Yahan <folder> wo folder hai jisme aapke modified files hain. Is command se ek naya APK file generate hoga.
Android Pentesting 101
Android Pentesting 101: Ek Beginner ka Guide Shuru Karne ke liye
Android pentesting ka matlab hota hai kisi Android application ki security ko test karna – taaki usmein chhupe vulnerabilities (कमज़ोरियाँ) aur weaknesses ko identify kiya ja sake. Is process mein hum dekhte hain ki app kis tarah se data handle karti hai, kis tarah ke permissions maangti hai, aur kya koi attacker uska misuse kar sakta hai?
Yeh ek ethical hacking ka part hota hai jahan aapka goal hota hai system ki security flaws ko dhoondhna – na ki uska galat use karna.
Android pentesting ek process hai jisme hum kisi Android application ki security ko evaluate karte hain, uski vulnerabilities aur weaknesses ko identify karke. Isme hum application ke source code, binary files, aur network traffic ka analysis karte hain taaki security flaws dhoondh sakein.
Ye process mainly do parts mein divided hoti hai – Static analysis aur Dynamic analysis.
Static analysis mein hum application ke code aur configuration files ko bina execute kiye examine karte hain. Jabki Dynamic analysis mein hum app ko run karke uske behavior aur interactions ko observe karte hain.
Dono approaches important hoti hain kisi Android application ki security ko properly test karne ke liye.
Yeh blog in sab aspects ko cover karega.
Table of Contents (Vishay Suchi)
1. Testing Environment Setup Karna
a. Emulators
Android testing ke liye emulators kaise use karte hain.
b. Application ko install aur access kaise karein
Testing ke liye app kaise device/emulator par install karte hain aur access karte hain.
c. Useful adb commandsadb (Android Debug Bridge) ke kuch kaam ke commands jo pentesting mein help karte hain.
d. Device se APK extract karna
App ka APK file device se kaise nikaala jaata hai.
2. Static Analysis
a. Reverse Engineering
App ke code ko reverse karke samajhna:
i. DEX → JAR → JAVA
Dex file ko Java code mein convert karna.ii. APK → JAVA
Direct APK se Java code nikaalna.iii. Code mein kya check karna hai
Security flaws jaise hardcoded credentials, API keys, insecure functions, etc. dekhna.
b. Decompiling aur Recompiling
i. APK Tool ka use
APK ko decompile karke changes karna aur phir se recompile karna.
c. Manifest File Analysis
AndroidManifest.xml file ka analysis – permissions, components, aur security settings check karna.
3. Dynamic Analysis
a. Proxy Setup Karna
App ka network traffic monitor karne ke liye proxy configure karna:
i. Burp Proxy listener ko configure karna
Burp Suite mein proxy listener set karna.ii. Apne device ko proxy use karne ke liye set karna
Device ko manually proxy par redirect karna.iii. CA certificate install karna Android device par
Burp ka certificate Android device mein install karna taaki HTTPS traffic intercept ho sake.iv. Configuration test karna / traffic intercept karna
Ensure karna ki sab sahi se kaam kar raha hai aur traffic successfully intercept ho raha hai.
4. Local Data Storage Enumeration
App device par data kaise store karti hai – jaise SQLite databases, Shared Preferences, internal storage – uska analysis.
5. Open Source Frameworks
Android pentesting mein use hone wale kuch popular open-source tools/frameworks ka introduction.
6. References
Useful links, documentation, aur learning resources jo Android pentesting mein madadgar hain.
Environment Set Karna
Emulators
Android pentesting shuru karne ke liye sabse pehle ek virtual environment set karna hota hai jo Android device ko represent kare. Iske liye kai tarah ke Android emulators available hain jaise Genymotion, QEMU, Memu, NOX_Player, etc.
Baaki emulators ke comparison mein, Memu aur Nox ka setup karna kaafi easy hota hai. Isiliye, personally main Memu ya Nox_Player ko testing ke liye prefer karta hoon.
Ek emulator ek poora virtual environment provide karta hai jo ek real Android device jaise kaam karta hai. Jabki ek simulator sirf device ke behavior ko simulate karta hai, lekin poori functionality nahi deta.
Application Install Kaise Karein
Play Store se Install karna –
Yeh bilkul straightforward process hai. Bas Play Store open karo, app search karo aur install button dabao..apk file se Install karna –
Agar tumhare paas.apkfile hai, toh:Memu Emulator mein jaake
APK Installoption use karo aur us file ko select karo
ya phir.apkfile ko simply Memu ya Nox Player ke andar drag and drop kar do. Emulator automatically us app ko install kar dega.
3. adb install filename.apk
Agar tumhare system par ADB (Android Debug Bridge) configured hai, toh tum simple command ke through bhi app install kar sakte ho:
adb install filename.apk
Is command se tumhara .apk file directly emulator ya connected Android device par install ho jaayega — bas ensure karo ki device/emulator ADB se connected ho aur adb devices se dikh raha ho.
🔧 ADB (Android Debug Bridge) kya hai?
ADB ek command-line tool hai jo ek computer aur Android device ke beech communication establish karta hai. Iske through aap developer ya security tester ke roop mein Android device ke saath interact kar sakte ho — jaise ki:
Files transfer karna
Apps install/uninstall karna
Device ka debug karna ya security testing ke liye data collect karna
📜 Common ADB Commands :
✅ adb devices
Ye command aapke system se connected sabhi Android devices ki list dikhata hai, saath hi unka status bhi.
💻 adb shell
Ye command Android device ka terminal (shell) open karta hai jisme aap directly device ke commands chala sakte ho.
📲 adb install [path to APK]
Is command se aap kisi bhi .apk file ko connected device pe install kar sakte ho.
Example: adb install myapp.apk
❌ adb uninstall [package name]
Ye command device se kisi bhi app ko uninstall karne ke liye hoti hai.
Example: adb uninstall com.example.myapp
📤 adb pull [remote path] [local path]
Isse aap Android device se koi file copy karke apne computer me laa sakte ho.
Example: adb pull /sdcard/file.txt ./
📥 adb push [local path] [remote path]
Is command ka use karke aap apne computer ki file ko Android device me bhej sakte ho.
Example: adb push myfile.txt /sdcard/
🐞 adb bugreport
Is command se ek detailed bug report generate hoti hai — jisme logs, app data aur device info hoti hai.
🎥 adb screenrecord
Ye command device ki screen ka real-time recording karta hai aur ek video file me save karta hai.
Example: adb shell screenrecord /sdcard/demo.mp4
🛠️ ADB Server Control Commands
adb start-server: ADB server ko start karta hai taaki device se interact kiya ja sake.
adb kill-server: ADB server ko stop karta hai.
📋 adb logcat
Ye command real-time system logs dikhata hai Android device ke. Bohot useful hai debugging ke liye.
adb logcat: Console me current logs dikhata hai
adb logcat -d > file.txt: Logs ko file me save karta hai
adb logcat -c: Logs clear kar deta hai
adb shell pidof com.example.app: Kisi app ka PID dikhata hai
adb logcat –pid 12345: Sirf uss PID ke logs show karta hai
adb logcat -f filename.txt: Logcat output ko specific file me save karta hai
adb logcat com.myapp:E: Sirf Error logs dikhata hai app ke
📂 ADB Shell Specific Commands
📦 adb shell pm list packages
Ye command Android device pe install sabhi packages/apps ki list dikhata hai.
🚀 adb shell am start [intent]
Ye command kisi bhi activity ko intent ke through start karta hai.
Example: adb shell am start -n com.android.settings/.Settings
✋ adb shell am force-stop com.android.settings
Ye command kisi bhi app/activity ko forcefully stop karta hai.
⌨️ adb shell input text [text]
Ye command virtual keyboard se typing simulate karta hai — jaise ki koi text type karna.
Example: adb shell input text HelloWorld
Device se APK extract karna
Ab maan lete hain ki application Google Play Store par available nahi hai. Jab koi application pehle se hi device mein installed hoti hai:
Installed application ka APK file is directory mein hota hai:
/data/app/<package name>-1/base.apk
Package name nikalne ke liye yeh command use karo:
adb shell pm list packages | grep sampleapp
kyunki app ka naam aksar package name ka part hota hai.
Jab tumhare paas package name aa jaaye, toh yeh command use karo:
adb shell pm path com.example.sampleapp
taaki APK file ka full path mil jaaye.
Aur finally, base.apk file ko retrieve karne ke liye yeh command run karo:
adb pull /data/app/com.example.sampleapp-1/base.apk
Static Analysis
Static analysis ka matlab hota hai kisi application ke code, resources, aur configuration files ko analyze karna bina us app ko execute kiye. Ye analysis generally source code ya compiled binary file (APK) ko tools jaise APKtool, dex2jar se analyze karke kiya jaata hai.
Iska main goal hota hai code ke andar chhipe huye potential vulnerabilities ko dhoondhna — jaise insecure coding practices, data leakage, ya hard-coded credentials.
Android Package (APK)
APK (Android Package) ek compressed archive file hoti hai jo ek Android application ko run karne ke liye zaroori sabhi files ko contain karti hai.
Ye basically ek ZIP file hoti hai jisme multiple components hote hain, jaise:
AndroidManifest.xml:
Ye file app ke baare mein information rakhti hai — jaise package name, version number, required permissions, aur app ke components jaise activities, services, aur broadcast receivers.
classes.dex:
Ye file compiled Java bytecode contain karti hai jo app ke classes ke liye hota hai, aur Android Runtime (ART) ke through execute hota hai.
resources.arsc:
Isme compiled resources hote hain — jaise strings, images, aur layouts — jo app use karta hai.
lib/:
Is folder mein compiled native code libraries hoti hain, jo specific device architectures ke liye hoti hain (jaise ARM ya x86).
META-INF/:
Is folder mein APK ka manifest file, signature certificate, aur APK ke andar ke sabhi files ki list aur unke checksums hote hain.
assets/:
Is folder mein additional application data files hoti hain — jaise sound files, video files — jo APK mein directly compile nahi hoti.
res/:
Is folder mein layouts, strings, aur images jaise original resources hote hain, jo baad mein
resources.arscmein compile hote hain.Android System Files:
Ismein system-level files hoti hain — jaise Android runtime, framework libraries, aur system components — jinka use app kar sakta hai.
Reverse Engineering
Reverse engineering ka main maksad hota hai kisi app ke code ko samajhna, especially jab source code available na ho. Android apps ke case mein hum mostly APK ko reverse engineer karke uska Java code dekhne ki koshish karte hain.
Mainly 2 Methods Hote Hain:
DEX → JAR → JAVA
APK → JAVA
DEX → JAR → JAVA Method
Dex2Jar
.dexfiles ka matlab hota hai Dalvik Executable files jo human-readable nahi hoti.Inko readable Java code mein convert karne ke liye use hota hai Dex2Jar tool.
🔗 Download Link:
https://sourceforge.net/projects/dex2jar/
.dex File Kaise Nikalein?
APK file ko
.zipmein convert karo
(Just renamesample.apktosample.zip)Ab us
.zipfile ko UNZIP ya WINRAR se extract karoExtracted folder ke andar tumhe
classes.dexfile milegi (aur bhi other files honge jaiseAndroidManifest.xml,res/, etc.)
Ab classes.dex ko Dex2Jar se .jar mein convert karo, aur uske baad .jar ko Java decompiler (jaise JD-GUI) se decompile karke readable Java code dekh sakte ho.
Hum ek tool use karenge jiska naam hai dex2jar, jo .dex files ko JAR files mein convert karne ke liye use hota hai.
🔗 https://github.com/pxb1988/dex2jar
Conversion ke baad humein ek executable JAR file milti hai, jo kuch is tarah dikhti hai:
jd-gui
Ab classes.dex2jar file ko open karne ke liye humein ek tool chahiye jiska naam hai jd-gui.
Iske liye simply tool ko open karo aur classes.dex2jar file usme add kar do.
APK → JAVA
Is method mein hum APK file ko directly uske corresponding Java files mein convert karte hain.
Iska sabse bada advantage yeh hai ki yeh method comparatively less complicated hota hai.
App ko binary code se directly Java classes mein decompile karne ke liye hum Android decompiler JADX ka use karte hain.
JADX ke through hum simply APK file open kar sakte hain aur uska source code dekh sakte hain.
Code mein kya check karna hai?
🔐 Cryptography
Encryption algorithms ka use hua hai ya nahi, aur kya woh sahi tarike se implement hue hain.
Hardcoded keys ya weak encryption methods (jaise MD5, SHA1) ka use toh nahi hai.
Insecure cryptographic algorithms jaise DES, ECB mode, ya khud ke banaye algorithms ka use identify karo.
🔒 Code Obfuscation
Kya code obfuscated hai? Obfuscation se reverse engineering mushkil hoti hai, lekin malicious code bhi chhupaya ja sakta hai.
Function/class names random hain ya understandable? Agar nahi samajh aa rahe, toh obfuscation hua hai.
📡 API Usage
Kya app insecure APIs ka use kar rahi hai?
Kya koi deprecated ya vulnerable API use ho rahi hai?
Kya APIs unauthorized access ya data leak allow karti hain?
🔍 Reflection
Java reflection ka use ho raha hai ya nahi (jaise
Class.forName,Method.invoke, etc.)?Check karo ki reflection attacker ke liye arbitrary code execution ka rasta toh nahi bana raha.
🔄 Dynamic Code Loading
DexClassLoaderyaPathClassLoaderka use ho raha hai kya?Kya app internet se ya kisi external source se code load kar rahi hai?
Trust validation ho raha hai ya nahi?
🚫 Access Control
Sensitive functionalities (admin panels, payments, personal data, etc.) par access control implemented hai ya nahi?
Hardcoded credentials ya access tokens toh nahi mile?
🔐 Hardcoded Sensitive Information
Code mein passwords, credentials, API keys, URLs, ya database queries toh hardcoded nahi hain?
Search keywords:
"password","api_key","token","secret","query".
📦 External Libraries
App kaunse third-party libraries use kar rahi hai?
Kya woh libraries updated hain ya unmein known vulnerabilities hain (CVE check karo)?
🧪 Integrity Checks
Kya app apne APK ya code ki tampering detect karti hai?
Jaise: checksum validation, signature verification, etc.
🧬 Native Code
Agar app
lib/ya.sofiles use karti hai, toh unka review karo.Native code vulnerabilities jaise buffer overflow ya insecure memory access ke liye analyze karo.
🌐 WebView Related Checks
setJavaScriptEnabled(true)hai? Toh JavaScript injection ka risk ho sakta hai.setAllowFileAccess(true)hai? Toh local file access ka misuse ho sakta hai.addJavascriptInterface()ka use ho raha hai? Toh attacker native code access kar sakta hai.runtime.exec()ka use toh nahi? Yeh shell commands execute karne ke liye hota hai, jo RCE ka rasta ban sakta hai.
📲 Root Detection
App root detection implement karti hai kya?
Check:
Build.TAGS,/system/app/Superuser.apk,SUbinaries.
🔐 SSL Pinning
Kya app SSL Pinning implement karti hai?
Check karo certificate validation code ya libraries jaise
OkHttp,TrustManager, etc.SSL Pinning bypass hone par sensitive data sniff kiya ja sakta hai.
Decompiling aur Recompiling
APKTool
APKTool ek aisi application hai jo Android APKs ko decompile karti hai. Yeh smali code ko step by step debug karne ka bhi option deti hai. Isse hum .xml strings ko translate karke language pack bhi bana sakte hain.
Steps:
Prepackaged APKTool zip download karo.
Zip file ko ek directory mein extract karo.
APK file ko apktool folder mein copy karo.
Command prompt open karo aur working directory ko apktool ke installed folder pe set karo. Jaise,
E:\APK_Tool>l.Java path set karo (agar set nahi hai) using the following command:
Set path=<PATH TO JAVA>.
APK Decompile Karna
APK ko decompile karne ke liye, yeh command run karo:
apktool d dvba.apk
Is command se dvba.apk ko decompile kar diya jayega, aur saari files (jaise smali code, resources, etc.) ek folder mein extract ho jayengi.
Jab APK ko decompile kiya jayega, ek naya folder banega jo APK file ke naam pe hoga (yahan example ke liye dvba.apk).
Is folder mein yeh cheezein hongi:
AndroidManifest.xml – Yeh file application ke metadata ko store karti hai.
apktool.yml – Yeh configuration file hoti hai jo APKTool ke liye settings define karti hai.
smali folder – Yeh folder decompiled smali code rakhta hai jo APK ka logic represent karta hai.
Re-compiling aur Signing
Smali file modification se pehle:
Jab aap smali files ko modify karte nahi ho, toh yeh original smali files hoti hain jo APK ke logic ko represent karti hain.
Smali File Modification ke baad
Jab aap smali files ko modify karte ho, toh yeh files update ho jaati hain. Isme aap code ko change kar sakte ho, nayi functionality add kar sakte ho, ya bugs fix kar sakte ho.
Recompile / Re-build the APK
Jab aap smali files ya resources ko modify kar lete ho, toh APK ko dobara compile ya rebuild karne ke liye yeh command use karo:
apktool b <folder>
4. APK ko Sign Karna (jarsigner ke through)
Modified APK ko device pe install karne se pehle, usse cryptographically sign karna zaroori hota hai. APK file ko sign karne ke liye yeh steps follow karne padte hain:
1. Java Path Set Karna (agar set nahi hai):
Set path=<PATH TO JAVA>
2. Private Key Generate Karna:
$ keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
3. APK ko Sign Karna:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore <app_modified.apk>
Agar “Please specify alias name” ka error aaye, toh yeh command use karo:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore <app_modified.apk> alias_name
Ab jo modified APK hai, wo 10,000 din ke liye signed ho chuka hai aur Android device pe install hone ke liye ready hai. Iske liye device pe USB debugging enabled hona chahiye, phir device ko computer ke USB port se connect karke yeh command run karo:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore
Manifest File Analysis
AndroidManifest.xml ko kisi bhi text editor se open karo.
Yahan hum check karte hain:
Permissions: Dekho kya application koi sensitive permissions jaise camera, microphone, location, SMS, ya call logs request kar rahi hai. Agar app unnecessary permissions request kar rahi hai, toh yeh privacy violations ya security risks ka red flag ho sakta hai.
Components: Android components jaise activities, services, receivers, aur providers ko attackers unauthorized access paane ke liye ya attacks launch karne ke liye exploit kar sakte hain. Check karo kya koi components doosre applications ke liye exposed hain ya koi overly permissive access ke saath exported hain.
android:exported: Default value true hoti hai (yeh false pe set karna chahiye).Intents: Intents wo messages hote hain jo different Android components ek doosre se communicate karne ke liye use karte hain. Yeh activities, services ya broadcast messages launch karne ke liye use kiye ja sakte hain. Dekho kya app koi implicit intents use kar rahi hai jo attackers ke dwara intercept ya manipulate kiye ja sakte hain.
Allow debugable: true — Rooted phone ke bina bhi application permission ka use karke data extract ya arbitrary code run kiya ja sakta hai (Yeh false hona chahiye). Default value “false” hoti hai.
Allow backup: true — Is attribute ki default value true hoti hai. Yeh setting define karti hai ki kya application data backup aur restore kiya ja sakta hai agar user ne USB debugging enable kiya ho (Yeh false hona chahiye).
Application information: Dekho kya app mein koi hard-coded credentials, sensitive information, ya debugging features hain jo attackers ke dwara exploit kiye ja sakte hain.
Malware signatures: Check karo kya app mein koi malware signatures hain jo yeh indicate karte hain ki app malicious ya harmful ho sakti hai.
Target SDK version: Dekho kya app purani version ke Android SDK ko target kar rahi hai. Agar app latest version ko target nahi kar rahi hai, toh yeh known security vulnerabilities ke liye vulnerable ho sakti hai.
NOTE: Jo bhi permissions application request kar rahi hai unhe review karna zaroori hai taaki security risk na ho.
Dynamic Analysis :- Proxy Setup kaise karein
Burp Proxy Listener ko configure karna:
Burp Suite Professional ke liye proxy settings configure karne ke liye:
Burp Suite Professional open karo aur Settings pe click karo taaki Settings dialog open ho sake.
Tools > Proxy mein jao.
Proxy Listeners mein, Add pe click karo.
Binding tab mein, Bind to port ko 8083 (ya koi bhi aisa port jo abhi use mein na ho) pe set karo.
All interfaces ko select karo aur OK pe click karo.
Prompt aane par Yes pe click karo.
Yeh steps follow karne se Burp Suite ka proxy listener successfully configure ho jayega.
Apne device ko proxy use karne ke liye configure karein:
Apne Android device mein Settings > Network & internet mein jao.
Internet ko select karo aur apne Wi-Fi network ke naam pe long-press karo.
Modify select karo.
Advanced options menu se Proxy > Manual select karo.
Proxy hostname ko us computer ke IP address pe set karo jahan Burp Suite Professional run ho raha ho.
Proxy port ko woh port set karo jo tumne Burp Proxy listener ke liye configure kiya tha (is example mein 8083).
Save pe touch karo.
Ab tumhara Android device Burp Suite ke proxy ke through traffic route karega.
Android device par CA certificate install karna:
HTTPS traffic ke saath interact karne ke liye, Burp Suite Professional ka CA certificate apne Android device par install karna zaroori hai.
CA certificate download karne ke liye:
Apne Android device mein koi bhi browser open karo.
URL mein http://burp enter karo.
CA certificate pe click karo.
cacert.der file download ke liye available hogi.
Is file ko cacert.cer ke naam se rename karo.
Download pe click karo.
Ab tumhara Burp Suite ka CA certificate successfully download ho jayega.
CA certificate install karne ke liye:
Apne Android device mein Settings > Network & internet mein jao.
Screen ke upper right corner mein 3 dots pe click karo aur Advanced select karo.
Install Certificates option select karo from Advanced Wi-Fi.
Tum jo cacert.cer file download ki thi, usse select karo.
Certificate ko ek naam do aur OK pe click karo.
Ab certificate successfully install ho jayega.
Iske baad tumhara Android device Burp Suite ke proxy ke saath HTTPS traffic ko properly handle karega.
CA certificate install karne ke liye alternate methods:
Android ke version aur device ke version ke hisaab se, CA certificate install karne ke multiple methods ho sakte hain. Agar upar diye gaye method se kaam nahi ho raha hai, toh aap niche diye gaye links ko refer kar sakte hain:
Configuration test karna/Request intercept karna:
Configuration test karne ke liye:
Burp Suite Professional ko open karo.
Proxy > Intercept mein jao aur Intercept is off pe click karo taaki intercept on ho jaye.
Apne Android device ke browser ko open karo aur ek HTTPS web page visit karo.
Page bina kisi security warning ke load hona chahiye. Agar sab kuch sahi se configure hai, toh tumhe Burp Suite Professional mein corresponding requests dikhai denge.
Agar requests Burp Suite mein appear ho rahi hain, toh configuration successful hai aur tum properly intercept kar pa rahe ho.
🔍 Local Data Storage Enumeration
Agar humein kisi installed Android application ka file structure enumerate karna hai, toh humein ek real ya emulated Android device ka access chahiye hota hai. Yeh kaam hum Android Debug Bridge (ADB) ke through kar sakte hain — jo ek command-line tool hai jisse hum directly device ke saath communicate kar sakte hain.
📱 ADB se connect hone ke liye:
USB Debugging enable karna padega device par:
Sabse pehle Settings mein jao.
Uske baad “About Device” ya “About Phone” par tap karo (device ke model ke hisaab se naam alag ho sakta hai).
Wahan neeche scroll karo aur “Build Number” par 7 baar tap karo jab tak message na aaye:
“You are now a developer!”
Ab ek baar Back button dabao aur Developer Options mein jao.
USB Debugging option ko enable kar do.
📌 ADB ka use hum applications install karne, debug karne aur Unix shell commands run karne ke liye karte hain.
Jab humein device ka IP address mil jaata hai, toh hum usse ADB ke through connect karte hain:
adb connect <ip>:5555
adb connect <ip>:21503 # Memu emulator ke liye
adb connect <ip>:62001 # Nox emulator ke liye
adb connect <ip>:21503 # Memu emulator ke liye
adb connect <ip>:62001 # Nox emulator ke liye
👆 Yahan <ip> ki jagah tumhe actual IP address dalna hai.
Agar hum emulator use kar rahe hain, toh hum localhost IP 127.0.0.1 bhi use kar sakte hain.
Ye command ek local adb server start karega, jo naye connections ka wait karega. Official ADB documentation ke mutabik, port 5555 adb server ke liye use hota hai, aur ye woh pehla port hota hai jisse emulator connect hone ki koshish karta hai. Jab connection establish ho jata hai, tab hum adb devices command ka use karke connected devices ki list dekh sakte hain.
Important Directories (Android ke kuch zaroori folders)
Neeche kuch important directories diye gaye hain jo Android device par maujood hote hain:
/data/data: Is directory mein saare user-installed apps hote hain.
/data/user/0: Ye folder kisi specific app ka private data rakhta hai, jo dusri apps access nahi kar sakti.
/data/app: Yahan user-installed apps ke APK files store hote hain.
/system/app: Isme system ke pre-installed apps hote hain.
/system/bin: Ye folder system ke binary files rakhta hai.
/data/local/tmp: Ye folder sabke liye writable hota hai, jo ek security risk ban sakta hai.
/data/system: Yahan system ke configuration files store hote hain.
/etc/apns-conf.xml: Isme device ke default APN (Access Point Name) settings hoti hain, jo network se connect hone ke liye use hoti hain.
/data/misc/wifi: Yahan WiFi configuration files hoti hain.
/data/misc/user/0/cacerts-added: Ye folder user-added certificates ko rakhta hai.
/etc/security/cacerts/: Is folder mein system ke trusted certificates hote hain, jise sirf root user hi access kar sakta hai.
/sdcard: Ye ek symbolic link hota hai jahan user data (jaise photos, downloads, etc.) store hota hai.
Android mein /data/data/ directory har installed application ka installation folder contain karti hai. Ye directory private hoti hai, matlab doosri apps ya non-root users isse access nahi kar sakte. Lekin agar humare paas ADB ke through root access hai, toh hum is directory ke contents dekh sakte hain.
Jo applications internal memory mein install hoti hain, unka data /data/data/ mein store hota hai.
App ke install hote hi kuch directories automatic create ho jaate hain, jaise:
databases
shared_prefs
Databases folder usually tab populate hota hai jab app first time run hoti hai. Isme structured data private database mein store hota hai.
Agar ADB access available hai, toh hum sqlite3 client ka use karke available databases ko enumerate kar sakte hain. Ya phir hum data ko system par pull karke kisi sqlite viewer ke through analyze bhi kar sakte hain.
Example: Agar com.app.damnvulnerablebank package device mein installed hai, aur woh app apna data kisi database mein store karti hai, toh woh database aapko is path pe milega:
👉 /data/data/com.app.damnvulnerablebank/databases/
Jab humein database ka path mil jaata hai, tab hum sqlite3 tool ka use karke uska content read kar sakte hain.
Agar aap device pe hi kaam kar rahe ho (with ADB and root access), toh command kuch aise hogi:
sqlite3 /data/data/com.app.damnvulnerablebank/databases/your_database_name.db
Iske baad aap SQL commands jaise SELECT * FROM table_name; use karke data dekh sakte ho.
Lekin agar aapko data apne system pe analyze karna hai, toh aap database file ko pull kar sakte ho:
adb pull /data/data/com.app.damnvulnerablebank/databases/your_database_name.db
Aur phir us file ko aap GUI based tool ke through open kar sakte ho jaise:
🔗 DB Browser for SQLite – Ye ek free and open-source tool hai jo aapko SQLite databases easily explore karne deta hai, bina terminal ke.
Databases hi sirf ek jagah nahi hoti jahan data store hota hai. Source code mein, SharedPreferences aise objects hote hain jo XML files ko point karte hain taaki unmein data read aur write kiya ja sake. Ye XML files aakhir mein key-value pairs ka collection contain karti hain, aur ye ek directory mein store hoti hain jiska naam hota hai shared_prefs.
🔹 Drozer ek Android security testing framework hai jo security researchers ko help karta hai Android apps mein vulnerabilities aur possible exploits dhoondhne mein.
🔹 Ghidra ek software reverse engineering framework hai jo Android apps ka security analysis karne mein madad karta hai.
🔹 Androbugs ek static code analysis tool hai jo Android apps mein security issues aur vulnerabilities identify karta hai.
🔹 QARK ek dynamic analysis tool hai jo automatically Android applications ko scan karta hai security vulnerabilities ke liye.
🔹 MobSF (Mobile Security Framework) ek dynamic aur static analysis tool hai jo Android aur iOS apps ke liye ek all-in-one mobile application security testing solution provide karta hai.
