hacktricks/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md

# AVD - Kifaa Bandia cha Android

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

Asante sana kwa [**@offsecjay**](https://twitter.com/offsecjay) kwa msaada wake wakati wa kuunda maudhui haya.

## Ni Nini

Android Studio inaruhusu **kuendesha mashine bandia za Android unazoweza kutumia kujaribu APKs**. Ili kuzitumia utahitaji:

* **Zana za Android SDK** - [Pakua hapa](https://developer.android.com/studio/releases/sdk-tools).
* Au **Android Studio** (pamoja na Zana za Android SDK) - [Pakua hapa](https://developer.android.com/studio).

Kwenye Windows (katika kesi yangu) **baada ya kusakinisha Android Studio** nilikuwa na **Zana za SDK zilizosakinishwa katika**: `C:\Users\<UserName>\AppData\Local\Android\Sdk\tools`

Kwenye mac unaweza **kupakua zana za SDK** na kuziweka kwenye PATH kwa kukimbia:
```bash
brew tap homebrew/cask
brew install --cask android-sdk
```
Au kutoka **Android Studio GUI** kama ilivyoelezwa katika [https://stackoverflow.com/questions/46402772/failed-to-install-android-sdk-java-lang-noclassdeffounderror-javax-xml-bind-a](https://stackoverflow.com/questions/46402772/failed-to-install-android-sdk-java-lang-noclassdeffounderror-javax-xml-bind-a) ambayo itawasakinisha kwenye `~/Library/Android/sdk/cmdline-tools/latest/bin/` na `~/Library/Android/sdk/platform-tools/` na `~/Library/Android/sdk/emulator/`

Kwa matatizo ya Java:
```java
export JAVA_HOME=/Applications/Android\ Studio.app/Contents/jbr/Contents/Home
```
## GUI

### Jipange kwa Mashine ya Virtual

Ikiwa umeweka Android Studio, unaweza tu kufungua muonekano wa mradi kuu na kufikia: _**Zana**_ --> _**Meneja wa AVD.**_

<div align="center" data-full-width="false">

<figure><img src="../../.gitbook/assets/image (1139).png" alt="" width="293"><figcaption></figcaption></figure>

</div>

Kisha, bofya _**Unda Kifaa cha Virtual**_

<figure><img src="../../.gitbook/assets/image (1140).png" alt="" width="188"><figcaption></figcaption></figure>

_chagua_ simu unayotaka kutumia_ na bofya _**Next.**_

{% hint style="warning" %}
Ikiwa unahitaji simu iliyo na Duka la Google Play iliyowekwa chagua moja yenye alama ya Duka la Google Play!

<img src="../../.gitbook/assets/image (1141).png" alt="" data-size="original">
{% endhint %}

Katika muonekano wa sasa utaweza **kuchagua na kupakua picha ya Android** ambayo simu itatumia:

<figure><img src="../../.gitbook/assets/image (1142).png" alt="" width="375"><figcaption></figcaption></figure>

Basi, ichague na ikiwa haijapakuliwa bonyeza ishara ya _**Pakua**_ kando ya jina (**sasa subiri hadi picha ipakuliwe).**\
Baada ya picha kupakuliwa, chagua **`Next`** na **`Maliza`**.

Mashine ya virtual itaundwa. Sasa **kila wakati unapofikia meneja wa AVD itakuwepo**.

### Anzisha Mashine ya Virtual

Ili **kuianzisha** bonyeza tu kitufe cha _**Anza**_.

![](<../../.gitbook/assets/image (515).png>)

## Zana ya Mstari wa Amri

Kwanza kabisa unahitaji **kuamua simu unayotaka kutumia**, ili kuona orodha ya simu zinazowezekana tekeleza:
```
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list device

d: 0 or "automotive_1024p_landscape"
Name: Automotive (1024p landscape)
OEM : Google
Tag : android-automotive-playstore
---------
id: 1 or "Galaxy Nexus"
Name: Galaxy Nexus
OEM : Google
---------
id: 2 or "desktop_large"
Name: Large Desktop
OEM : Google
Tag : android-desktop
---------
id: 3 or "desktop_medium"
Name: Medium Desktop
OEM : Google
Tag : android-desktop
---------
id: 4 or "Nexus 10"
Name: Nexus 10
OEM : Google
[...]
```
Baada ya kuamua jina la kifaa unachotaka kutumia, unahitaji **kuamua ni picha ya Android unayotaka kuendesha kwenye kifaa hiki.**\
Unaweza kuorodhesha chaguzi zote kwa kutumia `sdkmanager`:
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat --list
```
Na **pakua** moja (au zote) unazotaka kutumia na:

{% code overflow="wrap" %}
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat "platforms;android-28" "system-images;android-28;google_apis;x86_64"
```
{% endcode %}

Baada ya kupakua picha ya Android unayotaka kutumia unaweza **kuorodhesha picha zote za Android zilizopakuliwa** kwa:
```
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list target
----------
id: 1 or "android-28"
Name: Android API 28
Type: Platform
API level: 28
Revision: 6
----------
id: 2 or "android-29"
Name: Android API 29
Type: Platform
API level: 29
Revision: 4
```
Kwa sasa umekata maamuzi ya kifaa unachotaka kutumia na umeshusha picha ya Android, hivyo **unaweza kuunda mashine ya kawaida kwa kutumia**:

{% code overflow="wrap" %}
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat -v create avd -k "system-images;android-28;google_apis;x86_64" -n "AVD9" -d "Nexus 5X"
```
{% endcode %}

Katika amri ya mwisho **Niliumba VM iliyoitwa** "_AVD9_" kwa kutumia **kifaa** "_Nexus 5X_" na **picha ya Android** "_system-images;android-28;google\_apis;x86\_64_".\
Sasa unaweza **kuorodhesha mashine za virtual** ulizo ziumba kwa:
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list avd

Name: AVD9
Device: Nexus 5X (Google)
Path: C:\Users\cpolo\.android\avd\AVD9.avd
Target: Google APIs (Google Inc.)
Based on: Android API 28 Tag/ABI: google_apis/x86_64

The following Android Virtual Devices could not be loaded:
Name: Pixel_2_API_27
Path: C:\Users\cpolo\.android\avd\Pixel_2_API_27_1.avd
Error: Google pixel_2 no longer exists as a device
```
### Endesha Kifaa Cha Kielelezo

Tayari tumeshaona jinsi unavyoweza kuorodhesha mashine za kielelezo zilizoundwa, lakini **unaweza pia kuziorodhesha kwa kutumia**:
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -list-avds
AVD9
Pixel_2_API_27
```
Unaweza **kuendesha mashine ya kawaida ya kisasa** iliyoanzishwa kwa kutumia:

{% code overflow="wrap" %}
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "VirtualMachineName"
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9"
```
{% endcode %}

Au kutumia chaguo za juu zaidi unaweza kuendesha mashine ya kawaida kama:
```bash
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system
```
{% endcode %}

### Chaguo za mstari wa amri

Hata hivyo kuna **chaguo nyingi tofauti za mstari wa amri** ambazo unaweza kutumia kuanzisha mashine ya kawaida. Hapa chini unaweza kupata baadhi ya chaguo za kuvutia lakini unaweza [**kupata orodha kamili hapa**](https://developer.android.com/studio/run/emulator-commandline)

**Kuanza**

* `-snapshot name` : Anza picha ya VM
* `-snapshot-list -snapstorage ~/.android/avd/Nexus_5X_API_23.avd/snapshots-test.img` : Onyesha orodha ya picha zote zilizorekodiwa

**Mtandao**

* `-dns-server 192.0.2.0, 192.0.2.255` : Ruhusu kuonyesha seva za DNS zilizotenganishwa kwa koma kwa VM.
* **`-http-proxy 192.168.1.12:8080`** : Ruhusu kuonyesha proksi ya HTTP ya kutumia (yenye manufaa sana kuteka trafiki kwa kutumia Burp)
* `-port 5556` : Weka nambari ya bandari ya TCP inayotumiwa kwa konsoli na adb.
* `-ports 5556,5559` : Weka bandari za TCP zinazotumiwa kwa konsoli na adb.
* **`-tcpdump /path/dumpfile.cap`** : Tekeleza trafiki yote kwenye faili

**Mfumo**

* `-selinux {lemazwa|permissive}` : Weka moduli ya usalama ya Linux iliyoboreshwa kwa hali ya kulemaza au ya kibali kwenye mfumo wa uendeshaji wa Linux.
* `-timezone Ulaya/Paris` : Weka muda wa eneo kwa kifaa cha kawaida
* `-screen {touch(default)|multi-touch|o-touch}` : Weka hali ya skrini ya kugusa iliyosanidiwa.
* **`-writable-system`** : Tumia chaguo hili kuwa na picha ya mfumo inayoweza kuandikwa wakati wa kikao chako cha uigaji. Pia utahitaji kukimbia `adb root; adb remount`. Hii ni muhimu sana kufunga cheti kipya kwenye mfumo.

## Kupata Mzizi kwenye Kifaa cha Duka la Kucheza

Ikiwa umepakua kifaa na Duka la Kucheza hautaweza kupata mzizi moja kwa moja, na utapata ujumbe huu wa kosa
```
$ adb root
adbd cannot run as root in production builds
```
Using [rootAVD](https://github.com/newbit1/rootAVD) na [Magisk](https://github.com/topjohnwu/Magisk) niliweza ku-root (fuata mfano kama [**video hii**](https://www.youtube.com/watch?v=Wk0ixxmkzAI) **au** [**hii nyingine**](https://www.youtube.com/watch?v=qQicUW0svB8)).

## Sakinisha Cheti cha Burp

Angalia ukurasa ufuatao kujifunza jinsi ya kusakinisha cheti cha CA cha desturi:

{% content-ref url="install-burp-certificate.md" %}
[install-burp-certificate.md](install-burp-certificate.md)
{% endcontent-ref %}

## Chaguo za AVD Nzuri

### Chukua Picha ya Snapshot

Unaweza **kutumia GUI** kuchukua picha ya snapshot ya VM wakati wowote:

![](<../../.gitbook/assets/image (231).png>)

<details>

<summary><strong>Jifunze kuhusu kuhack AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>