-
Notifications
You must be signed in to change notification settings - Fork 0
Tools for Performing OSINT via ADB
License
Mauddib28/ADB-osint
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Website for Useful Commands for Android Debug Bridge (ADB) - URL: https://n00bie.medium.com/hacking-android-using-adb-34079a7488f8 ---------------- ADB COMMANDS ---------------- adb kill-server - Kill ADB Server adb start-server - Start ADB Server adb install C:package.apk — Installs the package located at C:package.apk on your computer on your device. -> adb install < path_to_apk > adb uninstall package.name — Uninstalls the package with package.name from your device. For example, you’d use the name com.rovio.angrybirds to uninstall the Angry Birds app. adb push C:file /sdcard/file — Pushes a file from your computer to your device. For example, the command here pushes the file located at C:file on your computer to /sdcard/file on your device adb pull /sdcard/file C:file — Pulls a file from your device to your computer — works like adb push, but in reverse. adb logcat — View your Android device’s log. Can be useful for debugging apps. adb logcat -b threadtime - View the Android device's running logs? adb logcat [<option>] ... [<filter-spec>] ... - Command format usage for the logcat -> Android log can be divided into the following levels: - 'V' Verbose (Most output) [ Lowest rank in list ] - 'D' Debug - 'I' Info - 'W' Warning - 'E' Error - 'F' Fatal - 'S' Silent (no output) [ Highest rank in list ] -> Ex: adb logcat "*:W" - Will produce Warning, Error, Fatal, and Silent log output; Note: The tag '*' must be surrounded with double quotes, otherwise an error will be thrown adb logcat ActivityManager:I MyApp:D *:S - Gives outputs of the 'ActivityManager' above the level of Info logs, Debug log output and abvoe for the 'MyApp' tag, and for other tags Silent log level adb logcat -v <format> - Specify the log output format -> 'breif': This writes out the default format of [ <priority>/<tag>(<pid>): <message> ] -> 'process': This writes out the format of [ <priority>(<pid>) <message> ] -> 'tag': This writes out the format of [ <priority>/<tag>: <message> ] -> 'raw': This writes out the format of [ <message> ] -> 'time': This writes out the format of [ <datetime> <priority>/<tag>(<pid>): <mesage> ] -> 'threadtime': This writes out the format of [ <datetime> <pid> <tid> <priority> <tag>: <message> ] -> 'long': This writes out the format of [ <datetime> <pid>:<id> <priority>/<tag> <message> ] -> Ex: adb shell logcat -v long ActiviyManager:I *:S adb logcat -c - Clear log adb shell dmesg - Kernel log adb shell — Gives you an interactive Linux command-line shell on your device. adb shell command — Runs the specified shell command on your device. adb shell -e escape_char [-n] [-T] [-t] [-x] [command] - Issues a shell command in the target device and then exist the remote shell; use any combination of the following options: -> '-e' specifies an escape character or the value 'none' if one does not want to use an escape character - Note: If one does not privde a value, then the default escape character (a dash '-') is used -> 'n' specifies not to read from 'stdin' -> '-T' is used to disable pseudo-terminal utility (PTY) allocation -> '-t' is used to force PTY allocation -> '-x' is used to disbale remote exit codes and 'stdout/stderr' separation adb emu command - Run an emulator console command adb forward tcp:6100 tcp:7100 - Forwards ports of host port 6100 to device port 7100 -> Format for port forwarding: adb forward tcp:local_port tcp:device_port -> Format for port reversing: adb reverse tcp:device_port tcp:local_port adb forward [--no-rebind] local remote - Forward socket connections from the specified local port to the specified remote port on the device -> One can specify both local and remote ports adb forward --remove local - Remove the specified forwarded socket connection adb reverse [--no-rebind] remote local - Reverse a socket connection -> The '--no-rebind' option means the reversal fails if the specified socket is already bound through previous 'reverse' command useage -> One can specify both local and remote arguments adb reverse --remove remote - Remove the specified reverse socket connection from the device adb reverse --remove-all - Remove all reverse socket connetions from the device adb pull remote local - Copy a file or directory and its sub-directories from the device adb pull [-a] remote local - Copy remote files and directories to a device -> Note: Use of the '-a' option preserves the file time stamp and mode adb push local remote - Copy a file or directory and its sub-directories to the device adb [-d | -e | -s serial_number] command - Issue adb commands from a command line on your development machine or from a script adb [-d |-e | -s serial_number] shell shell_command - Use shell command to issue device commands through adb, or to start an interactive shell adb backup - Write an archive of the device's data to file adb restore file - Restore the device contents from file adb keygen file - Generate adb public and private RSA encrypted keys -> By default key pairs generated by the adb server are stored in the following key store directories as 'adbkey' (private key) and 'adbkey.pub' (public key) - Linux and Mac: $HOME/.android - Windows: %USERPROFILE%\.android adb wait-for [-transport] -state - Wait for the device to be in the specified state -> 'state' values can be 'device', 'recovery', 'sideload', or 'bootloader' -> 'transport' values can be 'usb', 'local', or 'any' adb get-state - Print the adb state of a device; adb state can be 'print offline', 'bootloader', or 'device' adb get-serialno - Print the adb device serial number string adb get-devpath - Print the adb device path adb remount - Remount the '/system', '/vendor', and '/oem' partitions in read-write mode adb reboot [bootloader | recovery | sideload | sideload-auto-reboot ] -> The 'bootloader' option reboots into bootloader -> The 'recovery' option reboots into recovery -> The 'sideload' option reboots into recovery and start 'sideload' mode -> The 'sideload-auto-reboot' option is the same as 'sideload', but reboot after side loading completes adb sideload otapackage - Side load (install in APK format) the specified full OTA package onto the device adb root - Restart adbd with root permissions adb unroot - Restart adbd without root permissions adb usb - Restart the adb server listening on USB adb tcpip port-number - Restart the adb server listening on TCP at the specified port adb reconnect - Force a reconect from the host adb reconnect device - Force a reconnect from the device to force a reconnect adb shell service list - List system services running on the Android device adb shell dumpsys activity services - List ALL services running on the Android device adb shell dumpsys activity services myservice - List all services containing the "myservices" in their name service call isms -> NOTE: WIll need to call with correct parameters am command - Activity manager commands format adb shell am start -a android.intent.action.VIEW - Can send the Activity Manager (AM) command directly from adb without entering a remote shell adb shell am start -a android.intent.action.CALL -d tel:+9111111111 -> Make phone call from ADB adb shell am start -a android.intent.action.SENDTO -d sms:+9111111111 --es sms_body "Msg Text" -> Send a text via ADB - Note: Sets up text, but does not send it (?) adb shell am start -W -c android.intent.category.HOME -a android.intent.action.MAIN -> Return to the home screen no matter where one is adb shell am start -n com.spotify.music/.MainActivity -> Remotely start a package via ADB shell adb shell am start -a android.intent.actoin.VIEW -d /sdcard/record.wav -y audio/wav -> Play audio on the device pm command - Package manager commands format adb shell pm uninstall com.example.MyApp - Issue package manager command directly from adb without entering a remote shell adb shell pm list packages -s - List the system apps only on the Android device adb shell pm list packages -3 - List all third-party apps installed on the Android device adb shell pm list packages -d - List all disabled apps on the Android device adb shell pm list packages -e - List all enabled apps on the Anrdoid device adb shell pm list packages -u - List all uninstalled apps on the Android device adb shell pm list packages <keywords> - List app packages with specific keyword filters adb shell pm list packages -f - List of apps along with their associated packages adb shell pm create-user username - Create a user username adb shell pm remove-user user 1 - Remove a user form the device using the user_id '1' adb shell pm get-max-users - Print the maximum number of users supported on an Android device adb shell pm list features - Print all the supported features of the system adb shell pm list permissions - List all of the known permissions (optionally only those in 'group') -> Parameters: -g: Organize permissions by group -f: Print all information -s: Short summary of permissions -d: List dangerous permissions only -u: List the permissions seen by users only -> Ex: adb shell pm list permissions -d group adb shell settings list system - Get information of the system settings adb shell settings get system volume_system - Get system volume_system information adb shell settings get system notification_sound - Get system notification_sound adb shell settings list secure - Get list of secure settings adb shell settings get secure android_id - Get secure Android ID (Device ID) adb shell settings get secure bluetooth_address - Get the device Bluetooth Address adb shell settings list global - List global settings adb shell settings get global mobile_data - Get current mobile data status adb shell settings get global wifi_on - Get the current WiFi status adb shell cat /sys/class/net/wlan0/address - Mac Address adb shell cat /system/build.prop - Retrieve more hardware and system properties dpm command - Device policy manager commands format adb shell dpm command - Issues device ploicy manager commands directly from adb without entering a remote shell screencap filename - Shell utility for taking a screenshot of the device display adb shell screencap /sdcard/screen.png - Run the screencap command from ADB -> Ex: $ adb shell shell@ $ screencap /sdcard/screen.png shell@ $ exit $ adb pull /sdcard/screen.png screenrecord [options] filename - Shell utility for recording the display of the device adb shell screenrecord /sdcard/demo.mp4 - Run the screenrecord command from ADB -> Ex: $ adb shell shell@ $ screenrecord --verbose /sdcard/demo.mp4 (press Control + C to stop) shell@ $ exit $ adb pull /sdcard/demo.mp4 adb shell screenrecord --size 1920x1080 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific resolution adb shell screenrecord --time-limit 120 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific duration adb shell screenrecord --bit-rate 6000000 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific bitrate adb shell getprop - Displays the Android system properties informaiton -> Ex: getprop ro.build.version.sdk getprop ro.chipname - Note: The 'getprop' and 'setprop' commands can be used to view and set or change the configuration of the 'build.prop' file adb shell setprop - Change the value of an entry in the 'build.prop' -> Ex: getprop net.dns1 1.2.3.4 setprop net.dns1 1.3.4.5 getprop net.dns2 1.1.2.3 setprop net.dns2 1.2.3.4 setprop dalvik.vm.heapsize 60m - Change VMHeap size on Android device adb shell getprop ro.build.version.sdk - Get property for SDK version adb shell getprop ro.build.version.security_patch - Get property for security patch version adb shell getprop ro.board.platform - Get property board platform adb shell getprop ro.build.version.release - Get property release version adb shell getprop ro.vendor.product.model - Get property product model adb shell getprop ro.product.manufacturer - Get property product manufacturer adb shell getprop ro.serialno - Get property serial number adb shell getprop ro.oem_unlock_supported - Get property OEM unlock supported flag adb shell getprop ro.bootimage.build.fingerprint - Get property bootimage build fingerprint adb shell getprop ro.boot.wifimacaddr - Get property wifi MAC address adb -s < device ID > shell getprop - Returns the full configuration, running services, and information about the Android device -> Note: The < device ID > comes from the alpha-numeric hash from the 'adb devices' command adb shell getprop | grep -e 'model' -e 'version.sdk' -e 'manufacturer' -e 'hardware' -e 'platform' -e 'r - One liner for outputs the system properties adb shell cmd package dump-profiles package - Produce a text form of the profile information -> adb pull /data/misc/profman/package.txt - Retrieve the file produced adb shell cmd testharness enable - Reset a test device, using the 'testharness' adb shell command sqlite3 - Starts the sqlite command-line program for examining sqlite databases -> Ex: $ adb -s emulator-5554 shell $ sqlite3 /data/data/com.example.app/databases/rssitems.db SQLite version 3.3.12 Enter ".help" for instructions adb shell pm path 'com.pspdfkit.viewer' - Return APK file path on the Android device -> One Liner: adb pull `adb shell pm path 'com.pspdfkit.viewer' | cut -d ':' -f 2` viewer.apk adb tcpip 5555 - Make the target device's adb daemon listen for TCP/IP connections on port 5555 adb shell netcfg - Print out device network information Activity Manager (AM) Commands: start [options] intent - Start an Activity specified by intent startservice [options] intent - Start the Service specified by intent force-stop package - Force stop everything associated with package (the app's package name). kill [options] package - Kill all processes associated with package (the app's package name). This command kills only processes that are safe to kill and that will not impact the user experience. kill-all - Kill all background processes. broadcast [options] intent - Issue a broadcast intent. instrument [options] component - Start monitoring with an Instrumentation instance. Typically the target component is the form test_package/runner_class. profile start process file - Start profiler on process, write results to file. profile stop process - Stop profiler on process. dumpheap [options] process file - Dump the heap of process, write to file. set-debug-app [options] package - Set app package to debug. clear-debug-app - Clear the package previous set for debugging with set-debug-app. monitor [options] - Start monitoring for crashes or ANRs. screen-compat {on | off} package - Control screen compatibility mode of package. display-size [reset | widthxheight] - Override device display size. This command is helpful for testing your app across different screen sizes by mimicking a small screen resolution using a device with a large screen, and vice versa. -> Ex: am display-size 1280x800 display-density dpi - Override device display density. This command is helpful for testing your app across different screen densities on high-density screen environment using a low density screen, and vice versa. to-uri intent - Print the given intent specification as a URI. to-intent-uri intent - Print the given intent specification as an intent: URI. send-trim-memory <pid> <level> - Allows for the setting of proccess <pid> to set level of <level> -> Ex: adb shell am send-trim-memory 12345 RUNNING_LOW - Means send command to process 12345, notify it to set level to RUNNING - Process ID levels: HIDDEN, RUNNING_MODERATE, BACKGROUND, RUNNING_LOW, MODERATE, RUNNING_CRITICAL, COMPLETE Package Manager (PM) Commands: list packages [options] filter - Prints all packages, optionally only those whose package name contains the text in filter. list permission-groups - Prints all known permission groups. list permissions [options] group - Prints all known permissions, optionally only those in group. list instrumentation [options] - List all test packages. list features - Prints all features of the system. list libraries - Prints all the libraries supported by the current device. list users - Prints all users on the system. path package - Print the path to the APK of the given package. install [options] path - Installs a package (specified by path) to the system. uninstall [options] package - Removes a package from the system. -> -k: Keep the data and cache directories around after package removal. clear package - Deletes all data associated with a package (e.g. Clears app cache data) enable package_or_component - Enable the given package or component (written as "package/class"). disable package_or_component - Disable the given package or component (written as "package/class"). disable-user [options] package_or_component - Disables User -> --user user_id: The user to disable. grant package_name permission - Grant a permission to an app. On devices running Android 6.0 (API level 23) and higher, the permission can be any permission declared in the app manifest. On devices running Android 5.1 (API level 22) and lower, must be an optional permission defined by the app. revoke package_name permission - Revoke a permission from an app. On devices running Android 6.0 (API level 23) and higher, the permission can be any permission declared in the app manifest. On devices running Android 5.1 (API level 22) and lower, must be an optional permission defined by the app. set-install-location location - Changes the default install location -> 0: Auto: Let system decide the best location. -> 1: Internal: install on internal device storage. -> 2: External: on external media. get-install-location - Returns the current install location. -> 0 [auto]: Lets system decide the best location -> 1 [internal]: Installs on internal device storage -> 2 [external]: Installs on external media set-permission-enforced permission [true | false] - Specifies whether the given permission should be enforced. trim-caches desired_free_space - Trim cache files to reach the given free space. create-user user_name - Create a new user with the given user_name, printing the new user identifier of the user. remove-user user_id - Remove the user with the given user_id, deleting all data associated with that user get-max-users - Prints the maximum number of users supported by the device. -> Examples: - Open Browser with URL: adb shell am start -a android.intent.action.VIEW -d https://www.google.com/ Device Policy Manager (DPM) Commands: set-active-admin [options] component - Sets component as active admin. set-profile-owner [options] component - Sets component as active admin and its package as profile owner for an existing user. set-device-owner [options] component - Sets component as active admin and its package as device owner. remove-active-admin [options] component - Disables an active admin. The app must declare android:testOnly in the manifest. This command also removes device and profile owners. clear-freeze-period-record - Clears the device's record of previously-set freeze periods for system OTA updates. This is useful to avoid the device's scheduling restrictions when developing apps that manage freeze-periods. force-network-logs - Forces the system to make any existing network logs ready for retrieval by a DPC. If there are connection or DNS logs available, the DPC receives the onNetworkLogsAvailable() callback. force-security-logs - Forces the system to make any existing security logs available to the DPC. If there are logs available, the DPC receives the onSecurityLogsAvailable() callback. ---------------- COMMANDS ---------------- 1 uname -a 2 pm list packages - List all existing packages on the Android device 3 logcat - Dumps out the system log information? 4 dumpsys - Dumps out system information (TONS OF INFO) -> Note: In order to use this tool don’t forget to add permission into your Android manifest automatically 'android.permission.DUMP' 5 dumpsys battery - Dumps out battery information adb shell dumpsys input - Dumps out input logs (?) adb shell dumpsys display - Dumps out display information adb shell dumpsys batterystats - Dumps out battery stats adb shell dumpsys activity - Dumps out the activity information adb shell dumpsys cpuinfo - Dumps out the CPU usage by processes and applications adb shell dumpsys window displays - Dumps out very detailed information related to the displays adb shell dumpsys iphonesubinfo - Dumps out the IMEI information for Android 4.4 and below adb shell "dumpsys package | grep -i 'com.spotify.music' | grep 'Activity' " -> Returns the ativity for starting the package? Note: Looking for the .MainActivity value adb shell (su) service call iphonesubinfo 1 - Dumps out the IMEI for Android 5.0 and above; Note: Requires root access (i.e. 'su') adb shell service call audio 10 i32 3 i32 0 -> Set volume to 0 (??) - Note: Unsure exactly how the above command gets built adb shell wm size - Dumps out the display resolution adb shell wm size reset - Reset to the original display resolution adb shell wm size 480x1024 - Set the display resolution to 480x1024 adb shell wm density - Dumps out the pixel density of the Android device's display adb shell wm density reset - Reset the original screen density adb shell wm density 160 - Set the screen density to 160 dpi adb shell wm overscan 0,0,0,200 - Set the part of the screen that should be left "clean" (e.g. where the margin pixels for the screen are) -> The four parameters represent left, top, right, bottom margin pixels to the edge - Ex: The above means to leave the 200px in screen bottom "clean" adb shell wm overscan reset - Reset to the original overscan service call statusbar 1 - Causes the status bar to drop on the running Android device service call statusbar 2 - Causes the status bar to pull back up on the running Android device input keyevent 26 - Sending a keyevent to the running Android device adb shell input keyevent 2 - Turn Android device ON or OFF adb shell input keyevent 3 - Press Home button adb shell input keyevent 4 - Press Back button adb shell input keyevent 5 - Press Call button (Open Dialing Application) adb shell input keyevent 6 - End a Call adb shell input keyevent 24 - Increase Volume adb shell input keyevent 25 - Decrease Volume adb shell input keyevent 26 - Press Power Button to wake up/turn off screen adb shell input keyevent 27 - Turn ON the camera (Taking Pictures in the Camera Application; Need In?) adb shell input keyevent 64 - Open web browser adb shell input keyevent 66 - Press the Enter / OK key adb shell input keyevent 67 - Press Backspace button adb shell input keyevent 82 - Menu Button adb shell input keyevent 85 - Play / Pause Button adb shell input keyevent 86 - Stop Playing adb shell input keyevent 87 - Play Next adb shell input keyevent 88 - Play on Again (? one? a?) adb shell input keyevent 122 - Move the cursor to the beginning or top of the list adb shell input keyevent 123 - Move the cursor to the end of the line or bottom of the list adb shell input keyevent 126 - Resume Playing adb shell input keyevent 127 - Pause / Play adb shell input keyevent 164 - Mute adb shell input keyevent 176 - Open the System Setup adb shell input keyevent 187 - Switching Applications adb shell input keyevent 207 - Open Contacts app adb shell input keyevent 208 - Open Calendar adb shell input keyevent 209 - Open Music adb shell input keyevent 210 - Open Calculator adb shell input keyevent 220 - Decrease display brightness adb shell input keyevent 221 - Increase Display brightness adb shell input keyevent 223 - System Sleep adb shell input keyevent 224 - Light up the Screen adb shell input keyevent 231 - Open the Voice Assistant adb shell input keyevent 276 - If not wakelock allow the system to sleep adb shell input keyevent 277 - Cut text adb shell input keyevent 278 - Copy text adb shell input keyevent 279 - Paste text adb shell input keyevent KEYCODE_SLEEP - Make the device sleep adb shell input keyevent KEYCODE_WAKEUP - Make device wakeup (adb shell) input keyevent KEYCODE_POWER - Toggle Power menu adb shell input swipe - If password lock screen is unlocked by sliding gesture, then one can use this command -> Ex: adb shell input swipe 300 1000 300 500 - Note: '300100300' parameters represent '500' starting x coordinate of the start point y coordinate of the end point x coordinated y coordinate of the end point (e.g. a swiping motion for a swipe bar) netstat - Display all the TCP Connections on the running Android device cat /proc/<proc ID>/comm - Display the chosen <proc ID> package name adb shell am start -a android.intent.action.SENDTO -d sms:+918052000222 --es sms_body "Test --ez exit_on_sent false - Send a text message using command line interface -> Note: Above " is missing terminator (protection against web crawlers?) adb shell rm - Delete a file or folder (same as general linux rm command) input text XXXX - Input text into the device; can be ued for inputing 'XXXX' PIN / passcode or text into a text box adb shell input text -> Send text to the Android device - Note: This input can go to a series of sinks - List of input varieties: - Insert Text: - Ex: adb shell input text "insert%syour%stext%shere" - '%s' translates to < space > - Ex: adb shell input text "Wow it so cool feature" -> Print text using ADB - Ex: adb shell input keyboard text "rr" - Use the above to send a reload call to a React-Native app running on android device - Event Codes: - Ex: adb shell input keyevent 82 - '82' is the Menu Button - Tap X,Y Position: - Ex: adb shell input tap 500 1450 - Note: One can get help by enabling Settings > Developer Options > Check option 'Pointer SLocation' - Swipe X1 Y1 X2 Y2 [duration(ms)]: - Ex: adb shell input swipe 100 500 100 1450 11 - Ex: adb shell input touchscreen swipe start_X start_Y end_x end_y time_To_take_performing_action - Ex: adb shell input touchscreen swipe - 500 500 500 500 2000 -> Two second long press - LongPress X Y: - Ex: adb shell input swipe 100 500 100 500 250 - Can use the 'input text' help menu to get a list of sources for the command - Examples: keyboard, mouse, joystick, touchnavigation, touchpag, trackball, dpad, stylus, gamepad, touchscreen sendevent - Allows for simulating actions / finger gestures on the device pattern lock -> Ex: sendevent 3 0 sendevent 3 1 sendevent 0 0 0 # (event separator) -> Ex: adb shell EXAMPLE SIMPLIFIED VERSION OF EXISTING PATTERN INPUT VIA CLI (ADB) input keyevent 2 sendevent /dev/input/event3 3 57 14 sendevent /dev/input/event3 1 330 1 sendevent /dev/input/event3 3 53 x1 sendevent /dev/input/event3 3 54 y1 sendevent /dev/input/event3 3 58 57 sendevent /dev/input/event3 0 0 0 sendevent /dev/input/event3 3 53 x2 sendevent /dev/input/event3 3 54 y2 sendevent /dev/input/event3 3 58 57 sendevent /dev/input/event3 0 0 0 sendevent /dev/input/event3 3 53 x3 sendevent /dev/input/event3 3 54 y3 sendevent /dev/input/event3 3 58 57 sendevent /dev/input/event3 0 0 0 … sendevent /dev/input/event3 3 53 xn sendevent /dev/input/event3 3 54 yn sendevent /dev/input/event3 3 58 57 sendevent /dev/input/event3 0 0 0 sendevent /dev/input/event3 3 57 4294967295 sendevent /dev/input/event3 1 330 0 sendevent /dev/input/event3 0 0 0 "adb sendevent" is actually c code (part of toolbox utility ) that sends the input code directly into the /dev/input.... of Linux input subsystem. Android Mobile Hacks: - URL: https://www.securitynewspaper.com/2019/07/29/android-mobile-hacks-with-android-debug-bridgeadb-part-i/ - URL: https://www.securitynewspaper.com/2019/07/30/android-mobile-hacks-with-android-debug-bridgeadb-part-ii/ - URL: https://www.quora.com/What-are-some-good-Android-debug-bridge-ADB-hacks General Hacks / Vulnerabilities to Attempt: -> rm /data/system/gesture.key - Delete the file that verifies the mobile device unlock pattern - Note: This may / may not work depending on how the OS runs / resolves the issue -> adb devices - Remove all key configuratins present so that the phone can be unlocked by any combination adb shell cd data/system su rm *.key -> adb shell - Remove lock pattern information out of the settings database cd /data/data/com.android.providers.settings/databases sqlite3 settings.db update system set value=0 where name='lock_pattern_autolock'; update system set value=0 where name='lockscreen.lockedoutpermanently'; .quit restart phone Emulate a device within ADB: -> emulator -avd Nexus_6_API_25 -port 5555 - Emulate a Nexus 6 device ----------------------- Special Commands ----------------------- adb -d - Direct an adb command to only attached USB device; Note: Will return error when more than one USB is attached adb -e - Direct an adb command to only running emulator; Note: Will return error when more than one USB is attached adb -H server - The name of the adb server host; default is 'localhost' adb -P port - The adb server port number; default is 5037 adb -L socket - Listen on the provided adb server socket; default values is 'tcp:localhost:5037' adb forward --list - List all forwarded socket connections adb reverse --list - List all reverse socket connections from the device adb disable-verity \__ adb enable-verity / Disbale / Enable the 'dm-verity' checking on 'userdebug' builds -> The 'dm-verity' option ensures that when a user boots a device that it is in the same state that is was in when it was last used adb shell settings put global adn_enabled 0 - Turn off the Android debug; Note: Will require enabling thorugh "Developer options" settings menu adb shell settings put global hidden_api_policy_pre_p_apps 1 \___ adb shell settings put global hidden_api_policy_p_apps 1 / Allow access to non SDK API -> Potential values to place in the command tail: - 0: Disable detect for non SDK API call; no call log in logcat, make strict mode API, detectNonSdkApiUsage() invalid (NOT RECOMMENDED) - 1: Just warning; allow access to all non SDK API, but retain warnings in logcat; one can continue to use strict mode API - 2: It is forbidden to invoke interfaces in dark grey lists and black lists - 3: It is forbidden to invoke the interface in the black list, but it is allow to call in therface in the dark grey list adb shell settings put global policy_control <key-values> - (Related to Cynogen mod) adb shell settings delete global hidden_api_policy_pre_p_apps \___ adb shell settings delete global hidden_api_policy_p_apps / Forbid access to non SDK API Note: The following can be input into a phone dialer to check / interact / change settins on the Android device *#06# - Typed into the phone's dialer, this will pop up the device's IMEI number on the screen *#*#4636#*#* - Display device information *#*#7780#*#* - Perform a Factory Reset *2767*3855# - Wipe phone & re-install firmware *#0228# - Check battery status *#0*# - Hardware test mode *43# - Enable call waiting *#67# - Check call forwarding status *#21# - Check call forwarding status *#62# - Check call forwarding status when not reachable ##002# - Erase all call forwarding *31# - Hide Caller ID *#004# - Check call diversion status *#9090# - Open diagnostic configuration screen *#0011# - Service Mode *#2222# - Check Hardware version *#1234# - Check software version (Samsung) *#12580*369# - Check Software and hardware version *#0283# - Check Audio loopback control *#34971539# - Check Camera firmware *#9900# - Launch System Dump mode **04* - Change Android device PIN ---------------- NOTES: ---------------- bluetooth_input_device_priority_C8:85:50:E7:6E:54=-1 - Looks like one can set a serides of Bluetooth device priorities bluetooth_headset_priority_C0:E8:62:27:D4:29=-1 bluetooth_a2dp_sink_priority_84:4F:03:06:1E:46=1000 cert_pin_content_url=ert_pin_content_url= cert_pin_metadata_url= ---------------------------------------------------------- DIRECTORIES + LOCATIONS WORTH SEARCHING ---------------------------------------------------------- shared_prefs - Dump directory of temp storage for stuff /data/local/tmp -> Good place to find information - Almost always exists, even if there is no SD Card on the phone ---------------------------------------------------------- USEFUL TOOLS AND REPOSITORIES ---------------------------------------------------------- genymobile/scrcpy -> SCreen copy pckage -> Built through brew muri11as/Android-SMS -> PAckage for extracting SMS packages(?) PYthon ADB package (ppadb) easy-dumpsys -> Github that translates output service list | grep 'sms' -> Get services getprop | grep 'sdk' -> Use to find SDK Version ---------------------------------------------------------- KNOWLEDGE AND RESOURCES ---------------------------------------------------------- Using ADB in Windows: - URL: https://www.howtogeek.com/125769/how-to-install-and-use-abd-the-android-debug-bridge-utility/ Android Debug Bridege Documentation: - URL: https://developer.android.com/studio/command-line/adb Good ADB Tool: - URL: https://kalilinuxtutorials.com/adb-toolkit/ ADBSploit: - URL: https://secnhack.in/adbsploit-managing-and-exploit-android-devices/ Command Line ADB: - URL: https://developer.android.com/studio/command-line/adb Good ADB Hacks: - URL: https://www.quora.com/What-are-some-good-Android-debug-bridge-ADB-hacks - Note: Has information for Hacking And Bypassing Android Password/Pattern/Face/PI ADB Cheat Sheets: - URL: https://technastic.com/adb-shell-commands-list/#ADB_Shell_Commands_List_Cheat_Sheet Pin / Passcode Cracking: - URL: https://stackoverflow.com/questions/23529460/is-there-a-way-to-unlock-android-phone-via-adb-if-i-know-the-pattern/ Android 'Secret' Code: - URL: https://technastic.com/android-secret-codes-ussd-codes/ - PDF URL: https://drive.google.com/file/d/14bvDEFTIl3rYUhEo0thd1geHZZjb4-SA/view ADB Shell Commands: - URL: http://adbcommand.com/adbshell ADB Fastboot Usage: - URL: http://adbcommand.com/fastboot Awesome ADB Documentation: - URL: http://adbcommand.com/awesome-adb Vysor Remote Control Tool: - URL: https://www.vysor.io/ Monkey Remote Control Tool (no app, just ADB; can be slow refresh ~1fps): - URL: https://github.com/ns130291/MonkeyRemote/releases scrcpy Remote Control Tool (requires small app on the device) - URL: https://github.com/Genymobile/scrcpy ADB Shell Screenrecord Command Examples: - URL: https://appscms.com/adb-commands/adb-shell-screenrecord Good Examples of ADB Command 'input': - URL: https://stackoverflow.com/questions/7789826/adb-shell-input-events?adlt=strict List of Event/Key Codes: - URL: https://developer.android.com/reference/android/view/KeyEvent.html
About
Tools for Performing OSINT via ADB
Resources
License
Stars
Watchers
Forks
Releases
No releases published