AVD - Android Virtual Device

Reading time: 10 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Asante sana kwa @offsecjay kwa msaada wake wakati wa kuunda yaliyomo haya.

Nini

Android Studio inaruhusu kuendesha mashine pepe za Android ambazo unaweza kuzitumia kujaribu APKs. Ili kuzitumia utahitaji:

Katika Windows (kwangu) baada ya kusakinisha Android Studio nilikuwa na SDK Tools zimesakinishwa katika: C:\Users\<UserName>\AppData\Local\Android\Sdk\tools

Kwenye mac unaweza download the SDK tools na kuwa nazo kwenye PATH kwa kukimbia:

bash
brew tap homebrew/cask
brew install --cask android-sdk

Au kutoka kwa Android Studio GUI kama ilivyoonyeshwa katika https://stackoverflow.com/questions/46402772/failed-to-install-android-sdk-java-lang-noclassdeffounderror-javax-xml-bind-a ambayo itaweka hizo katika ~/Library/Android/sdk/cmdline-tools/latest/bin/ na ~/Library/Android/sdk/platform-tools/ na ~/Library/Android/sdk/emulator/

Kwa matatizo ya Java:

java
export JAVA_HOME=/Applications/Android\ Studio.app/Contents/jbr/Contents/Home

GUI

Andaa Virtual Machine

Ikiwa umeweka Android Studio, unaweza kufungua tu muonekano mkuu wa mradi na kufikia: Tools --> AVD Manager.

Kisha, bonyeza Create Virtual Device

chagua simu unayotaka kutumia na bonyeza Next.

warning

Ikiwa unahitaji simu yenye Play Store imewekwa chagua ile yenye ikoni ya Play Store!

Katika muonekano wa sasa utaweza kuchagua na kupakua Android image ambayo simu itaendesha:

Hivyo, chagua hiyo na kama haijapakuliwa bonyeza alama ya Download kando ya jina (sasa subiri hadi image inapakuliwa).
Mara image inapopakuliwa, chagua tu Next na Finish.

Mashine pepe itaundwa. Sasa kila mara unapoingia AVD Manager itakuwa pale.

Endesha Virtual Machine

Ili kuendesha bonyeza tu Start button.

Zana ya Command Line

warning

Kwa macOS unaweza kupata chombo avdmanager katika /Users/<username>/Library/Android/sdk/tools/bin/avdmanager na emulator katika /Users/<username>/Library/Android/sdk/emulator/emulator ikiwa umeziweka.

Kwanza kabisa unahitaji kuamua ni simu gani unayotaka kutumia, ili kuona orodha ya simu zinazowezekana endesha:

C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list device

d: 0 or "automotive_1024p_landscape"
Name: Automotive (1024p landscape)
OEM : Google
Tag : android-automotive-playstore
---------
id: 1 or "Galaxy Nexus"
Name: Galaxy Nexus
OEM : Google
---------
id: 2 or "desktop_large"
Name: Large Desktop
OEM : Google
Tag : android-desktop
---------
id: 3 or "desktop_medium"
Name: Medium Desktop
OEM : Google
Tag : android-desktop
---------
id: 4 or "Nexus 10"
Name: Nexus 10
OEM : Google
[...]

Mara tu unapochagua jina la kifaa unayotaka kutumia, unahitaji kuamua ni Android image gani unayotaka kuendesha kwenye kifaa hiki.
Unaweza kuorodhesha chaguzi zote ukitumia sdkmanager:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat --list

Na pakua ile (au zote) unayotaka kutumia na:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat "platforms;android-28" "system-images;android-28;google_apis;x86_64"

Mara baada ya kupakua image ya Android unayotaka kutumia, unaweza kuorodhesha picha zote za Android ulizopakua kwa:

C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list target
----------
id: 1 or "android-28"
Name: Android API 28
Type: Platform
API level: 28
Revision: 6
----------
id: 2 or "android-29"
Name: Android API 29
Type: Platform
API level: 29
Revision: 4

Kwa wakati huu umeamua kifaa unachotaka kutumia na umepakua picha ya Android, hivyo unaweza kuunda mashine pepe ukitumia:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat -v create avd -k "system-images;android-28;google_apis;x86_64" -n "AVD9" -d "Nexus 5X"

Katika amri iliyopita nilitengeneza VM iliyoitwa "AVD9" kwa kutumia kifaa "Nexus 5X" na Android image "system-images;android-28;google_apis;x86_64".
Sasa unaweza kuorodhesha virtual machines ulizozitengeneza kwa:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list avd

Name: AVD9
Device: Nexus 5X (Google)
Path: C:\Users\cpolo\.android\avd\AVD9.avd
Target: Google APIs (Google Inc.)
Based on: Android API 28 Tag/ABI: google_apis/x86_64

The following Android Virtual Devices could not be loaded:
Name: Pixel_2_API_27
Path: C:\Users\cpolo\.android\avd\Pixel_2_API_27_1.avd
Error: Google pixel_2 no longer exists as a device

Endesha Virtual Machine

warning

Kwa macOS unaweza kupata zana avdmanager katika /Users/<username>/Library/Android/sdk/tools/bin/avdmanager na emulator katika /Users/<username>/Library/Android/sdk/emulator/emulator ikiwa umeisakinisha.

Tayari tumeona jinsi unavyoweza kuorodhesha virtual machines zilizoundwa, lakini pia unaweza kuorodhesha kwa kutumia:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -list-avds
AVD9
Pixel_2_API_27

Unaweza kwa urahisi kuendesha virtual machine yoyote uliyotengeneza ukitumia:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "VirtualMachineName"
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9"

Au kwa kutumia chaguo zilizoendelea zaidi unaweza kuendesha mashine pepe kama:

bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system

Chaguzi za mstari wa amri

Hata hivyo kuna chaguzi nyingi tofauti za mstari wa amri zinazofaa ambazo unaweza kutumia kuanzisha mashine pepe. Hapa chini unaweza kupata baadhi ya chaguzi za kuvutia lakini unaweza find a complete list here

Uanzishaji

  • -snapshot name : Anzisha snapshot ya VM
  • -snapshot-list -snapstorage ~/.android/avd/Nexus_5X_API_23.avd/snapshots-test.img : Orodhesha snapshots zote zilizorekodiwa

Mtandao

  • -dns-server 192.0.2.0, 192.0.2.255 : Inaruhusu kuonyesha servers za DNS tofauti zilizotenganishwa kwa koma kwa VM.
  • -http-proxy 192.168.1.12:8080 : Inaruhusu kuweka HTTP proxy ya kutumia (inayofaa sana kwa kunasa trafiki kwa kutumia Burp)
  • If the proxy settings aren't working for some reason, try to configure them internally or using an pplication like "Super Proxy" or "ProxyDroid".
  • -netdelay 200 : Weka uigaji wa ucheleweshaji wa mtandao kwa millisekunde.
  • -port 5556 : Weka nambari ya port ya TCP inayotumika kwa console na adb.
  • -ports 5556,5559 : Weka ports za TCP zinazotumika kwa console na adb.
  • -tcpdump /path/dumpfile.cap : Inakamata trafiki yote kwenye faili

Mfumo

  • -selinux {disabled|permissive} : Weka module ya usalama Security-Enhanced Linux katika mode imezimwa au permissive kwenye mfumo wa uendeshaji Linux.
  • -timezone Europe/Paris : Weka timezone kwa kifaa pepe
  • -screen {touch(default)|multi-touch|o-touch} : Weka mode ya skrini ya kugusa inayoiga.
  • -writable-system : Tumia chaguo hili kupata image ya mfumo inayoweza kuandikwa wakati wa kikao chako cha emulation. Pia utahitaji kukimbia adb root; adb remount. Hili ni muhimu sana kwa kufunga cheti jipya kwenye mfumo.

Usanidi wa CLI ya Linux (SDK/AVD quickstart)

Vifaa rasmi vya CLI vinafanya iwe rahisi kuunda emulators za haraka na zinazoweza kudebugiwa bila Android Studio.

bash
# Directory layout
mkdir -p ~/Android/cmdline-tools/latest

# Download commandline tools (Linux)
wget https://dl.google.com/android/repository/commandlinetools-linux-13114758_latest.zip -O /tmp/cmdline-tools.zip
unzip /tmp/cmdline-tools.zip -d ~/Android/cmdline-tools/latest
rm /tmp/cmdline-tools.zip

# Env vars (add to ~/.bashrc or ~/.zshrc)
export ANDROID_HOME=$HOME/Android
export PATH=$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/emulator:$PATH

# Install core SDK components
sdkmanager --install "platform-tools" "emulator"

# Install a debuggable x86_64 system image (Android 11 / API 30)
sdkmanager --install "system-images;android-30;google_apis;x86_64"

# Create an AVD and run it with a writable /system & snapshot name
avdmanager create avd -n PixelRootX86 -k "system-images;android-30;google_apis;x86_64" -d "pixel"
emulator -avd PixelRootX86 -writable-system -snapshot PixelRootX86_snap

# Verify root (debuggable images allow `adb root`)
adb root
adb shell whoami  # expect: root

Vidokezo

  • Aina za system image: google_apis (inaweza kudebugiwa, inaruhusu adb root), google_apis_playstore (haiwezi ku-root), aosp/default (nyepesi).
  • Aina za build: userdebug mara nyingi huruhusu adb root kwenye image zilizo na uwezo wa kudebug. Play Store images ni production builds na huzuia root.
  • Kwenye hosts za x86_64, emulation kamili ya ARM64 haitegemelewi kuanzia API 28+. Kwa Android 11+ tumia Google APIs/Play images zinazojumuisha tafsiri ya ARM-to-x86 kwa kila-app ili kuendesha kwa haraka apps nyingi za ARM pekee.

Snapshots from CLI

bash
# Save a clean snapshot from the running emulator
adb -s emulator-5554 emu avd snapshot save my_clean_setup

# Boot from a named snapshot (if it exists)
emulator -avd PixelRootX86 -writable-system -snapshot my_clean_setup

Tafsiri ya binary ya ARM→x86 (Android 11+)

Google APIs na Play Store images kwenye Android 11+ zinaweza kutafsiri binaries za app za ARM kwa kila process huku zikihifadhi sehemu nyingine za mfumo kuwa native x86/x86_64. Hii mara nyingi ni ya kutosha kujaribu apps nyingi za ARM-tu kwenye desktop.

Kidokezo: Tumia Google APIs x86/x86_64 images wakati wa pentests. Play images ni rahisi lakini zinazuia adb root; zitumie tu unapohitaji Play services na ukubali kukosa root.

Rooting kifaa cha Play Store

Ikiwa umepakua kifaa chenye Play Store hautaweza kupata root moja kwa moja, na utapata ujumbe huu wa kosa

$ adb root
adbd cannot run as root in production builds

Nikitumia rootAVD pamoja na Magisk niliweza ku-root (fuata kwa mfano this video au this one).

Install Burp Certificate

Angalia ukurasa ufuatao kujifunza jinsi ya kusakinisha cheti maalum cha CA:

Install Burp Certificate

Nice AVD Options

Take a Snapshot

Unaweza kutumia GUI kuchukua snapshot ya VM wakati wowote:

References

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks