0
1
00:00:08,190 --> 00:00:13,980
So now we're going to configure the AVD which is the android virtual device.
1

2
00:00:13,980 --> 00:00:18,510
So to do this we're going to click on configure and run AVD Manager
2

3
00:00:18,510 --> 00:00:27,470
OK from AVD MANAGER We're going to create a new virtual device first we're going to select
3

4
00:00:27,500 --> 00:00:35,510
the template or the hardware profile so this will configure device specific configurations.
4

5
00:00:35,510 --> 00:00:42,830
For example the width and the height, the resolutio,n aspect ratio and all the stuff specific to different
5

6
00:00:42,830 --> 00:00:44,530
devices.
6

7
00:00:44,540 --> 00:00:50,790
This is important for Android developers when they want to test their UI on different devices, in this
7

8
00:00:50,790 --> 00:00:51,190
case, 
8

9
00:00:51,210 --> 00:00:58,900
let's just choose pixel X which is the default one here it will show you what system images are available
9

10
00:01:00,140 --> 00:01:03,230
these will depend on what SDK versions you've downloaded.
10

11
00:01:04,010 --> 00:01:06,760
So for example we have version twenty nine.
11

12
00:01:06,800 --> 00:01:10,290
And earlier we installed version 16.
12

13
00:01:10,390 --> 00:01:14,230
So you see that these are available the ones that are not available.
13

14
00:01:14,260 --> 00:01:20,910
You will see a download link next to them, we can just click on download and obviously it will take some
14

15
00:01:20,910 --> 00:01:26,230
time to download but then you'll have the emulator available to experiment with.
15

16
00:01:27,310 --> 00:01:34,070
Let's create an old emulator, let's create one of version 16.
16

17
00:01:34,110 --> 00:01:38,590
One thing I like to do is remove the spaces in the AVD name.
17

18
00:01:38,700 --> 00:01:44,520
We do this to ensure that there are no errors caused by spaces when we use a script against a specific
18

19
00:01:44,520 --> 00:01:46,080
emulator.
19

20
00:01:46,080 --> 00:01:52,490
It's not a requirement but just to be safe then you can click on advanced options.
20

21
00:01:52,490 --> 00:01:54,920
And here you can choose different properties.
21

22
00:01:54,920 --> 00:02:01,180
So for example you can increase the ram, one important thing is that you can configured the emulator
22

23
00:02:01,180 --> 00:02:06,860
performance by choosing hardware or software acceleration. if you choose hardware,
23

24
00:02:06,880 --> 00:02:08,640
It would be much better.
24

25
00:02:08,920 --> 00:02:15,670
It's much faster but you'll come across many instances where you cannot run hardware acceleration, for
25

26
00:02:15,670 --> 00:02:18,750
example when running inside a virtual machine.
26

27
00:02:18,760 --> 00:02:21,100
So in that case you have to do it with software.
27

28
00:02:24,540 --> 00:02:26,240
If you run inside a VM,
28

29
00:02:26,250 --> 00:02:30,700
this means that you're running an emulated system inside a virtual system.
29

30
00:02:30,720 --> 00:02:33,250
This could cause several underlying issues.
30

31
00:02:33,330 --> 00:02:39,930
And many tools will not work because of this, if this is your situation for certain things we recommend
31

32
00:02:39,930 --> 00:02:45,220
running on your physical machine when you choose automatic.
32

33
00:02:45,240 --> 00:02:48,000
It goes from hardware and then try software.
33

34
00:02:48,390 --> 00:02:54,090
If you encounter issues when running your emulator, for example you're prompted a black screen,
34

35
00:02:54,090 --> 00:02:57,630
go ahead and play around with these values and it will probably fix the issue.
35

36
00:02:58,830 --> 00:03:03,730
So just click finish and you'll have your emulator if you want to increase your memory.
36

37
00:03:03,740 --> 00:03:08,090
Just increase memory similarly you can increase your storage.
37

38
00:03:08,360 --> 00:03:16,270
It's up to you but the default should run unless you're running inside a virtual machine in which case
38

39
00:03:16,270 --> 00:03:18,340
you may encounter some issues.
39

40
00:03:20,450 --> 00:03:25,070
Give us some time to create and then you have the list of AVD's available.
40

41
00:03:25,790 --> 00:03:27,560
Find the AVD you created.
41

42
00:03:27,950 --> 00:03:33,570
If you already created an AVD you'll have the complete list here just click on the play button.
42

43
00:03:34,970 --> 00:03:50,870
OK this will launcher emulator let's give it time to load.
43

44
00:03:50,940 --> 00:03:53,080
Now this is a useful utility.
44

45
00:03:53,130 --> 00:03:56,250
Here you have some extra tools that you can play around with.
45

46
00:03:56,310 --> 00:04:01,190
So for example say you want to emulate sending or receiving an SMS.
46

47
00:04:01,680 --> 00:04:04,710
You can do that using this utility over here.
47

48
00:04:04,710 --> 00:04:11,580
Just click on the three dots on the side and then for example you can play with the accelerometer sensors.
48

49
00:04:11,610 --> 00:04:14,910
You can also play with the battery levels.
49

50
00:04:14,910 --> 00:04:21,200
Keep in mind that the emulators are mainly targeted towards Android app developers not reverse engineers.
50

51
00:04:21,330 --> 00:04:27,660
So these tools are extremely useful for developers but as a reverse engineer you might encounter instances
51

52
00:04:27,660 --> 00:04:33,330
where you would need these tools, say for example you find malware and you think that it only works in
52

53
00:04:33,330 --> 00:04:35,210
a specific location.
53

54
00:04:35,580 --> 00:04:42,280
Then you can play around with the location data in your app and simulate your device being in that location.
54

55
00:04:42,280 --> 00:04:43,920
This is not uncommon.
55

56
00:04:43,990 --> 00:04:50,020
Imagine the malware is targeting a specific country then it is able to get the G.P.S. location and only
56

57
00:04:50,020 --> 00:04:53,710
perform malicious actions when it is in that country.
57

58
00:04:53,710 --> 00:05:00,850
In the case of dynamic analysis it is very important to be able to expose these actions in a more advanced
58

59
00:05:00,850 --> 00:05:02,440
course that we're preparing,
59

60
00:05:02,440 --> 00:05:08,050
we'll have a look at this kind of malware that implements this kind of anti analysis technique and we'll
60

61
00:05:08,050 --> 00:05:10,800
show you how it is possible to overcome these issues.
61

62
00:05:12,140 --> 00:05:12,530
OK.
62

63
00:05:12,570 --> 00:05:14,400
Back to the emulator.
63

64
00:05:14,400 --> 00:05:20,070
Now we always need to keep in mind that this is an emulated device you might encounter some crashes
64

65
00:05:20,070 --> 00:05:27,810
or errors. Perfect system emulation is not easy so you cannot expect the emulator to work 100 percent
65

66
00:05:27,840 --> 00:05:34,010
like a normal device but overall it's very good for testing and in our case it's very good for malware
66

67
00:05:34,010 --> 00:05:36,170
analysis.
67

68
00:05:36,230 --> 00:05:41,480
For example it is way better to test malware like ransomware on your emulator than on your personal
68

69
00:05:41,480 --> 00:05:42,020
device.