Is wireless adb encrypted?

Question

When I connect my phone to a new computer's adbd - whether via USB or wireless - it prompts me to confirm the computer's RSA fingerprint. This seems to imply that there is, in some form, cryptography involved in adb communication.



Exactly what does that crypto look like? Is adb traffic encrypted? If I wirelessly pull data via adb from my phone, will someone be able to sample that traffic? Or is it unencrypted, and merely signed?



I searched around, but didn't find any meaningful results (mostly just people talking about disk encryption).


strugee | Sources

Answer

Interesting question, let's just try it out in a practical test. I connected to my device (running Android 5.1.1 Lollipop) through ADB over Wi-Fi using adb connect 10.0.0.10 and ran some tests. What you are seeing is the output of the packets that I captured using Wireshark.



Starting a shell in ADB by sending adb shell:



2290
 127.822126  192.168.0.41
 10.0.0.10
TCP 85  14804 → 5555 [PSH, ACK] Seq=60 Ack=106 Win=65536 Len=31



0000
90 ef 68 cc f4 48 54 04 a6 a1 a4 3f 08 00 45 00  ..h..HT....?..E.

0010
00 47 63 e1 40 00 80 06 00 00 c0 a8 00 29 0a 00  .Gc.@........)..

0020
00 0a 39 d4 15 b3 57 0e 4a de 41 6b 58 7c 50 18  ..9...W.J.AkX|P.

0030
01 00 cb 14 00 00 4f 50 45 4e 06 00 00 00 00 00  ......OPEN......

0040
00 00 07 00 00 00 52 02 00 00 b0 af ba b1 73 68  ......R.......sh

0050
65 6c 6c 3a 00

  ell:.


Response received:



2295
 127.928185  10.0.0.10
192.168.0.41
 TCP 94  5555 → 14804 [PSH, ACK] Seq=130 Ack=91 Win=64256 Len=40



0000
54 04 a6 a1 a4 3f 90 ef 68 cc f4 48 08 00 45 00  T....?..h..H..E.

0010
00 50 2a 73 40 00 3f 06 46 5a 0a 00 00 0a c0 a8  .P*s@.?.FZ......

0020
00 29 15 b3 39 d4 41 6b 58 94 57 0e 4a fd 50 18  .)..9.AkX.W.J.P.

0030
03 ec 74 0a 00 00 57 52 54 45 01 00 00 00 06 00  ..t...WRTE......

0040
00 00 10 00 00 00 81 04 00 00 a8 ad ab ba 72 6f  ..............ro

0050
6f 74 40 72 6b 33 31 38 38 3a 2f 20 23 20

  ot@rk3188:/ #


Writing some text to a file:



816 61.121728
10.0.0.10
192.168.0.41
 TCP 190 5555 → 14804 [PSH, ACK] Seq=122 Ack=102 Win=1004 Len=136



0000
54 04 a6 a1 a4 3f 90 ef 68 cc f4 48 08 00 45 00  T....?..h..H..E.

0010
00 b0 2e 7f 40 00 3f 06 41 ee 0a 00 00 0a c0 a8  ....@.?.A.......

0020
00 29 15 b3 39 d4 41 6b 9e 27 57 0e 70 8a 50 18  .)..9.Ak.'W.p.P.

0030
03 ec 69 a3 00 00 57 52 54 45 01 00 00 00 06 00  ..i...WRTE......

0040
00 00 70 00 00 00 04 14 00 00 a8 ad ab ba 0d 72  ..p............r

0050
6f 6f 74 40 72 6b 33 31 38 38 3a 2f 73 64 63 61  oot@rk3188:/sdca

0060
72 64 20 23 20 65 63 68 6f 20 22 54 65 73 74 31  rd # echo "Test1

0070
32 33 22 20 3e 20 74 65 73 74 2e 74 78 74 20 20  23" > test.txt  

0080
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20



0090
20 20 20 20 20 20 20 20 20 20 20 20 20 20 08 08

 ..

00a0
08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08  ................

00b0
08 08 08 08 08 08 08 08 08 08 08 08 08 08

  ..............


Sending the command for reading out that same file:



1130
 71.683380
10.0.0.10
192.168.0.41
 TCP 204 5555 → 14804 [PSH, ACK] Seq=2782 Ack=1546 Win=1004 Len=150



0000
54 04 a6 a1 a4 3f 90 ef 68 cc f4 48 08 00 45 00  T....?..h..H..E.

0010
00 be 2e f2 40 00 3f 06 41 6d 0a 00 00 0a c0 a8  ....@.?.Am......

0020
00 29 15 b3 39 d4 41 6b a8 8b 57 0e 76 2e 50 18  .)..9.Ak..W.v.P.

0030
03 ec 35 14 00 00 57 52 54 45 01 00 00 00 06 00  ..5...WRTE......

0040
00 00 7e 00 00 00 cd 12 00 00 a8 ad ab ba 0d 72  ..~............r

0050
6f 6f 74 40 72 6b 33 31 38 38 3a 2f 73 64 63 61  oot@rk3188:/sdca

0060
72 64 20 23 20 63 61 74 20 74 65 73 74 2e 74 78  rd # cat test.tx

0070
74 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20  t



0080
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20



0090
20 20 20 20 20 20 20 20 20 20 20 20 20 20 08 08

 ..

00a0
08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08  ................

00b0
08 08 08 08 08 08 08 08 08 08 08 08 08 08 08 08  ................

00c0
08 08 08 08 08 08 08 08 08 08 08 20

  ...........


Received response containing the file's contents (which was written to the console):



1144
 72.085985
10.0.0.10
192.168.0.41
 TCP 109 5555 → 14804 [PSH, ACK] Seq=2983 Ack=1619 Win=1004 Len=55



0000
54 04 a6 a1 a4 3f 90 ef 68 cc f4 48 08 00 45 00  T....?..h..H..E.

0010
00 5f 2e f7 40 00 3f 06 41 c7 0a 00 00 0a c0 a8  ._..@.?.A.......

0020
00 29 15 b3 39 d4 41 6b a9 54 57 0e 76 77 50 18  .)..9.Ak.TW.vwP.

0030
03 ec b8 6b 00 00 57 52 54 45 01 00 00 00 06 00  ...k..WRTE......

0040
00 00 1f 00 00 00 3f 09 00 00 a8 ad ab ba 54 65  ......?.......Te

0050
73 74 31 32 33 0d 0a 72 6f 6f 74 40 72 6b 33 31  st123..root@rk31

0060
38 38 3a 2f 73 64 63 61 72 64 20 23 20

  88:/sdcard #


Retrieving the file by sending adb pull /sdcard/test.txt:



3711
 236.234344  192.168.0.41
 10.0.0.10
TCP 102 14804 → 5555 [PSH, ACK] Seq=2776 Ack=4435 Win=255 Len=48



0000
90 ef 68 cc f4 48 54 04 a6 a1 a4 3f 08 00 45 00  ..h..HT....?..E.

0010
00 58 6b 17 40 00 80 06 00 00 c0 a8 00 29 0a 00  .Xk.@........)..

0020
00 0a 39 d4 15 b3 57 0e 7a fc 41 6b af 00 50 18  ..9...W.z.Ak..P.

0030
00 ff cb 25 00 00 57 52 54 45 0a 00 00 00 02 00  ...%..WRTE......

0040
00 00 18 00 00 00 5d 07 00 00 a8 ad ab ba 52 45  ......].......RE

0050
43 56 10 00 00 00 2f 73 64 63 61 72 64 2f 74 65  CV..../sdcard/te

0060
73 74 2e 74 78 74

  st.txt


Received response containing the file's contents:



3717
 236.242351  10.0.0.10
192.168.0.41
 TCP 94  5555 → 14804 [PSH, ACK] Seq=4491 Ack=2848 Win=1004 Len=40



0000
54 04 a6 a1 a4 3f 90 ef 68 cc f4 48 08 00 45 00  T....?..h..H..E.

0010
00 50 2f e9 40 00 3f 06 40 e4 0a 00 00 0a c0 a8  .P/.@.?.@.......

0020
00 29 15 b3 39 d4 41 6b af 38 57 0e 7b 44 50 18  .)..9.Ak.8W.{
DP.

0030
03 ec 8d b1 00 00 57 52 54 45 02 00 00 00 0a 00  ......WRTE......

0040
00 00 10 00 00 00 66 03 00 00 a8 ad ab ba 54 65  ......f.......Te

0050
73 74 31 32 33 0a 44 4f 4e 45 00 00 00 00

  st123.DONE....


Conclusion: ADB over Wi-Fi is not encrypted (at least not by default).


famdekk | Sources

Q & A

Force install apps?
Gboard: Set Custom Unicode Characters on Longpress or Add Custom Keyboard Keys or Layout
How to go into recovery mode? Intex Cloud Cube v08
Treble devices not same as A/B devices and vice-versa. Why?
Android Sound Drop Down Menu - Volume Buttons Broken
How to root Tecno Camon 12 air?
How to get past Google blocking gmail smtp access?
Whatsapp: Export chat with media does not work properly
Enable 4x MSAA using shell/ADB
Can't boot to system (lineageOS) after updating TWRP
Family Link: how to set daily limits for one child regardless of which devices he/she uses?
Can apps in Huawei AppGallery be downloaded in China?
Don't charge the battery but use connected power to run the phone
Join an existing Google Meet meeting from the home screen with an URL
"Hidden" messages in Motorola messaging?
Specific DNS for a Android App
Extend pc monitor on 2020 generation tablet, by cable
avdmanager hangs on "Loading local repository..." Linux
Do 360/3D videos in Chrome and YouTube app work on a phone without gyroscope?
Install TWRP and Magisk Manager on Moto G5 Plus without rooting

Topics

2D Engines   3D Engines   9-Patch   Action Bars   Activities   ADB   Advertisements   Analytics   Animations   ANR   AOP   API   APK   APT   Architecture   Audio   Autocomplete   Background Processing   Backward Compatibility   Badges   Bar Codes   Benchmarking   Bitmaps   Bluetooth   Blur Effects   Bread Crumbs   BRMS   Browser Extensions   Build Systems   Bundles   Buttons   Caching   Camera   Canvas   Cards   Carousels   Changelog   Checkboxes   Cloud Storages   Color Analysis   Color Pickers   Colors   Comet/Push   Compass Sensors   Conferences   Content Providers   Continuous Integration   Crash Reports   Credit Cards   Credits   CSV   Curl/Flip   Data Binding   Data Generators   Data Structures   Database   Database Browsers   Date &   Debugging   Decompilers   Deep Links   Dependency Injections   Design   Design Patterns   Dex   Dialogs   Distributed Computing   Distribution Platforms   Download Managers   Drawables   Emoji   Emulators   EPUB   Equalizers &   Event Buses   Exception Handling   Face Recognition   Feedback &   File System   File/Directory   Fingerprint   Floating Action   Fonts   Forms   Fragments   FRP   FSM   Functional Programming   Gamepads   Games   Geocaching   Gestures   GIF   Glow Pad   Gradle Plugins   Graphics   Grid Views   Highlighting   HTML   HTTP Mocking   Icons   IDE   IDE Plugins   Image Croppers   Image Loaders   Image Pickers   Image Processing   Image Views   Instrumentation   Intents   Job Schedulers   JSON   Keyboard   Kotlin   Layouts   Library Demos   List View   List Views   Localization   Location   Lock Patterns   Logcat   Logging   Mails   Maps   Markdown   Mathematics   Maven Plugins   MBaaS   Media   Menus   Messaging   MIME   Mobile Web   Native Image   Navigation   NDK   Networking   NFC   NoSQL   Number Pickers   OAuth   Object Mocking   OCR Engines   OpenGL   ORM   Other Pickers   Parallax List   Parcelables   Particle Systems   Password Inputs   PDF   Permissions   Physics Engines   Platforms   Plugin Frameworks   Preferences   Progress Indicators   ProGuard   Properties   Protocol Buffer   Pull To   Purchases   Push/Pull   QR Codes   Quick Return   Radio Buttons   Range Bars   Ratings   Recycler Views   Resources   REST   Ripple Effects   RSS   Screenshots   Scripting   Scroll Views   SDK   Search Inputs   Security   Sensors   Services   Showcase Views   Signatures   Sliding Panels   Snackbars   SOAP   Social Networks   Spannable   Spinners   Splash Screens   SSH   Static Analysis   Status Bars   Styling   SVG   System   Tags   Task Managers   TDD &   Template Engines   Testing   Testing Tools   Text Formatting   Text Views   Text Watchers   Text-to   Toasts   Toolkits For   Tools   Tooltips   Trainings   TV   Twitter   Updaters   USB   User Stories   Utils   Validation   Video   View Adapters   View Pagers   Views   Watch Face   Wearable Data   Wearables   Weather   Web Tools   Web Views   WebRTC   WebSockets   Wheel Widgets   Wi-Fi   Widgets   Windows   Wizards   XML   XMPP   YAML   ZIP Codes