Github

Core functionalities

Advanced search

Secrets finder

Select one of the following secret finder:

  • Full search

  • Light search

The search is based on some regexes. The only difference between the two modalities is on the number of regexes that are processed and the related execution time.

The search can work on folder or files as shown below.

For example, running Light Search the script shows the following results:

Moreover, it will create the file results/advanced_search/YYYY-MM-DD_hh-mm-ss_light_secrets.csv or results/advanced_search/YYYY-MM-DD_hh-mm-ss_full_secrets.csv with all the secrets found and the related file paths.

Advanced Search/Replacement

Advanced search

A case-insensitive search of strings in the file specified or all the files found recursively in the folder specified:

The string to be searched can be:

  • a normal string that will be converted in a case-insensitive byte sequence

  • a byte sequence in hex format (e.g. 0xaabf)

Advanced Replacement

A case-sensitive search replacement of strings in the file specified or all the files found recursively in the folder specified:

The strings to be used in search or replacement can be:

  • a normal string that will be converted in a case-insensitive byte sequence

  • a byte sequence in hex format (e.g. 0xaabf)

APK

APK analysis

You can specify the APK file path on the PC or the package name of the application installed on the device. In the second case, the script will transfer the apk from the device.

During the APK analysis, the script can perform several actions:

  • Certificate Pinning Hints: search for the lines of code that can be related to Certificate Pinning

  • Root Detection Hints: search for the lines of code that can be related to Root Detection

  • Signature Scheme: analysis of the signature scheme

  • Full Analysis: all the previous actions together

The results will be printed on terminal and then stored in results/<package_name>/apk_analysis/YYYY-MM-DD_hh_mm_ss/.

App info

Print information about an application installed on the device or an APK file.

APK from AAB

Create the APK from an AAB file

Compilation and signature

  • Compile the folder of an APK previously decompiled

  • Sign an APK file

  • Compile the folder of an APK previously decompiled and then sign it

Custom URLs

Identify the custom URLs export in the AndroidManifest.xml by:

  • analysing directly the AndroidManifest.xml file

  • decompiling an APK file on the PC

  • downloading and decompiling an application from the device

Decompilation

Decompile an application by:

  • directly accessing an APK file on the PC

  • downloading the APK file from the mobile device by specifing the package name of the installed application

Download APK from the mobile device

JADX

Run JADX on:

  • an APK file on the PC

  • the APK file downloaded from the mobile device by specifing the package name of the installed application

JAR from APK

Create a JAR file from:

  • an APK file on the PC

  • the APK file downloaded from the mobile device by specifing the package name of the installed application

Merge APKs

Create a new APK from:

  • a list of APK files separated by spaces

  • all the APK files in a folder

App Data and Logs

Backup

  • Create the AB file results/<package_name>/backup/YYYY-MM-DD_hh_mm_ss_backup.ab and extract it to results/<package_name>/backup/YYYY-MM-DD_hh_mm_ss_backup/ for the:

    • backup of the entire device

    • backup of a specific <package_name> installed on the mobile device

  • Restore a backup on the mobile device from the AB file

  • Extract the content of an AB file on the PC

Data storage

  • collect data of the installed application <package_name> stored in /data/data/<package_name>

  • reset data of the installed application <package_name>

Memory dump

  • Run an installed application on the mobile device and dump memory

  • Dump memory of a running application

Force Application Stop

Logs

  • Run an installed application on the mobile device and log it

  • Log a running application on the mobile device

You can collect either default logs (results/<package_name>/logs/YYY-MM-DD_hh_mm_ss_X_all.log) or crash logs (results/<package_name>/logs/YYY-MM-DD_hh_mm_ss_X_crash.log). Moreover, you can monitor all the logging sessions in background.

Every log session is created when the option is selected and terminates when the selected app terminates its execution.

Device information

Collect several information of the mobile device:

  • the list of installed applications

  • battery status

  • CPU information

  • General information

  • Network information

  • RAM information

  • Storage information

Devices

List all the available devices (to be used also for emulators)

Emulator

Create an AVD

The AVD files will be created in the folder avds/.

List AVDs

Launch the emulator

Delete an AVD

The files related to the AVD in avds/ were removed.

File transfer

  • Download a file/folder from the mobile device to a PC folder

  • Upload a file/folder from the PC to the a mobile device folder

Frida

  • Install frida-tools on the PC and then the related Frida server on the mobile device

  • Start the Frida server on the mobile device

  • Run a Frida script

  • Uninstall frida-tools and the related Frida server

Run a Frida script

The frida script can be launched on a running application. Otherwise, Hackndroid can spawn the application and then run the frida script.

When selecting this functionality, you can choose one on more scripts of the ones in frida-scripts folder. In this way you can add also your favorite scripts.

Install/Uninstall

  • Install an APK file (if an application with the same package name is already installed, it will removed and then the new version will be installed)

  • Install opening the PlayStore on the mobile device

  • Uninstall an application

Interactive shell

Mirroring

  • Start mirroring with scrcpy

  • Stop the mirroring process

  • Take a screenshot or record the screen of the mobile device

Device settings

  • Enable/disable Battery Saver mode

  • Enable/disable Do Not Disturb mode

  • Manage connectivity

    • Enable/Disable Wifi

    • Enable disable Airplane mode

Processes List

Proxy

System Proxy

Set the proxy

Set the proxy on the mobile device with the current PC Wifi IP address (192.168.1.14) and port 8080

or on another IP and port (192.168.1.31:8081)

Get the proxy

Get the current system proxy set on the mobile device

Remove the proxy

Remove the current proxy previously set by using HacknDroid

Invisible proxy (iptables)

Set the proxy

Set the proxy on the mobile device with the current PC Wifi IP address (192.168.1.14):

or on another IP (192.168.1.31):

Get the proxy

Get the current invisible proxy set on the mobile device

Remove the proxy

Remove the current proxy previously set by using HacknDroid

Invisible proxy (iptables) for specific app

Set the proxy

Set the proxy on the mobile device with the current PC Wifi IP address (192.168.1.14) for the application :

or on another IP (192.168.1.31):

Get the proxy

Get the current invisible proxy set on the mobile device

Remove the proxy

Remove the current proxy previously set by using HacknDroid

DNS spoofing

NOTE To run DNS Server using the tool, ensure that the Windows Firewall is disabled on the PC where the script will be run:

Set the proxy

  1. Run the DNS service to inject fake DNS resolution on the current PC Wifi IP address:

    or on another IP:

  2. The script will open the Wifi settings on the mobile device to leave you insert the IP address specified in the script page 192.168.1.14:

  3. If everything was set successfully, you can intercept the traffic on ports 80, 443 (for example by using Burp Suite invisible proxy):

Stop the proxy

Shutdown/Reboot

PreviousGeneral informationNextFuture features

Last updated