-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
679 lines (536 loc) · 35.4 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
Website for Useful Commands for Android Debug Bridge (ADB)
- URL: https://n00bie.medium.com/hacking-android-using-adb-34079a7488f8
----------------
ADB COMMANDS
----------------
adb kill-server - Kill ADB Server
adb start-server - Start ADB Server
adb install C:package.apk — Installs the package located at C:package.apk on your computer on your device.
-> adb install < path_to_apk >
adb uninstall package.name — Uninstalls the package with package.name from your device. For example, you’d use the name com.rovio.angrybirds to uninstall the Angry Birds app.
adb push C:file /sdcard/file — Pushes a file from your computer to your device. For example, the command here pushes the file located at C:file on your computer to /sdcard/file on your device
adb pull /sdcard/file C:file — Pulls a file from your device to your computer — works like adb push, but in reverse.
adb logcat — View your Android device’s log. Can be useful for debugging apps.
adb logcat -b threadtime - View the Android device's running logs?
adb logcat [<option>] ... [<filter-spec>] ... - Command format usage for the logcat
-> Android log can be divided into the following levels:
- 'V' Verbose (Most output) [ Lowest rank in list ]
- 'D' Debug
- 'I' Info
- 'W' Warning
- 'E' Error
- 'F' Fatal
- 'S' Silent (no output) [ Highest rank in list ]
-> Ex: adb logcat "*:W"
- Will produce Warning, Error, Fatal, and Silent log output; Note: The tag '*' must be surrounded with double quotes, otherwise an error will be thrown
adb logcat ActivityManager:I MyApp:D *:S - Gives outputs of the 'ActivityManager' above the level of Info logs, Debug log output and abvoe for the 'MyApp' tag, and for other tags Silent log level
adb logcat -v <format> - Specify the log output format
-> 'breif': This writes out the default format of [ <priority>/<tag>(<pid>): <message> ]
-> 'process': This writes out the format of [ <priority>(<pid>) <message> ]
-> 'tag': This writes out the format of [ <priority>/<tag>: <message> ]
-> 'raw': This writes out the format of [ <message> ]
-> 'time': This writes out the format of [ <datetime> <priority>/<tag>(<pid>): <mesage> ]
-> 'threadtime': This writes out the format of [ <datetime> <pid> <tid> <priority> <tag>: <message> ]
-> 'long': This writes out the format of [ <datetime> <pid>:<id> <priority>/<tag> <message> ]
-> Ex: adb shell logcat -v long ActiviyManager:I *:S
adb logcat -c - Clear log
adb shell dmesg - Kernel log
adb shell — Gives you an interactive Linux command-line shell on your device.
adb shell command — Runs the specified shell command on your device.
adb shell -e escape_char [-n] [-T] [-t] [-x] [command] - Issues a shell command in the target device and then exist the remote shell; use any combination of the following options:
-> '-e' specifies an escape character or the value 'none' if one does not want to use an escape character
- Note: If one does not privde a value, then the default escape character (a dash '-') is used
-> 'n' specifies not to read from 'stdin'
-> '-T' is used to disable pseudo-terminal utility (PTY) allocation
-> '-t' is used to force PTY allocation
-> '-x' is used to disbale remote exit codes and 'stdout/stderr' separation
adb emu command - Run an emulator console command
adb forward tcp:6100 tcp:7100 - Forwards ports of host port 6100 to device port 7100
-> Format for port forwarding: adb forward tcp:local_port tcp:device_port
-> Format for port reversing: adb reverse tcp:device_port tcp:local_port
adb forward [--no-rebind] local remote - Forward socket connections from the specified local port to the specified remote port on the device
-> One can specify both local and remote ports
adb forward --remove local - Remove the specified forwarded socket connection
adb reverse [--no-rebind] remote local - Reverse a socket connection
-> The '--no-rebind' option means the reversal fails if the specified socket is already bound through previous 'reverse' command useage
-> One can specify both local and remote arguments
adb reverse --remove remote - Remove the specified reverse socket connection from the device
adb reverse --remove-all - Remove all reverse socket connetions from the device
adb pull remote local - Copy a file or directory and its sub-directories from the device
adb pull [-a] remote local - Copy remote files and directories to a device
-> Note: Use of the '-a' option preserves the file time stamp and mode
adb push local remote - Copy a file or directory and its sub-directories to the device
adb [-d | -e | -s serial_number] command - Issue adb commands from a command line on your development machine or from a script
adb [-d |-e | -s serial_number] shell shell_command - Use shell command to issue device commands through adb, or to start an interactive shell
adb backup - Write an archive of the device's data to file
adb restore file - Restore the device contents from file
adb keygen file - Generate adb public and private RSA encrypted keys
-> By default key pairs generated by the adb server are stored in the following key store directories as 'adbkey' (private key) and 'adbkey.pub' (public key)
- Linux and Mac: $HOME/.android
- Windows: %USERPROFILE%\.android
adb wait-for [-transport] -state - Wait for the device to be in the specified state
-> 'state' values can be 'device', 'recovery', 'sideload', or 'bootloader'
-> 'transport' values can be 'usb', 'local', or 'any'
adb get-state - Print the adb state of a device; adb state can be 'print offline', 'bootloader', or 'device'
adb get-serialno - Print the adb device serial number string
adb get-devpath - Print the adb device path
adb remount - Remount the '/system', '/vendor', and '/oem' partitions in read-write mode
adb reboot [bootloader | recovery | sideload | sideload-auto-reboot ]
-> The 'bootloader' option reboots into bootloader
-> The 'recovery' option reboots into recovery
-> The 'sideload' option reboots into recovery and start 'sideload' mode
-> The 'sideload-auto-reboot' option is the same as 'sideload', but reboot after side loading completes
adb sideload otapackage - Side load (install in APK format) the specified full OTA package onto the device
adb root - Restart adbd with root permissions
adb unroot - Restart adbd without root permissions
adb usb - Restart the adb server listening on USB
adb tcpip port-number - Restart the adb server listening on TCP at the specified port
adb reconnect - Force a reconect from the host
adb reconnect device - Force a reconnect from the device to force a reconnect
adb shell service list - List system services running on the Android device
adb shell dumpsys activity services - List ALL services running on the Android device
adb shell dumpsys activity services myservice - List all services containing the "myservices" in their name
service call isms
-> NOTE: WIll need to call with correct parameters
am command - Activity manager commands format
adb shell am start -a android.intent.action.VIEW - Can send the Activity Manager (AM) command directly from adb without entering a remote shell
adb shell am start -a android.intent.action.CALL -d tel:+9111111111
-> Make phone call from ADB
adb shell am start -a android.intent.action.SENDTO -d sms:+9111111111 --es sms_body "Msg Text"
-> Send a text via ADB
- Note: Sets up text, but does not send it (?)
adb shell am start -W -c android.intent.category.HOME -a android.intent.action.MAIN
-> Return to the home screen no matter where one is
adb shell am start -n com.spotify.music/.MainActivity
-> Remotely start a package via ADB shell
adb shell am start -a android.intent.actoin.VIEW -d /sdcard/record.wav -y audio/wav
-> Play audio on the device
pm command - Package manager commands format
adb shell pm uninstall com.example.MyApp - Issue package manager command directly from adb without entering a remote shell
adb shell pm list packages -s - List the system apps only on the Android device
adb shell pm list packages -3 - List all third-party apps installed on the Android device
adb shell pm list packages -d - List all disabled apps on the Android device
adb shell pm list packages -e - List all enabled apps on the Anrdoid device
adb shell pm list packages -u - List all uninstalled apps on the Android device
adb shell pm list packages <keywords> - List app packages with specific keyword filters
adb shell pm list packages -f - List of apps along with their associated packages
adb shell pm create-user username - Create a user username
adb shell pm remove-user user 1 - Remove a user form the device using the user_id '1'
adb shell pm get-max-users - Print the maximum number of users supported on an Android device
adb shell pm list features - Print all the supported features of the system
adb shell pm list permissions - List all of the known permissions (optionally only those in 'group')
-> Parameters: -g: Organize permissions by group
-f: Print all information
-s: Short summary of permissions
-d: List dangerous permissions only
-u: List the permissions seen by users only
-> Ex: adb shell pm list permissions -d group
adb shell settings list system - Get information of the system settings
adb shell settings get system volume_system - Get system volume_system information
adb shell settings get system notification_sound - Get system notification_sound
adb shell settings list secure - Get list of secure settings
adb shell settings get secure android_id - Get secure Android ID (Device ID)
adb shell settings get secure bluetooth_address - Get the device Bluetooth Address
adb shell settings list global - List global settings
adb shell settings get global mobile_data - Get current mobile data status
adb shell settings get global wifi_on - Get the current WiFi status
adb shell cat /sys/class/net/wlan0/address - Mac Address
adb shell cat /system/build.prop - Retrieve more hardware and system properties
dpm command - Device policy manager commands format
adb shell dpm command - Issues device ploicy manager commands directly from adb without entering a remote shell
screencap filename - Shell utility for taking a screenshot of the device display
adb shell screencap /sdcard/screen.png - Run the screencap command from ADB
-> Ex: $ adb shell
shell@ $ screencap /sdcard/screen.png
shell@ $ exit
$ adb pull /sdcard/screen.png
screenrecord [options] filename - Shell utility for recording the display of the device
adb shell screenrecord /sdcard/demo.mp4 - Run the screenrecord command from ADB
-> Ex: $ adb shell
shell@ $ screenrecord --verbose /sdcard/demo.mp4
(press Control + C to stop)
shell@ $ exit
$ adb pull /sdcard/demo.mp4
adb shell screenrecord --size 1920x1080 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific resolution
adb shell screenrecord --time-limit 120 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific duration
adb shell screenrecord --bit-rate 6000000 /sdcard/screenrecord-01.mp4 - Run the screenrecord command with a specific bitrate
adb shell getprop - Displays the Android system properties informaiton
-> Ex: getprop ro.build.version.sdk
getprop ro.chipname
- Note: The 'getprop' and 'setprop' commands can be used to view and set or change the configuration of the 'build.prop' file
adb shell setprop - Change the value of an entry in the 'build.prop'
-> Ex: getprop net.dns1 1.2.3.4
setprop net.dns1 1.3.4.5
getprop net.dns2 1.1.2.3
setprop net.dns2 1.2.3.4
setprop dalvik.vm.heapsize 60m - Change VMHeap size on Android device
adb shell getprop ro.build.version.sdk - Get property for SDK version
adb shell getprop ro.build.version.security_patch - Get property for security patch version
adb shell getprop ro.board.platform - Get property board platform
adb shell getprop ro.build.version.release - Get property release version
adb shell getprop ro.vendor.product.model - Get property product model
adb shell getprop ro.product.manufacturer - Get property product manufacturer
adb shell getprop ro.serialno - Get property serial number
adb shell getprop ro.oem_unlock_supported - Get property OEM unlock supported flag
adb shell getprop ro.bootimage.build.fingerprint - Get property bootimage build fingerprint
adb shell getprop ro.boot.wifimacaddr - Get property wifi MAC address
adb -s < device ID > shell getprop - Returns the full configuration, running services, and information about the Android device
-> Note: The < device ID > comes from the alpha-numeric hash from the 'adb devices' command
adb shell getprop | grep -e 'model' -e 'version.sdk' -e 'manufacturer' -e 'hardware' -e 'platform' -e 'r - One liner for outputs the system properties
adb shell cmd package dump-profiles package - Produce a text form of the profile information
-> adb pull /data/misc/profman/package.txt - Retrieve the file produced
adb shell cmd testharness enable - Reset a test device, using the 'testharness' adb shell command
sqlite3 - Starts the sqlite command-line program for examining sqlite databases
-> Ex: $ adb -s emulator-5554 shell
$ sqlite3 /data/data/com.example.app/databases/rssitems.db
SQLite version 3.3.12
Enter ".help" for instructions
adb shell pm path 'com.pspdfkit.viewer' - Return APK file path on the Android device
-> One Liner: adb pull `adb shell pm path 'com.pspdfkit.viewer' | cut -d ':' -f 2` viewer.apk
adb tcpip 5555 - Make the target device's adb daemon listen for TCP/IP connections on port 5555
adb shell netcfg - Print out device network information
Activity Manager (AM) Commands:
start [options] intent - Start an Activity specified by intent
startservice [options] intent - Start the Service specified by intent
force-stop package - Force stop everything associated with package (the app's package name).
kill [options] package - Kill all processes associated with package (the app's package name). This command kills only processes that are safe to kill and that will not impact the user experience.
kill-all - Kill all background processes.
broadcast [options] intent - Issue a broadcast intent.
instrument [options] component - Start monitoring with an Instrumentation instance. Typically the target component is the form test_package/runner_class.
profile start process file - Start profiler on process, write results to file.
profile stop process - Stop profiler on process.
dumpheap [options] process file - Dump the heap of process, write to file.
set-debug-app [options] package - Set app package to debug.
clear-debug-app - Clear the package previous set for debugging with set-debug-app.
monitor [options] - Start monitoring for crashes or ANRs.
screen-compat {on | off} package - Control screen compatibility mode of package.
display-size [reset | widthxheight] - Override device display size. This command is helpful for testing your app across different screen sizes by mimicking a small screen resolution using a device with a large screen, and vice versa.
-> Ex: am display-size 1280x800
display-density dpi - Override device display density. This command is helpful for testing your app across different screen densities on high-density screen environment using a low density screen, and vice versa.
to-uri intent - Print the given intent specification as a URI.
to-intent-uri intent - Print the given intent specification as an intent: URI.
send-trim-memory <pid> <level> - Allows for the setting of proccess <pid> to set level of <level>
-> Ex: adb shell am send-trim-memory 12345 RUNNING_LOW
- Means send command to process 12345, notify it to set level to RUNNING
- Process ID levels: HIDDEN, RUNNING_MODERATE, BACKGROUND, RUNNING_LOW, MODERATE, RUNNING_CRITICAL, COMPLETE
Package Manager (PM) Commands:
list packages [options] filter - Prints all packages, optionally only those whose package name contains the text in filter.
list permission-groups - Prints all known permission groups.
list permissions [options] group - Prints all known permissions, optionally only those in group.
list instrumentation [options] - List all test packages.
list features - Prints all features of the system.
list libraries - Prints all the libraries supported by the current device.
list users - Prints all users on the system.
path package - Print the path to the APK of the given package.
install [options] path - Installs a package (specified by path) to the system.
uninstall [options] package - Removes a package from the system.
-> -k: Keep the data and cache directories around after package removal.
clear package - Deletes all data associated with a package (e.g. Clears app cache data)
enable package_or_component - Enable the given package or component (written as "package/class").
disable package_or_component - Disable the given package or component (written as "package/class").
disable-user [options] package_or_component - Disables User
-> --user user_id: The user to disable.
grant package_name permission - Grant a permission to an app. On devices running Android 6.0 (API level 23) and higher, the permission can be any permission declared in the app manifest. On devices running Android 5.1 (API level 22) and lower, must be an optional permission defined by the app.
revoke package_name permission - Revoke a permission from an app. On devices running Android 6.0 (API level 23) and higher, the permission can be any permission declared in the app manifest. On devices running Android 5.1 (API level 22) and lower, must be an optional permission defined by the app.
set-install-location location - Changes the default install location
-> 0: Auto: Let system decide the best location.
-> 1: Internal: install on internal device storage.
-> 2: External: on external media.
get-install-location - Returns the current install location.
-> 0 [auto]: Lets system decide the best location
-> 1 [internal]: Installs on internal device storage
-> 2 [external]: Installs on external media
set-permission-enforced permission [true | false] - Specifies whether the given permission should be enforced.
trim-caches desired_free_space - Trim cache files to reach the given free space.
create-user user_name - Create a new user with the given user_name, printing the new user identifier of the user.
remove-user user_id - Remove the user with the given user_id, deleting all data associated with that user
get-max-users - Prints the maximum number of users supported by the device.
-> Examples:
- Open Browser with URL: adb shell am start -a android.intent.action.VIEW -d https://www.google.com/
Device Policy Manager (DPM) Commands:
set-active-admin [options] component - Sets component as active admin.
set-profile-owner [options] component - Sets component as active admin and its package as profile owner for an existing user.
set-device-owner [options] component - Sets component as active admin and its package as device owner.
remove-active-admin [options] component - Disables an active admin. The app must declare android:testOnly in the manifest. This command also removes device and profile owners.
clear-freeze-period-record - Clears the device's record of previously-set freeze periods for system OTA updates. This is useful to avoid the device's scheduling restrictions when developing apps that manage freeze-periods.
force-network-logs - Forces the system to make any existing network logs ready for retrieval by a DPC. If there are connection or DNS logs available, the DPC receives the onNetworkLogsAvailable() callback.
force-security-logs - Forces the system to make any existing security logs available to the DPC. If there are logs available, the DPC receives the onSecurityLogsAvailable() callback.
----------------
COMMANDS
----------------
1 uname -a
2 pm list packages - List all existing packages on the Android device
3 logcat - Dumps out the system log information?
4 dumpsys - Dumps out system information (TONS OF INFO)
-> Note: In order to use this tool don’t forget to add permission into your Android manifest automatically 'android.permission.DUMP'
5 dumpsys battery - Dumps out battery information
adb shell dumpsys input - Dumps out input logs (?)
adb shell dumpsys display - Dumps out display information
adb shell dumpsys batterystats - Dumps out battery stats
adb shell dumpsys activity - Dumps out the activity information
adb shell dumpsys cpuinfo - Dumps out the CPU usage by processes and applications
adb shell dumpsys window displays - Dumps out very detailed information related to the displays
adb shell dumpsys iphonesubinfo - Dumps out the IMEI information for Android 4.4 and below
adb shell "dumpsys package | grep -i 'com.spotify.music' | grep 'Activity' "
-> Returns the ativity for starting the package?
Note: Looking for the .MainActivity value
adb shell (su) service call iphonesubinfo 1 - Dumps out the IMEI for Android 5.0 and above; Note: Requires root access (i.e. 'su')
adb shell service call audio 10 i32 3 i32 0
-> Set volume to 0 (??)
- Note: Unsure exactly how the above command gets built
adb shell wm size - Dumps out the display resolution
adb shell wm size reset - Reset to the original display resolution
adb shell wm size 480x1024 - Set the display resolution to 480x1024
adb shell wm density - Dumps out the pixel density of the Android device's display
adb shell wm density reset - Reset the original screen density
adb shell wm density 160 - Set the screen density to 160 dpi
adb shell wm overscan 0,0,0,200 - Set the part of the screen that should be left "clean" (e.g. where the margin pixels for the screen are)
-> The four parameters represent left, top, right, bottom margin pixels to the edge
- Ex: The above means to leave the 200px in screen bottom "clean"
adb shell wm overscan reset - Reset to the original overscan
service call statusbar 1 - Causes the status bar to drop on the running Android device
service call statusbar 2 - Causes the status bar to pull back up on the running Android device
input keyevent 26 - Sending a keyevent to the running Android device
adb shell input keyevent 2 - Turn Android device ON or OFF
adb shell input keyevent 3 - Press Home button
adb shell input keyevent 4 - Press Back button
adb shell input keyevent 5 - Press Call button (Open Dialing Application)
adb shell input keyevent 6 - End a Call
adb shell input keyevent 24 - Increase Volume
adb shell input keyevent 25 - Decrease Volume
adb shell input keyevent 26 - Press Power Button to wake up/turn off screen
adb shell input keyevent 27 - Turn ON the camera (Taking Pictures in the Camera Application; Need In?)
adb shell input keyevent 64 - Open web browser
adb shell input keyevent 66 - Press the Enter / OK key
adb shell input keyevent 67 - Press Backspace button
adb shell input keyevent 82 - Menu Button
adb shell input keyevent 85 - Play / Pause Button
adb shell input keyevent 86 - Stop Playing
adb shell input keyevent 87 - Play Next
adb shell input keyevent 88 - Play on Again (? one? a?)
adb shell input keyevent 122 - Move the cursor to the beginning or top of the list
adb shell input keyevent 123 - Move the cursor to the end of the line or bottom of the list
adb shell input keyevent 126 - Resume Playing
adb shell input keyevent 127 - Pause / Play
adb shell input keyevent 164 - Mute
adb shell input keyevent 176 - Open the System Setup
adb shell input keyevent 187 - Switching Applications
adb shell input keyevent 207 - Open Contacts app
adb shell input keyevent 208 - Open Calendar
adb shell input keyevent 209 - Open Music
adb shell input keyevent 210 - Open Calculator
adb shell input keyevent 220 - Decrease display brightness
adb shell input keyevent 221 - Increase Display brightness
adb shell input keyevent 223 - System Sleep
adb shell input keyevent 224 - Light up the Screen
adb shell input keyevent 231 - Open the Voice Assistant
adb shell input keyevent 276 - If not wakelock allow the system to sleep
adb shell input keyevent 277 - Cut text
adb shell input keyevent 278 - Copy text
adb shell input keyevent 279 - Paste text
adb shell input keyevent KEYCODE_SLEEP - Make the device sleep
adb shell input keyevent KEYCODE_WAKEUP - Make device wakeup
(adb shell) input keyevent KEYCODE_POWER - Toggle Power menu
adb shell input swipe - If password lock screen is unlocked by sliding gesture, then one can use this command
-> Ex: adb shell input swipe 300 1000 300 500
- Note: '300100300' parameters represent '500' starting x coordinate of the start point y coordinate of the end point x coordinated y coordinate of the end point (e.g. a swiping motion for a swipe bar)
netstat - Display all the TCP Connections on the running Android device
cat /proc/<proc ID>/comm - Display the chosen <proc ID> package name
adb shell am start -a android.intent.action.SENDTO -d sms:+918052000222 --es sms_body "Test --ez exit_on_sent false - Send a text message using command line interface
-> Note: Above " is missing terminator (protection against web crawlers?)
adb shell rm - Delete a file or folder (same as general linux rm command)
input text XXXX - Input text into the device; can be ued for inputing 'XXXX' PIN / passcode or text into a text box
adb shell input text
-> Send text to the Android device
- Note: This input can go to a series of sinks
- List of input varieties:
- Insert Text:
- Ex: adb shell input text "insert%syour%stext%shere"
- '%s' translates to < space >
- Ex: adb shell input text "Wow it so cool feature"
-> Print text using ADB
- Ex: adb shell input keyboard text "rr"
- Use the above to send a reload call to a React-Native app running on android device
- Event Codes:
- Ex: adb shell input keyevent 82
- '82' is the Menu Button
- Tap X,Y Position:
- Ex: adb shell input tap 500 1450
- Note: One can get help by enabling Settings > Developer Options > Check option 'Pointer SLocation'
- Swipe X1 Y1 X2 Y2 [duration(ms)]:
- Ex: adb shell input swipe 100 500 100 1450 11
- Ex: adb shell input touchscreen swipe start_X start_Y end_x end_y time_To_take_performing_action
- Ex: adb shell input touchscreen swipe
- 500 500 500 500 2000
-> Two second long press
- LongPress X Y:
- Ex: adb shell input swipe 100 500 100 500 250
- Can use the 'input text' help menu to get a list of sources for the command
- Examples: keyboard, mouse, joystick, touchnavigation, touchpag, trackball, dpad, stylus, gamepad, touchscreen
sendevent - Allows for simulating actions / finger gestures on the device pattern lock
-> Ex: sendevent 3 0
sendevent 3 1
sendevent 0 0 0 # (event separator)
-> Ex: adb shell EXAMPLE SIMPLIFIED VERSION OF EXISTING PATTERN INPUT VIA CLI (ADB)
input keyevent 2
sendevent /dev/input/event3 3 57 14
sendevent /dev/input/event3 1 330 1
sendevent /dev/input/event3 3 53 x1
sendevent /dev/input/event3 3 54 y1
sendevent /dev/input/event3 3 58 57
sendevent /dev/input/event3 0 0 0
sendevent /dev/input/event3 3 53 x2
sendevent /dev/input/event3 3 54 y2
sendevent /dev/input/event3 3 58 57
sendevent /dev/input/event3 0 0 0
sendevent /dev/input/event3 3 53 x3
sendevent /dev/input/event3 3 54 y3
sendevent /dev/input/event3 3 58 57
sendevent /dev/input/event3 0 0 0
…
sendevent /dev/input/event3 3 53 xn
sendevent /dev/input/event3 3 54 yn
sendevent /dev/input/event3 3 58 57
sendevent /dev/input/event3 0 0 0
sendevent /dev/input/event3 3 57 4294967295
sendevent /dev/input/event3 1 330 0
sendevent /dev/input/event3 0 0 0
"adb sendevent" is actually c code (part of toolbox utility ) that sends the input code directly into the /dev/input.... of Linux input subsystem.
Android Mobile Hacks:
- URL: https://www.securitynewspaper.com/2019/07/29/android-mobile-hacks-with-android-debug-bridgeadb-part-i/
- URL: https://www.securitynewspaper.com/2019/07/30/android-mobile-hacks-with-android-debug-bridgeadb-part-ii/
- URL: https://www.quora.com/What-are-some-good-Android-debug-bridge-ADB-hacks
General Hacks / Vulnerabilities to Attempt:
-> rm /data/system/gesture.key - Delete the file that verifies the mobile device unlock pattern
- Note: This may / may not work depending on how the OS runs / resolves the issue
-> adb devices - Remove all key configuratins present so that the phone can be unlocked by any combination
adb shell
cd data/system
su rm *.key
-> adb shell - Remove lock pattern information out of the settings database
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently'; .quit
restart phone
Emulate a device within ADB:
-> emulator -avd Nexus_6_API_25 -port 5555 - Emulate a Nexus 6 device
-----------------------
Special Commands
-----------------------
adb -d - Direct an adb command to only attached USB device; Note: Will return error when more than one USB is attached
adb -e - Direct an adb command to only running emulator; Note: Will return error when more than one USB is attached
adb -H server - The name of the adb server host; default is 'localhost'
adb -P port - The adb server port number; default is 5037
adb -L socket - Listen on the provided adb server socket; default values is 'tcp:localhost:5037'
adb forward --list - List all forwarded socket connections
adb reverse --list - List all reverse socket connections from the device
adb disable-verity \__
adb enable-verity / Disbale / Enable the 'dm-verity' checking on 'userdebug' builds
-> The 'dm-verity' option ensures that when a user boots a device that it is in the same state that is was in when it was last used
adb shell settings put global adn_enabled 0 - Turn off the Android debug; Note: Will require enabling thorugh "Developer options" settings menu
adb shell settings put global hidden_api_policy_pre_p_apps 1 \___
adb shell settings put global hidden_api_policy_p_apps 1 / Allow access to non SDK API
-> Potential values to place in the command tail:
- 0: Disable detect for non SDK API call; no call log in logcat, make strict mode API, detectNonSdkApiUsage() invalid (NOT RECOMMENDED)
- 1: Just warning; allow access to all non SDK API, but retain warnings in logcat; one can continue to use strict mode API
- 2: It is forbidden to invoke interfaces in dark grey lists and black lists
- 3: It is forbidden to invoke the interface in the black list, but it is allow to call in therface in the dark grey list
adb shell settings put global policy_control <key-values> - (Related to Cynogen mod)
adb shell settings delete global hidden_api_policy_pre_p_apps \___
adb shell settings delete global hidden_api_policy_p_apps / Forbid access to non SDK API
Note: The following can be input into a phone dialer to check / interact / change settins on the Android device
*#06# - Typed into the phone's dialer, this will pop up the device's IMEI number on the screen
*#*#4636#*#* - Display device information
*#*#7780#*#* - Perform a Factory Reset
*2767*3855# - Wipe phone & re-install firmware
*#0228# - Check battery status
*#0*# - Hardware test mode
*43# - Enable call waiting
*#67# - Check call forwarding status
*#21# - Check call forwarding status
*#62# - Check call forwarding status when not reachable
##002# - Erase all call forwarding
*31# - Hide Caller ID
*#004# - Check call diversion status
*#9090# - Open diagnostic configuration screen
*#0011# - Service Mode
*#2222# - Check Hardware version
*#1234# - Check software version (Samsung)
*#12580*369# - Check Software and hardware version
*#0283# - Check Audio loopback control
*#34971539# - Check Camera firmware
*#9900# - Launch System Dump mode
**04* - Change Android device PIN
----------------
NOTES:
----------------
bluetooth_input_device_priority_C8:85:50:E7:6E:54=-1
- Looks like one can set a serides of Bluetooth device priorities
bluetooth_headset_priority_C0:E8:62:27:D4:29=-1
bluetooth_a2dp_sink_priority_84:4F:03:06:1E:46=1000
cert_pin_content_url=ert_pin_content_url=
cert_pin_metadata_url=
----------------------------------------------------------
DIRECTORIES + LOCATIONS WORTH SEARCHING
----------------------------------------------------------
shared_prefs - Dump directory of temp storage for stuff
/data/local/tmp
-> Good place to find information
- Almost always exists, even if there is no SD Card on the phone
----------------------------------------------------------
USEFUL TOOLS AND REPOSITORIES
----------------------------------------------------------
genymobile/scrcpy
-> SCreen copy pckage
-> Built through brew
muri11as/Android-SMS
-> PAckage for extracting SMS packages(?)
PYthon ADB package (ppadb)
easy-dumpsys
-> Github that translates output
service list | grep 'sms'
-> Get services
getprop | grep 'sdk'
-> Use to find SDK Version
----------------------------------------------------------
KNOWLEDGE AND RESOURCES
----------------------------------------------------------
Using ADB in Windows:
- URL: https://www.howtogeek.com/125769/how-to-install-and-use-abd-the-android-debug-bridge-utility/
Android Debug Bridege Documentation:
- URL: https://developer.android.com/studio/command-line/adb
Good ADB Tool:
- URL: https://kalilinuxtutorials.com/adb-toolkit/
ADBSploit:
- URL: https://secnhack.in/adbsploit-managing-and-exploit-android-devices/
Command Line ADB:
- URL: https://developer.android.com/studio/command-line/adb
Good ADB Hacks:
- URL: https://www.quora.com/What-are-some-good-Android-debug-bridge-ADB-hacks
- Note: Has information for Hacking And Bypassing Android Password/Pattern/Face/PI
ADB Cheat Sheets:
- URL: https://technastic.com/adb-shell-commands-list/#ADB_Shell_Commands_List_Cheat_Sheet
Pin / Passcode Cracking:
- URL: https://stackoverflow.com/questions/23529460/is-there-a-way-to-unlock-android-phone-via-adb-if-i-know-the-pattern/
Android 'Secret' Code:
- URL: https://technastic.com/android-secret-codes-ussd-codes/
- PDF URL: https://drive.google.com/file/d/14bvDEFTIl3rYUhEo0thd1geHZZjb4-SA/view
ADB Shell Commands:
- URL: http://adbcommand.com/adbshell
ADB Fastboot Usage:
- URL: http://adbcommand.com/fastboot
Awesome ADB Documentation:
- URL: http://adbcommand.com/awesome-adb
Vysor Remote Control Tool:
- URL: https://www.vysor.io/
Monkey Remote Control Tool (no app, just ADB; can be slow refresh ~1fps):
- URL: https://github.com/ns130291/MonkeyRemote/releases
scrcpy Remote Control Tool (requires small app on the device)
- URL: https://github.com/Genymobile/scrcpy
ADB Shell Screenrecord Command Examples:
- URL: https://appscms.com/adb-commands/adb-shell-screenrecord
Good Examples of ADB Command 'input':
- URL: https://stackoverflow.com/questions/7789826/adb-shell-input-events?adlt=strict
List of Event/Key Codes:
- URL: https://developer.android.com/reference/android/view/KeyEvent.html