### Get Application Information Source: https://device-farm.com/doc/%E5%BA%94%E7%94%A8%E6%93%8D%E4%BD%9C Retrieves detailed information about an installed application, such as package name, version, source directory, and installation times. The output is a structured object. ```python result = app.info() print(result.processName) # 示例输出: # packageName: "com.android.settings" # uid: 1000 # enabled: true # processName: "com.android.settings" # sourceDir: "/system/product/priv-app/Settings/Settings.apk" # dataDir: "/data/user_de/0/com.android.settings" # versionCode: 1276 # versionName: "10" ``` -------------------------------- ### Execute Server Start Command Source: https://device-farm.com/doc/%E5%90%AF%E5%8A%A8%E6%9C%8D%E5%8A%A1 Command to start the FIRERPA server. Requires root privileges. Successful execution outputs 'llllaamDaa started'. If the service is already running, it will indicate 'already running'. Ensure the system timezone is correctly set and the correct architecture package is used. ```shell sh /data/server/bin/launch.sh ``` -------------------------------- ### Start OpenVPN Server (Foreground) Source: https://device-farm.com/doc/%E9%83%A8%E7%BD%B2VPN%E6%9C%8D%E5%8A%A1 Starts the OpenVPN server in the foreground, allowing direct observation of client connection logs and error troubleshooting. The container is named 'openvpn-server'. ```shell docker run -it --rm --name openvpn-server --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn run ``` -------------------------------- ### Start OpenVPN Server (Background) Source: https://device-farm.com/doc/%E9%83%A8%E7%BD%B2VPN%E6%9C%8D%E5%8A%A1 Starts the OpenVPN server in detached (background) mode. This is the recommended method for production environments after verification. ```shell docker run -d --rm --name openvpn-server --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn run ``` -------------------------------- ### Get Application Instance Source: https://device-farm.com/doc/FRIDA%E4%B8%8A%E6%8A%A5%E6%95%B0%E6%8D%AE Retrieves an instance of the application for script injection. This is the first step to interact with the target application. ```python app = d.application("com.android.settings") ``` -------------------------------- ### Application Management Commands Source: https://device-farm.com/doc/%E5%BA%94%E7%94%A8%E6%93%8D%E4%BD%9C Provides methods to manage applications on the device, including stopping, checking foreground status, retrieving information, checking installation status, and uninstalling. ```python app.stop() # 强制关闭应用 ``` ```python app.is_foreground() # 检查应用是否在前台运行 ``` ```python app.is_installed() # 检查应用是否已安装 ``` ```python app.uninstall() # 从设备卸载应用 ``` -------------------------------- ### Application Selection Example Source: https://device-farm.com/doc/%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86 Demonstrates how to select specific applications for proxying using the FIRERPA library, including methods for selecting by package name or application name, and handling multiple instances of an application. ```Python import d # Assuming 'd' is the library object # Select application by package name app_by_package = d.application("com.android.browser") # Select application by name (e.g., 'Browser') app_by_name = d.get_application_by_name("浏览器") # Select a specific instance of an application (e.g., multi-instance) app_multi_instance = d.application("com.android.browser", user=999) # Set the selected application for proxying # profile.application.set(app_by_package) # Example of setting one of the selected apps ``` -------------------------------- ### Start Application Activity Source: https://device-farm.com/doc/%E5%BA%94%E7%94%A8%E6%93%8D%E4%BD%9C Initiates an application activity on the device. Supports specifying action, category, component, extras (with limited data types), flags, data URI, and debug mode. Can replay recorded activities or launch specific app components. ```python from lamda.const import * d.start_activity(action="*", category="*", component="*", extras={"boolean": False, "int": 1, "string": "abc", "float": 1.123}, flags=FLAG_ACTIVITY_NEW_TASK|FLAG_ACTIVITY_CLEAR_TASK, data="*", debug=False) # 示例:重放最后一条系统 Activity # activity = d.get_last_activities(count=5)[-1] # d.start_activity(**activity) # 示例:调起多开应用 # d.start_activity(**activity, user=999) # 示例:拨打客服电话 # d.start_activity(action="android.intent.action.CALL", data="tel:10000") # 示例:启动 Settings 应用 # d.start_activity(action="android.intent.action.MAIN", category="android.intent.category.LAUNCHER", component="com.android.settings/.Settings") # 示例:以调试模式打开 Settings 应用 # d.start_activity(action="android.intent.action.MAIN", category="android.intent.category.LAUNCHER", component="com.android.settings/.Settings", debug=True) # 示例:跳转进入证书设置页面 # d.start_activity(action="com.android.settings.TRUSTED_CREDENTIALS") ``` -------------------------------- ### Discover Devices with mdns-beacon Source: https://device-farm.com/doc/%E8%AE%BE%E5%A4%87%E5%8F%91%E7%8E%B0 Use the `mdns-beacon` tool to list all online FIRERPA devices on the local network. Requires `pip install mdns-beacon`. ```shell mdns-beacon listen --service _lamda._tcp.local. ``` -------------------------------- ### Start DNS Capture with Non-Standard DNS Port Source: https://device-farm.com/doc/%E4%B8%80%E9%94%AE%E6%8A%93%E5%8C%85 Enable DNS packet capture, directing DNS queries to a server on a non-standard port (e.g., 5353). ```python python3 -u startmitm.py 192.168.0.2 --dns 192.168.0.100:5353 ``` -------------------------------- ### Frida Command with Token and Certificate Source: https://device-farm.com/doc/%E4%BD%BF%E7%94%A8FRIDA Illustrates Frida command execution when the FIRERPA service is started with an encrypted certificate. This command includes the '--certificate' parameter to specify the certificate file path, along with host and token parameters. ```shell frida -H 192.168.0.2:65000 -f com.android.settings --certificate /path/to/lamda.pem --token xxxxxxxxxxxxxxxx ``` -------------------------------- ### Install ADB Public Key Source: https://device-farm.com/doc/%E5%86%85%E7%BD%AEADB Installs your ADB public key to the built-in ADB service. This allows connecting to the built-in ADB without enabling developer mode on the device. Requires the path to your adbkey.pub file. ```Python d.install_adb_pubkey("/path/to/adbkey.pub") ``` -------------------------------- ### Get Session Token Source: https://device-farm.com/doc/%E4%BD%BF%E7%94%A8FRIDA Demonstrates how to obtain a session token using a Python API call. This token is required for authenticating subsequent command-line operations with the FIRERPA service. ```python token = d._get_session_token() print (token) ``` -------------------------------- ### Objection Command with Token Source: https://device-farm.com/doc/%E4%BD%BF%E7%94%A8FRIDA Demonstrates using the Objection tool to interact with a remote device. It specifies the host and port using '-h' and '-p' respectively, and includes the '--token' parameter for authentication. ```shell objection -N -h 192.168.0.2 -p 65000 --token xxxxxxxxxxxxxxxx explore ``` -------------------------------- ### Get Android ID via ADB Source: https://device-farm.com/doc/%E8%AE%BE%E5%A4%87%E5%8F%91%E7%8E%B0 Retrieve the `android_id` of an Android device using ADB, which can be used as part of the mDNS hostname. ```shell adb shell settings get secure android_id ``` -------------------------------- ### 二进制补丁操作 Source: https://device-farm.com/doc/%E4%BA%8C%E8%BF%9B%E5%88%B6%E8%A1%A5%E4%B8%81 用于对设备上的文件或程序进行修补。使用十六进制通配符进行查找并替换,支持高低位通配。接口会返回替换数量以及替换的偏移。 ```APIDOC d.hex_patch(find_hex: str, replace_hex: str, file_path: str, maxreplace: int = None, dryrun: bool = False) - find_hex: 要查找的十六进制字符串,支持通配符如 '??' (任意字节), 'B?' (以B开头的任意字节)。至少需要两位有效匹配数。 - replace_hex: 用于替换的十六进制字符串。 - file_path: 要操作的文件路径,支持通配符匹配(glob)。 - maxreplace: 可选参数,限制最大替换数量。默认全部替换。 - dryrun: 可选参数,设置为 True 时仅查找匹配位置而不进行替换操作。 Returns: 一个包含替换结果的对象,具有 'count' (替换数量) 和 'replaces' (替换详情列表,包含 'offset') 属性。 示例: # 基本替换 d.hex_patch("AA BB CC D?", "AA BB CC DD", "/data/test.bin") # 检查替换结果 >>> result = d.hex_patch("AA BB CC D?", "AA BB CC DD", "/data/test.bin") >>> print (result.count) 1 >>> print (result.replaces[0].offset) 8123 # 限制最大替换数量 d.hex_patch("AA BB CC D?", "AA BB CC DD", "/data/test.bin", maxreplace=2) # 测试模式(仅查找) d.hex_patch("AA BB ?? ??", "AA BB 00 00", "/data/test.bin", dryrun=True) ``` -------------------------------- ### 部署 Socks5 代理 (指定出网网卡) Source: https://device-farm.com/doc/%E9%83%A8%E7%BD%B2%E4%BB%A3%E7%90%86%E6%9C%8D%E5%8A%A1 在 Linux 系统上启动 Socks5 服务,并指定代理流量使用的出网网卡(例如 eth0)。需要 Docker 网络模式为 host。 ```docker docker run -it --rm --net host --name socks -e LOGIN=username -e PASSWORD=passwd -e DEV=eth0 rev1si0n/socks5 ``` -------------------------------- ### Get File Information (Python) Source: https://device-farm.com/doc/%E6%96%87%E4%BB%B6%E8%AF%BB%E5%86%99 Retrieves metadata for a specified file on the device. The returned object includes details like file name, path, mode, and timestamps. ```Python d.file_stat("/data/usr/file.txt") ``` ```Python # Example of returned file statistics >>> d.file_stat("/data/usr/file.txt") name: "file.txt" path: "/data/usr/file.txt" st_mode: 33279 st_atime: 1230768000 st_mtime: 1230768000 st_ctime: 1230768000 ``` ```Python # Accessing specific attributes from the result >>> result = d.file_stat("/data/usr/file.txt") >>> print (result.name) 'file.txt' ``` -------------------------------- ### 环境设置 - 服务端口 Source: https://device-farm.com/doc/%E5%B7%A5%E5%85%B7%E5%87%86%E5%A4%87 设置 FIRERPA 服务端端口的环境变量,当修改了默认端口(65000)时使用。提供了 Linux/Mac 和 Windows 系统的不同命令格式。 ```shell # 对于 linux / Mac export PORT=8123 ``` ```shell # 对于 Windows(路径不能包含空格) set PORT=8123 ``` -------------------------------- ### 环境设置 - 证书路径 Source: https://device-farm.com/doc/%E5%B7%A5%E5%85%B7%E5%87%86%E5%A4%87 设置 FIRERPA 服务端加密证书的路径环境变量。提供了 Linux/Mac 和 Windows 系统的不同命令格式。 ```shell # 对于 linux / Mac export CERTIFICATE=/path/to/lamda.pem ``` ```shell # 对于 Windows(路径不能包含空格) set CERTIFICATE=C:\Users\path\to\lamda.pem ``` -------------------------------- ### Get Last Device Activities Source: https://device-farm.com/doc/%E5%BA%94%E7%94%A8%E6%93%8D%E4%BD%9C Fetches a list of recent system activities, up to a specified count. Each activity is represented as a dictionary containing action, category, component, and extras. ```python activities = d.get_last_activities(count=5) # 示例输出: # [{'action': 'android.intent.action.MAIN', 'category': 'android.intent.category.HOME', 'component': 'net.oneplus.launcher/.Launcher', 'extras': {'android.intent.extra.FROM_HOME_KEY': True}}, ...] ``` -------------------------------- ### 通过 SCP 复制文件 Source: https://device-farm.com/doc/SCP 使用 `scp.sh` 脚本在设备和本地之间复制文件或目录。该脚本支持将远程设备上的文件复制到本地,或将本地文件复制到远程设备。 ```bash scp.sh 192.168.1.2:/sdcard/DCIM . ``` ```bash scp.sh test/ 192.168.1.2:/sdcard ``` -------------------------------- ### Create OpenVPN Client Credentials Source: https://device-farm.com/doc/%E9%83%A8%E7%BD%B2VPN%E6%9C%8D%E5%8A%A1 Creates a new OpenVPN client profile named 'myname' using the `rev1si0n/openvpn` Docker image. This command requires privileged access and mounts a local directory for configuration. ```shell docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-new myname ``` -------------------------------- ### Capture Specific App Traffic with startmitm.py Source: https://device-farm.com/doc/%E4%B8%80%E9%94%AE%E6%8A%93%E5%8C%85 Capture network traffic for a particular application by appending the package name after the IP address. This command targets traffic from 'com.some.package'. ```python python3 -u startmitm.py 192.168.0.2:com.some.package ``` -------------------------------- ### Start DNS Capture with Specific Upstream DNS Server Source: https://device-farm.com/doc/%E4%B8%80%E9%94%AE%E6%8A%93%E5%8C%85 Initiate DNS packet capture, routing DNS queries through a specified upstream DNS server (e.g., 114.114.114.114). This also enables regular traffic capture. ```python python3 -u startmitm.py 192.168.0.2 --dns 114.114.114.114 ``` -------------------------------- ### 获取服务信息 Source: https://device-farm.com/doc/%E7%95%8C%E9%9D%A2%E5%9F%BA%E7%A1%80 获取 FIRERPA 服务端的信息,包括设备的唯一标识符、服务端版本、CPU 架构以及服务运行时间。此函数返回一个包含服务属性的对象。 ```Python d.server_info() ``` ```Python >>> d.server_info( ) uniqueId: "673abbe0-ff7b-9d82-1792-8876cb72cf56" version: "8.28" architecture: "arm64-v8a" uptime: 293 secure: True ``` ```Python >>> result = d.server_info() >>> print (result.secure) False ``` -------------------------------- ### 设备关机、重启与服务退出 Source: https://device-farm.com/doc/%E5%85%B3%E6%9C%BA%E9%87%8D%E5%90%AF 本接口用于控制设备的关机重启,或者退出 FIRERPA 服务本身。该操作用于管理设备生命周期和服务的运行状态。 ```python d.shutdown() ``` ```python d.reboot() ``` ```python d.exit() ``` -------------------------------- ### Manage FIRERPA Built-in ADB Connection Source: https://device-farm.com/doc/%E6%8E%88%E6%9D%83ADB This section details how to manage the FIRERPA built-in ADB service. It covers installing and uninstalling your local ADB public key using a Python script and connecting to the service via the `adb connect` command. This process is independent of the device's system ADB service and does not require developer mode to be enabled. ```Python python3 -u adb_pubkey.py install 192.168.1.2 ``` ```Python python3 -u adb_pubkey.py uninstall 192.168.1.2 ``` ```Shell adb connect 192.168.1.2:65000 ``` -------------------------------- ### Generate OpenVPN Client Profile (.ovpn) Source: https://device-farm.com/doc/%E9%83%A8%E7%BD%B2VPN%E6%9C%8D%E5%8A%A1 Generates an `.ovpn` configuration file for a client named 'myname', suitable for use with OpenVPN clients like OpenVPN-Connect. The output is redirected to `myname.ovpn`. ```shell # 注意:配置中的 IP 是自动获取的当前公网IP,如果不对还需自行修改 # # 生成 ovpn 配置,并重定向保存到文件 myname.ovpn,这个文件可以用于 OpenVPN-Connect 等 APP docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-profile ovpn myname >myname.ovpn ```