# ADB Commands

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>

**Adb通常位于：**

```bash
#Windows
C:\Users\<username>\AppData\Local\Android\sdk\platform-tools\adb.exe

#MacOS
/Users/<username>/Library/Android/sdk/platform-tools/adb
```

**信息获取自：** [**http://adbshell.com/**](http://adbshell.com)

## 连接

```
adb devices
```

这将列出已连接的设备；如果出现"***未授权***"，这意味着您必须**解锁**您的**手机**并**接受**连接。

这指示设备必须在端口5555上启动adb服务器：

```
adb tcpip 5555
```

连接到该 IP 和端口：

```
adb connect <IP>:<PORT>
```

如果在虚拟Android软件（如Genymotion）中遇到以下错误：

```
adb server version (41) doesn't match this client (36); killing...
```

这是因为您正在尝试连接到具有不同版本的ADB服务器。只需尝试找到软件正在使用的adb二进制文件（转到 `C:\Program Files\Genymobile\Genymotion` 并搜索 adb.exe）

### 多个设备

每当您发现**有多个设备连接到您的计算机**时，您需要**指定要在哪一个设备上**运行adb命令。

```bash
adb devices
List of devices attached
10.10.10.247:42135	offline
127.0.0.1:5555	device
```

```bash
adb -s 127.0.0.1:5555 shell
x86_64:/ # whoami
root
```

### 端口隧道

如果在安卓设备中 **adb** **端口** 只能从 **本地主机** 访问，但是 **你可以通过 SSH 访问**，你可以 **转发端口 5555** 并通过 adb 连接：

```bash
ssh -i ssh_key username@10.10.10.10 -L 5555:127.0.0.1:5555 -p 2222
adb connect 127.0.0.1:5555
```

## 包管理器

### 安装/卸载

#### adb install \[选项] <路径>

```bash
adb install test.apk

adb install -l test.apk # forward lock application

adb install -r test.apk # replace existing application

adb install -t test.apk # allow test packages

adb install -s test.apk # install application on sdcard

adb install -d test.apk # allow version code downgrade

adb install -p test.apk # partial application install
```

#### adb卸载 \[选项] <包名>

```bash
adb uninstall com.test.app

adb uninstall -k com.test.app Keep the data and cache directories around after package removal.
```

### 包

打印所有包，可选择仅打印包名包含\<FILTER>文本的包。

#### adb shell pm list packages \[options] \<FILTER-STR>

```bash
adb shell pm list packages <FILTER-STR>

adb shell pm list packages -f <FILTER-STR> #See their associated file.

adb shell pm list packages -d <FILTER-STR> #Filter to only show disabled packages.

adb shell pm list packages -e <FILTER-STR> #Filter to only show enabled packages.

adb shell pm list packages -s <FILTER-STR> #Filter to only show system packages.

adb shell pm list packages -3 <FILTER-STR> #Filter to only show third party packages.

adb shell pm list packages -i <FILTER-STR> #See the installer for the packages.

adb shell pm list packages -u <FILTER-STR> #Also include uninstalled packages.

adb shell pm list packages --user <USER_ID> <FILTER-STR> #The user space to query.
```

#### adb shell pm path \<PACKAGE>

打印给定应用的 APK 路径。

```bash
adb shell pm path com.android.phone
```

#### adb shell pm clear \<PACKAGE>

删除与一个应用程序相关的所有数据。

```bash
adb shell pm clear com.test.abc
```

## 文件管理器

#### adb pull \<remote> \[local]

从模拟器/设备下载指定文件到您的计算机。

```bash
adb pull /sdcard/demo.mp4 ./
```

#### adb push \<local> \<remote>

从您的计算机上传指定文件到模拟器/设备。

```bash
adb push test.apk /sdcard
```

## 屏幕截图/录屏

#### adb shell screencap <文件名>

对设备显示屏进行截图。

```bash
adb shell screencap /sdcard/screen.png
```

#### adb shell screenrecord \[options] \<filename>

记录运行Android 4.4（API级别19）及更高版本的设备显示。

```bash
adb shell screenrecord /sdcard/demo.mp4
adb shell screenrecord --size <WIDTHxHEIGHT>
adb shell screenrecord --bit-rate <RATE>
adb shell screenrecord --time-limit <TIME> #Sets the maximum recording time, in seconds. The default and maximum value is 180 (3 minutes).
adb shell screenrecord --rotate # Rotates 90 degrees
adb shell screenrecord --verbose
```

(press Ctrl-C to stop recording)

**您可以使用 \_adb pull**\_ **下载文件（图像和视频）**

## Shell

#### adb shell

在设备内部获取一个 shell

```bash
adb shell
```

#### adb shell \<CMD>

在设备内部执行命令

```bash
adb shell ls
```

### pm

以下命令在shell内执行

```bash
pm list packages #List installed packages
pm path <package name> #Get the path to the apk file of tha package
am start [<options>] #Start an activity. Whiout options you can see the help menu
am startservice [<options>] #Start a service. Whiout options you can see the help menu
am broadcast [<options>] #Send a broadcast. Whiout options you can see the help menu
input [text|keyevent] #Send keystrokes to device
```

## 进程

如果您想获取应用程序进程的 PID，可以执行：

```bash
adb shell ps
```

并搜索您的应用程序

或者您可以执行

```bash
adb shell pidof com.your.application
```

并且它将打印出该应用程序的PID

## 系统

```bash
adb root
```

重新启动带有根权限的adbd守护程序。然后，您必须重新连接到ADB服务器，这样您将成为root用户（如果可用）。

```bash
adb sideload <update.zip>
```

### 日志

#### Logcat

要**过滤只有一个应用程序的消息**，获取应用程序的 PID 并使用 grep（linux/macos）或 findstr（windows）来过滤 logcat 的输出：

```bash
adb logcat | grep 4526
adb logcat | findstr 4526
```

#### adb logcat \[选项] \[过滤规则]

```bash
adb logcat
```

注意：按Ctrl-C停止监视

```bash
adb logcat *:V # lowest priority, filter to only show Verbose level

adb logcat *:D # filter to only show Debug level

adb logcat *:I # filter to only show Info level

adb logcat *:W # filter to only show Warning level

adb logcat *:E # filter to only show Error level

adb logcat *:F # filter to only show Fatal level

adb logcat *:S # Silent, highest priority, on which nothing is ever printed
```

#### adb logcat -b <缓冲区>

```bash
adb logcat -b # radio View the buffer that contains radio/telephony related messages.

adb logcat -b # event View the buffer containing events-related messages.

adb logcat -b # main default

adb logcat -c # Clears the entire log and exits.

adb logcat -d # Dumps the log to the screen and exits.

adb logcat -f test.logs # Writes log message output to test.logs .

adb logcat -g # Prints the size of the specified log buffer and exits.

adb logcat -n <count> # Sets the maximum number of rotated logs to <count>.
```

### dumpsys

**dumpsys**用于转储系统数据

#### adb shell dumpsys \[options]

```bash
adb shell dumpsys

adb shell dumpsys meminfo

adb shell dumpsys battery
```

注意：运行Android 5.0或更高版本的移动设备已启用开发者选项。

```bash
adb shell dumpsys batterystats collects battery data from your device
```

注意：[Battery Historian](https://github.com/google/battery-historian) 将这些数据转换为 HTML 可视化。 **步骤 1** *adb shell dumpsys batterystats > batterystats.txt* **步骤 2** *python historian.py batterystats.txt > batterystats.html*

```bash
adb shell dumpsys batterystats --reset erases old collection data
```

```plaintext
adb shell dumpsys activity

# 备份

从adb备份安卓设备。
```

```bash
adb backup [-apk] [-shared] [-system] [-all] -f file.backup
# -apk -- Include APK from Third partie's applications
# -shared -- Include removable storage
# -system -- Include system Applciations
# -all -- Include all the applications

adb shell pm list packages -f -3      #List packages
adb backup -f myapp_backup.ab -apk com.myapp # backup on one device
adb restore myapp_backup.ab                  # restore to the same or any other device
```

如果您想检查备份的内容：

```bash
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 myapp_backup.ab ) |  tar xfvz -
```

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>