Android Hacking Tips

  • Frida Code Share: This script helps to bypass 70 % apps on the Google play store.

  • frida-ls-devices: This command helps you to list all the devices that connected to the pc.

  • frida-ps -U : List all apks

  • frida-ps -Ua: List apk’s connected to frida

  • adb shell ps -e : List all background processes

  • > adb shell settings put global http_proxy 192.168.0.101:8899helps for setting up proxy ip is the system local ip , port is your burp port It sets the proxy globally all over the device.

  • > adb shell settings put global http_proxy :0 helps for disabling the proxy

  • Jadx decompiler: While decompiling with jadx in jadx-gui disable deobfuscation to know code more precisely

  • Physical Device: Use physical device rather than emulator for testing.

  • Magisk: Use magisk for rooting

  • Frida module for magisk: Use frida module for magisk to enable frida automatically while the device boots up. No need to start frida server again and again. 24 hours / 365 days it will be enabled.

  • Assets: Check the assets folder after you decompiled the code for graphql schemas.

  • Slicer: A tool to give a overview of Androidmanifest.xml to exploit deeplinks / content providers.

  • Old version apk : If you want to find some leaks find older version of the apk’s and decompile them and check them. you find secrets.

  • Subdomains,IP’s : grep for subdomains in decompiled apk for internal domains (use gf by tomnomnom)

  • https://bevigil.com/ : This site helps for scanning apks for secrets and api keys you can upload the custom apk or mention the package name.

  • Endpoints : Extract Endpoints using gf or custom regex to get the endpoints and bruteforce in burp using intruder.

  • Download apk from cli : https://github.com/89z/googleplay

  • Get Leaks from cli : https://github.com/dwisiswant0/apkleaks

  • Toggler proxy easily : https://play.google.com/store/apps/details?id=org.proxydroid&hl=en

  • connect to phone wirelessly adb : https://play.google.com/store/apps/details?id=com.ttxapps.wifiadb&hl=en_IN&gl=US.

  • Get apk info via phone itself : apkinfo is an app helps you see the manifest file details and get the overview of the apk.

  • Apk Extracter : This app helps you to extract installed apk’s from the phone.

  • adb pull /sdcard/path-to/extracted-apk-or-file: this command helps you to pull the contents from the device.

  • adb push file.txt /sdcard/path : you can push contents from your pc to the phone

  • adb shell cat /proc//maps : This command helps you to check which .so file is loading when you opening the apk. Get the pid value by using adb shell ps -e | grep pacakgename.

    • VirusTotal : https://www.virustotal.com/gui/ Upload the apk to the site and go to details sectoin. it gives overview about androidmanifest.xml info and , It list urls in the apk and all the services,recieves content providers , all the info. Try it you love it, It also checks for viruses.

    • Download all the old versions of the apk : download this tool https://github.com/m4ll0k/BBTz/blob/master/dapk.py. you can download all the versions of the apk.

    • Decompile the apk using jadx (no issue command): jadx -d out thesecurityguy.apk --deobf-rewrite-cfg --no-res --export-gradle

    • Query content providers from adb shell : adb shell content query --uri content://com.example.MyApplication.StudentsProvider<provider android:name="StudentsProvider"

      android:authorities="com.example.MyApplication.StudentsProvider"/>

    • check if signature are configured in the domain https://.com/.well-known/assetlinks.json.

    If you want to share your thanks https://www.buymeacoffee.com/ballx.