android: adb: Permission Denied

D:\android-sdk-windows\platform-tools>adb shell test
test: permission denied

Restarts the adb daemon with root permissions:

$ adb root

Push Burp Cert to SD Card Downloads Folder:

adb push burp.cer /data/tmp

ABD Connect:

adb connect 192.168.1.37:5555

Check for Application Package Name:

adb shell pm list packages

 adb shell pm list packages | grep MyAppName

Why can't I get root access from shell?

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

root access is disabled by system setting - enable in settings -> development options Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line.

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line.

Run Frida Server Manually on Android:

onyx:/data/tmp # chmod 777 frida-server   
                                                                                                                                       
onyx:/data/tmp #      ./frida-server -l 192.168.1.37

No module named frida

sudo pip3 install frida-tools

$ unlink /usr/local/bin/python
$ ln -s /usr/local/bin/python3.7 /usr/local/bin/python

Alternative

$ cd ~/
$ open -e .bash_profile

paste to the editor, to the top

 alias python='python3'

save, then run

$ source ~/.bash_profile

Get Minimum SDK from Android APK build

└─# aapt dump badging Your.APK   


package: name='com.yourapp' versionCode='1' versionName='1.0' compileSdkVersion='31' compileSdkVersionCodename='12'
sdkVersion:'21'
targetSdkVersion:'31'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
uses-permission: name='android.permission.VIBRATE'
uses-permission: name='android.permission.USE_BIOMETRIC'
uses-permission: name='android.permission.USE_FINGERPRINT'
...truncated for brevity

Decompile an Android Application with Dex2jar and Jd-GUI

Download Links:

Mirror

Wiki

Downloads

If bundled with kali then dont need to specify file/extension and just run with dex2jar

d2j-dex2jar.dh you-apk.apk

If everything goes OK, then you’ll get a you-apk-dex2jar.jar file in same folder.

Open you-apk-dex2jar.jar file in jd-GUI tool and you’ll see something like this.

GenyMotion Error with VirtualBox

/dev/vboxnetctl: no such file or directory

This worked for me (macOS Monterey). This reloads all VirtualBox's kernel extensions.

sudo kmutil load -b org.virtualbox.kext.VBoxUSB
sudo kmutil load -b org.virtualbox.kext.VBoxNetFlt
sudo kmutil load -b org.virtualbox.kext.VBoxNetAdp
sudo kmutil load -b org.virtualbox.kext.VBoxDrv

ADB : unable to connect to 192.168.1.10:5555

adb usb

adb tcpip 5555

adb connect 192.168.10.1:5555

PreviousMobile App Security NextSecurity Checklist

Last updated 8 months ago

Was this helpful?

Android Application Testing

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.Connect to Device/GenyMotion Virtual Device using ADB

Install ADB (Linux):

sudo apt-get install android-tools-adb

Windows:

<https://dl.google.com/android/repository/platform-tools-latest-windows.zip>

Retrieve the virtual device IP address. It is displayed on top of the virtual device window:

From another computer, open a command prompt and run:

adb connect <virtual_device_IP>:5555

Find and Pull APK File:

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

adb shell pm list packages

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

──(root㉿kali)-[~]

└─# adb shell pm path com.marshmallow.marshmallow.test

Output:
package:/data/app/..3WOc6TigEw-A==/com.package.test-sesdss4UbPA==/base.apk

Using the full path name from Step 2, pull the APK file from the Android device to the development box.

adb pull /data/app/com.example.someapp-2.apk path/to/desired/destination

How to use ADB Shell when Multiple Devices are connected

$ adb devices
List of devices attached 
emulator-5554   device
7f1c864e    device

adb -s 7f1c864e shell

ADB Connect:

adb tcpip 5555
adb connect 192.168.0.101:5555

ADB Disconnecting:

Be sure to replace 192.168.0.101 with the IP address that is actually assigned to your device. Once you are done, you can disconnect from the adb tcp session by running:

adb disconnect 192.168.0.101:5555

To tell the ADB daemon return to listening over USB

adb usb

Testing with Frida:

Install Frida on Windows/Linux:

pip install frida

pip install frida-tools

Make Sure GenyMotion is in Bridged mode and proxy is set to the Windows/Linux testing Machine IP and Port.

Install Frida Server on Mobile Device:

frida-server-15.0.8-android-x86

OR: (Android ARM for One Plux X E1003 Physical Device):

adb push frida-server-downloaded /data/local/tmp/

Now go to ADB Shell and change permissions of Server file on the mobile device:

adb shell

cd /data/local/tmp
chmod 777 frida-server-downloaded

# Run the Frida Mobile Server
./frida-server-downloaded

unable to connect to remote frida-server

Server side:

/usr/bin/frida-server -l 192.168.1.4

Client side:

frida-ps -H 192.168.1.4

Run Frida on Your Machine and Check for packages:

frida-ps -Ua

OR 

frida-ps -U

To connect Frida on Remote device:

└─# frida-ps -H 192.168.1.37

Using Frida Scripts:

frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.testapp.app -U

%resume

or use No Pause in script like:

frida --no-pause --codeshare dzonerzy/fridantiroot -f YOUR_BINARY -U

Frida LOCAL JS Unpiinning Script:

Android Root Detection Bypass Using Frida | Redfox SecurityRedfox Security

On Device:

wget https://raw.githubusercontent.com/httptoolkit/frida-android-unpinning/main/frida-script.js

frida -l frida-script.js -f com.MyApp.android -H 192.168.1.3

Copy Pasting from Host to GenyMotion Emulator:

Long press the right click of your mouse until the paste sign appears

Errors Troubleshooting:

Android: adb: Permission Denied

D:\android-sdk-windows\platform-tools>adb shell test
test: permission denied

Restarts the adb daemon with root permissions:

$ adb root

Push Burp Cert to SD Card Downloads Folder:

adb push burp.cer /data/tmp

ABD Connect:

adb connect 192.168.1.37:5555

Check for Application Package Name:

adb shell pm list packages

 adb shell pm list packages | grep MyAppName

Why can't I get root access from shell?

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line.

Run Frida Server Manually on Android:

onyx:/data/tmp # chmod 777 frida-server   
                                                                                                                                       
onyx:/data/tmp #      ./frida-server -l 192.168.1.37

No module named frida

sudo pip3 install frida-tools

$ unlink /usr/local/bin/python
$ ln -s /usr/local/bin/python3.7 /usr/local/bin/python

Alternative

$ cd ~/
$ open -e .bash_profile

paste to the editor, to the top

 alias python='python3'

save, then run

$ source ~/.bash_profile

Get Minimum SDK from Android APK build

└─# aapt dump badging Your.APK   


package: name='com.yourapp' versionCode='1' versionName='1.0' compileSdkVersion='31' compileSdkVersionCodename='12'
sdkVersion:'21'
targetSdkVersion:'31'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
uses-permission: name='android.permission.VIBRATE'
uses-permission: name='android.permission.USE_BIOMETRIC'
uses-permission: name='android.permission.USE_FINGERPRINT'
...truncated for brevity

Decompile an Android Application with Dex2jar and Jd-GUI

Download Links:

Mirror

Wiki

Downloads

If bundled with kali then dont need to specify file/extension and just run with dex2jar

d2j-dex2jar.dh you-apk.apk

If everything goes OK, then you’ll get a you-apk-dex2jar.jar file in same folder.

Now open jd-GUI tool which you can download from

Open you-apk-dex2jar.jar file in jd-GUI tool and you’ll see something like this.

GenyMotion Error with VirtualBox

/dev/vboxnetctl: no such file or directory

This worked for me (macOS Monterey). This reloads all VirtualBox's kernel extensions.

sudo kmutil load -b org.virtualbox.kext.VBoxUSB
sudo kmutil load -b org.virtualbox.kext.VBoxNetFlt
sudo kmutil load -b org.virtualbox.kext.VBoxNetAdp
sudo kmutil load -b org.virtualbox.kext.VBoxDrv

ADB : unable to connect to 192.168.1.10:5555

adb usb

adb tcpip 5555

adb connect 192.168.10.1:5555

PreviousMobile App Security NextSecurity Checklist

Last updated 8 months ago

Was this helpful?