pwnlib.adb — 安卓调试桥

通过安卓调试桥 (ADB) 提供与安卓设备交互的功能

通过 pwntools 使用安卓设备

Pwntools 在尝试将与安卓设备交互变得尽可能简单

如果你只有一个连接的安卓设备, 那么就可以直接使用了

如果你有多个安卓设备, 那么你可能需要手动选择一个, 或者遍历他们

首先也是最重要的是 context.device 属性,它声明了 “当前” 所选设备 它可以手动设置为序列号或 Device 类的实例

# 获取第一个有效的安卓设备
context.device = adb.wait_for_device()

# 通过序列号设置安卓设备
context.device = 'ZX1G22LH8S'

# 通过产品名称设置安卓设备
for device in adb.devices():
    if device.product == 'shamu':
        break
else:
    error("Could not find any shamus!")

一旦设备被选择成功, 那么你就可以调用 pwnlib.adb 任意函数其进行操作了

# 获取进程列表
print adb.process(['ps']).recvall()

# 获取属性
print adb.properties.ro.build.fingerprint

# 读写文件
print adb.read('/proc/version')
adb.write('/data/local/tmp/foo', 'my data')
class pwnlib.adb.adb.AdbDevice(serial, type, port=None, product='unknown', model='unknown', device='unknown', features=None, **kw)[源代码]

Encapsulates information about a connected device.

Example

>>> device = adb.wait_for_device()
>>> device.arch
'arm'
>>> device.bits
32
>>> device.os
'android'
>>> device.product
'sdk_phone_armv7'
>>> device.serial
'emulator-5554'
pwnlib.adb.adb.adb(argv, *a, **kw)[源代码]

Returns the output of an ADB subcommand.

>>> adb.adb(['get-serialno'])
'emulator-5554\n'
pwnlib.adb.adb.boot_time() → int[源代码]
返回:Boot time of the device, in Unix time, rounded to the nearest second.
pwnlib.adb.adb.build(*a, **kw)[源代码]

Returns the Build ID of the device.

pwnlib.adb.adb.compile(source)[源代码]

Compile a source file or project with the Android NDK.

pwnlib.adb.adb.current_device(any=False)[源代码]

Returns an AdbDevice instance for the currently-selected device (via context.device).

Example

>>> device = adb.current_device(any=True)
>>> device
AdbDevice(serial='emulator-5554', type='device', port='emulator', product='sdk_phone_armv7', model='sdk phone armv7', device='generic')
>>> device.port
'emulator'
pwnlib.adb.adb.devices(*a, **kw)[源代码]

Returns a list of Device objects corresponding to the connected devices.

pwnlib.adb.adb.disable_verity(*a, **kw)[源代码]

Disables dm-verity on the device.

pwnlib.adb.adb.exists(*a, **kw)[源代码]

Return True if path exists on the target device.

Examples

>>> adb.exists('/')
True
>>> adb.exists('/init')
True
>>> adb.exists('/does/not/exist')
False
pwnlib.adb.adb.fastboot(*a, **kw)[源代码]

Executes a fastboot command.

返回:The command output.
pwnlib.adb.adb.find_ndk_project_root(source)[源代码]

Given a directory path, find the topmost project root.

tl;dr “foo/bar/jni/baz.cpp” ==> “foo/bar”

pwnlib.adb.adb.fingerprint(*a, **kw)[源代码]

Returns the device build fingerprint.

pwnlib.adb.adb.forward(*a, **kw)[源代码]

Sets up a port to forward to the device.

pwnlib.adb.adb.getprop(*a, **kw)[源代码]

Reads a properties from the system property store.

参数:name (str) – Optional, read a single property.
返回:If name is not specified, a dict of all properties is returned. Otherwise, a string is returned with the contents of the named property.
pwnlib.adb.adb.install(apk, *arguments)[源代码]

Install an APK onto the device.

This is a wrapper around ‘pm install’, which backs ‘adb install’.

参数:
  • apk (str) – Path to the APK to intall (e.g. 'foo.apk')
  • arguments – Supplementary arguments to ‘pm install’, e.g. '-l', '-g'.
pwnlib.adb.adb.interactive(*a, **kw)[源代码]

Spawns an interactive shell.

pwnlib.adb.adb.isdir(*a, **kw)[源代码]

Return True if path is a on the target device.

Examples

>>> adb.isdir('/')
True
>>> adb.isdir('/init')
False
>>> adb.isdir('/does/not/exist')
False
pwnlib.adb.adb.listdir(*a, **kw)[源代码]

Returns a list containing the entries in the provided directory.

注解

This uses the SYNC LIST functionality, which runs in the adbd SELinux context. If adbd is running in the su domain (‘adb root’), this behaves as expected.

Otherwise, less files may be returned due to restrictive SELinux policies on adbd.

pwnlib.adb.adb.logcat(*a, **kw)[源代码]

Reads the system log file.

By default, causes logcat to exit after reading the file.

参数:stream (bool) – If True, the contents are streamed rather than read in a one-shot manner. Default is False.
返回:If stream is False, returns a string containing the log data. Otherwise, it returns a pwnlib.tubes.tube.tube connected to the log output.
pwnlib.adb.adb.makedirs(*a, **kw)[源代码]

Create a directory and all parent directories on the target device.

注解

Silently succeeds if the directory already exists.

Examples

>>> adb.makedirs('/data/local/tmp/this/is/a/directory/heirarchy')
>>> adb.listdir('/data/local/tmp/this/is/a/directory')
['heirarchy']
pwnlib.adb.adb.mkdir(*a, **kw)[源代码]

Create a directory on the target device.

注解

Silently succeeds if the directory already exists.

参数:path (str) – Directory to create.

Examples

>>> adb.mkdir('/')

>>> path = '/data/local/tmp/mkdir_test'
>>> adb.exists(path)
False
>>> adb.mkdir(path)
>>> adb.exists(path)
True

>>> adb.mkdir('/init')
Traceback (most recent call last):
...
PwnlibException: mkdir failed for /init, File exists
pwnlib.adb.adb.packages(*a, **kw)[源代码]

Returns a list of packages installed on the system

pwnlib.adb.adb.pidof(*a, **kw)[源代码]

Returns a list of PIDs for the named process.

pwnlib.adb.adb.proc_exe(*a, **kw)[源代码]

Returns the full path of the executable for the provided PID.

pwnlib.adb.adb.process(*a, **kw)[源代码]

Execute a process on the device.

See pwnlib.tubes.process.process documentation for more info.

返回:A pwnlib.tubes.process.process tube.

Examples

>>> adb.root()
>>> print adb.process(['cat','/proc/version']).recvall() 
Linux version ...
pwnlib.adb.adb.product(*a, **kw)[源代码]

Returns the device product identifier.

pwnlib.adb.adb.pull(*a, **kw)[源代码]

Download a file from the device.

参数:
  • remote_path (str) – Path or directory of the file on the device.
  • local_path (str) – Path to save the file to. Uses the file’s name by default.
返回:

The contents of the file.

Example

>>> _=adb.pull('/proc/version', './proc-version')
>>> print read('./proc-version') 
Linux version ...
pwnlib.adb.adb.push(*a, **kw)[源代码]

Upload a file to the device.

参数:
  • local_path (str) – Path to the local file to push.
  • remote_path (str) – Path or directory to store the file on the device.
返回:

Remote path of the file.

Example

>>> write('./filename', 'contents')
>>> adb.push('./filename', '/data/local/tmp')
'/data/local/tmp/filename'
>>> adb.read('/data/local/tmp/filename')
'contents'
>>> adb.push('./filename', '/does/not/exist')
Traceback (most recent call last):
...
PwnlibException: Could not stat '/does/not/exist'
pwnlib.adb.adb.read(*a, **kw)[源代码]

Download a file from the device, and extract its contents.

参数:
  • path (str) – Path to the file on the device.
  • target (str) – Optional, location to store the file. Uses a temporary file by default.
  • callback (callable) – See the documentation for adb.protocol.AdbClient.read.

Examples

>>> print adb.read('/proc/version') 
Linux version ...
>>> adb.read('/does/not/exist')
Traceback (most recent call last):
...
PwnlibException: Could not stat '/does/not/exist'
pwnlib.adb.adb.reboot(*a, **kw)[源代码]

Reboots the device.

pwnlib.adb.adb.reboot_bootloader(*a, **kw)[源代码]

Reboots the device to the bootloader.

pwnlib.adb.adb.remount(*a, **kw)[源代码]

Remounts the filesystem as writable.

pwnlib.adb.adb.root(*a, **kw)[源代码]

Restarts adbd as root.

>>> adb.root()
pwnlib.adb.adb.setprop(*a, **kw)[源代码]

Writes a property to the system property store.

pwnlib.adb.adb.shell(*a, **kw)[源代码]

Returns an interactive shell.

pwnlib.adb.adb.uninstall(package, *arguments)[源代码]

Uninstall an APK from the device.

This is a wrapper around ‘pm uninstall’, which backs ‘adb uninstall’.

参数:
  • package (str) – Name of the package to uninstall (e.g. 'com.foo.MyPackage')
  • arguments – Supplementary arguments to 'pm install', e.g. '-k'.

Unlinks a file or directory on the target device.

Examples

>>> adb.unlink("/does/not/exist")
Traceback (most recent call last):
...
PwnlibException: Could not unlink '/does/not/exist': Does not exist

>>> filename = '/data/local/tmp/unlink-test'
>>> adb.write(filename, 'hello')
>>> adb.exists(filename)
True
>>> adb.unlink(filename)
>>> adb.exists(filename)
False

>>> adb.mkdir(filename)
>>> adb.write(filename + '/contents', 'hello')
>>> adb.unlink(filename)
Traceback (most recent call last):
...
PwnlibException: Cannot delete non-empty directory '/data/local/tmp/unlink-test' without recursive=True

>>> adb.unlink(filename, recursive=True)
>>> adb.exists(filename)
False
pwnlib.adb.adb.unlock_bootloader(*a, **kw)[源代码]

Unlocks the bootloader of the device.

注解

This requires physical interaction with the device.

pwnlib.adb.adb.unroot(*a, **kw)[源代码]

Restarts adbd as AID_SHELL.

pwnlib.adb.adb.uptime() → float[源代码]
返回:Uptime of the device, in seconds
pwnlib.adb.adb.wait_for_device(*a, **kw)[源代码]

Waits for a device to be connected.

By default, waits for the currently-selected device (via context.device). To wait for a specific device, set context.device. To wait for any device, clear context.device.

返回:An AdbDevice instance for the device.

Examples

>>> device = adb.wait_for_device()
pwnlib.adb.adb.which(*a, **kw)[源代码]

Retrieves the full path to a binary in $PATH on the device

参数:
  • name (str) – Binary name
  • all (bool) – Whether to return all paths, or just the first
  • *a – Additional arguments for adb.process()
  • **kw – Additional arguments for adb.process()
返回:

Either a path, or list of paths

Example

>>> adb.which('sh')
'/system/bin/sh'
>>> adb.which('sh', all=True)
['/system/bin/sh']

>>> adb.which('foobar') is None
True
>>> adb.which('foobar', all=True)
[]
pwnlib.adb.adb.write(*a, **kw)[源代码]

Create a file on the device with the provided contents.

参数:
  • path (str) – Path to the file on the device
  • data (str) – Contents to store in the file

Examples

>>> adb.write('/dev/null', 'data')
>>> adb.write('/data/local/tmp/')

这个文件存在的意义只是为了向后兼容