Android Hacking Fundamentals -Part-2.

By defalut production build of Android (that’s what you have on your phone until you unlock the bootloader and flash the phone with …

After learning the APK file structure and the application components. We should learn about the primary basic utility command-line tool ADB. In the android application testing, we use adb tool in the information gathering phase and in the exploitation phase to interact with the android device via USB debugging. So we should have learn some basic commands of adb to learn android penetration testing.

What is ADB?

ADB is know as android debug bridge and it is a command-line tool. Which is used to interact with android device via USB debugging.

How to install this tool?

On Windows

Download the ADB Platform Tools for Windows using the below link
https://dl.google.com/android/repository/platform-tools_r30.0.5-windows.zip

Extract the zip file and place the files in familiar place
then open a terminal from where those extracted files are be present and run the adb device after connect the mobile device to PC.
OR
You can simply install by using chocolatey
Watch the below video how to install the chocolatey on window
https://www.youtube.com/watch?v=-5WLKu_J_AE

Then install adb via choco

choco install adb

On Linux

sudo apt-get install android-tools-adb

Let’s brief about the commands

• adb devices → This results list of connected devices
• adb connect → We can connect adb via wireless if the device and PC are in same wifi network

Note: Before you connect abd via wireless you should run the below command by connect phone to your Computer (via USB)

• adb tcpip 5555 → restart adbd listening on TCP on PORT

Package Manager

• adb install “path/to/file.apk”
• adb uninstall
• adb shell pm path
• adb shell pm clear

File Manager

• adb push [source] [destination]
• adb pull [device file location] [local file location]
• adb shell ls
• adb shell cd /mnt/sdcard/Download
• adb shell rm /mnt/sdcard/Download/test.apk
• adb shell mkdir : make directories
• adb shell touch /mnt/sdcard/Download/test.txt
• adb shell pwd : printing the current working directory

For more commands please visit and bookmark this awesome website

Application Local Storage Analysis without root access

By defalut production build of Android (that’s what you have on your phone until you unlock the bootloader and flash the phone with userdebug or eng software) restricts access to the Internal Storage - every app can only access its own files. Fortunately for software developers not willing to root their phones Google provides a way to access the Internal Storage of debuggable versions of their packages using run-as command

adb shell

$run-as

Note: This testing scenario will discuss in our future android hacking series.

Thanks for spending your time to read this blog. If you want to learn the android hacking please do follow me and stay tune for interesting hacking techniques and view my profile to read interesting BugBounty write-ups.