Mobile applications became an essential part of our lives, somehow we are dependent of them. We are using a lot of mobile applications every day. If you are lost in a new city, Google Maps gets you out of this situation. or if we want to make an appointment to the hairstylist, mobile applications assist us in our daily tasks.
It comes natural to us to use applications for everything that we need so it’s good to know that some applications might have security issues, and even know how to test their security.
Therefore, what if you want to learn how to do a mobile penetration test? Where would you begin? I recommend you to start from this article.
I will get you through the two big steps in order to install and root an Android emulator on your computer, which is the basis of an Android pentest.
Ok, enough talking, let’s jump to the interesting part. ?
What would you need?
A rooted Android phone. What if you don’t have an Android Phone?! You should not worry about that, you can use an emulator of an Android device – which can be installed on your personal computer. An emulator is hardware or software that allows your computer (called the host) to behave like another system (called the guest). Emulation refers to the ability of a computer program in an electronic device to emulate another device. The emulator setup was tested using Ubuntu 18.10 – as the host and Android 7.1.1 – as the guest.
What steps should you follow in order to have your Android emulator?
1. Download the Android system image. You can do that by using Android-Studio.
Download and install Android Studio from here:
https://developer.android.com/studio/install
- Open Android-Studio , and select the AVD manager from the Tools tab.
- In the newly tab that have been open hit the “ Create Virtual Device ” button.
Figure 1: Android-Studio AVD manager
- Chose a device definition, (I have chosen Nexus 5X), and hit the “Next” button.
- Under the “x86 tab” , Select Android 7.1.1 ( Google APIs ) and hit “Download” button.
- After the download is finished, you can press the “ Next ” button.
- In the new tab opened, you can choose a name for your virtual device under the AVD Name field, all the other settings can be left as default. After that, you can hit the “ Finish” button.
- You might want to close Android Studio now, as the system image was already created.
Figure 2: Finish the Android system image process
2. Let’s turn on and root the emulator
- Open the Ubuntu terminal and type the following command:
$SDK_PATH/emulator/emulator -avd Your-emulator-name -writable-system -selinux disabled -qemu -enable-kvm
- The bold values should be changed according to your system. By default, after the installation of Android-Studio, the SDK_PATH is located in your home folder.
On my system, the following command is working:$~/Android/Sdk/emulator/emulator -avd My-first-emulator -writable-system -selinux disabled -qemu -enable-kvm
- After the booting process is completed, on your desktop should be as in figure 3.
Figure 3: Starting the Android emulator
- Now, you have to open a new tab in the Ubuntu terminal and install adb.You can do that by typing the following command: $ apt install adb
Adb – Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device. [2] - After the installation of adb is completed, you can type the following command :
$ adb root && adb remount
The previous command will Restart adbd as root and remount system as writable. Make sure you restart the adbd while the emulator is running.
- The next step is to install the Superuser.apk application to our emulator.
SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. SuperSU has been built from the ground up to counter a number of problems with other Superuser access management tools[3]. In order to do that you have to type the following commands in the Ubuntu terminal:
$ git clone https://github.com/0xFireball/root_avd
$ cd root_avd/
$ adb install SuperSU/common/Superuser.apk
- At this stage, you should have the application SuperSU installed to the emulator. Next, you have to type the following commands in Ubuntu terminal:
$ adb push SuperSU/$ARCH/su /system/xbin/su
Instead of the bolded text $ARCH, you should type the architecture of your downloaded system image. In my case, the architecture is x86, so the following command will work for me, and should work for you too – if you downloaded the same system image as I did – $ adb push SuperSU/x86/su /system/xbin/su
In order to finish the rooting process you have to enter some more commands in terminal.
$ adb shell chmod 0755 /system/xbin/su – This command will update permissions of the file that have been pushed in the previous step.
$ adb shell setenforce 0 This command will Set SELinux to Permissive mode.
$ adb shell su –– install This command will Install SuperSU’s su to system.
$ adb shell su –– daemon& This command will Run SuperSU’s su as daemon.
Finally, you can now open the superSU application on the emulator. The application will display the following message: The SU binary needs to be updated. Continue? Hit “ Continue” and use normal installation.
An error message is possible to de displayed : Installation failed ! Please reboot and try again. Don’t worry about it, hit the “OK” button and you will have a rooted Android emulator.
At this stage, your emulator should be rooted, but I recommend you to type the following commands in your terminal, otherwise, Superuser may not always persist after reboot:
$ adb shell – This command will open a root shell from your emulator.
$ su –daemon& – This command will Run SuperSU’s su as daemon.
That’s it.
Your emulator should be rooted now, even if you reboot it. Next time you want to open your emulator, just type the command:
$~/Android/Sdk/emulator/emulator -avd My-first-emulator -writable-system -selinux disabled -qemu -enable-kvm
If you got here, well done!
You have just installed and rooted an Android emulator, on your personal computer. This is the first step in order to do mobile penetration testing, without having a physical Android device.
Write to us, in the comment section below, if the process went well for you or you have encounter any sort of problems. ✍️?