WillJTools Mobile App Testing Checklist

Checklist

Device & Environment Setup

• Verify Device Connection
  • adb devices -l
  • adb shell getprop ro.product.model
  • adb shell getprop ro.build.version.release
• Root Check (Magisk)
  • adb shell
  • su -c id
• List Installed Packages
  • adb shell pm list packages | grep target

APK Extraction & Static Analysis

• Get APK Path
  • adb shell pm path com.example.target
• Pull APK from Device
  • adb pull /data/app/com.example.target/base.apk ./target.apk
• Extract Metadata & Manifest
  • aapt dump badging target.apk | head -n 20
  • aapt dump xmltree target.apk AndroidManifest.xml | head -n 50
• Decompile with JADX
  • jadx-gui ~/path/to/the/base.apk &
  • jadx-gui target.apk
• Decompile with Apktool
  • apktool d -f -o apktool-output target.apk
  • apktool b apktool-output -o rebuilt.apk
• Search for Keys & Secrets
  • rg -n "api_key|Authorization|token" jadx-output
  • strings target.apk | grep "https://"

App Data Extraction

• Extract App Data (Root)
  • adb shell su -c "cp -r /data/data/com.example.target /sdcard/target-data"
  • adb pull /sdcard/target-data ./data
• Access Debuggable App Data
  • adb shell run-as com.example.target ls -la /data/data/com.example.target
• Extract Shared Preferences
  • adb shell su -c "cat /data/data/com.example.target/shared_prefs/*.xml"
• Pull SQLite Databases
  • adb shell su -c "cp /data/data/com.example.target/databases/*.db /sdcard/"
  • adb pull /sdcard/*.db ./databases/
  • sqlite3 app.db ".tables"

Frida Instrumentation

• Push & Start Frida Server
  • adb push frida-server /data/local/tmp/
  • adb shell su -c "chmod 755 /data/local/tmp/frida-server"
  • adb shell su -c "/data/local/tmp/frida-server &"
  • frida-ps -Uai
• Attach to Process
  • frida -U -n com.example.target
  • frida -U -f com.example.target -l myhook.js --no-pause
• Dynamic Method Tracing
  • frida-trace -U -i "java.*" -p $(frida-ps -U | grep target | awk '{print $1}')

Network Interception

• Setup Burp Proxy via ADB
  • adb reverse tcp:8080 tcp:8080
  • adb shell settings put global http_proxy 127.0.0.1:8080
• Setup Proxy over Wi-Fi
  • Configure device Wi-Fi proxy: host=192.168.x.x port=8080
• Install Burp Certificate (Root)
  • openssl x509 -inform PEM -in burp.pem -subject_hash_old -noout
  • cp burp.pem [HASH].0
  • adb push [HASH].0 /system/etc/security/cacerts/
  • adb shell su -c "chmod 644 /system/etc/security/cacerts/[HASH].0"
  • adb reboot
• Capture Traffic with Tcpdump
  • adb push tcpdump /data/local/tmp/
  • adb shell su -c "/data/local/tmp/tcpdump -i any -s 0 -w /sdcard/capture.pcap"
  • adb pull /sdcard/capture.pcap ./capture.pcap

Certificate Pinning Checks

• Static Search for Pinning Code
  • rg -n "CertificatePinner|TrustManager|HostnameVerifier" jadx-output
• Monitor TLS/SSL Errors
  • adb logcat | grep -i "ssl|tls|pinning|certificate"

Native Library Analysis

• Inspect .so Libraries
  • unzip -l target.apk | grep ".so"
  • readelf -h lib/arm64-v8a/libtarget.so
  • nm -D lib/arm64-v8a/libtarget.so | head -n 50
• Search Strings in Native Code
  • strings lib/arm64-v8a/libtarget.so | grep "http"

Post-Test Cleanup

• Remove Proxy Settings
  • adb shell settings put global http_proxy :0
• Flush IPTables Rules
  • adb shell su -c "iptables -t nat -F"
• Stop Frida Server
  • adb shell su -c "pkill frida-server"
• Delete Temporary Files
  • adb shell su -c "rm /data/local/tmp/frida-server /sdcard/*.db /sdcard/capture.pcap"

Quick 1-Line Summary (Pre-Engagement Run)

• ADB → APK → Jadx → Frida → Burp Workflow
  • adb devices -l && adb shell su -c id && adb shell pm path com.example.target && adb pull $(adb shell pm path com.example.target | sed 's/package://') ./target.apk && jadx -d jadx-out target.apk && adb push frida-server /data/local/tmp/ && adb shell su -c /data/local/tmp/frida-server & && frida -U -f com.example.target -l myhook.js --no-pause