This is a very early build of a "out of the box" enclosed virtual machine, that can be used to test an apps vulerabilities both with pre-installed APKs to analyze static and non-static testing.
- Open the OVA within MEmu and load in the APK you would like to test.
- This elimates the need for rebuilding, and allows for faster testing and less time rebuilding an android enviorment.
- https://github.com/connorrutt/PentestAndroidVM
- This is a VERY early build of a rooted VM running Android 7.1.2. As the project grows, I will approach later android OS's that support things like samsungs KNOX which acts as a TPM.
- This VM has been build on a foundation of apps pre-installed. Since the later OS releases, have come different tools to avoid root detection.
The current list of tools. All are active and working on the current version of the VM and kernal. These are subject to change.
Terminal Emulator
Magisk
SManager
ES File explorer
Frida Server
Sudo Hide
Zuper
Drozer
Dot Mod
SSLUnpinning
TrustMe Already
RootClock
GG Tools 2020
HidenCore Module
Hide Apps Xposed
Hide My Applist
Jasi Patcher
Lucky Patcher
FakeGapps
DIWA
ADBlocker Reborn
*Rooting grants access to system files that are typically off limits, allowing for analysis and manipulation of app-related files such as configuration, databases, and log files. Additionally, one can intercept and modify network traffic with packet sniffing software or dynamically analyze apps with debugging tools like Frida and Xposed, and gain full access to the device's file system. This provides the opportunity to identify security vulnerabilities and modify runtime behavior. Custom firmware installation may also provide additional features, like disabling security features or running apps in debug mode. We need to assume the APK is safe even on the most vulnerable of machines.
This project is in testing and still needs to go through different builds. Currently, this can be set up through the following.
Install the files contained in the .zip folder. It should contain an installer for MEmu along with a pre-built VM. This is all open source software tested on my personal machine.
Install MEmu provided
Save the REDBOX.OVA onto your drive.
Open the multiple Instance Manager within MEmu. Import and upgrade the .ova through the singly option.
-
Once imported, we need to root the device through the provided MEmu tools.
-
Select the settings option on the right hand side, click "Root Mode On"
-
There should be no other settings to change, as it is pre-proxied to the 8.8.8.8 dns.
-
Reboot upon root.
-
After restart, open the Busy Box Tool for an auto-install of the files mentioned above.
-
Install Magisk via the following in terminal editor after reboot
su
cp -r /storage/emulated/0/init.d/run.sh /sdcard/Download/
cp -r /storage/emulated/0/init.d/magisk.apk /sdcard/Download/
sh /sdcard/Download/run.s
-
Use the provided file browser to get to the APK and install magisk.apk.
-
-
Reboot, open Xposed Framework and select Install > Install as shown below.
-
The VM should now be fully prepped and rooted. Check via the Root Check App, and turn off "Root" in MEmu and reboot.
-
With the image running, we now need to connect to the device via our host OS.
-
With powershell, run the following
cd "c:\Program Files\Microvirt\MEmu\"
adb connect 127.0.0.1:21513
- To Verify the MEmu device is connected :
adb devices
To enters the mobile phone or emulator
adb shell
To View the system installation package:
adb shell pm list package -s
*To View third-party packages:
adb shell pm list package -3
To Install android application :
adb install c:\app.apk
To Repeat (overwrite) installation :
adb install -r d:\app.apk
To Uninstall the android application :
adb uninstall <package name>To Clear application data and cache :
adb shell pm clear <package name>
To Upload files from computer to the phone or emulator :
adb push C:\tcpdump /data/local/tmp/
adb push C:\tcpdump /data/local/tmp/
To download Files from Mobile :
adb pull /sdcard/Android/data/com.example.app c:\phone\
How to run Frida :
cd "c:\Program Files\Microvirt\MEmu\"
adb connect 127.0.0.1:21513
adb shell "/data/local/tmp/frida-server &"
adb forward tcp:27042 tcp:27042
Frida-ps -U
Paths Memu emulator :
/storage/emulated/0/Download
/sdcard/Download/
/sdcard/Pictures
/sdcard/DCIM
/data/data/
/sdcard/Android/data