Android逆向中常用工具和命令

Android逆向中常用工具和命令

Wifi ADB

Google Store wifi ADB
当没有数据线时，可以开启wifiADB

adb connect 192.168.0.101:5555

开始食用

android 运行shell命令

https://github.com/termux/termux-app/releases

ADB shell 截图

vim ~/.bash_profile
current=$(date "+%Y-%m-%d-%H-%M-%S")
alias cap="adb shell screencap -p /sdcard/tmp.png;adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.png"
source ~/.zshrc

命令行直接输入cap
就能把当前的手机截图发送到电脑上。

ADB shell 录屏

vim ~/.bash_profile
current=$(date "+%Y-%m-%d-%H-%M-%S")
alias cap="adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.mp4;adb shell screenrecord /sdcard/tmp.mp4;adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.mp4"
source ~/.zshrc

因为录屏需要中断，否则会一直录，所以先adb pull 然后 ctrl c中断，本次pull上次的结果。

run-as 非root手机看沙盒数据

run-as com.test.demo

pm清除应用数据

无需进入设置，直接清除

adb shell pm clear com.test.demo

adb shell input

vim ~/.bash_profile
alias input="adb shell input text "
source ~/.zshrc

这条命令需要开启开发者模式的USB调试
否则会出现

java.lang.SecurityException: Injecting to another application requires INJECT_EVENTS permission
	at android.os.Parcel.createException(Parcel.java:2074)
	at android.os.Parcel.readException(Parcel.java:2042)
	at android.os.Parcel.readException(Parcel.java:1990)
	at android.hardware.input.IInputManager$Stub$Proxy.injectInputEvent(IInputManager.java:925)
	at android.hardware.input.InputManager.injectInputEvent(InputManager.java:886)
	at com.android.commands.input.Input.injectKeyEvent(Input.java:386)
	at com.android.commands.input.Input.access$100(Input.java:41)
	at com.android.commands.input.Input$InputText.sendText(Input.java:175)
	at com.android.commands.input.Input$InputText.run(Input.java:141)
	at com.android.commands.input.Input.onRun(Input.java:108)
	at com.android.internal.os.BaseCommand.run(BaseCommand.java:56)
	at com.android.commands.input.Input.main(Input.java:71)
	at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
	at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:380)
Caused by: android.os.RemoteException: Remote stack trace:
	at com.android.server.input.InputManagerService.injectInputEventInternal(InputManagerService.java:662)
	at com.android.server.input.InputManagerService.injectInputEvent(InputManagerService.java:636)
	at android.hardware.input.IInputManager$Stub.onTransact(IInputManager.java:422)
	at android.os.Binder.execTransactInternal(Binder.java:1021)
	at android.os.Binder.execTransact(Binder.java:994)

adb 组件

am start -n pkg/.activity
am startservice -n pkg/service
am broadcast -a action

adb 端口

例如开了frida

adb shell netstat | grep frida

设备参数

adb shell getprop

进程情况

通常可以找so,这个需要root权限

adb shell ps | 包名
adb shell
su
cat /proc/pid/maps