Get yourself a rooted Android Virtual Device (AVD)
Summary
In the article, I will demonstrate how to create a new rooted Android Virtual Device with the latest Android (AVD) version (Android 12 at the moment of this writing). A rooted device can be very helpful in penetration testing or the reverse engineering process.
Disclaimer
This article is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Security and Penetration Testing. The content may not be used for illegal purposes. If you’re ready to learn something new for the good, then read on.
Details
The process of rooting a physical (Android) device can be very difficult. How difficult depends on the device vendor and hardware version. One thing is for sure, the newer the device version, the harder it is to root. Instead of rooting a physical device, you can also use a ready-made Android rooted image. These ready-made images are distributed by Google in the Google Play Store.
The next section shows how to install Android Studio on Kali Linux. Then we’ll show you how to create your own rooted Android Virtual Device (avd). Proceed to install Android Debug Bridge (avd) for Linux and finally connect to the target device as root.
This PoC consists of 1 machine:
- Kali Linux
- IP-Address: 192.168.62.161
Note: Installation requires about 10GB of disk space.
Install open JDK (Java Development Kit)
- Install open JDK
sudo apt update && sudo apt install openjdk-17-jdk
2. Install Android SDK
The Android SDK is a software development kit that contains a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code and tutorials.
sudo apt update && sudo apt install android-sdk
Install Android Studio
Android Studio is the official integrated development environment to develop applications for Android.
3. Download Android Studio tar file (version 2021.2.1.15 at the time of this writing)
UPDATE (24 Juli 2023)
Download version android-studio-2022.2.1.20-linux.tar.gz
firefox https://developer.android.com/studio
or
version=2022.2.1.20
file=android-studio-2022.2.1.20-linux.tar.gz
wget https://redirector.gvt1.com/edgedl/android/studio/ide-zips/${version}/${file} -O /tmp/${file}
4. Extract the tar file to /opt (or some other directory you like)
cd /tmp
file=android-studio-2022.2.1.20-linux.tar.gz
sudo tar -xvf ${file} -C /opt/
5. Start Android Studio and download all default components
cd /opt/android-studio/bin
./studio.sh
Intuitive prompts and pop-ups appear during the rest of Android Studio setup. I’m not going to put some of them there, it’s very easy.
- Choose for “do not import settings”
- Select: Standard set up
- Accept both licenses
Once Android Studio is installed, you can create your first project.
Create a New Project in Android Studio
6. Click button [New Project]
7. Choose Phone/Table and no Activity
8. Keep all the defaults and click [Finished]
9. Optional; change theme to something light (I don’t like dark themes)
Go to View > Quick Switch Scheme .. > Edit Color Scheme > IntelliJLight
10. Open Device Manager in toolbar
11. Select tab Virtual and click [Create Device]
12. Select category Phone and choose your hardware. For example Pixel 2
The next step is important! You need to select an Android image to deploy to Pixel2 Android virtual hardware. Select an image that does not contain “(GoogleAPI)” in its name.
13. Highlight the x86 Images tab and select an image without “(Google APIs)” in its name. Click the “download” link to start downloading. This can take some time.
Notice in the screenshot below that we have already downloaded the image for Android 12. We will continue with this image.
14. Click [Next] when the image is downloaded from the Google Play Store.
15. Provide an AVD name (for example “Pixel 2 API 31 root”) and click Finish.
Now you’re ready to use this rooted AVD.
Start the rooted AVD
You can start your AVD from within Android Studio Device Manager. Simply click on the >sign.
Personally, I like to use the emulator command line tools available in the Android SDK tools (see step 2 for installation).
16. List available AVDs
Change to Android SDK tools directory ($HOME/Android/Sdk/tools) and use the emulator command to list the AVDs
cd /home/kali/Android/Sdk/tools/
./emulator -list-avds
17. Start AVD “Pixel_2_API_31_root”
./emulator @Pixel_2_API_31_root
Result:
This is the rooted Pixel-2 with Android API-31 (Android 12).
We can confirm that It is installed with the latest Android version.
Connect to the AVD as root
The final step is to connect to this device using Android Debug Bridge (adb) and switch to the root user. The Android Debug Bridge is a tool used for debugging Android devices. The daemon on the Android device connects via USB or TCP to the server on the host PC, which connects via TCP to the client used by the end user.
18. Install Android Debug Bridge
sudo apt install android-tools-adb
19. Use adb to list the available devices
adb devices
20. Use the adb command to get a shell and switch to root
adb shell
su
That’s it!
I hope you liked this blog. If you do, don’t forget to follow me. Also, check out my story about creating an Android RAT (https://medium.com/system-weakness/convert-a-legitimate-android-app-to-an-android-rat-e69eb8cc913d)