HackTricks
Search…
Pentesting
Powered By GitBook
AVD - Android Virtual Device
Thank you very much to @offsecjay for his help while creating this content.

What is

Android Studio allows to run virtual machines of Android that you can use to test APKs. In order to use them you will need:
In Windows (in my case) after installing Android Studio I had the SDK Tools installed in: C:\Users\<UserName>\AppData\Local\Android\Sdk\tools

JDK

For MacOS machines I recommend you to install the following version to be able to use the CLI commands mentioned in the following sections:
1
brew install [email protected]
Copied!

GUI

Prepare Virtual Machine

If you installed Android Studio, you can just open the main project view and access: Tools --> AVD Manager.
Then, click on Create Virtual Device, select the phone you want to use and click on Next. In the current view you are going to be able to select and download the Android image that the phone is going to run:
So, select it and click on Download (now wait until the image is downloaded). Once the image is downloaded, just select Next and Finish.
The virtual machine will be created. Now every time that you access AVD manager it will be present.

Run Virtual Machine

In order to run it just press the Start button.

Command Line tool

Prepare Virtual Machine

In MacOS systems the executable is located in /Users/<username>/Library/Android/sdk/tools/bin
First of all you need to decide which phone you want to use, in order to see the list of possible phones execute:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list device
2
3
id: 0 or "tv_1080p"
4
Name: Android TV (1080p)
5
OEM : Google
6
Tag : android-tv
7
---------
8
id: 1 or "tv_720p"
9
Name: Android TV (720p)
10
OEM : Google
11
Tag : android-tv
12
---------
13
id: 2 or "wear_round"
14
Name: Android Wear Round
15
OEM : Google
16
Tag : android-wear
17
---------
18
id: 3 or "wear_round_chin_320_290"
19
Name: Android Wear Round Chin
20
OEM : Google
21
Tag : android-wear
22
---------
23
id: 4 or "wear_square"
24
Name: Android Wear Square
25
OEM : Google
26
Tag : android-wear
27
---------
28
id: 5 or "Galaxy Nexus"
29
Name: Galaxy Nexus
30
OEM : Google
31
---------
32
id: 6 or "Nexus 10"
33
Name: Nexus 10
34
OEM : Google
35
---------
36
id: 7 or "Nexus 4"
37
Name: Nexus 4
38
OEM : Google
39
---------
40
id: 8 or "Nexus 5"
41
Name: Nexus 5
42
OEM : Google
43
---------
44
id: 9 or "Nexus 5X"
45
Name: Nexus 5X
46
OEM : Google
Copied!
Once you have decide the name of the device you want to use, you need to decide which Android image you want to run in this device. You can list all the options using sdkmanager:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat --list
Copied!
And download the one (or all) you want to use with:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\sdkmanager.bat "platforms;android-28" "system-images;android-28;google_apis;x86_64"
Copied!
Once you have downloaded the Android image you want to use you can list all the downloaded Android images with:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list target
2
----------
3
id: 1 or "android-28"
4
Name: Android API 28
5
Type: Platform
6
API level: 28
7
Revision: 6
8
----------
9
id: 2 or "android-29"
10
Name: Android API 29
11
Type: Platform
12
API level: 29
13
Revision: 4
Copied!
At this moment you have decided the device you want to use and you have downloaded the Android image, so you can create the virtual machine using:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat -v create avd -k "system-images;android-28;google_apis;x86_64" -n "AVD9" -d "Nexus 5X"
Copied!
In the last command I created a VM named "AVD9" using the device "Nexus 5X" and the Android image "system-images;android-28;google_apis;x86_64". Now you can list the virtual machines you have created with:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\bin\avdmanager.bat list avd
2
3
Name: AVD9
4
Device: Nexus 5X (Google)
5
Path: C:\Users\cpolo\.android\avd\AVD9.avd
6
Target: Google APIs (Google Inc.)
7
Based on: Android API 28 Tag/ABI: google_apis/x86_64
8
9
The following Android Virtual Devices could not be loaded:
10
Name: Pixel_2_API_27
11
Path: C:\Users\cpolo\.android\avd\Pixel_2_API_27_1.avd
12
Error: Google pixel_2 no longer exists as a device
Copied!

Run Virtual Machine

We have already seen how you can list the created virtual machines, but you can also list them using:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -list-avds
2
AVD9
3
Pixel_2_API_27
Copied!
You can simply run any virtual machine created using:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "VirtualMachineName"
2
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9"
Copied!
Or using more advance options you can run a virtual machine like:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system
Copied!

Command line options

However there are a lot of different command line useful options that you can use to initiate a virtual machine. Below you can find some interesting options but can find a complete list here

Boot

    -snapshot name : Start VM snapshot
    -snapshot-list -snapstorage ~/.android/avd/Nexus_5X_API_23.avd/snapshots-test.img : List all the snapshots recorded

Network

    -dns-server 192.0.2.0, 192.0.2.255 : Allow to indicate comma separated the DNS servers to the VM.
    -http-proxy 192.168.1.12:8080 : Allow to indicate an HTTP proxy to use (very useful to capture the traffic using Burp)
    -port 5556 : Set the TCP port number that's used for the console and adb.
    -ports 5556,5559 : Set the TCP ports used for the console and adb.
    -tcpdump /path/dumpfile.cap : Capture all the traffic in a file

System

    -selinux {disabled|permissive} : Set the Security-Enhanced Linux security module to either disabled or permissive mode on a Linux operating system.
    -timezone Europe/Paris : Set the timezone for the virtual device
    -screen {touch(default)|multi-touch|o-touch} : Set emulated touch screen mode.
    -writable-system : Use this option to have a writable system image during your emulation session. You will need also to run adb root; adb remount. This is very useful to install a new certificate in the system.

Install Burp certificate on a Virtual Machine

First of all you need to download the Der certificate from Burp. You can do this in Proxy --> Options --> Import / Export CA certificate
Export the certificate in Der format and lets transform it to a form that Android is going to be able to understand. Note that in order to configure the burp certificate on the Android machine in AVD you need to run this machine with the -writable-system option. For example you can run it like:
1
C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system
Copied!
Then, to configure burps certificate do:
1
openssl x509 -inform DER -in burp_cacert.der -out burp_cacert.pem
2
CERTHASHNAME="`openssl x509 -inform PEM -subject_hash_old -in burp_cacert.pem | head -1`.0"
3
mv burp_cacert.pem $CERTHASHNAME #Correct name
4
adb root && adb remount #Allow to write on /syste
5
adb push $CERTHASHNAME /sdcard/ #Upload certificate
6
adb shell mv /sdcard/$CERTHASHNAME /system/etc/security/cacerts/ #Move to correct location
7
adb shell chmod 644 /system/etc/security/cacerts/$CERTHASHNAME #Assign privileges
8
adb reboot #Now, reboot the machine
Copied!
Once the machine finish rebooting the burp certificate will be in use by it!

Take a Snapshot

You can use the GUI to take a snapshot of the VM at any time:
Last modified 6mo ago