Pentest & Bug Bounty Resources and Techniques
  • Pentest & Bug Bounty Resources and Techniques
    • Introduction
    • Tests Checklist
    • OSINT
    • Communications Security
      • SSL/TLS
    • Networking
      • Subdomains Discovery
        • DNS & OSINT
        • DNS Brute force
          • Second DNS Brute-Force Round
      • Subdomain Takeover
      • Network Host Scan/Discovery
        • External/Internal
        • Internal only
      • Network Vulnerability Scanning
      • Network Hacking
      • Parsing
      • Reporting
    • Brute Force
      • Wordlists
      • Databases
      • SSH
    • Web
      • Endpoint Discovery
      • Infrastructure & Configuration
        • Headers
        • WAF Detection/ Evasion
      • Injection
        • GraphQL
        • Cross-Site Scripting (XSS)
        • SQL Injection
        • Payloads
      • SSRF & XXE
        • Labs & Resources
        • Tools
        • SVG SSRF Cheatsheet
        • XXE - XEE - XML External Entity
      • JWT Vulnerabilities (Json Web Tokens)
      • HTTP/S DoS
    • Mobile
      • Both
        • SAST
          • MobSF
        • DAST
          • Installing Frida and Objection
      • Android
        • Create a Lab
          • Rooting Android Emulator
          • Rooting Android Emulator Cheat Sheet
        • APK Certificates
        • SAST
          • APKs
            • Get Information from APK
            • GDA (GJoy Dex Analysizer)
            • Scanning APK for URIs, endpoints & secrets
            • Google Maps API Scanner
        • DAST
          • Rooting the Android Studio AVDs
          • non-Rooted devices
            • Bypass SSL Pinning - non-rooted devices
              • Method 1: apk-mitm
              • Instrumentation with Frida and Objection
                • Bypass SSL Pinning - Method 2: With Objection Explore
                • Bypass SSL Pinning - Method 3: With root_bypass.js
          • Rooted Devices
            • Run frida-server in the emulator or device
            • Inject Frida
            • Bypass SSL Pinning - rooted devices
              • Install Burp CA as a system-level CA on the device
      • iOS
        • SAST
          • Building a reverse iOS engineering environment for free
          • Test Vulnerabilities
  • Lets Practice
    • Virtual Machines
    • Vulnerable App
    • Guided Labs
    • CTFs
  • Group 1
    • AI
Powered by GitBook
On this page
  • Requirements:
  • Instructions
  • Install the SuperSu.apk
  • Make emulator’ system partition writable
  • Pushing su binary in system directory
  • Change permissions of the su binary
  • Setting SELinux to Permissive (i.e turning off SE Linux)
  • Now you have an emulator with root!
  1. Pentest & Bug Bounty Resources and Techniques
  2. Mobile
  3. Android
  4. Create a Lab

Rooting Android Emulator

PreviousCreate a LabNextRooting Android Emulator Cheat Sheet

Last updated 4 years ago

Requirements:

  • Android Studio Installed

  • An Android Emulator running (for this tutorial version 5.1 -API 21-)

  • SuperSU Mobile app (chainfire)

    • (called SuperSU APK)

  • Recovery flashable.zip

    • (called SuperSU ZIP)

    • provided by XDA user

Instructions

Install the SuperSu.apk

  • Install the SuperSu app firstly.

    • You can do it from the device from , or

    • Sideload through adb i.e adb -e install supersu.apk

  • After installing it, when you run it shows a screen as shown below indicating "There is no SU binary installed..". This error just confirms the device is not yet rooted.

Make emulator’ system partition writable

  • As it suggests, we need to give the emulator permission to write system files.

  • List the emulators installed on your PC emulator -list-avds

  • Navigate to the tools folder where Android SDK is installed and open command prompt there.

    • On Mac OS: ~/Library/Android/sdk/emulator

  • Type the following code to accomplish this: emulator -avd {emulator_name} -writable-system

Pushing su binary in system directory

  • Extract the Recovery flashable.zip (containing the su binaries of different architectures)

Important! Only use the su binary that matches your AVD architecture e.g x86, arm etc.., and note the path where you extracted these binaries.

  • Make sure you are running adb as root and also you need to remount. Just enter these codes

adb root
adb remount

  • Now its time to push the su binary:

adb -e push adb -e push UPDATE-SuperSU-v2.82-20170528234214/x64/su /system/xbin/su

Nevermind about my specific location of su binary, any location is okay as long there is no white space

To figure out bin or xbin do in console before:

adb shell ls /system/xbin/su

For emulators running android 5.1 and below use the su and not su.pie

Change permissions of the su binary

  • Next let's do a bit of modification of the permissions of su binary. We have to do this in emulator device through adb:

adb -e shell su root cd /system/xbin chmod 06755 su

Take note of su binary path (mine is /system/xbin)

  • Setting the install directive on su binary and set a daemon

su --install
su --daemon&

Setting SELinux to Permissive (i.e turning off SE Linux)

  • Finally turn off selinux through this code: setenforce 0

  • Open SuperSU app on the Mobile emulator and it may ask to update binaries, you can use Normal method.

If you're experiencing bootloops, rather don't update the binaries, just use it as it is.

Now you have an emulator with root!

Google Play Store
Direct Download
Direct Download
Alternative backup
Ibuprophen
Google Play Store
Emulator list