Open in app

Sign in

Write

Sign in

Setup an Android Application (APK) Security Testing Environment on Lineage OS (Raspberry Pi Edition)

Africa Cyber Immersion Center (ACIC)
The Startup
Published in
5 min readSep 21, 2020

What you will need:

  • A computer, HDMI cable, monitor and a mouse
  • Raspberry Pi
  • A microSD card — 16 GB and a Card Reader
  • Internet connectivity
  • USB cable to power on the Raspberry Pi

Download the Following Files

Installation

STEP 1: Install Balena Etcher on your Windows or Linux machine

STEP 2: Download Lineage OS by clicking on the link highlighted below and save it on your Downloads directory.

STEP 3: Plugin your SD card into your computer using a USB card reader or the card reader slot if you have one on your machine.

STEP 4: Start the Balena Etcher application on your computer

STEP 5: Select “Flash from file “ option and choose the downloaded Lineage OS zip file. There is an option of using a URL as an alternative.

STEP 6: Select the target as your microSD card and then click “Flash!”.

STEP 7: Wait until Flash is completed and you can now remove the microSD card and insert it into your Raspberry pi.

Booting into Lineage OS:

Before powering on your Raspberry Pi, make sure you connect

  • A HDMI cable of your monitor to your Raspberry Pi
  • A USB mouse on your Raspberry Pi.
  • Optional: A keyboard. Lineage OS comes with an on screen keyboard as an alternative.

STEP 10: Power on your Raspberry Pi and Lineage OS should boot and show you the following image:

STEP 11: On the setup page, click next and select your Language, Timezone, Time options and setup your network. No special options are required.

STEP 12: After setup click on the Start button. You can scroll the same way you use your Android device. Click and drag up from the bottom three apps to bring up the app library.

Enable ADB and Terminal

STEP 13: Click on the Settings application and Scroll to the tab “About Tablet” and click on it. This will reveal information about the device. Click on the tab “Build number” 5 times until you get the message “You have enabled development settings”.

STEP 14: Click back to go back to the “Settings” main page and click on Systems → Advanced →Developer Options and enable the following options:

  • Root Access” Option — Choose the “Apps and ADB” option
  • Local Terminal” Option (Terminal Access)
  • ADB over network” Option (Access over network)

You can now restart your Raspberry Pi to implement the changes. You can either

  • Unplug the power from your Raspberry Pi to restart; or
  • Press F5 on your Keyboard; or
  • Implement a Switch OFF button on your Raspberry Pi

Installing Google Apps in Recovery Mode

STEP 15: Access the terminal with root privileges and allow access to files on the system. Type “su” on the terminal to allow root privileges.

su

STEP 16: Use the following commands to reboot on recovery mode:

Raspberry Pi 4

rpi4-recovery.sh
reboot

Raspberry Pi 3

rpi3-recovery.sh
reboot

The Raspberry Pi should will reboot into the Android recovery mode.

STEP 17: Copy the gapps package into a USB Flash and plug it into your Raspberry Pi. and follow the following steps:

  • Swipe on the option “Swipe to allow modifications
  • Click on the “mount” option to mount “Boot“, “System“, “Data” and “USB-OTG” partitions for configuration changes and mounting the USB device. Leave the “Vendor” option blank then click on the “Select Storage” option.
  • A dialog menu will be displayed asking you to select the storage device you want to use. Click the “USB-OTG option then click “OK”.
  • Click on the Android Recovery Home Button at the bottom of the screen.
  • Click on the “Install” button and click the “open_gapps” package to begin the installation process.
  • Confirm the Google Apps package setup by swiping the button “Swipe to confirm Flash”
  • Once the Google Apps installation is done, click the home button and click the “Wipe” button and swipe on the “Swipe to Factory Reset”.
  • Once the Android recovery software has finished resetting the operating system, click on the home button and go to the AdvancedTerminal menu and run the same recovery command to reboot back to the Lineage OS interface.

Raspberry Pi 4

rpi4-recovery.sh boot
reboot

Raspberry Pi 3

rpi3-recovery.sh boot
reboot

Lineage OS will now reboot to the Google account setup where you will be required to log into your google account.

Access Raspberry Pi from your Computer:

On your computer terminal, use the following command:

$ adb connect <android-ip>
$ adb shell

The connection will be slow and not encrypted. You can setup SSH by using the Android application SimpleSSH available on Google Play.

I am not using Google Apps to install Android applications but using third party vendors which is not advisable but if you understand what you are doing you can use them.

They include:

In order to access Google Play you will have to setup Gapps. Please do this before installing any applications because the installation process includes wiping device content.

Installing OWASP Android Applications

The following are the applications required:

  • Frida — Android Server setup
  • Xposed Framework: Change the behavior of the system and apps without touching any APKs.
  • Busybox: Busybox combines multiple common Unix utilities into a small single executable.
  • F-Droid: Extract APKs from your device
  • Drozer agent: Agent for drozer to search for security vulnerabilities in applications and devices.

That is it for the setup. An added advantage is that you can use this setup to make your dumb TV smart.

Happy Hacking!!

Barbara Munyendo

Serianu Limited

Android
Owasp
Raspberry Pi
Lineageos
Cybersecurity

--

--

Africa Cyber Immersion Center (ACIC)
The Startup

Written by Africa Cyber Immersion Center (ACIC)

16 Followers
Writer for

The Africa Cyber Immersion centre (ACIC) is a cyber security research, innovation and training facility

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams