Using IDA to Debug Applications¶
This chapter will introduce you to how to quickly use FIRERPA and its related functions and scripts to quickly debug Android applications. Our demonstration environment is an Android 10 system, with a host system of Ubuntu 22.04, with IDA 7.5 (wine), ADB, jdb, Python, and other related tools installed. We recommend that your IDA be at least version 7.5 or above, and that you have the latest version of the FIRERPA server installed.
Setting to Debug Mode¶
Before this, if your system is already in debug mode, you don’t need to perform this step. Otherwise, please open the FIRERPA remote desktop and enter setdebuggable in the terminal. After entering the command, your phone will trigger a soft restart, but don’t worry, it will completely return to normal in about two minutes. At this point, your phone is in debug mode.
Installing IDA Debug Service¶
Before continuing with debugging, you also need to upload the server for Android debugging that comes with IDA to the device. You can find android_server and android_server64 in the dbgsrv directory of your IDA installation directory. If the target application you are debugging uses a 32-bit library, please use android_server, otherwise, please use android_server64. Drag and upload the file you need or use adb push to the Android device, and grant executable permissions.
chmod 755 android_server*
After granting executable permissions, you need to start the android_server service. You can execute this executable through adb (requires root privileges) or the remote desktop terminal. Higher versions of the system (>=10) need to set the IDA_LIBC_PATH environment variable in advance.
IDA_LIBC_PATH=/apex/com.android.runtime/lib64/bionic/libc.so ./android_server64 -kk
Note
For debugging targets that are 32-bit applications, you need to modify IDA_LIBC_PATH to /apex/com.android.runtime/lib/bionic/libc.so, and use the 32-bit android_server debug service.
Forwarding IDA Debug Service¶
For debugging scenarios that require high real-time performance, we recommend using USB connection. Please ensure that you have inserted the device into the current computer and have completed adb authorization, then please execute the following command.
adb forward tcp:23946 tcp:23946
Note
23946 is the default listening port for IDA android_server. If you have modified this port when starting android_server, please re-specify.
Starting Application Debugging¶
We haven’t done too much work, just packaged a script for you that can help you automatically complete most of the subsequent operations. Just follow the script output prompts. You can find the ida.py script in the tools directory of the project, and use the following command.
python3 ida.py -d 192.168.0.2 -a com.android.settings
Here, the -d parameter is your device IP, i.e., the IP of the device running the FIRERPA service, and the -a parameter is the package name of the application. After executing the command, you will be prompted to continue attaching your IDA software to the application process.
Alright, the entire process is complete. Please return to the ida.py command line and press Enter. Now you can continue debugging.