For this time is about Android :) IOS soon :)
Download adb http://adbdriver.com/downloads/ or you can using adb as default from Android Studio.
#Check Android Architecture
$ adb shell getprop | grep abi
# Try to use this command to get simple output :)
$ adb shell getprop ro.product.cpu.abi
#List all application already installed
$ adb shell pm list packages -f | grep -i 'testing'
#Tracing log on android
$ adb logcat | grep com.app.testing
#Install application to device
$ adb install app.testing.apk
# Get the full path of an application
$ adb shell pm path com.example.someapp
# Download the apk to development machine
$ adb pull /data/app/com.example.someapp-2.apk
# Dump activity on app
$ adb shell dumpsys activity top | grep ACTIVITY
# Create new file in adb shell
$ cat > filename.xml
You can add lines to a text files using:
$ cat >> filename.xml
Both commands can be terminated using ctrl-D.
Install Frida Server on android,
download frida server : https://github.com/frida/frida/releases
$ adb root # might be required
$ adb push frida-server /data/local/tmp/
$ adb shell "chmod 755 /data/local/tmp/frida-server"
$ adb shell "/data/local/tmp/frida-server &"
# Connect Frida to an iPad over USB and list running processes
$ frida-ps -U
# List running applications
$ frida-ps -Ua
# List installed applications
$ frida-ps -Uai
# Connect Frida to the specific device
$ frida-ps -D 0216027d1d6d3a03
# Trace recv* and send* APIs in Safari
$ frida-trace -i "recv*" -i "send*" Safari
# Trace ObjC method calls in Safari
$ frida-trace -m "-[NSView drawRect:]" Safari
# Launch SnapChat on your iPhone and trace crypto API calls
$ frida-trace -U -f com.app.testing -I "libcommonCrypto*"
#Frida trace every open function while program start
$ frida-trace -U -i open com.app.testing
Download : https://github.com/Piasy/FridaAndroidTracer Usage :
$ java -jar FridaAndroidTracer.jar
-a,--expand-array expand array values
-c,--classes <arg> classes to be hooked
-j,--jars <arg> jar files to be included
-o,--output <arg> output script path
-p,--include-private include private methods
-s,--skip <arg> methods to be skipped
Download https://github.com/swdunlop/AndBug
Usage:
#Enumerate classes on application
$ andbug classes -p [PID application / com.app.testing] > class.txt
#Enumerate methods on classes
$ andbug methods -p [PID application / com.app.testing] [class name]
Using PIDCAT : https://github.com/JakeWharton/pidcat
Usage:
$ ./pidcat.py [com.app.testing]
Download https://github.com/b-mueller/apkx
Usage :
$ apkx -c enjarify -d procyon app.testing.apk
Download https://github.com/Konloch/bytecode-viewer/releases
To read source code of dex or jar file.
how to run : Just double click on jar file
Download https://github.com/1N3/ReverseAPK
Install :
$ git clone https://github.com/1N3/ReverseAPK.git
$ cd ReverseAPK
$ ./install
Usage :
$ reverse-apk app.testing.apk
Convert burp certificate from DER to PEM . If you lazy, you can download PEM file on this repository.
$ openssl x509 -inform DER -in cacert.der -out cacert.pem
# Get subject_hash_old (or subject_hash if OpenSSL < 1.0)
$ openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
$ mv cacert.pem 9a5ba575.0
Install PEM file to the System Trusted Credentials on device.
$ adb root
$ adb remount
$ adb push 9a5ba575.0 /system/etc/security/cacerts/
$ adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0"
$ adb shell "reboot"
If your /system cant mounting, You must mounting first.
$ adb root
$ adb shell
# Check mounting list
$ cat /proc/mounts
#/dev/block/bootdevice/by-name/system /system ext4 ro,seclabel,relatime,discard,data=ordered 0 0
$ mount -o rw,remount -t rfs /dev/block/bootdevice/by-name/system /system
$ adb push 9a5ba575.0 /system/etc/security/cacerts/
$ adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0"
$ adb shell "reboot"
Download : https://opengapps.org
Extract :
$ unzip open_gapps-x86_64******.zip 'Core/*'
$ rm Core/setup*
$ lzip -d Core/*.lz
$ for f in $(ls Core/*.tar); do
tar -x --strip-components 2 -f $f
done
Install to Emulator :
$ adb root
$ adb remount
$ adb push etc /system
$ adb push framework /system
$ adb push app /system
$ adb push priv-app /system
$ adb shell stop
$ adb shell start
This command for run emulator from android studio, make you have already install android studio before.
if you want to root android emulator, please using system without (Google API's) or (Google Play)
# List all emulator
$ emulator.exe -list-avds
# Run Emulator
$ emulator.exe -avd [EmulatorName]
Download https://www.genymotion.com/
Download https://github.com/linkedin/qark
For quick analyze application on android with scanning the apk or java file and create Proof Of Concept of vulnerability.
Install QARK:
$ git clone https://github.com/linkedin/qark
$ cd qark
$ pip install -r requirements.txt
$ pip install . --user # --user is only needed if not using a virtualenv
$ qark --help
Usage to scan APK:
$ qark --apk path/to/my.apk
Usage to scan Java source code files:
$ qark --java path/to/parent/java/folder
$ qark --java path/to/specific/java/file.java
if you have know about more command or a new trick to do something with Mobile Pentest, please let me know :)
email : mirfansulaiman96@gmail.com / irfan.sulaiman@ctfs.me