Tools & Get Started

Install adb, any emulator of your choice (android studio/nox emulator for windows, genimotion for linux)

Burp certificate

1. Turn on burp, 2. Go on 127.0.0.1:8080 (or wherever u have ur proxy set) 3. Dowload the certificate 4. Move the certificate to .crt 5. adb push cert.crt /sdcard/cacert.crt 6. Go ahead and install it from you system setting -> Security -> Install certificates -> Install from SD Card.

Note: For rooted android, you might need to install magisk to install the certificate as System Cert.

adb device not showing?

adb kill-server
adb start-server
adb devices

Emulators

Genymotion Android Emulator Nox Emulator

General

js-beautify: node js module to beautify js locally (if the file big and cannot be handled by online website)

Java

Install Java Java Development Kit 1.7

Apk decompiling

jadx: APK -> java [ apk -> smali -> java ] jadx-gui: GUI version of jadx

Dex2Jar: APK -> JAR file. Later we can use JD-GUI to see Java code [ JAR -> Java ]

apktool: APK -> smali. (smali is basically asm code for android)

Static Analysis

Qark https://github.com/linkedin/qark

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF

Deobfuscate

Deguard: Helps deobfuscating

https://github.com/P1sec/hermes-dec - Helps debofuscating reactive native app data (index.android.bundle )

Decompress/extract

https://github.com/jakev/pyxamstore - used to extract dll from assemblies.blob sudo pip3 install git+https://github.com/jakev/pyxamstore.git

PreviousADB Cheatsheet NextPull & Patch

Last updated 6 months ago

hashtagBurp certificate

hashtagNote: For rooted android, you might need to install magisk to install the certificate as System Cert.

hashtagadb device not showing?

hashtagEmulators

hashtagGeneral

hashtagJava

hashtagApk decompiling

hashtagStatic Analysis

hashtagDeobfuscate

hashtagDecompress/extract