Control your device via Wi-Fi
For example you can reboot your Android device remotely using ADB over Wi-Fi, as long as the phone and your computer are on the same Wi-Fi network.
Steps:
- Find your phone’s IP address (Settings > About phone > Status or via Wi-Fi settings).
-
Run the following on your computer:
adb connect <device-ip>:5555 -
If connected successfully, reboot the phone with:
adb reboot
Important Notes:
-
ADB over Wi-Fi must be enabled beforehand (can be done over USB using
adb tcpip 5555). - Devices often disable ADB over Wi-Fi after reboot — you may need to reconnect via USB.
- This only works if both devices are on the same local network (e.g., same router or mobile hotspot).
- ADB does not work over the internet unless advanced port forwarding is configured (not recommended for security reasons).
SSL Pinning in Android
SSL pinning ensures that the app only trusts a specific certificate or public key, preventing man-in-the-middle attacks even if a rogue CA is trusted by the system.
1. Certificate Pinning with OkHttp
CertificatePinner pinner = new CertificatePinner.Builder()
.add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(pinner)
.build();
2. TrustManager Override (Manual Pinning)
TrustManager[] trustManagers = new TrustManager[]{
new X509TrustManager() {
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Compare chain[0] with your pinned cert
}
public void checkClientTrusted(...) {}
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
}
};
3. Network Security Config (Android 7+)
res/xml/network_security_config.xml
<network-security-config>
<domain-config>
<domain includeSubdomains="true">example.com</domain>
<pin-set expiration="2025-01-01">
<pin digest="SHA-256">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</pin>
</pin-set>
</domain-config>
</network-security-config>
AndroidManifest.xml
<application
android:networkSecurityConfig="@xml/network_security_config">
</application>
Bypassing SSL Pinning with Frida
Frida lets you hook into Android apps at runtime to bypass SSL pinning dynamically:
// Example Frida script
Java.perform(function() {
var TrustManagerImpl = Java.use("com.android.org.conscrypt.TrustManagerImpl");
TrustManagerImpl.checkTrustedRecursive.implementation = function() {
console.log("[+] Bypassed checkTrustedRecursive");
return;
};
});
Save it as ssl_bypass.js and run with:
frida -U -n com.example.app -l ssl_bypass.jsThis method works best on rooted devices or emulators with Frida-server running. You may need to adjust class names depending on the Android version or obfuscation used.
Java App vs. Android App Compilation
| Target | Compilation Path | Runs On |
|---|---|---|
| Java (Desktop / Server) | .java → javac → .class → JVM | JVM |
| Android App | .java → javac → .class → d8/dx → .dex → APK | ART/Dalvik |
Java Bytecode vs Android Bytecode
| Feature | Java Bytecode | Android Bytecode |
|---|---|---|
| Format | .class | .dex |
| Virtual Machine | JVM | Dalvik / ART |
| Architecture | Stack-based | Register-based |
| Tooling | javac, java, javap | dx, d8, smali, baksmali |
| Instruction Set | JVM opcodes | Dalvik opcodes |
| Bytecode Viewer Tool | javap, JD-GUI | baksmali, jadx, jadx-gui |