Useful Commands

Commands

• List packages inside the device: adb shell cmd package list packages

• Get APK from package:

  • adb shell pm list packages
    adb shell pm path com.example.someapp
    adb pull /data/app/com.example.someapp-2.apk path/to/desired/destination

• Set Proxy: adb shell settings put global http_proxy 192.168.0.15:5555

• Disable Proxy: adb shell settings put global http_proxy :0

• See shared Preferenses: adb shell run-as com.moofwd.mooestrouaveiro cat /data/data/com.moofwd.mooestrouaveiro/shared_prefs/com.moofwd.mooestrouaveiro.xml

• See logs(If enabled): adb logcat --pid=$(adb shell pidof com.moofwd.mooestrouaveiro)

• Setup app to accept burp certificate:

  • create a file: ~/app/res/xml/network_security_config.xml

  • add the following info to the file:

    • <network-security-config> 
          <base-config> 
              <trust-anchors> 
                  <!-- Trust preinstalled CAs --> 
                  <certificates src="system" /> 
                  <!-- Additionally trust user added CAs --> 
                  <certificates src="user" /> 
              </trust-anchors> 
          </base-config> 
      </network-security-config>

  • Add android:networkSecurityConfig="@xml/network_security_config" to AndroidManifest.xml.

• Unpack apk: apktool d -s name.apk -o target_dir

• Repack apk:

  • apktool b extracted_apk -o app-release-mod.apk --use-aapt2 
    java -jar uber-apk-signer.jar --apks app-name.apk 

  • uber-apk-signer.jar

• Backup(If package not debuggable we can try):

  • adb backup -f <name>.ab -noapk <package>

  • java -jar abe.jar unpack ~/backup.ab ~/backup.tar (https://github.com/nelenkov/android-backup-extractor/releases/tag/master-20220517081023-33a2f6c)

Extract APK to Java sourcecode

• Unpack apk: apktool d -s name.apk -o target_dir