# Android Hacking Tips

By [TheSecurityGuy](https://paragraph.com/@mrbalu) · 2022-12-01

---

*   Frida Code Share: This [script](https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/) helps to bypass 70 % apps on the Google play store.
    
*   frida-ls-devices: This command helps you to list all the devices that connected to the pc.
    
*   frida-ps -U : List all apks
    
*   frida-ps -Ua: List apk’s connected to frida
    
*   adb shell ps -e : List all background processes
    
*   \> adb shell settings put global http\_proxy 192.168.0.101:8899helps for setting up proxy ip is the system local ip , port is your burp port It sets the proxy globally all over the device.
    
*   \> adb shell settings put global http\_proxy :0 helps for disabling the proxy
    
*   Jadx decompiler: While decompiling with jadx in jadx-gui disable deobfuscation to know code more precisely
    
*   Physical Device: Use physical device rather than emulator for testing.
    
*   Magisk: Use magisk for rooting
    
*   Frida module for magisk: Use frida module for magisk to enable frida automatically while the device boots up. No need to start frida server again and again. 24 hours / 365 days it will be enabled.
    
*   Assets: Check the assets folder after you decompiled the code for graphql schemas.
    
*   [Slicer](https://github.com/mzfr/slicer): A tool to give a overview of Androidmanifest.xml to exploit deeplinks / content providers.
    
*   Old version apk : If you want to find some leaks find older version of the apk’s and decompile them and check them. you find secrets.
    
*   Subdomains,IP’s : grep for subdomains in decompiled apk for internal domains (use gf by tomnomnom)
    
*   [https://bevigil.com/](https://bevigil.com/) : This site helps for scanning apks for secrets and api keys you can upload the custom apk or mention the package name.
    
*   Endpoints : Extract Endpoints using gf or custom regex to get the endpoints and bruteforce in burp using intruder.
    
*   Download apk from cli : [https://github.com/89z/googleplay](https://github.com/89z/googleplay)
    
*   Get Leaks from cli : [https://github.com/dwisiswant0/apkleaks](https://github.com/dwisiswant0/apkleaks)
    
*   Toggler proxy easily : [https://play.google.com/store/apps/details?id=org.proxydroid&hl=en](https://play.google.com/store/apps/details?id=org.proxydroid&hl=en)
    
*   connect to phone wirelessly adb : [https://play.google.com/store/apps/details?id=com.ttxapps.wifiadb&hl=en\_IN&gl=US](https://play.google.com/store/apps/details?id=com.ttxapps.wifiadb&hl=en_IN&gl=US).
    
*   Get apk info via phone itself : [apkinfo](https://play.google.com/store/apps/details?id=com.wt.apkinfo&hl=en_IN&gl=US) is an app helps you see the manifest file details and get the overview of the apk.
    
*   [Apk Extracter](https://play.google.com/store/apps/details?id=com.ext.ui&hl=en_IN&gl=US) : This app helps you to extract installed apk’s from the phone.
    
*   adb pull /sdcard/path-to/extracted-apk-or-file: this command helps you to pull the contents from the device.
    
*   adb push file.txt /sdcard/path : you can push contents from your pc to the phone
    
*   adb shell cat /proc//maps : This command helps you to check which .so file is loading when you opening the apk. Get the pid value by using adb shell ps -e | grep pacakgename.
    
    *   VirusTotal : [https://www.virustotal.com/gui/](https://www.virustotal.com/gui/) Upload the apk to the site and go to details sectoin. it gives overview about androidmanifest.xml info and , It list urls in the apk and all the services,recieves content providers , all the info. Try it you love it, It also checks for viruses.
        
    *   Download all the old versions of the apk : download this tool [https://github.com/m4ll0k/BBTz/blob/master/dapk.py](https://github.com/m4ll0k/BBTz/blob/master/dapk.py). you can download all the versions of the apk.
        
    *   Decompile the apk using jadx (no issue command): jadx -d out thesecurityguy.apk --deobf-rewrite-cfg --no-res --export-gradle
        
    *   Query content providers from **adb shell : adb shell content query --uri content://com.example.MyApplication.StudentsProvider**<provider android:name="StudentsProvider"
        
        android:authorities="com.example.MyApplication.StudentsProvider"/>
        
    *   check if signature are configured in the domain https://.com/.well-known/assetlinks.json.
        
    
    If you want to share your thanks [https://www.buymeacoffee.com/ballx](https://www.buymeacoffee.com/ballx).

---

*Originally published on [TheSecurityGuy](https://paragraph.com/@mrbalu/android-hacking-tips)*
