Getting your Android device ready for hacking
So you want to hack some piece of software available on Android devices he? Here’s how to setup a dedicate debugging (ahem) device.
Getting a hackable device
We strongly recommend you use a dedicated device for developing, hacking, bug hunting and testing. All of those can have undesirable effects on your device.
Repairing a broken mobile is cheap and a great way to learn. You will need a repair kit and probably a heat gun. Then Google around for instructions on how to fix your device.
Install CyanogenMod OS
Get a Cyanogen compatible device list. During CyanogenMod install install the TWRP recovery image and when installing Google Apps install the smallest package possible.
Installing software from other sources
During your hacking adventures you are highly likely to need software that wasn’t approved or submitted to Google Play. So you will need to enable installation form unknown sources. In the settings search for the term “Install” and select “Install from storage”. Then activate “Unknown sources”. You will see a box pop-up that ask if Google can analyze your device for “security” purpose. Obviously, we don’t want that. The box will pop-up from time to time. Always answer negatively.
Disable Google history
If you use a Google account on the device, which I discourage, log into Google history dashboard and pause the history features. Else it’s going to track and keep note of your searches, location, browsing history and much more.
Once it’s booted go to settings, apps and disable all the apps you think won’t be useful. Since this list is different on each device, you’ll have to figure it out yourself.
Enable developer options
Now activate developer mode and the following options:
- Advance reboot
- Stay awake
- Bluetooth HCI log
- Full root access
- Android debugging
- Local terminal
- Bug report shortcut
- Development shortcut
This guide explain how to install ADB on Linux, OSX and Windows.
We strongly recommend you use a Linux desktop. Ubuntu is easy to pickup.
Trying a few things out
If everything is setup correctly you should have unrestricted access to your device. Let’s try a few of then and see how it goes.
Browsing through your phone files
In the terminal type: adb shell. You should see a command promt that look like shell@device:/ $ From there you can wander around with basic Linux commands like; cd and ls.
It is possible to get the system logs. All apps write to this logfile so game software are likely to have usable information in there. Type adb logcat in your command promt and it should display.
Other posts from the Android forensics and security analysis series: