Android analysis

disable DM-Verity

mod fstab file in initrd of boot.bin
delete “verify” option in mount option field

set SELinux permissive

add below to kernel cmdline
enforcing=0 androidboot.selinux=permissive

useful adb command

Get Activity List
dumpsys package | grep -i [app_id] | grep Activity

Run Activity
am start -a android.intent.action.MAIN -n [app_id]/.activities.xxxx [-e extra_id extra_value]

extract bootimg
abootimg -x boot.bin

modding kernel ramfs
to extract
cat initrd | gunzip | cpio -vid
to merge
find ./ | sort | cpio -o -H newc | gzip -9 > ../new_initrd
make bootimg
abootimg –create new_boot_su.bin -f bootimg.cfg -k zImage -r new_initrd -s stage2.img

restart zygote
killall zygote ## 가끔 잘안됨
setprop ctl.restart zygote


Start adbd via commandline

setprop service.adb.tcp.port 5555
settings put global development_settings_enabled 1
settings put global adb_enabled 1
start adbd

adb push /data/misc/adb/adb_keys

useful tools


Leave a Reply

Your email address will not be published. Required fields are marked *