ADB
Introduction to ADB:
ADB, the Android Debug Bridge, is an irreplaceable and powerful tool for Android developers/testers, and a good toy for Android device players. Android Debug Bridge (Android Debug Bridge, adb) is a command-line tool that can be used to operate mobile devices or emulators. It exists under the sdk/platform-tools directory. Although Android Studio has implemented most of the ADB commands in a graphical form, it is still necessary to understand.
Note: The support of some commands may be related to the Android system version and the implementation of custom ROM.
ADB common commands:
See: https://blog.csdn.net/qq_39969226/article/details/87897863
grab bag
Android emulator + charles packet capture tool installation and configuration instructions
Main operation process:
1. Install the Android emulator (Yeshen emulator -> After configuring drony, you will not be able to access the Internet, not recommended).
2. Install the charles packet capture tool.
3. Configure charles port 9999 and install the certificate.
4. Open the emulator, wireless, set proxy, 192.168.XXX.XXX (ipconfig) port 9999.
5. After the modification, Charles will appear a pop-up window and click to select alow.
6. At this point, the request of the emulator can be captured. When the unknown appears, set the ssl setting and add the domain name.
7. View the request return data, request interface, and request parameters.
安装证书:
- Android 7版本之前:模拟器
- Android 7版本之后:证书文件--> openssl --> 发送到手机上(root) --> 系统受信任的证书。
For specific steps, see: https://blog.csdn.net/qq_24298751/article/details/126859135
Configure Drony
When you want to capture app packages, but charles does not have many packages, and even many requests are unknown, it is very useful to use Drony at this time, open charles, and use drony to forward all app requests, instead of directly setting up the phone wifi proxy.
For specific configuration steps, see
Configure drony forwarding
Turn on Drony (in OFF state), slide to the SETING page, click to select Networks Wi-Fi to enter the configuration
In the network list, select and click the network connected to the current mobile phone wifi (you need to ensure that the network is connected to the Fiddler proxy server network)
Configure the proxy entry to be used for the current network (you can directly fill in the fiddler proxy address here), and select the proxy mode as Manual (Manual)
Note that the Proxy type proxy method should choose Plain http proxy
Filter default value select Direct all, and then click the Rule below to set the application rules
By default, your rules should be empty, here you can directly click the plus sign above to add a rule (only those that meet the requirements of the rules will be forwarded).
Decompilation tool - JDAX
Download and use of JDAX-GUI decompilation tool and introduction of related technologies:
https://blog.csdn.net/EXIxiaozhou/article/details/127207762
Hook tool - frida
Environment build
Frida installation (computer side)
pip install frida
pip install frida-toolsFrida-server installation (mobile terminal, emulator)
First look at your own simulator platform, the general simulator architecture is x86
C:\Users\DK> adb shell getprop ro.product.cpu.abi
x86_64Go to frida-releases to find the corresponding version and download the frida-server package.
unzip.
Upload frida-server to the phone
// 在真机上操作可能会繁琐一些。
// 将 frida-server 上传到手机上的 /sdcard
adb push -s 设备 xx/xx/xxx/frida-server /sdcard
// 通过adb shell 进入手机
adb shell
// 获得root权限
su -
// 将frida-server 移动到 /data/local/tmp
mv /sdcard /data/local/tmp
// 给 frida-server 赋可执行权限
cd /data/local/tmp
chmod 777 frida-server
--------------------------------------------------------------------------------
// 若使用模拟机可直接一步到位
adb push frida-server /data/local/tmprun frida
Port forwarding through adb on the computer
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
Enter the phone through the adb shell and run frida
// 通过adb shell 进入手机
adb shell
// 获得root权限
su
cd /data/local/tmp
// 运行 frida
./frida-server