📲
Android Reversing with Frida for Examiners
Authors:M. WilliamsonC. Atha
  • Android Reversing for Examiners
  • Setting Up
    • Prerequisites
    • Our Target: Private Photo Vault
  • Lab
    • [1] Lab setup and initial app exploration
      • [1.1] Upload frida-server to the emulator or device and run using nohup
      • [1.2] Review files in the app data directory
    • [2] Perform static analysis to locate some functions of interest
    • [3] Deploy method hooks using frida REPL
    • [4a] Moar Static Analysis
    • [4b] Cast a wide net with DBI
    • [4c] PIN bruteforce
      • [4c.1] PIN bruteforce (in depth)
  • Bonus Labs
  • Ready for more?
  • Frida-tools Reference
    • Installation & Common Flags
    • frida
    • frida-ps
    • frida-trace
  • Other Processes Reference
    • Extracting an APK specimen from the device
    • Troubleshooting frida connectivity
  • What's Next
    • Recommended Toolkits and Scripts
    • Additional Resources / Questions
  • Contact Us
Powered by GitBook
On this page

Was this helpful?

  1. Other Processes Reference

Extracting an APK specimen from the device

Previousfrida-traceNextTroubleshooting frida connectivity

Last updated 5 years ago

Was this helpful?

This method ensures you are getting the same version of the APK as what your target device has on it. It could be particularly useful if dealing with an APK that isn't available on the Google Play store (or websites like APKPure or APK4Fun). A good example would be a corporate app that has been sideloaded.

A video containing the same steps as below has been created:

Before you begin, it is helpful to establish the application identifier, for instance com.enchantedcloud.photovault

Continuing with the photovault example:

  1. Open an adb shell (as root if possible).

  2. Navigate to the app's installation directory by typing cd /data/app/ and then ls

  3. Confirm the folder exists beginning with com.enchantedcloud, then access the folder by typing cd com.ench and pressing [TAB].

  4. In this directory you will find a file base.apk. We want to retrieve this off the emulator. You can either copy it's full path, or make your life easier by first copying the apk to an easier path. (e.g. copy the APK to /data/local/tmp by typing cp base.apk /data/local/tmp)

  5. Open another command window in your working directory. Finally, pull the APK to the host system with: adb pull /data/local/tmp/base.apk