夜神模拟器安装系统根证书技术
安卓7.0之后,更加严格,这将导致一个结果,就是,你的手机,只是一个手机而已,而你几乎无法控制它。
其实作为一个开源的系统,真的不应该这样,因为,你是开源的,总会有办法。
其实,7.0 之后的安卓,用户证书变的没有意义。而目前的抓包工具,不论是 Charles 或者 是 Fiddler 几乎都是不能用的节奏。
下面讲一讲 Charles 抓取 https 数据接口。
Help -> SSL proxying -> Save Charles Root Certificate。下载完成后。点击 Install Charles Root Certificate On a Mobile Device or Remote Browser,在这个弹出窗能看到代理的 ip 和 port。
Charles 这边结束了。
然后看看证书转换:
下面是 openssl 证书格式转换 pem证书转.cer证书 openssl x509 -outform der -in demo.pem -out demo.cer cer证书转.pem证书 openssl x509 -inform der -in demo.cer -out demo.pem
我这里测试下载后无需转换,因为就是 pem 格式的证书,如果需要转换使用上面的命令。
接下来看看实战,看是如何实现安装系统证书的,安装好了系统证书就可以抓取 https 请求,这时候就能看到原始数据了,而如果没有系统证书,则是一般看不到的。
C:\Program Files (x86)\Nox\bin> .\nox_adb.exe devices
List of devices attached
127.0.0.1:62001 device
PS C:\Program Files (x86)\Nox\bin> .\nox_adb.exe root
PS C:\Program Files (x86)\Nox\bin> .\adb.exe remount
remount succeeded
PS C:\Program Files (x86)\Nox\bin> .\adb.exe push adfefd67.0/system/etc/security/cacerts/
Android Debug Bridge version 1.0.36
Revision 0e9850346394-android
-a - directs adb to listen on all interfaces for a connection
-d - directs command to the only connected USB device
returns an error if more than one USB device is present.
-e - directs command to the only running emulator.
returns an error if more than one emulator is running.
-s <specific device> - directs command to the device or emulator with the given
serial number or qualifier. Overrides ANDROID_SERIAL
environment variable.
-p <product name or path> - simple product name like 'sooner', or
a relative/absolute path to a product
out directory like 'out/target/product/sooner'.
If -p is not specified, the ANDROID_PRODUCT_OUT
environment variable is used, which must
be an absolute path.
-H - Name of adb server host (default: localhost)
-P - Port of adb server (default: 5037)
devices [-l] - list all connected devices
('-l' will also list device qualifiers)
connect <host>[:<port>] - connect to a device via TCP/IP
Port 5555 is used by default if no port number is specified.
disconnect [<host>[:<port>]] - disconnect from a TCP/IP device.
Port 5555 is used by default if no port number is specified.
Using this command with no additional arguments
will disconnect from all connected TCP/IP devices.
device commands:
adb push <local>... <remote>
- copy files/dirs to device
adb pull [-a] <remote>... <local>
- copy files/dirs from device
(-a preserves file timestamp and mode)
adb sync [ <directory> ] - copy host->device only if changed
(-l means list but don't copy)
adb shell [-e escape] [-n] [-Tt] [-x] [command]
- run remote shell command (interactive shell if no command given)
(-e: choose escape character, or "none"; default '~')
(-n: don't read from stdin)
(-T: disable PTY allocation)
(-t: force PTY allocation)
(-x: disable remote exit codes and stdout/stderr separation)
adb emu <command> - run emulator console command
adb logcat [ <filter-spec> ] - View device log
adb forward --list - list all forward socket connections.
the format is a list of lines with the following format:
<serial> " " <local> " " <remote> "\n"
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
dev:<character device name>
jdwp:<process pid> (remote only)
adb forward --no-rebind <local> <remote>
- same as 'adb forward <local> <remote>' but fails
if <local> is already forwarded
adb forward --remove <local> - remove a specific forward socket connection
adb forward --remove-all - remove all forward socket connections
adb reverse --list - list all reverse socket connections from device
adb reverse <remote> <local> - reverse socket connections
reverse specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
adb reverse --no-rebind <remote> <local>
- same as 'adb reverse <remote> <local>' but fails
if <remote> is already reversed.
adb reverse --remove <remote>
- remove a specific reversed socket connection
adb reverse --remove-all - remove all reversed socket connections from device
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-lrtsdg] <file>
- push this package file to the device and install it
(-l: forward lock application)
(-r: replace existing application)
(-t: allow test packages)
(-s: install application on sdcard)
(-d: allow version code downgrade (debuggable packages only))
(-g: grant all runtime permissions)
adb install-multiple [-lrtsdpg] <file...>
- push this package file to the device and install it
(-l: forward lock application)
(-r: replace existing application)
(-t: allow test packages)
(-s: install application on sdcard)
(-d: allow version code downgrade (debuggable packages only))
(-p: partial application install)
(-g: grant all runtime permissions)
adb uninstall [-k] <package> - remove this app package from the device
('-k' means keep the data and cache directories)
adb bugreport [<path>] - return all information from the device that should be included in a zipped bug report.
If <path> is a file, the bug report will be saved as that file.
If <path> is a directory, the bug report will be saved in that directory with the name provided by the device.
If <path> is omitted, the bug report will be saved in the current directory with the name provided by the device.
NOTE: if the device does not support zipped bug reports, the bug report will be output on stdout.
adb backup [-f <file>] [-apk|-noapk] [-obb|-noobb] [-shared|-noshared] [-all] [-system|-nosystem] [<packages...>]
- write an archive of the device's data to <file>.
If no -f option is supplied then the data is written
to "backup.ab" in the current directory.
(-apk|-noapk enable/disable backup of the .apks themselves
in the archive; the default is noapk.)
(-obb|-noobb enable/disable backup of any installed apk expansion
(aka .obb) files associated with each application; the default
is noobb.)
(-shared|-noshared enable/disable backup of the device's
shared storage / SD card contents; the default is noshared.)
(-all means to back up all installed applications)
(-system|-nosystem toggles whether -all automatically includes
system applications; the default is to include system apps)
(<packages...> is the list of applications to be backed up. If
the -all or -shared flags are passed, then the package
list is optional. Applications explicitly given on the
command line will be included even if -nosystem would
ordinarily cause them to be omitted.)
adb restore <file> - restore device contents from the <file> backup archive
adb disable-verity - disable dm-verity checking on USERDEBUG builds
adb enable-verity - re-enable dm-verity checking on USERDEBUG builds
adb keygen <file> - generate adb public/private key. The private key is stored in <file>,
and the public key is stored in <file>.pub. Any existing files
are overwritten.
adb help - show this help message
adb version - show version num
scripting:
adb wait-for[-<transport>]-<state>
- wait for device to be in the given state:
device, recovery, sideload, or bootloader
Transport is: usb, local or any [default=any]
adb start-server - ensure that there is a server running
adb kill-server - kill the server if it is running
adb get-state - prints: offline | bootloader | device
adb get-serialno - prints: <serial-number>
adb get-devpath - prints: <device-path>
adb remount - remounts the /system, /vendor (if present) and /oem (if present) partitions on the device read-write
adb reboot [bootloader|recovery]
- reboots the device, optionally into the bootloader or recovery program.
adb reboot sideload - reboots the device into the sideload mode in recovery program (adb root required).
adb reboot sideload-auto-reboot
- reboots into the sideload mode, then reboots automatically after the sideload regardless of the result.
adb sideload <file> - sideloads the given package
adb root - restarts the adbd daemon with root permissions
adb unroot - restarts the adbd daemon without root permissions
adb usb - restarts the adbd daemon listening on USB
adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port
networking:
adb ppp <tty> [parameters] - Run PPP over USB.
Note: you should not automatically start a PPP connection.
<tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
[parameters] - Eg. defaultroute debug dump local notty usepeerdns
adb sync notes: adb sync [ <directory> ]
<localdir> can be interpreted in several ways:
- If <directory> is not specified, /system, /vendor (if present), /oem (if present) and /data partitions will be updated.
- If it is "system", "vendor", "oem" or "data", only the corresponding partition
is updated.
internal debugging:
adb reconnect Kick current connection from host side and make it reconnect.
adb reconnect device Kick current connection from device side and make it reconnect.
environment variables:
ADB_TRACE - Print debug information. A comma separated list of the following values
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
ANDROID_SERIAL - The serial number to connect to. -s takes priority over this if given.
ANDROID_LOG_TAGS - When used with the logcat option, only these debug tags are printed.
PS C:\Program Files (x86)\Nox\bin> .\adb.exe push C:\Users\lin\adfefd67.0 /system/etc/security/cacerts/
[100%] /system/etc/security/cacerts/adfefd67.0
PS C:\Program Files (x86)\Nox\bin>
暂无