MobSF supports certain rooted Android VMs/emulators and jailbroken iOS VMs created with:
?> Supports arm64, x86, x86_64 architecture Android 4.1 - 11.0, upto API 30
Genymotion is the preferred dynamic analysis environment that you can setup with the least friction. Run a Genymotion Android VM before starting MobSF. We recommend using Android 7.0 and above.
- Android 5.0 - 11.0 - These versions uses Frida and works out of the box with zero configuration or setup.
- Android 4.1 - 4.4 - These versions uses Xposed Framework and requires that you should MobSFy the runtime prior to Dynamic Analysis for the first time. These versions also require VM reboot after installing Xposed Modules.
After running the Android VM, you can see the device identifier from the title bar.
Set the environment variable MOBSF_ANALYZER_IDENTIFIER as the VM's device identifier when you run the MobSF docker image (Example: 192.168.58.102:5555).
HTTPS Proxy
- For Android versions 4.4 - 11.0, global proxy settings are automatically applied at runtime.
- For Android version 4.1 - 4.3, set Android VM proxy as displayed in Dynamic Analyzer page.
?> Supports arm, arm64, x86 and x86_64 architecture Android 5.0 - 11.0, upto API 30
Install or upgrade your Android Studio to the latest. Android Emulator image with Google Play Store is considered as production image and you cannot use that with MobSF as those images does not have root access.
Create an Android Virtual Device (AVD) without Google Play Store.
!> You must not choose non-rooted production images. MobSF requires rooted images without Google Playstore pre-installed.
After creating the AVD, run it once and make sure everything is alright. Close it along with Android Studio if it's running.
!> Only Android AVDs upto version 11, API 30 is supported! Newer Android AVDs does not offer a writable /system and hence cannot work with MobSF.
Run Android Virtual Device (AVD)
Run an AVD before starting MobSF using scripts/start_avd.sh or scripts/start_avd.ps1
# Run the script to list out available AVDs
scripts/start_avd.sh
Available AVDs:
Medium_Phone_API_35
Pixel_5_API_30
Pixel_6a_API_29
Use any Android AVD 5.0 - 11.0, up to API 30 without Google Play (production image).
Usage: scripts/start_avd.sh AVD_NAME [START_PORT] [open_gapps.zip path]
Example: scripts/start_avd.sh Pixel_6_Pro_API_28 5554 /path/to/open_gapps.zip
# Choose the AVD you created, make sure it is a non-production AVD.
# MobSF will not work with production AVDs.
scripts/start_avd.sh Pixel_5_API_30Identify the emulator serial number. In this example, the identifier is emulator-5554.
Set the environment variable MOBSF_ANALYZER_IDENTIFIER as emulator-5554 when running MobSF docker image.
HTTPS Proxy
- For Android versions 5.0 - 8.0, MobSF attempts to set global proxy, but might fail due to a bug in adb. Configure proxy settings manually in such cases.
- For Android version 9.0 and above, global proxy settings are automatically applied at runtime.
GApps on AVD (Optional)
If you need Google Playstore, download the appropriate package from https://opengapps.org/.
Run the start_avd script with path to the GApps zip file. This is currently not supported in Windows. You will have to manually do the necessary steps.
$ scripts/start_avd.sh Pixel_6a_API_29 5554 ~/Downloads/open_gapps-arm64-10.0-stock-20220215.zip?> Supports arm64, x86, x86_64 architecture Android 5.1 - 11.0, upto API 30
Run a Genymotion Android VM in the cloud before running MobSF. We recommend using Android 7.0 and above.
This documentation uses Amazon Web Services (AWS) as an example. You need to follow similar steps in Genymotion Cloud SaaS, Microsoft Azure, Google Cloud Platform, or Alibaba Cloud.
- Launch an EC2 instance with Genymotion AMI
- Modify the Security Group of the AMI to allow inbound TCP connections to port 5555. This is required for remote adb connection to Genymotion Cloud VM.
-
Access Genymotion Cloud VM by navigating to it's Public IP. The default username is
genymotionand the password is EC2 instance id. More Info -
Go to Configuration and Enable ADB
- From your local machine, ensure that you can connect to Genymotion Cloud VM via adb.
adb connect <public_ip>:5555
adb devices
-
Set the environment variable
MOBSF_ANALYZER_IDENTIFIERas<public_ip>:5555when you run the MobSF docker image (Example:3.81.202.69:5555). -
You can now perform MobSF Dynamic Analysis with Genymotion Cloud VM in AWS.
?> Supports rooted userdebug builds, arm64 architecture Android 7.1.2 - 11.0, upto API 30
!> You must not choose non-rooted user builds. MobSF requires rooted userdebug builds.
- After creating a supported rooted userdebug Android device, Follow Corellium's
Connect via VPNinstructions.
-
Do connect to Corellium network using provided VPN configuration.
-
Run
adb connectlocally to ensure that the connection is working from your host.
- Set the environment variable
MOBSF_ANALYZER_IDENTIFIERas<private_ip>:<port>of Corellium Android device when you run the MobSF docker image (Example:10.11.1.1:5001).
Supports jailbroken Corellium iOS VMs from MobSF v3.8.0 onwards.
!> Non jailbroken devices cannot be used with MobSF.
- After setting up Corellium account, create an API key from https://app.corellium.com/profile/api
-
Set the API key in the environment variable
MOBSF_CORELLIUM_API_KEY. If you are using enterprise version of Corellium using a different domain. You must also supply the environment variableMOBSF_CORELLIUM_API_DOMAINwith the correct domain value. -
To enable MobSF HTTPs proxying, You will have to configure the proxy settings in the iOS VM. Go to iPhone
Settings->Wi-Fi-> Choose theCorelliumWiFi -> Scroll down and chooseConfigure Proxy-> ChooseManual configuration-> Set theServeras127.0.0.1andPortas1337-> ClickSave.
- Run MobSF and now you can create or manage jailbroken iOS VMs with Corellium for Dynamic Analysis.