Extracting an APK specimen from the device

This method ensures you are getting the same version of the APK as what your target device has on it. It could be particularly useful if dealing with an APK that isn't available on the Google Play store (or websites like APKPure or APK4Fun). A good example would be a corporate app that has been sideloaded.

A video containing the same steps as below has been created:

Before you begin, it is helpful to establish the application identifier, for instance com.enchantedcloud.photovault

Continuing with the photovault example:

Open an adb shell (as root if possible).
Navigate to the app's installation directory by typing cd /data/app/ and then ls
Confirm the folder exists beginning with com.enchantedcloud, then access the folder by typing cd com.ench and pressing [TAB].
In this directory you will find a file base.apk. We want to retrieve this off the emulator. You can either copy it's full path, or make your life easier by first copying the apk to an easier path. (e.g. copy the APK to /data/local/tmp by typing cp base.apk /data/local/tmp)
Open another command window in your working directory. Finally, pull the APK to the host system with: adb pull /data/local/tmp/base.apk

Previousfrida-trace NextTroubleshooting frida connectivity

Last updated 4 years ago