# ADB Commands

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>

**Adb通常位于：**

```bash
#Windows
C:\Users\<username>\AppData\Local\Android\sdk\platform-tools\adb.exe

#MacOS
/Users/<username>/Library/Android/sdk/platform-tools/adb
```

**信息获取自：** [**http://adbshell.com/**](http://adbshell.com)

## 连接

```
adb devices
```

这将列出已连接的设备；如果出现"***未授权***"，这意味着您必须**解锁**您的**手机**并**接受**连接。

这指示设备必须在端口5555上启动adb服务器：

```
adb tcpip 5555
```

连接到该 IP 和端口：

```
adb connect <IP>:<PORT>
```

如果在虚拟Android软件（如Genymotion）中遇到以下错误：

```
adb server version (41) doesn't match this client (36); killing...
```

这是因为您正在尝试连接到具有不同版本的ADB服务器。只需尝试找到软件正在使用的adb二进制文件（转到 `C:\Program Files\Genymobile\Genymotion` 并搜索 adb.exe）

### 多个设备

每当您发现**有多个设备连接到您的计算机**时，您需要**指定要在哪一个设备上**运行adb命令。

```bash
adb devices
List of devices attached
10.10.10.247:42135	offline
127.0.0.1:5555	device
```

```bash
adb -s 127.0.0.1:5555 shell
x86_64:/ # whoami
root
```

### 端口隧道

如果在安卓设备中 **adb** **端口** 只能从 **本地主机** 访问，但是 **你可以通过 SSH 访问**，你可以 **转发端口 5555** 并通过 adb 连接：

```bash
ssh -i ssh_key username@10.10.10.10 -L 5555:127.0.0.1:5555 -p 2222
adb connect 127.0.0.1:5555
```

## 包管理器

### 安装/卸载

#### adb install \[选项] <路径>

```bash
adb install test.apk

adb install -l test.apk # forward lock application

adb install -r test.apk # replace existing application

adb install -t test.apk # allow test packages

adb install -s test.apk # install application on sdcard

adb install -d test.apk # allow version code downgrade

adb install -p test.apk # partial application install
```

#### adb卸载 \[选项] <包名>

```bash
adb uninstall com.test.app

adb uninstall -k com.test.app Keep the data and cache directories around after package removal.
```

### 包

打印所有包，可选择仅打印包名包含\<FILTER>文本的包。

#### adb shell pm list packages \[options] \<FILTER-STR>

```bash
adb shell pm list packages <FILTER-STR>

adb shell pm list packages -f <FILTER-STR> #See their associated file.

adb shell pm list packages -d <FILTER-STR> #Filter to only show disabled packages.

adb shell pm list packages -e <FILTER-STR> #Filter to only show enabled packages.

adb shell pm list packages -s <FILTER-STR> #Filter to only show system packages.

adb shell pm list packages -3 <FILTER-STR> #Filter to only show third party packages.

adb shell pm list packages -i <FILTER-STR> #See the installer for the packages.

adb shell pm list packages -u <FILTER-STR> #Also include uninstalled packages.

adb shell pm list packages --user <USER_ID> <FILTER-STR> #The user space to query.
```

#### adb shell pm path \<PACKAGE>

打印给定应用的 APK 路径。

```bash
adb shell pm path com.android.phone
```

#### adb shell pm clear \<PACKAGE>

删除与一个应用程序相关的所有数据。

```bash
adb shell pm clear com.test.abc
```

## 文件管理器

#### adb pull \<remote> \[local]

从模拟器/设备下载指定文件到您的计算机。

```bash
adb pull /sdcard/demo.mp4 ./
```

#### adb push \<local> \<remote>

从您的计算机上传指定文件到模拟器/设备。

```bash
adb push test.apk /sdcard
```

## 屏幕截图/录屏

#### adb shell screencap <文件名>

对设备显示屏进行截图。

```bash
adb shell screencap /sdcard/screen.png
```

#### adb shell screenrecord \[options] \<filename>

记录运行Android 4.4（API级别19）及更高版本的设备显示。

```bash
adb shell screenrecord /sdcard/demo.mp4
adb shell screenrecord --size <WIDTHxHEIGHT>
adb shell screenrecord --bit-rate <RATE>
adb shell screenrecord --time-limit <TIME> #Sets the maximum recording time, in seconds. The default and maximum value is 180 (3 minutes).
adb shell screenrecord --rotate # Rotates 90 degrees
adb shell screenrecord --verbose
```

(press Ctrl-C to stop recording)

**您可以使用 \_adb pull**\_ **下载文件（图像和视频）**

## Shell

#### adb shell

在设备内部获取一个 shell

```bash
adb shell
```

#### adb shell \<CMD>

在设备内部执行命令

```bash
adb shell ls
```

### pm

以下命令在shell内执行

```bash
pm list packages #List installed packages
pm path <package name> #Get the path to the apk file of tha package
am start [<options>] #Start an activity. Whiout options you can see the help menu
am startservice [<options>] #Start a service. Whiout options you can see the help menu
am broadcast [<options>] #Send a broadcast. Whiout options you can see the help menu
input [text|keyevent] #Send keystrokes to device
```

## 进程

如果您想获取应用程序进程的 PID，可以执行：

```bash
adb shell ps
```

并搜索您的应用程序

或者您可以执行

```bash
adb shell pidof com.your.application
```

并且它将打印出该应用程序的PID

## 系统

```bash
adb root
```

重新启动带有根权限的adbd守护程序。然后，您必须重新连接到ADB服务器，这样您将成为root用户（如果可用）。

```bash
adb sideload <update.zip>
```

### 日志

#### Logcat

要**过滤只有一个应用程序的消息**，获取应用程序的 PID 并使用 grep（linux/macos）或 findstr（windows）来过滤 logcat 的输出：

```bash
adb logcat | grep 4526
adb logcat | findstr 4526
```

#### adb logcat \[选项] \[过滤规则]

```bash
adb logcat
```

注意：按Ctrl-C停止监视

```bash
adb logcat *:V # lowest priority, filter to only show Verbose level

adb logcat *:D # filter to only show Debug level

adb logcat *:I # filter to only show Info level

adb logcat *:W # filter to only show Warning level

adb logcat *:E # filter to only show Error level

adb logcat *:F # filter to only show Fatal level

adb logcat *:S # Silent, highest priority, on which nothing is ever printed
```

#### adb logcat -b <缓冲区>

```bash
adb logcat -b # radio View the buffer that contains radio/telephony related messages.

adb logcat -b # event View the buffer containing events-related messages.

adb logcat -b # main default

adb logcat -c # Clears the entire log and exits.

adb logcat -d # Dumps the log to the screen and exits.

adb logcat -f test.logs # Writes log message output to test.logs .

adb logcat -g # Prints the size of the specified log buffer and exits.

adb logcat -n <count> # Sets the maximum number of rotated logs to <count>.
```

### dumpsys

**dumpsys**用于转储系统数据

#### adb shell dumpsys \[options]

```bash
adb shell dumpsys

adb shell dumpsys meminfo

adb shell dumpsys battery
```

注意：运行Android 5.0或更高版本的移动设备已启用开发者选项。

```bash
adb shell dumpsys batterystats collects battery data from your device
```

注意：[Battery Historian](https://github.com/google/battery-historian) 将这些数据转换为 HTML 可视化。 **步骤 1** *adb shell dumpsys batterystats > batterystats.txt* **步骤 2** *python historian.py batterystats.txt > batterystats.html*

```bash
adb shell dumpsys batterystats --reset erases old collection data
```

```plaintext
adb shell dumpsys activity

# 备份

从adb备份安卓设备。
```

```bash
adb backup [-apk] [-shared] [-system] [-all] -f file.backup
# -apk -- Include APK from Third partie's applications
# -shared -- Include removable storage
# -system -- Include system Applciations
# -all -- Include all the applications

adb shell pm list packages -f -3      #List packages
adb backup -f myapp_backup.ab -apk com.myapp # backup on one device
adb restore myapp_backup.ab                  # restore to the same or any other device
```

如果您想检查备份的内容：

```bash
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 myapp_backup.ab ) |  tar xfvz -
```

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hacktricks.xsx.tw/mobile-pentesting/android-app-pentesting/adb-commands.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.