Android - adeptex/CTF GitHub Wiki

Android

Enable USB Debugging

https://www.xda-developers.com/quickly-install-adb/

First, you’ll need to enable the secret Developer Options. Skip this step if you already enabled Developer Options.

  1. Open Settings
  2. Scroll down to System (skip to step 3 on pre-Android Oreo devices)
  3. Select About phone
  4. Tap Build number 7 times in quick succession (some phones will bury this under Software info)
  5. You will see a message appear that says Developer Options are enabled
  6. Now go back and you’ll see Developer Options listed

With that out of the way, we can enable USB debugging.

  1. Open Settings
  2. Go to System > Developer options or just Developer options
  3. Scroll until you find USB debugging
  4. Toggle the switch on

ADB devices "no permissions"

sudo adb kill-server
sudo adb start-server
adb devices

Disable Certificate Validation

https://medium.com/inbughunters/basic-android-security-testing-lab-part-1-a2b87e667533

https://stackoverflow.com/questions/25509296/trusting-all-certificates-with-okhttp

  • Modify code to disable validation

Build a debug APK

https://developer.android.com/studio/build/building-cmdline

./gradlew tasks  # see what's available
./gradlew assembleDebug

Install / Uninstall APK

adb shell 'pm list packages -f' | egrep -i app
adb install app-debug.apk
adb uninstall com.app.name

Inspect sqlite db

https://medium.com/@margaretmz/how-to-access-private-data-on-android-a0841a11b487

adb pull /data/data/<your package-name>/databases/<db-name>
sqlite3 <db-name>

Process Memory Dump

https://dzone.com/articles/how-to-capture-heap-dump-from-android-app

adb shell ps | grep <APP-NAME>
adb shell am dumpheap <PID> /data/local/tmp/memory.raw
adb pull /data/local/tmp/memory.raw
strings memory.raw | grep ...

Android Root Detection Bypass

https://3xpl01tc0d3r.blogspot.com/2018/06/android-root-detection-bypass.html

  1. Decompile APK apktool d -r android.apk
  2. Modify Smali code as needed
  3. Build APK apktool b folder_name
  4. Sign APK java -jar sign.jar android.apk (https://github.com/appium/sign)
  5. Install APK adb install android.apk

Capture Bluetooth

  1. Go to Settings --> Developer options
  2. Enable Bluetooth HCI snoop log
  3. Perform Bluetooth actions
  4. adb shell cat /etc/bluetooth/bt_stack.conf
  5. adb pull /sdcard/Android/data/btsnoop_hci.log
⚠️ **GitHub.com Fallback** ⚠️