Android Debugging

Debugging is a method used to inject/modify application function during runtime process

Android application must be flagged as debuggable in order to be able to test the debugging.

Debugging android apps

In order to do that, first we need to check if the application is debuggable or not by exploring the AndrdoiMainfest.xml file and look for the debug flag

• Debug InsecureBankv2.apk

• Look for the mainfest file for android:debugging=true flag

• run the following command using adb

./adb jdwp

• Note the IDs and then lunch the application

• run adb again and take a note of the new ID (this the id for the InsecureBankv2 application)

./adb jdwp

• Enter the following command to create a new connection listening on 12345 to which we later connect using jdb.

./adb forward tcp:12345 jdwp:<id from last step>

• Connect to 12345 using jdb.

jdb -attach localhost:12345

• The list of all the available classes can be viewed using the command “classes”.

• Methods for a specific class can be found using the below command:

methods com.android.insecurebankv2.LoginActivity

• Set Breakpoint

stop in com.android.insecurebankv2.LoginActivity.createUser()

• Click on create user button to hit the breakpoint

• The command “local” can be used to view the current local variables and the “step” command can be used to move to the next instruction.

• Check the local variables

main[1] step
main[1] locals

• Modify variable

main[1] set text = "Hello World"
main[1] run