Wicked Security
  • Likhith Cv
  • Pentesting
    • DevSecOps
    • x86_Shell_Coding
    • Mobile Security
      • iOS
      • Android
    • Docker Basics
      • Docker Breakouts
    • Cloud
      • AWS
  • Active Directory
    • Active Directory
      • Gaining Foothold - Get Passwords
      • Enumeration
      • Lateral Movement
      • Persistance
      • Privilege Escalation
  • How to Take POCs
    • Network
      • Port 123 - NTP
      • SSH
      • Shares SMB, NFS
      • FTP
      • Port 161 - SNMP
      • SMPT
      • CCTV
      • SSL Testing Manual
  • OSINT
    • OSINT - Open Source Intelligence
  • Cheat-Sheet
    • Text Processing Cheat-Sheet
    • Cheat-Sheet Powershell
  • Privilege Escalation
    • Windows
    • Linux
  • Exploits
    • Exploits Links/Binaries
  • Wireless
Powered by GitBook
On this page
  • Rooting any Android device - the easy way
  • Modify APK

Was this helpful?

  1. Pentesting
  2. Mobile Security

Android

Rooting any Android device - the easy way

  1. Unlock Boot-Loader

    1. Install ADB and Fastboot minimal and your android device drivers https://androidmtk.com/download-minimal-adb-and-fastboot-tool

    2. Go to Settings -> About -> tap 8 times on built to unlock developer options

    3. Go to Developer Settings and Turn on USB Debugging

    4. You can unlock bootloader from developer settings by selecting "OEM Unlocking" or follow these steps

    5. Connect to your PC and check if the device is detected by the following command "adb devices"

    6. If the device is not detected change USB preference to MTP or MIDI from Charging mode

    7. type following commands "adb reboot bootloader" to load bootloader or you can manually do it Button Combinations like Volume UP + power or Volume Down + Power

    8. Now you have entered into Fastboot mode

    9. Type following command "fastboot oem unlock" and accept the agreement on device

    10. "fastboot reboot"

    11. Bootloader should be unlocked successfully

  2. Install TWRP recovery

    1. Go to fastboot mode again by following above steps

    2. Download TWRP image for your device from https://twrp.me/ and move it to the PWD

    3. Run this command

      1. fastboot flash recovery [twrp file name]

      2. fastboot reboot

      3. after reboot "adb reboot recovery" or manually go to recovery from fastboot menu or using key combination Volume UP + power or Volume Down + Power

      4. Above steps might not work for some devices as flashing recovery is forbidden. So directly boot to TWRP by following command

      5. fastboot boot [twrp file name]

      6. Device should be entered into TWRP successfully

  3. Rooting

    1. Download latest Magisk ZIP into your device from https://github.com/topjohnwu/Magisk/releases/

    2. Go to TWRP and Flash the downlaoded Magisk ZIP file and reboot

    3. Device should rooted sucessfully

Modify APK

  1. Install apktool by following this https://ibotpeaches.github.io/Apktool/install/

apktool d original.apk -o app_decompiled

2. replace the file then rebuilt it

apktool b app_decompiled/ -o new_pactched.apk

3. To generate the signing certificate file :

keytool -genkey -v -keystore {nameofkeystore] -alias [your_keyalias] -keyalg RSA -keysize 2048 -validity [numberofdays]

keytool -genkey -v -keystore playstore -alias likhith -keyalg RSA -keysize 2048 -validity 375

4. To signing the apk file with generated certificate -

jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore [name of your keystore] [your .apk file] [your key alias]

--- this command to signing the application once signed the apk file, verify whether your apk file is signed or not with the below command.

jarsigner -verify -verbose [path_to_your_apk] if the above verify command shows jar is signed. then its success.

keytool -genkey -v -keystore playstore -alias likhith -keyalg RSA -keysize 2048 -validity 375

jarsigner -verify -verbose

https://www.andreafabrizi.it/2017/03/16/Intercept-android-app-with-burp-suite/

PreviousiOSNextDocker Basics

Last updated 3 years ago

Was this helpful?