Android逆向中常用工具和命令
Wifi ADB
Google Store wifi ADB
当没有数据线时,可以开启wifiADB
adb connect 192.168.0.101:5555
开始食用
android 运行shell命令
https://github.com/termux/termux-app/releases
ADB shell 截图
vim ~/.bash_profile
current=$(date "+%Y-%m-%d-%H-%M-%S")
alias cap="adb shell screencap -p /sdcard/tmp.png;adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.png"
source ~/.zshrc
命令行直接输入cap
就能把当前的手机截图发送到电脑上。
ADB shell 录屏
vim ~/.bash_profile
current=$(date "+%Y-%m-%d-%H-%M-%S")
alias cap="adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.mp4;adb shell screenrecord /sdcard/tmp.mp4;adb pull /sdcard/tmp.png ~/Downloads/screencap/$current.mp4"
source ~/.zshrc
因为录屏需要中断,否则会一直录,所以先adb pull 然后 ctrl c中断,本次pull上次的结果。
run-as 非root手机看沙盒数据
run-as com.test.demo
pm清除应用数据
无需进入设置,直接清除
adb shell pm clear com.test.demo
adb shell input
vim ~/.bash_profile
alias input="adb shell input text "
source ~/.zshrc
这条命令需要开启开发者模式的USB调试
否则会出现
java.lang.SecurityException: Injecting to another application requires INJECT_EVENTS permission
at android.os.Parcel.createException(Parcel.java:2074)
at android.os.Parcel.readException(Parcel.java:2042)
at android.os.Parcel.readException(Parcel.java:1990)
at android.hardware.input.IInputManager$Stub$Proxy.injectInputEvent(IInputManager.java:925)
at android.hardware.input.InputManager.injectInputEvent(InputManager.java:886)
at com.android.commands.input.Input.injectKeyEvent(Input.java:386)
at com.android.commands.input.Input.access$100(Input.java:41)
at com.android.commands.input.Input$InputText.sendText(Input.java:175)
at com.android.commands.input.Input$InputText.run(Input.java:141)
at com.android.commands.input.Input.onRun(Input.java:108)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:56)
at com.android.commands.input.Input.main(Input.java:71)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:380)
Caused by: android.os.RemoteException: Remote stack trace:
at com.android.server.input.InputManagerService.injectInputEventInternal(InputManagerService.java:662)
at com.android.server.input.InputManagerService.injectInputEvent(InputManagerService.java:636)
at android.hardware.input.IInputManager$Stub.onTransact(IInputManager.java:422)
at android.os.Binder.execTransactInternal(Binder.java:1021)
at android.os.Binder.execTransact(Binder.java:994)
adb 组件
am start -n pkg/.activity
am startservice -n pkg/service
am broadcast -a action
adb 端口
例如开了frida
adb shell netstat | grep frida
设备参数
adb shell getprop
进程情况
通常可以找so,这个需要root权限
adb shell ps | 包名
adb shell
su
cat /proc/pid/maps
