What is adb?

The Android Debug Bridge (adb) is a programming tool used for the debugging of Android-based devices. The daemon on the Android device connects with the server on the host PC over USB or TCP, which connects to the client that is used by the end user over TCP. For hackers, this means we can interact with Android devices to add and remove packages, access debug logs and interact with either physical or virtual Android instances for mobile web app security testing.

adb Installation

How to install adb on MacOS:

brew install android-platform-tools

adb Example Commands

adb start / restart

adb kill-server
adb start-server 

adb reboot

adb reboot
adb reboot recovery 
adb reboot-bootloader

adb reboot with root

The following restarts the android device with root permissions:

adb root

adb list devices:

Show adb devices:

adb devices

adb show devices with full information (product/model)

adb devices -l

adb connect to a device:

adb connect IP-ADDRESS

adb shell

Run commands on the android device shell via an adb shell:

adb shell

adb android version

Return the running Android version of the connected adb device:

adb shell getprop ro.build.version.release 

adb Logcat

Commands related to adb logcat, allowing access to Android logs via adb.

adb view logs:

adb logcat

adb clear logs on device:

adb logcat -c

adb dump log output to file on the local system:

adb logcat -d > /tmp/foo.txt

adb full log dump (dumpstate, dumpsys and logcat output):

adb bugreport > /tmp/full-adb-dump.txt

adb copy files

adb copy files from your system to your android phone:

adb push [source] [destination]

adb copy files from phone to system:

adb pull [device file location] /tmp/foo

adb install package

adb -e install /tmp/package.apk
COMMAND DESCRIPTION

-d

directs command to the only connected USB device

-e

directs command to the only running emulator

-s

serial number

-p

product name or path

Note the flag needs to come before the command.

Uninstalling app with adb

COMMAND DESCRIPTION

adb uninstall com.myAppPackage

Uninstalls the app with the package name com.myAppPackage.

adb uninstall <app .apk name>

Uninstalls the app with the specified .apk file name.

adb uninstall -k <app .apk name>

Uninstalls the .apk file without deleting its data.

adb update app

COMMAND DESCRIPTION

adb install -r app-name.apk

reinstall the app and keep its data on the device

adb install –k app-name.apk /local/path/

Installs the app and retains its data without deleting it

adb home button press

adb shell am start -W -c android.intent.category.HOME -a android.intent.action.MAIN

adb take screenshot

adb shell screencap -p /sdcard/screenshot.png

adb screen record

adb shell screenrecord /sdcard/NotAbleToLogin.mp4

ShPref

replace org.example.app with your application id

adb restart app

adb shell 'am broadcast -a org.foo.app.sp.CLEAR --ez restart true'

adb emulate device

How to emulate device in adb:

adb shell wm size 2048x1536
adb shell wm density 288

adb reset to default:

adb shell wm size reset
adb shell wm density reset

adb print text

Potentially useful for input validation based attacks:

adb shell input text 'payload'

adb key events

COMMAND DESCRIPTION

adb shell input keyevent 3

home btn

adb shell input keyevent 4

back btn

adb shell input keyevent 5

call

adb shell input keyevent 6

end call

adb shell input keyevent 26

turn android device on and off. it will toggle device to on/off status.

adb shell input keyevent 27

camera

adb shell input keyevent 64

open browser

adb shell input keyevent 66

enter

adb shell input keyevent 67

delete (backspace)

adb shell input keyevent 207

contacts

adb shell input keyevent 220 / 221

brightness down/up

adb shell input keyevent 277 / 278 / 279

cut/copy/paste

Useful file system paths

PATH

DESCRIPTION

/data/data/<package>/databases

App databases

/data/data/<package>/shared_prefs/

Shared preferences

/data/app

APK installed by user

/system/app

Pre-installed APK files

/mmt/asec

Encrypted apps (App2SD)

/mmt/emmc

Internal SD Card

/mmt/adcard

External/Internal SD Card

/mmt/adcard/external_sd

External SD Card

adb show device information

COMMAND DESCRIPTION

adb get-state

Print device state

adb get-serialno

Get the serial number

adb shell dumpsys iphonesybinfo

Get the IMEI

adb shell netstat

List TCP connectivity

adb shell pwd

Print current working directory

adb shell dumpsys battery

Battery status

adb shell pm list features

List phone features

adb shell service list

List all services

adb shell dumpsys activity <package>/<activity>

Activity info

adb shell ps

Print process status

adb shell wm size

Displays the current screen resolution

dumpsys window windows | grep -E 'mCurrentFocus|mFocusedApp'

Print current app's opened activity

adb show package info

COMMAND DESCRIPTION

adb shell list packages

List package names

adb shell list packages -r

List package name + path to APKs

adb shell list packages -3

List third-party package names

adb shell list packages -s

List only system packages

adb shell list packages -u

List package names + uninstalled

adb shell dumpsys package packages

List info on all apps

adb shell dump <name>

List info on one package

adb shell path <package>

Path to the APK file

adb system settings

e.g., adjust battery level, resolution etc

COMMAND DESCRIPTION

adb shell dumpsys battery set level <n>

Change the battery level from 0 to 100

adb shell dumpsys battery set status <n>

Change the battery status to unknown, charging, discharging, not charging, or full

adb shell dumpsys battery reset

Reset the battery

adb shell dumpsys battery set usb <n>

Change the status of USB connection to ON or OFF

adb shell wm size WxH

Sets the resolution to WxH

adb device commands

COMMAND DESCRIPTION

adb reboot-recovery

Reboot device into recovery mode

adb reboot fastboot

Reboot device into fastboot mode

adb shell screencap -p "/tmp/screenshot.png"

Capture screenshot

adb shell screenrecord "/tmp/record.mp4"

Record device screen

adb backup -apk -all -f backup.ab

Backup settings and apps

adb backup -apk -shared -all -f backup.ab

Backup settings, apps, and shared storage

adb backup -apk -nosystem -all -f backup.ab

Backup only non-system apps

adb restore backup.ab

Restore a previous backup

adb shell am start|startservice|broadcast <INTENT>[<COMPONENT>] -a <ACTION>

Start activity intent

adb shell am start -a android.intent.action.VIEW -d URL

Open URL

adb shell am start -t image/* -a android.intent.action.VIEW

Opens gallery

adb backup

adb backup -f chrome.ab -apk com.android.chromer device

Conclusion

We hope this ADB cheat sheet was useful in covering the usage of the ADB tool for performing mobile app security testing against Android Apps.

Sources