Mobile Sec
Secret Codes
## ------------------| Enable ADB + MTP
*#0808#
Modem commands
## ------------------| Read basic info
AT+DEVCONINFO
## ------------------| Enter Download mode
AT+FUS?
## ------------------| Restart
AT+CFUN=1,1
ADB Commands
## ------------------| Mount system as read and write
mount -o rw,remount /system
## ------------------| List installed packages
adb shell pm list packages -3
## ------------------| List installed packages with paths
adb shell pm list packages -3 -f
## ------------------| List system packages
adb shell pm list packages -s
adb shell pm list packages | grep '<OEM/Carrier/App Name>'
## ------------------| Uninstall apk
adb shell pm uninstall -k --user 0 '<OEM/Carrier/App Name>'
## ------------------| Backup APK
adb pull <PATH> app.apk
## ------------------| Get information about system services
adb shell dumpsys package com.routerspace
## ------------------| Start Activity through ADB shell
adb shell am start -n com.routerspace/.MainActivity
## ------------------| List all debug-able apps
grep " 1 /" /data/system/packages.list
## ------------------| Set proxy
adb shell settings put global http_proxy <IP>:<PORT>
## ------------------| View ContentProvider
adb shell 'content query --uri content://com.routerspace/.MainActivity/users'
## ------------------| Global Proxy
### No authentication
adb shell settings put global http_proxy <ip>:<port>
### With Authentication
adb shell settings put global http_proxy <ip>:<port>
adb shell settings put global global_http_proxy_host <ip>
adb shell settings put global global_http_proxy_port <port>
adb shell settings put global global_http_proxy_username <username>
adb shell settings put global global_http_proxy_password <password>
### Disable proxy
adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port
adb shell settings delete global global_http_proxy_username
adb shell settings delete global global_http_proxy_password
adb shell settings delete global global_http_proxy_exclusion_list
adb shell settings delete global global_proxy_pac_url
adb shell reboot
Install burp cert
cacert.der
openssl x509 -inform DER -in cacert.der -out cacert.pem
mv cacert.pem $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0
adb shell
adb push 9a5ba575.0 /sdcard/
mount -o rw,remount /system
mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/9a5ba575.0
Bypass all checks (SSL Pinning, Root, ADB, USB Debug, etc.)
## ------------------| Run
frida -U --codeshare h4rithd/onerule-by-h4rithd -f YOUR_BINARY
## ------------------| Setup
sudo apt install anbox
sudo apt install android-tools-adb
sudo /sbin/modprobe ashmem_linux
sudo /sbin/modprobe binder_linux
ls -1 /dev/{ashmem,binder}
wget https://build.anbox.io/android-images/2018/07/19/android_amd64.img
sudo mv android_amd64.img /var/lib/anbox/android.img
sudo service anbox-container-manager restart
# ------------------| Start
anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity
# ------------------| Install F-Droid
wget https://f-droid.org/F-Droid.apk
adb install F-Droid.apk
Installing android on VMWare Workstation
# ------------------| Download ISO
https://www.android-x86.org/
# ------------------| Setup VMWare and Install
Choose Other Linux 4.x
Advanced options... --> Auto_Installation --> Reboot
# ------------------| Fix boot-up freeze
## Step 01: Open grub editor (e)
## Step 02: Replace 'quiet' to 'nomodeset xforcevesa' and press enter
## Step 03: Press b
## Step 04: When you see Android logo press Alt+F1
## Step 05: Type following commands
mkdir /mnt/sda
mount /dev/block/sda1 /mnt/sda
vi /mnt/sda/grub/menu.lst
## Step 05: Replace 'quiet' to 'nomodeset xforcevesa' and save and reboot
Setup Android Studio Emulator on Apple Silicon (M1/M2)
Method I (Google Play API with Magisk Modules)
# ------------------| Download Command line tools
## Download command line tools from https://developer.android.com/studio
mkdir -p ~/Documents/Software/Android/sdk/cmdline-tools/latest/
mv cmdline-tools/* ~/Documents/Software/Android/sdk/cmdline-tools/latest/
# ------------------| Setup SDK
export ANDROID_AVD_HOME=~/.android/avd/
export ANDROID_HOME=~/Documents/Software/Android/sdk/
export ANDROID_SDK_ROOT=~/Documents/Software/Android/sdk/
export PATH=$PATH:$ANDROID_HOME/emulator:$ANDROID_HOME/tools:$ANDROID_HOME/tools/bin:$ANDROID_HOME/platform-tools
cd ~/Documents/Software/Android/cmdline-tools/bin
./sdkmanager --list
./sdkmanager --install 'system-images;android-30;google_apis_playstore;arm64-v8a'
./sdkmanager "platform-tools" "platforms;android-30"
./avdmanager create avd --name Pixel_7Pro --package "system-images;android-30;google_apis_playstore;arm64-v8a" --tag "google_apis_playstore" --abi "arm64-v8a" --device "pixel_7_pro"
~/Documents/Software/Android/sdk/emulator/emulator @Pixel_7Pro -no-snapshot-load -writable-system
# ------------------| Root
git clone https://github.com/newbit1/rootAVD.git && cd rootAVD
./rootAVD.sh system-images/android-30/google_apis_playstore/arm64-v8a/ramdisk.img
# ------------------| Install modules
wget https://github.com/belane/burpcert-magisk-module/releases/download/v0.9/burpcert-magisk-module-v0.9.zip
adb push burpcert-magisk-module-v0.9.zip /sdcard/
git clone https://github.com/ViRb3/magisk-frida.git && cd magisk-frida
python3 -m pip install requests
python3 main.py
adb push build/MagiskFrida-0.zip /sdcard/
# ------------------| Virtual keybord support
vi ~/.android/avd/Pixel_7Pro.avd/config.ini
## change hw.keyboard = yes
Method II (Google Play API Native Flash)
# ------------------| Download Command line tools
## Download command line tools from https://developer.android.com/studio
mkdir -p ~/Documents/Software/Android/sdk/cmdline-tools/latest/
mv cmdline-tools/* ~/Documents/Software/Android/sdk/cmdline-tools/latest/
# ------------------| Setup SDK
export ANDROID_AVD_HOME=~/.android/avd/
export ANDROID_HOME=~/Documents/Software/Android/sdk/
export ANDROID_SDK_ROOT=~/Documents/Software/Android/sdk/
export PATH=$PATH:$ANDROID_HOME/emulator:$ANDROID_HOME/tools:$ANDROID_HOME/tools/bin:$ANDROID_HOME/platform-tools
cd ~/Documents/Software/Android/cmdline-tools/bin
./sdkmanager --list
./sdkmanager --install 'system-images;android-30;google_apis;arm64-v8a'
./sdkmanager "platform-tools" "platforms;android-30"
./avdmanager create avd --name Pixel_7Pro --package "system-images;android-30;google_apis;arm64-v8a" --tag "google_apis" --abi "arm64-v8a" --device "pixel_7_pro"
~/Documents/Software/Android/sdk/emulator/emulator @Pixel_7Pro -no-snapshot-load -writable-system
# ------------------| Root
git clone https://github.com/newbit1/rootAVD.git && cd rootAVD
./rootAVD.sh system-images/android-30/google_apis/arm64-v8a/ramdisk.img
# ------------------| Make system file writeble
wget https://github.com/wuxianlin/android_tools/raw/master/adbd-Insecure-v2.00.apk
adb install adbd-Insecure-v2.00.apk
adb reboot
adb root
adb remount
## Now you can write anything on /system
# ------------------| Install Google Play
## Download pico gapps
https://opengapps.org
unzip open_gapps-x86_64-6.0-pico-20170304.zip
rm Core/setup*
lzip -d Core/*.lz
for f in $(ls Core/*.tar); do tar -x --strip-components 2 -f $f; done
adb remount
adb push etc /system
adb push framework /system
adb push app /system
adb push priv-app /system
adb shell stop
adb shell start
# ------------------| Virtual keybord support
vi ~/.android/avd/Pixel_7Pro.avd/config.ini
## change hw.keyboard = yes
Last updated