Setup¶
Initially setting up revenge
to work with an android emulator involves
using the devices. For this doc, I’ll assume that you already have an
android running, in either emulator or physical form.
Note
You must have root access to the device on which you wish to run
revenge
.
Base Connection¶
Base interactions for revenge
will go through the device object.
Instantiating this object will attempt to automatically install, run and
connect to the latest version of frida server for your android.
Examples¶
from revenge import devices
# Connect to the first usb device adb finds
android = devices.AndroidDevice(type="usb")
"<AndroidDevice emulator-5554>"
# Connect to device with the given id
android = devices.AndroidDevice(id="emulator-5554")
"<AndroidDevice emulator-5554>"
Installing/Removing APKs¶
A convenience method exists to install and uninstall apks directly from
revenge
.
Examples¶
android.install("something.apk")
android.uninstall("com.blerg.something")
android.uninstall(android.applications['*something*'])
List Processes/Applications¶
You can list both running processes and running applications. Applications have their own class.
revenge.devices.android.applications.AndroidApplications
Examples¶
android.device.enumerate_processes()
"""
<clip>
Process(pid=1502, name="tombstoned"),
Process(pid=1503, name="android.hardware.biometrics.fingerprint@2.1-service"),
Process(pid=1506, name="iptables-restore"),
Process(pid=1507, name="ip6tables-restore"),
Process(pid=1604, name="dhcpclient"),
Process(pid=1607, name="sh"),
Process(pid=1608, name="sleep"),
Process(pid=1619, name="ipv6proxy"),
Process(pid=1622, name="hostapd"),
Process(pid=1624, name="dhcpserver"),
Process(pid=1633, name="system_server"),
Process(pid=1740, name="com.android.inputmethod.latin"),
Process(pid=1748, name="com.android.systemui"),
Process(pid=1790, name="webview_zygote32"),
Process(pid=1846, name="wpa_supplicant"),
Process(pid=1851, name="com.android.phone"),
<clip>
"""
# List applications
list(android.applications)
"""
<clip>
Application(identifier="com.android.dialer", name="Phone", pid=2084),
Application(identifier="com.android.gallery3d", name="Gallery"),
Application(identifier="com.android.emulator.smoketests", name="Emulator Smoke Tests"),
Application(identifier="android.ext.services", name="Android Services Library", pid=2566),
Application(identifier="com.android.packageinstaller", name="Package installer"),
Application(identifier="com.svox.pico", name="Pico TTS"),
Application(identifier="com.android.proxyhandler", name="ProxyHandler"),
Application(identifier="com.android.inputmethod.latin", name="Android Keyboard (AOSP)", pid=1740),
Application(identifier="org.chromium.webview_shell", name="WebView Shell"),
Application(identifier="com.android.managedprovisioning", name="Work profile setup"),
<clip>
"""
Running Applications¶
You can spawn and attach to applications via command-line.
Examples¶
# Launch application and retrieve corresponding revenge.Process instance
p = android.spawn("com.android.email", gated=False, load_symbols="*dex")
<Process <pre-initialized>:4335>
calc = android.applications['*calc*']
p = android.spawn(calc, gated=False, load_symbols="*dex")
# If the app is already running, you can just attach
p = android.attach("*calc*", load_symbols="*dex")