12 KiB
AVD - Android Virtual Device
{{#include ../../banners/hacktricks-training.md}}
Asante sana kwa @offsecjay kwa msaada wake wakati wa kuunda maudhui haya.
Nini
Android Studio inaruhusu kuendesha mashine pepe za Android ambazo unaweza kutumia kujaribu APKs. Ili kuvitumia utahitaji:
- The Android SDK tools - Download here.
- Or Android Studio (with Android SDK tools) - Download here.
Katika Windows (kwangu) baada ya kusakinisha Android Studio nilipata SDK Tools zimesakinishwa katika: C:\Users\<UserName>\AppData\Local\Android\Sdk\tools
Katika mac unaweza kupakua SDK tools na kuwa nazo kwenye PATH kwa kukimbia:
brew tap homebrew/cask
brew install --cask android-sdk
Au kutoka kwa Android Studio GUI kama ilivyoonyeshwa katika https://stackoverflow.com/questions/46402772/failed-to-install-android-sdk-java-lang-noclassdeffounderror-javax-xml-bind-a ambayo itawasakinisha katika ~/Library/Android/sdk/cmdline-tools/latest/bin/ na ~/Library/Android/sdk/platform-tools/ na ~/Library/Android/sdk/emulator/
Kwa matatizo ya Java:
export JAVA_HOME=/Applications/Android\ Studio.app/Contents/jbr/Contents/Home
GUI
Andaa Mashine ya Virtual
Ikiwa umeweka Android Studio, unaweza kufungua tu muonekano mkuu wa mradi na kufikia: Tools --> AVD Manager.
Kisha, bonyeza Create Virtual Device
chagua simu unayotaka kutumia na bonyeza Next.
Warning
Ikiwa unahitaji simu yenye Play Store imewekwa chagua ile yenye ikoni ya Play Store!
Katika muonekano wa sasa utaweza kuchagua na kupakua image ya Android ambayo simu itakayotumia itakimbia:
Hivyo, chagua na ikiwa haijapakuliwa bonyeza alama ya Download kando ya jina (now wait until the image is downloaded).
Mara image itakapopakuliwa, chagua Next na Finish.
Mashine ya virtual itaumbwa. Sasa kila wakati utakapoingia AVD manager itakuwa present.
Endesha Mashine ya Virtual
Ili kuendesha bonyeza tu Start button.
Zana ya Command Line
Warning
Kwa macOS unaweza kupata zana ya
avdmanagerkatika/Users/<username>/Library/Android/sdk/tools/bin/avdmanagernaemulatorkatika/Users/<username>/Library/Android/sdk/emulator/emulatorkama zimewekwa.
Kwanza kabisa unahitaji kuamua ni simu gani unayotaka kutumia, ili kuona orodha ya simu zinazowezekana endesha:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list device
d: 0 or "automotive_1024p_landscape"
Name: Automotive (1024p landscape)
OEM : Google
Tag : android-automotive-playstore
---------
id: 1 or "Galaxy Nexus"
Name: Galaxy Nexus
OEM : Google
---------
id: 2 or "desktop_large"
Name: Large Desktop
OEM : Google
Tag : android-desktop
---------
id: 3 or "desktop_medium"
Name: Medium Desktop
OEM : Google
Tag : android-desktop
---------
id: 4 or "Nexus 10"
Name: Nexus 10
OEM : Google
[...]
Mara tu umeamua jina la kifaa unalotaka kutumia, unahitaji kuamua ni Android image gani unayotaka kuendesha kwenye kifaa hiki.
Unaweza kuorodhesha chaguzi zote ukitumia sdkmanager:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat --list
Na pakua ile (au zote) unayotaka kutumia na:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat "platforms;android-28" "system-images;android-28;google_apis;x86_64"
Mara baada ya kupakua image ya Android unayotaka kutumia, unaweza kuorodhesha picha zote za Android zilizopakuliwa kwa:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list target
----------
id: 1 or "android-28"
Name: Android API 28
Type: Platform
API level: 28
Revision: 6
----------
id: 2 or "android-29"
Name: Android API 29
Type: Platform
API level: 29
Revision: 4
Wakati huu umeamua kifaa unachotaka kutumia na umepakua imaji ya Android, hivyo unaweza kuunda mashine pepe kwa kutumia:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat -v create avd -k "system-images;android-28;google_apis;x86_64" -n "AVD9" -d "Nexus 5X"
Katika amri ya mwisho nilitengeneza VM iliyoitwa "AVD9" kwa kutumia kifaa "Nexus 5X" na Android image "system-images;android-28;google_apis;x86_64".
Sasa unaweza kuorodhesha virtual machines ulizozitengeneza kwa:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list avd
Name: AVD9
Device: Nexus 5X (Google)
Path: C:\Users\cpolo\.android\avd\AVD9.avd
Target: Google APIs (Google Inc.)
Based on: Android API 28 Tag/ABI: google_apis/x86_64
The following Android Virtual Devices could not be loaded:
Name: Pixel_2_API_27
Path: C:\Users\cpolo\.android\avd\Pixel_2_API_27_1.avd
Error: Google pixel_2 no longer exists as a device
Endesha Mashine ya Virtual
Warning
Kwa macOS unaweza kupata zana ya
avdmanagerkatika/Users/<username>/Library/Android/sdk/tools/bin/avdmanagernaemulatorkatika/Users/<username>/Library/Android/sdk/emulator/emulatorikiwa zimewekwa.
Tayari tumeona jinsi unavyoweza kuorodhesha mashine za virtual ulizozitengeneza, lakini unaweza pia kuorodhesha kwa kutumia:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -list-avds
AVD9
Pixel_2_API_27
Unaweza kwa urahisi kuendesha mashine pepe yoyote iliyoundwa ukitumia:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "VirtualMachineName"
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9"
Au kwa kutumia chaguo za juu zaidi, unaweza kuendesha virtual machine kama:
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system
Chaguo za mstari wa amri
Hata hivyo kuna chaguzi nyingi tofauti za mstari wa amri zinazofaa ambazo unaweza kutumia kuanzisha mashine pepe. Hapa chini unaweza kupata baadhi ya chaguzi zenye kuvutia lakini unaweza find a complete list here
Boot
-snapshot name: Anzisha snapshot ya VM-snapshot-list -snapstorage ~/.android/avd/Nexus_5X_API_23.avd/snapshots-test.img: Orodhesha snapshots zote zilizorekodiwa
Network
-dns-server 192.0.2.0, 192.0.2.255: Inaruhusu kuainisha kwa koma seva za DNS kwa VM.-http-proxy 192.168.1.12:8080: Inaruhusu kuainisha HTTP proxy ya kutumia (muhimu sana kwa kunasa trafiki kwa kutumia Burp)- If the proxy settings aren't working for some reason, try to configure them internally or using an pplication like "Super Proxy" or "ProxyDroid".
-netdelay 200: Weka emulation ya ucheleweshaji wa mtandao kwa millisekunde.-port 5556: Weka nambari ya port ya TCP inayotumika kwa console na adb.-ports 5556,5559: Weka port za TCP zinazotumika kwa console na adb.-tcpdump /path/dumpfile.cap: Inakamata trafiki yote katika faili
System
-selinux {disabled|permissive}: Weka moduli ya usalama ya Security-Enhanced Linux kuwa disabled au permissive kwenye mfumo wa uendeshaji wa Linux.-timezone Europe/Paris: Weka timezone kwa kifaa pepe-screen {touch(default)|multi-touch|o-touch}: Weka mode ya skrini ya kugusa iliyohamirishwa.-writable-system: Tumia chaguo hili ili kuwa na system image inayoweza kuandikwa wakati wa kipindi chako cha emulation. Pia utahitaji kuendeshaadb root; adb remount. Hili ni muhimu sana kusakinisha cheti jipya kwenye mfumo.
Usanidi wa CLI ya Linux (SDK/AVD quickstart)
Zana rasmi za CLI zinafanya iwe rahisi kuunda emulators za haraka, zinazoweza kufanyiwa debug bila Android Studio.
# Directory layout
mkdir -p ~/Android/cmdline-tools/latest
# Download commandline tools (Linux)
wget https://dl.google.com/android/repository/commandlinetools-linux-13114758_latest.zip -O /tmp/cmdline-tools.zip
unzip /tmp/cmdline-tools.zip -d ~/Android/cmdline-tools/latest
rm /tmp/cmdline-tools.zip
# Env vars (add to ~/.bashrc or ~/.zshrc)
export ANDROID_HOME=$HOME/Android
export PATH=$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/emulator:$PATH
# Install core SDK components
sdkmanager --install "platform-tools" "emulator"
# Install a debuggable x86_64 system image (Android 11 / API 30)
sdkmanager --install "system-images;android-30;google_apis;x86_64"
# Create an AVD and run it with a writable /system & snapshot name
avdmanager create avd -n PixelRootX86 -k "system-images;android-30;google_apis;x86_64" -d "pixel"
emulator -avd PixelRootX86 -writable-system -snapshot PixelRootX86_snap
# Verify root (debuggable images allow `adb root`)
adb root
adb shell whoami # expect: root
Vidokezo
- System image flavors: google_apis (debuggable, inaruhusu
adb root), google_apis_playstore (not rootable), aosp/default (lightweight). - Build types: userdebug mara nyingi inaruhusu
adb rootkwenye images zenye debug-capability. Play Store images ni production builds na huzuia root. - On x86_64 hosts, full-system ARM64 emulation is unsupported from API 28+. For Android 11+ tumia Google APIs/Play images ambazo zinajumuisha per-app ARM-to-x86 translation ili kuendesha apps nyingi za ARM-only kwa haraka.
Snapshots kutoka kwa CLI
# Save a clean snapshot from the running emulator
adb -s emulator-5554 emu avd snapshot save my_clean_setup
# Boot from a named snapshot (if it exists)
emulator -avd PixelRootX86 -writable-system -snapshot my_clean_setup
ARM→x86 binary translation (Android 11+)
Google APIs na Play Store images kwenye Android 11+ zinaweza kutafsiri binaries za app za ARM kwa kila mchakato huku zikihifadhi sehemu nyingine za mfumo kuwa native x86/x86_64. Hii mara nyingi ni ya kutosha kwa kasi kujaribu apps nyingi zinazotegemea ARM tu kwenye desktop.
Kidokezo: Pendelea Google APIs x86/x86_64 images wakati wa pentests. Play images ni rahisi lakini huzuia
adb root; zitumie tu unapohitaji Play services kwa mahsusi na ukikubali ukosefu wa root.
Rooting a Play Store device
Ikiwa umepakua kifaa chenye Play Store hutaweza kupata root moja kwa moja, na utapata ujumbe huu wa kosa
$ adb root
adbd cannot run as root in production builds
Kwa kutumia rootAVD pamoja na Magisk niliweza kui-root (fuata kwa mfano video hii au hii nyingine).
Sakinisha Cheti cha Burp
Angalia ukurasa ufuatao ili kujifunza jinsi ya kusakinisha cheti maalum cha CA:
{{#ref}} install-burp-certificate.md {{#endref}}
Chaguzi Nzuri za AVD
Chukua Snapshot
Unaweza kutumia GUI kuchukua snapshot ya VM wakati wowote:
Marejeo
- Build a Repeatable Android Bug Bounty Lab: Emulator vs Magisk, Burp, Frida, and Medusa
- Android Emulator command line
- Run ARM apps on the Android Emulator (x86 translation)
{{#include ../../banners/hacktricks-training.md}}