Skip to content

Instantly share code, notes, and snippets.

@jevakallio

jevakallio/readme.md

Last active April 22, 2024 15:51
Show Gist options
  • Star 36 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save jevakallio/452c54ef613792f25e45663ab2db117b to your computer and use it in GitHub Desktop.
Save jevakallio/452c54ef613792f25e45663ab2db117b to your computer and use it in GitHub Desktop.
Download ZIP
`adb pull` from app data directory without root access
Raw
readme.md

TL;DR;

com.package.name is your app identifier, and the file path is relative to the app user's home directory, e.g. '/data/user/0/com.package.name.

adb shell run-as com.package.name cp relative/path/file.ext /sdcard
adb pull /sdcard/file.ext

See long explanation below.

Problem

Trying to adb pull files from our app's directory fails with Permission denied, because the adb user doesn't have access to the home directory.

adb pull /data/user/0/com.package.name/file.ext

Error:

adb: error: failed to stat remote object '/data/user/0/com.package.name/file.ext': Permission denied

You can try to run adb as root first:

adb root

But on a non-rooted device, this fails with:

adbd cannot run as root in production builds`

Here's a workaround on how to download a file from the app data directory using run-as.

Long version

This explains the solution step by step.

Start a shell session on the device. All following commands will be executed in the shell session on your device.

adb shell

Assuming our app identifier is com.package.name, the app data directory is at /data/user/0/com.package.name.

You can try to list files in that directory:

ls /data/user/0/com.package.name

This should result in error:

ls: /data/user/0/com.package.name/: Permission denied

However, you can run a command using the com.package.name application identity with the run-as command

run-as com.package.name ls /data/user/0/com.package.name/

You should now see a directory listing, and you can find the file you want, and copy it to a directory on your device that doesn't require root access, e.g. /sdcard:

run-as com.package.name cp /data/user/0/com.package.name/file.ext /sdcard

We can then exit the adb shell:

exit

Back at our own computer, we can adb pull the file:

adb pull /sdcard/file.ext
@gokaybiz
Copy link

This script can make app debuggable!

apk_name=com.example
apk_location=$(adb shell pm list packages -f -3 | grep $apk_name | sed 's/.*:\(.*\).apk.*/\1/').apk
adb pull $apk_location original.apk
keytool -genkey -v -keystore resign.keystore -storepass androiddbg -alias androiddbg -dname "CN=Android Debug,O=Android,C=US"
python make_debuggable.py apk original.apk patched.apk resign.keystore androiddbg
adb uninstall $apk_name
adb install patched.apk

Push file example!

tmp="/data/local/tmp"
adb push /home/Desktop/a.txt $tmp
adb shell run-as com.example cp $tmp $dst

Pull file example!

app="com.example"
adb -d shell "run-as $app cat /data/user/0/$app/file.txt" > file.txt

https://github.com/julKali/makeDebuggable/raw/master/makeDebuggable.py

@mickael28
Copy link

mickael28 commented Mar 17, 2024
edited

@kdrkdrkdr @gokaybiz @jevakallio , with this script getting this error, any idea what it could be pls?

https://github.com/julKali/makeDebuggable/raw/master/makeDebuggable.py

python make_debuggable.py apk original.apk patched.apk resign.keystore androiddbg

File "D:\Temp\APKs-for-NvidiaShield\apks\adb\make_debuggable.py", line 611, in
patchApk(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5], sys.argv[6])
~~~~~~~~^^^
IndexError: list index out of range

Bypassed the error adding 'androiddbg' at the end, but then it fails with:

$ python make_debuggable.py apk original.apk patched.apk resign.keystore androiddbg androiddbg

17324808 res/raw/wallpaper.apk (OK)
19083357 res/xml/components.xml (OK - compressed)
19084178 res/xml/network_security_config.xml (OK - compressed)
19084553 res/xml/nimble_log.xml (OK - compressed)
19084744 resources.arsc (OK)
Verification succesful
Exception in thread "main" java.security.InvalidKeyException: Failed to sign using signer "ANDROIDD"
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:293)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.sign(V1SchemeSigner.java:254)
at com.android.apksig.DefaultApkSignerEngine.outputJarEntries(DefaultApkSignerEngine.java:933)
at com.android.apksig.ApkSigner.sign(ApkSigner.java:551)
at com.android.apksig.ApkSigner.sign(ApkSigner.java:223)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:395)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:92)
Caused by: java.security.InvalidKeyException: Failed to sign using SHA1withDSA
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:516)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:291)
... 6 more
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at sun.security.provider.DSA.checkKey(DSA.java:111)
at sun.security.provider.DSA.engineInitSign(DSA.java:143)
at java.security.Signature$Delegate.init(Signature.java:1155)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1115)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1179)
at java.security.Signature.initSign(Signature.java:530)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:512)
... 7 more
Value of sys.argv[2]: original.apk
Patching AndroidManifest.xml ...
Found application tag at 7868 !
Found debuggable attribute!
Copying file ...
Copying rest of files
Using zipalign at .\zipalign.EXE
Aligning...
Verifying alignment...
Using apksigner at .\apksigner.BAT
Signing...
apksigner failed, aborting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment