Pentest & Bug Bounty Resources and Techniques
  • Pentest & Bug Bounty Resources and Techniques
    • Introduction
    • Tests Checklist
    • OSINT
    • Communications Security
      • SSL/TLS
    • Networking
      • Subdomains Discovery
        • DNS & OSINT
        • DNS Brute force
          • Second DNS Brute-Force Round
      • Subdomain Takeover
      • Network Host Scan/Discovery
        • External/Internal
        • Internal only
      • Network Vulnerability Scanning
      • Network Hacking
      • Parsing
      • Reporting
    • Brute Force
      • Wordlists
      • Databases
      • SSH
    • Web
      • Endpoint Discovery
      • Infrastructure & Configuration
        • Headers
        • WAF Detection/ Evasion
      • Injection
        • GraphQL
        • Cross-Site Scripting (XSS)
        • SQL Injection
        • Payloads
      • SSRF & XXE
        • Labs & Resources
        • Tools
        • SVG SSRF Cheatsheet
        • XXE - XEE - XML External Entity
      • JWT Vulnerabilities (Json Web Tokens)
      • HTTP/S DoS
    • Mobile
      • Both
        • SAST
          • MobSF
        • DAST
          • Installing Frida and Objection
      • Android
        • Create a Lab
          • Rooting Android Emulator
          • Rooting Android Emulator Cheat Sheet
        • APK Certificates
        • SAST
          • APKs
            • Get Information from APK
            • GDA (GJoy Dex Analysizer)
            • Scanning APK for URIs, endpoints & secrets
            • Google Maps API Scanner
        • DAST
          • Rooting the Android Studio AVDs
          • non-Rooted devices
            • Bypass SSL Pinning - non-rooted devices
              • Method 1: apk-mitm
              • Instrumentation with Frida and Objection
                • Bypass SSL Pinning - Method 2: With Objection Explore
                • Bypass SSL Pinning - Method 3: With root_bypass.js
          • Rooted Devices
            • Run frida-server in the emulator or device
            • Inject Frida
            • Bypass SSL Pinning - rooted devices
              • Install Burp CA as a system-level CA on the device
      • iOS
        • SAST
          • Building a reverse iOS engineering environment for free
          • Test Vulnerabilities
  • Lets Practice
    • Virtual Machines
    • Vulnerable App
    • Guided Labs
    • CTFs
  • Group 1
    • AI
Powered by GitBook
On this page
  1. Pentest & Bug Bounty Resources and Techniques
  2. Mobile
  3. Android
  4. DAST

Rooting the Android Studio AVDs

From https://github.com/0xFireball/root_avd/

PreviousDASTNextnon-Rooted devices

Last updated 11 months ago

A quick guide on how to root Android Studio's Android AVDs (and required files!)

Required files can be found in this repository:

You need the Android SDK and fresh new AVD. For this guide we will call it RootAVD.

This was written and tested on a Nexus 5X AVD running Android 7.1 Nougat on an Ubuntu Linux host. This method should work with a similar setup (Android Nougat) for the forseeable future, though future Android versions may complicate this process further.

1.) Start emulator $SDK_PATH/emulator/emulator with args -avd RootAVD -writable-system -selinux disabled -qemu -enable-kvm

C:\Users\<USER>\AppData\Local\Android\Sdk\emulator\emulator -avd RootAPI27 -writable-system -selinux disabled -qemu
~/Library/Android/sdk/emulator/emulator -avd RootAPI27 -writable-system

RootAPI27 is the AVD name you had created

2.) Wait for boot

3.) Restart adbd as root and remount system as writable:

adb root
adb remount

4.) Install Superuser.apk:

adb install SuperSU/common/Superuser.apk

5.) Push su and update permissions: you will have to pick the corresponding architecture $ARCH. adb push SuperSU/$ARCH/su /system/xbin/su, then update permissions: adb shell chmod 0755 /system/xbin/su

adb push <LOCAL PATH>\su /system/xbin/su

# update permissions
adb shell chmod 0755 /system/xbin/su
adb push <LOCAL PATH>/su /system/xbin/su

# update permissions
adb shell chmod 0755 /system/xbin/su

6.) Enter into adb shell: adb shell

#Set SELinux Permissive
setenforce 0

#Install SuperSU's su to system
su --install

#Run SuperSU's su as daemon
su --daemon&

#Exit adb shell
exit
adb install .\Superuser.apk

8.) Finally, open the SuperSU app on the device, and it will tell you the su binary needs to be updated. Accept and use normal installation.

Installation will fail. Don't reboot, just move on. It will still work.

9.) Congratulations! You now have a rooted AVD with SuperSU.

TIP: Superuser may not always persist after reboot, to fix:

  1. From a root shell, start su --daemon&

  2. Root should now work.

  3. Optional: Look for the temporary emulator system image; you can back this up and use it as a patched system.

7.) Install application

Superuser.apk
https://github.com/0xFireball/root_avd