slonka/android_burp.txt

## android_burp.txt
android emulator clean install + prepare for https proxy analysis
=================================================================

# clean up old packages
rm -fr ~/Android ~/.android

# install recent Android Studio (on gentoo)
sudo emerge -a dev-util/android-studio

# set up local sdk packages in ~/Android by 1st run of Android Studio GUI
android-studio

# check installed sdk packages + install a recent system image
~/Android/Sdk/tools/bin/sdkmanager --list
~/Android/Sdk/tools/bin/sdkmanager 'system-images;android-28;google_apis;x86_64'

# create android virtual device (-> ~/.android/avd)
~/Android/Sdk/tools/bin/avdmanager list target
~/Android/Sdk/tools/bin/avdmanager list device
~/Android/Sdk/tools/bin/avdmanager create avd -n testing -d "Nexus 5X" -k "system-images;android-28;google_apis;x86_64"

# launch emulator
~/Android/Sdk/tools/emulator @testing

# adb access (root in case of non-googleplay image)
~/Android/Sdk/platform-tools/adb devices
~/Android/Sdk/platform-tools/adb shell -t su

# add pc hw keyboard support
echo "hw.keyboard=yes" >> ~/.android/avd/testing.avd/config.ini

# install burp CA cert (cacert.der from http://burp:8080) as system trusted cert (wont work: ERR_CERT_VALIDITY_TOO_LONG)
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
mv cacert.pem 9a5ba575.0

# solve ERR_CERT_VALIDITY_TOO_LONG with custom CA certificate
openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout privkey.pem -out cacert.pem
openssl pkcs12 -export -out cacert.p12 -inkey privkey.pem -certfile cacert.pem -in cacert.pem   # password is required
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
mv cacert.pem a4d857ed.0
# import cacert.p12 to burp
rm cacert.p12 privkey.pem

# method 1: temporary solution for avd (poweroff-poweron cycle regenerates system image from template)
~/Android/Sdk/tools/emulator @testing -writable-system
~/Android/Sdk/platform-tools/adb root
~/Android/Sdk/platform-tools/adb remount
~/Android/Sdk/platform-tools/adb push 9a5ba575.0 /sdcard/
~/Android/Sdk/platform-tools/adb shell
mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
chown root:root /system/etc/security/cacerts/9a5ba575.0
chmod 0644 /system/etc/security/cacerts/9a5ba575.0
ls -alZ /system/etc/security/cacerts/
reboot   # reboot keeps modifications

# method 2: permanent solution for avd
cat ~/.android/avd/testing.avd/config.ini | grep sysdir
cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/system.img ~/.android/avd/testing.avd/
cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/VerifiedBootParams.textproto ~/.android/avd/testing.avd/
file ~/.android/avd/testing.avd/system.img
fdisk -l ~/.android/avd/testing.avd/system.img
sudo mount ~/.android/avd/testing.avd/system.img /mnt/ -o loop,offset=$((2048*512))
sudo cp 9a5ba575.0 /mnt/system/etc/security/cacerts/
ls -alZ /mnt/system/etc/security/cacerts/
getfattr -m - -d /mnt/system/etc/security/cacerts/*
getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0
sudo setfattr -n security.selinux -v u:object_r:system_file:s0 /mnt/system/etc/security/cacerts/9a5ba575.0
getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0
ls -alZ /mnt/system/etc/security/cacerts/
sudo umount /mnt
zile ~/.android/avd/testing.avd/VerifiedBootParams.textproto
# disable dm-verity: comment verity, replace with linear, add/remove dm_params
rm -fr ~/.android/avd/testing.avd/snapshots/default_boot/

# launch emulator with proxy
~/Android/Sdk/tools/emulator @testing -http-proxy 127.0.0.1:8080

# confirm burp CA as trusted system cert
Settings / Security & location / Advanced / Encryption & credentials / Trusted credentials / System: PortSwigger CA

# install apk
~/Android/Sdk/platform-tools/adb install test.apk
	android emulator clean install + prepare for https proxy analysis
	=================================================================

	# clean up old packages
	rm -fr ~/Android ~/.android

	# install recent Android Studio (on gentoo)
	sudo emerge -a dev-util/android-studio

	# set up local sdk packages in ~/Android by 1st run of Android Studio GUI
	android-studio

	# check installed sdk packages + install a recent system image
	~/Android/Sdk/tools/bin/sdkmanager --list
	~/Android/Sdk/tools/bin/sdkmanager 'system-images;android-28;google_apis;x86_64'

	# create android virtual device (-> ~/.android/avd)
	~/Android/Sdk/tools/bin/avdmanager list target
	~/Android/Sdk/tools/bin/avdmanager list device
	~/Android/Sdk/tools/bin/avdmanager create avd -n testing -d "Nexus 5X" -k "system-images;android-28;google_apis;x86_64"

	# launch emulator
	~/Android/Sdk/tools/emulator @testing

	# adb access (root in case of non-googleplay image)
	~/Android/Sdk/platform-tools/adb devices
	~/Android/Sdk/platform-tools/adb shell -t su

	# add pc hw keyboard support
	echo "hw.keyboard=yes" >> ~/.android/avd/testing.avd/config.ini

	# install burp CA cert (cacert.der from http://burp:8080) as system trusted cert (wont work: ERR_CERT_VALIDITY_TOO_LONG)
	openssl x509 -inform DER -in cacert.der -out cacert.pem
	openssl x509 -inform PEM -subject_hash_old -in cacert.pem \| head -1
	mv cacert.pem 9a5ba575.0

	# solve ERR_CERT_VALIDITY_TOO_LONG with custom CA certificate
	openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout privkey.pem -out cacert.pem
	openssl pkcs12 -export -out cacert.p12 -inkey privkey.pem -certfile cacert.pem -in cacert.pem # password is required
	openssl x509 -inform PEM -subject_hash_old -in cacert.pem \| head -1
	mv cacert.pem a4d857ed.0
	# import cacert.p12 to burp
	rm cacert.p12 privkey.pem

	# method 1: temporary solution for avd (poweroff-poweron cycle regenerates system image from template)
	~/Android/Sdk/tools/emulator @testing -writable-system
	~/Android/Sdk/platform-tools/adb root
	~/Android/Sdk/platform-tools/adb remount
	~/Android/Sdk/platform-tools/adb push 9a5ba575.0 /sdcard/
	~/Android/Sdk/platform-tools/adb shell
	mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
	chown root:root /system/etc/security/cacerts/9a5ba575.0
	chmod 0644 /system/etc/security/cacerts/9a5ba575.0
	ls -alZ /system/etc/security/cacerts/
	reboot # reboot keeps modifications

	# method 2: permanent solution for avd
	cat ~/.android/avd/testing.avd/config.ini \| grep sysdir
	cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/system.img ~/.android/avd/testing.avd/
	cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/VerifiedBootParams.textproto ~/.android/avd/testing.avd/
	file ~/.android/avd/testing.avd/system.img
	fdisk -l ~/.android/avd/testing.avd/system.img
	sudo mount ~/.android/avd/testing.avd/system.img /mnt/ -o loop,offset=$((2048*512))
	sudo cp 9a5ba575.0 /mnt/system/etc/security/cacerts/
	ls -alZ /mnt/system/etc/security/cacerts/
	getfattr -m - -d /mnt/system/etc/security/cacerts/*
	getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0
	sudo setfattr -n security.selinux -v u:object_r:system_file:s0 /mnt/system/etc/security/cacerts/9a5ba575.0
	getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0
	ls -alZ /mnt/system/etc/security/cacerts/
	sudo umount /mnt
	zile ~/.android/avd/testing.avd/VerifiedBootParams.textproto
	# disable dm-verity: comment verity, replace with linear, add/remove dm_params
	rm -fr ~/.android/avd/testing.avd/snapshots/default_boot/

	# launch emulator with proxy
	~/Android/Sdk/tools/emulator @testing -http-proxy 127.0.0.1:8080

	# confirm burp CA as trusted system cert
	Settings / Security & location / Advanced / Encryption & credentials / Trusted credentials / System: PortSwigger CA

	# install apk
	~/Android/Sdk/platform-tools/adb install test.apk