Skip to content

Instantly share code, notes, and snippets.

@miaucl

miaucl/RootedAndroidAVD.md

Last active November 10, 2025 09:21
Show Gist options
  • Save miaucl/b4b4b080080f0f2afaa46ba09d236985 to your computer and use it in GitHub Desktop.
Save miaucl/b4b4b080080f0f2afaa46ba09d236985 to your computer and use it in GitHub Desktop.
Download ZIP
Rooted Android AVD for API reverse-engineering
Raw
RootedAndroidAVD.md

Preparation

Set up all tools we need.

Install Android Studio

Make sure to use custom installation and add platform-tools as well. Add following to your path (depending on your OS)

# Android Studio for macOS
export ANDROID_HOME="$HOME/Library/Android/sdk"
export PATH="$ANDROID_HOME/tools:$ANDROID_HOME/tools/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/emulator:$PATH"

# Android Studio for linux
export ANDROID_HOME=$HOME/Android/Sdk
export PATH=$ANDROID_HOME/tools:$ANDROID_HOME/tools/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/emulator:$PATH

# Android Studio for Windows
help yourself adding it to the path :)

Ensure, adb and emulator are found.

Set up AVD

Choose a model and select the API (here 32) and create it.

setup_avd.mp4

Clone rootAVD

We are using rootAVD to root the AVD. Have a read on their Gitlab page. What we need is the FAKEBOOTIMG option for our API version.

git clone [email protected]:newbit/rootAVD.git && cd rootAVD

Install mitmproxy

Follow official guide.

Launch with mitmweb for web ui or dig deeper into the docs.

Root the AVD

This steps are required to gain root access.

Install and configure Magisk

Magisk requires several reboots until set up.

Magisk Step 1

Start previously created AVD in the first shell and let it run.

emulator -list-avds # to find your AVD
emulator -avd Cookidoo_Reverse_Engineering -writable-system -no-snapshot

In a second shell, we go to the cloned rootAVD repo and run following commands. Make sure to use the correct API version (here 32).

./rootAVD.sh system-images/android-32/google_apis_playstore/arm64-v8a/ramdisk.img FAKEBOOTIMG
root_step_1.mp4

Magisk Step 2

Restart the AVD again and finalize the configuration.

root_step_2.mp4

Magisk Step 3

Verify that the AVD has been rooted by using adb while AVD is running.

adb shell
su

You have to allow the root access in the AVD.

root_step_3.mp4

Setup proxy

Start the proxy on your host with mitmweb, it should be available in the AVD under 10.0.2.2:8080 (10.0.2.2 is always the host as seen from the AVD, the port may vary).

Then, using the adb tool, configure the proxy of the AVD to point to it adb shell settings put global http_proxy 10.0.2.2:8080.

Next, you need to install the mitmproxy's root certificate. Open the chrome in the AVD and go to mitm.it/cert/magisk and download it. This is a Magisk module you can install directly in the Magisk App. You need to restart to see the installed certificate with adb shell su -c "ls /system/etc/security/cacerts/ -lah (look for the recently installed).

avd_mitmproxy.mp4

Install your App and monitor traffic

As an example, here we look into the traffic of Cookidoo. Therefore, install the cookidoo app from playstore (You need to have already created and account beforehand and done the registration, here we only want to have to login).

Once installed (and not opened), do a a reboot using Magisk.

Then you can start using your app and see the traffic.

mitmproxy_traffic_app.mp4

Misc.

@fahmimmaliki
Copy link

fahmimmaliki commented Nov 10, 2025

It's Works,Thanks a lot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment