I am doing some investigation of a closed-source app using ADB. I would like to log the commands this app is making, the ADB binaries it uses are in the same directory. Would I be able to sniff the commands by faking an ADB device or maybe modding the source code of the build tools to include a log?
Best regards.
I tried using some apps on a physical android device to log the incoming packets, though I got nowhere. I expect to be able to know what this closed source app is doing on my device.
PS: I am sorry if this sounds dumb, I know ADB is open source, part of the Android Open Source Project, but I made this post to make sure I am not missing some small detail. I am not an expert in the ADB protocol so excuse my clumsiness.
Answer:
Copied from this answer to How to fetch ADB shell traffic?
It is as simple as listening on the ADB server's port through Wireshark (TCP port 5037) since all the commands pass through the adb server/daemon before going to USB.
It is also possible to sniff the USB traffic using USBPcap, as it also is unencrypted.
I am running an hp laptop dual booted with windows8.1 and Linux mint17.2
When using Linux my adb will not communicate with the phone,when on windows I do not have any problem. I have redone the udev rules(as i now have 2 phone icons that pop up when the phone is plugged). I can see the options to transfer files,(drag n drop to sd card)and have done so. but when I try to use adb for anything(I get no device found) or run "adb devices", all it says is "list of attached devices" when on Linux. but when I run the command on windows it lists the device .
I also have run the command of: lsusb, and gotten the results. the phone is listed. I prefer to work on my phone on Linux, so could someone PLEASE, help me figure this out. if i have left out ANY other important info just ask.
I am kind of new to both Linux and android so not really sure what one would need to know.
Sorry for any inconvenience. and thank you for any help.
For some devices you need an extra setup step as well as the udev rules. Try Googling "[your phone make and model] adb linux".
Following commands are working with emulator but not with the usb connected devices.
adb pull /data/data/com.android.providers.contacts /home/Temp
adb pull /data/data/com.android.providers.telephony /home/Temp
adb pull /data/data/com.android.providers.media /home/Temp
adb pull /data/data/com.android.providers.settings /home/Temp
where /home/Temp is my destination directory. I want similar commands to work with usb connected devices. Suggest alternatives ASAP.
Due to security reasons, you cannot access these from original devices. Only rooted devices may provide such permissions.
To view contacts, refer Android - Importing contacts through vCards via ADB
These other references might be useful:
https://android.stackexchange.com/questions/25646/how-do-i-backup-data-sms-contacts-from-a-device-with-a-broken-screen
You can't use adb pull to pull data from devices. You need to have root access to be able to do this.
So here's the thing. I use MyPhoneExplorer in USB mode which uses ADB to communicate with the phone. Whenever my phone is connected (using MyPhoneExplorer) and try to test an app in eclipse on my EMULATOR, ADB crashes, rendering both MPE and the emulator useless.
My question is: Is there any way to prevent adb from accessing one phone from multiple sources? (In this case its trying to access the phone for both Eclipse and MPE).
Weird/Confusing question I know, but would really appreciate some help.
I haven't tested this, but how about directing ABD at a given device with this:
adb -s <serialNumber> <command>
http://developer.android.com/guide/developing/tools/adb.html#directingcommands
Use adb devices to find out the serial number of your emulator.
But from what you describe it might be that ADB's device detection that's breaking things.
I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I'm not sure if I have to cross-compile for the phone.
Another question is the following, If I want to monitor the trafic data for a certain application, there's any command for doing that?
TCPDUMP is one of my favourite tools for analyzing network, but if you find difficult to cross-compile tcpdump for android, I'd recomend you to use some applications from the market.
These are the applications I was talking about:
Shark: Is small version of wireshark for Android phones). This program will create a *.pcap and you can read the file on PC with wireshark.
Shark Reader : This program allows you to read the *.pcap directly in your Android phone.
Shark app works with rooted devices, so if you want to install it, be sure that you have your device already rooted.
Good luck ;)
If you are doing it from the emulator you can do it like this:
Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator's traffic to a local file on your PC and then open it in wireshark
There is a similar post that might help HERE
Note: tcpdump requires root privileges, so you'll have to root your phone if not done already. Here's an ARM binary of tcpdump (this works for my Samsung Captivate). If you prefer to build your own binary, instructions are here (yes, you'd likely need to cross compile).
Also, check out Shark For Root (an Android packet capture tool based on tcpdump).
I don't believe tcpdump can monitor traffic by specific process ID. The strace method that Chris Stratton refers to seems like more effort than its worth. It would be simpler to monitor specific IPs and ports used by the target process. If that info isn't known, capture all traffic during a period of process activity and then sift through the resulting pcap with Wireshark.
For Android Phones(Without Root):- you can use this application tPacketCapture this will capture the network trafic for your device when you enable the capture.
See this url for more details about network sniffing without rooting your device.
Once you have the file which is in .pcap format you can use this file and analyze the traffic using any traffic analyzer like Wireshark.
Also see this post for further ideas on Capturing mobile phone traffic on wireshark
The DDMS tool included in the Android SDK includes a tool for monitoring network traffic. It does not provide the kind of detail you get from tcpdump and similar low level tools, but it is still very useful.
Oficial documentation: http://developer.android.com/tools/debugging/ddms.html#network
Preconditions: adb and wireshark are installed on your computer and you have a rooted android device.
Download tcpdump to ~/Downloads
adb push ~/Downloads/tcpdump /sdcard/
adb shell
su root
mv /sdcard/tcpdump /data/local/
cd /data/local/
chmod +x tcpdump
./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
Ctrl+C once you've captured enough data.
exit
exit
adb pull /sdcard/dump.pcap ~/Downloads/
Now you can open the pcap file using Wireshark.
As for your question about monitoring specific processes, find the bundle id of your app, let's call it com.android.myapp
ps | grep com.android.myapp
copy the first number you see from the output. Let's call it 1234. If you see no output, you need to start the app. If you still don't see the app via ps try using top.
Download strace to ~/Downloads and put into /data/local using the same way you did for tcpdump above.
cd /data/local
./strace -p 1234 -f -e trace=network -o /sdcard/strace.txt
Now you can look at strace.txt for ip addresses, and filter your wireshark log for those IPs.
You would need to root the phone and cross compile tcpdump or use someone else's already compiled version.
You might find it easier to do these experiments with the emulator, in which case you could do the monitoring from the hosting pc. If you must use a real device, another option would be to put it on a wifi network hanging off of a secondary interface on a linux box running tcpdump.
I don't know off the top of my head how you would go about filtering by a specific process. One suggestion I found in some quick googling is to use strace on the subject process instead of tcpdump on the system.
Without root, you can use debug proxies like Charlesproxy&Co.
Packet Capture is the best tool to track network data on the android.
DOesnot need any root access and easy to read and save the calls based on application.
Check this out
Try this application
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
We can view all networking communications .. even SSL encrypted communications.
The common approach is to call "cat /proc/net/netstat" as described here:
Android network stats