⛷️Google Nexus6p刷机安装分析环境
2022-3-29
| 2024-7-7
字数 1388阅读时长≈ 4 分钟

0x00 前言

工作内容中有很多需要抓apk包的情况,之前遇到过不少有root检测、ssl pinning以及反虚拟化的apk,模拟器有时候没法测,所以买了个nexus 6p来刷成安卓测试机。

0x01 前期准备

手机一台 这个海鲜市场随便买一个Google的旧款手机就行(最好支持安卓7及以上),买nexus 6p纯粹是因为穷
notion image

0x02 下载系统镜像

官网下载,版本选择随意,7和8都可以,我选择的是8
notion image
8.1.0 (OPM7.181205.001, Dec 2018)
https://dl.google.com/dl/android/aosp/angler-opm7.181205.001-factory-b75ce068.zip

0x03 刷入ROM

  1. 先确认是否有adb

bash

adb --version
Bash
notion image
表示装了AndroidStudio,可以下一步
如果找不到此命令,可以下载SDK Platform Tools
SDK Platform Tools 版本说明  |  Android 开发者  |  Android Developers (google.cn)
  1. 手机开启USB调试并开启OEM解锁
  1. 按下面描述操作:

bash

# 启动bootloader模式
adb reboot bootloader
# 解锁
fastboot oem unlock
# 在手机页面选择Yes解锁
Bash
notion image
  1. 解压下载好的ROM包,正常解压后的文件目录如下图,直接执行flash.bat就可以直接刷入 如果出现报错的话可以尝试手动刷入
notion image
 
如果出现使用fastboot 出现< waiting for any device >的问题 下载google android usb驱动并安装
Download and Install Google USB Driver for Windows [Pixel and Nexus] (ytechb.com)
Google USB Driver Latest.zip
8479.4KB
notion image
 
notion image
notion image
notion image
 
附刷入过程:

bash

< waiting for any device >
Sending 'bootloader' (3554 KB)                     OKAY [  0.152s]
Writing 'bootloader'                               OKAY [  0.195s]
Finished. Total time: 0.755s
Rebooting into bootloader                          OKAY [  0.123s]
Finished. Total time: 0.128s
Sending 'radio' (48728 KB)                         OKAY [  1.454s]
Writing 'radio'                                    OKAY [  2.154s]
Finished. Total time: 3.695s
Rebooting into bootloader                          OKAY [  0.012s]
Finished. Total time: 0.015s
--------------------------------------------
Bootloader Version...: angler-03.84
Baseband Version.....: angler-03.88
Serial Number........: 84B7N16219000871
--------------------------------------------
extracting android-info.txt (0 MB) to RAM...
Checking 'product'                                 OKAY [  0.018s]
Checking 'version-bootloader'                      OKAY [  0.018s]
Checking 'version-baseband'                        OKAY [  0.007s]
extracting boot.img (11 MB) to disk... took 0.096s
archive does not contain 'boot.sig'
Sending 'boot' (12093 KB)                          OKAY [  0.287s]
Writing 'boot'                                     OKAY [  0.172s]
archive does not contain 'dtbo.img'
archive does not contain 'dt.img'
archive does not contain 'pvmfw.img'
extracting recovery.img (18 MB) to disk... took 0.232s
archive does not contain 'recovery.sig'
Sending 'recovery' (18965 KB)                      OKAY [  0.457s]
Writing 'recovery'                                 OKAY [  0.262s]
archive does not contain 'vbmeta.img'
archive does not contain 'vbmeta_system.img'
archive does not contain 'vbmeta_vendor.img'
archive does not contain 'vendor_boot.img'
archive does not contain 'super_empty.img'
archive does not contain 'odm.img'
archive does not contain 'odm_dlkm.img'
archive does not contain 'product.img'
extracting system.img (1912 MB) to disk... took 10.171s
archive does not contain 'system.sig'
Sending sparse 'system' 1/5 (482756 KB)            OKAY [ 11.662s]
Writing 'system'                                   OKAY [  7.193s]
Sending sparse 'system' 2/5 (475402 KB)            OKAY [ 11.151s]
Writing 'system'                                   OKAY [  6.507s]
Sending sparse 'system' 3/5 (474990 KB)            OKAY [ 11.934s]
Writing 'system'                                   OKAY [  7.993s]
Sending sparse 'system' 4/5 (476568 KB)            OKAY [ 11.551s]
Writing 'system'                                   OKAY [  6.823s]
Sending sparse 'system' 5/5 (49108 KB)             OKAY [  1.227s]
Writing 'system'                                   OKAY [  0.675s]
archive does not contain 'system_ext.img'
extracting vendor.img (188 MB) to disk... took 1.491s
archive does not contain 'vendor.sig'
Sending 'vendor' (192577 KB)                       OKAY [  4.498s]
Writing 'vendor'                                   OKAY [  3.377s]
archive does not contain 'vendor_dlkm.img'
Erasing 'userdata'                                 OKAY [  1.061s]
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 6694270 4k blocks and 1676080 inodes
Filesystem UUID: e084a47c-af36-11ec-ae54-552ebfd24654
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Sending 'userdata' (180 KB)                        OKAY [  0.047s]
Writing 'userdata'                                 OKAY [  0.033s]
Erasing 'cache'                                    OKAY [  0.020s]
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 25600 4k blocks and 25600 inodes

Allocating group tables: done
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

Sending 'cache' (44 KB)                            OKAY [  0.028s]
Writing 'cache'                                    OKAY [  0.019s]
Rebooting                                          OKAY [  0.016s]
Finished. Total time: 101.242s
Press any key to exit..
Bash

0x04 下载TWRP并刷入

 
Download TWRP for angler
twrp-3.6.1_9-0-angler.img
18412.0KB
 
  1. 使用数据线连接PC,手机开启调式模式(如果adb devices不显示 可以重新插拔数据线 信任adb连接)
  1. 再将手机关机
  1. 然后长按手机电源键和音量下键进入bootload模式
  1. 然后在PC端使用adb命令

bash

fastboot flash recovery twrp-3.6.1_9-0-angler.img
Bash
  1. 显示成功后在手机中选择Recovery mode即可进入twrp界面
notion image

0x05 刷入Magisk获取root

 
下载:Releases · topjohnwu/Magisk (github.com)
下载后是apk后缀,卡刷时将.apk改为.zip即可
Magisk-v24.3.zip
10623.1KB
 
进入TWRP,选择Advanced→adb sideload刷入

bash

adb sideload Magisk-v24.3.zip
Bash
notion image
notion image
重启系统,打开Magisk提示需要下载完整版Magisk才可以运行
 
联网直接下载安装就可以啦(甚至不需要外网)
成功贴图如下:
notion image
以上是使用官方默认版Magisk
但是此版本不能使用排除应用检测ROOT,如果要更好地隐藏,需要卸载掉默认版本,并安装
 
Alpha版本下载:
 
7717f0a6-alpha-app-release-all.apk1
10103.5KB
 
Alpha国内更新源:

bash

https://gitee.com/mintimate/magick_custom_update_source/raw/master/Alpha/latest.json
Bash
为了防检测,建议开启随机包名,设置排除列表
 
notion image
notion image

0x06 下载安装Fox's Magisk模块管理器

因为Magisk的官方模块仓库已经凉了,所以只能手动下载再选择刷入,不过还好有这个模块管理器可以用来替代。
下载:
https://github.com/Fox2Code/FoxMagiskModuleManager/releases
FoxMmm-0.4.0.apk1
2718.8KB
下拉刷新,需要梯子
 

0x07 刷入Riru并安装LSPosed

 
在Android9.0之前,Xposed的刷入方式是需要Twrp内卡刷,并修改系统文件的。当时,现在不用Twrp或是额外卡刷Xposed了。只需要安装EdXposed或LSPosed即可:
  • LSPosed:仅作用于选定的应用的Xposed
需要注意,Edxposed和LSPosed都需要提前安装Riru模块!!!
 
下载Riru:
Releases · RikkaApps/Riru (github.com)
riru-v26.1.4.r524.125daf3f89-release.zip
164.8KB
 
这里也可以用fox管理器直接安装!!!
 
下载Riru-LSPosed:
Releases · LSPosed/LSPosed (github.com)
LSPosed-v1.8.0-6482-riru-release.zip
2185.7KB
上传到手机存储根目录,打开Magisk选择从本地安装一个模块

bash

adb push LSPosed-v1.8.0-6482-riru-release.zip /sdcard/
Bash
 
notion image
notion image

0x08 配置抓包环境并设置系统证书

打开Fox's Magisk模块管理器搜索Move Certificates,安装
notion image
 

0x09 安装V2ray

https://github.com/2dust/v2rayNG/releases
 

0x00 参考链接

https://bbs.pediy.com/thread-272002.htm
Magisk各版本国内更新源与下载源 - Mintimate's Blog
腾讯新闻 (qq.com)
 
相关文章 :
学习记录
  • 刷机
  • 瞎折腾
    • 素材设计网站免费下载思路使用云函数和企业微信搭建专属Server酱通知
    Loading...
    目录
    0%