In this blog, I will explain how to automate WhatsApp interactions remotely using ADB (Android Debug Bridge) and precise screen coordinates.

What is ADB?

ADB (Android Debug Bridge) is a command-line tool that allows interaction with an Android device over USB or TCP. It provides a way to execute commands, install apps, and simulate user interactions.

Understanding Screen Coordinates

Android devices interpret touch interactions based on screen coordinates (X, Y). To simulate a touch event, we need to determine the exact X and Y position of the button we want to click.

Extracting Screen Coordinates

To identify the exact position of a button (e.g., WhatsApp send button), use the following ADB command:


    adb shell getevent -l /dev/input/event1

This logs touch events in hexadecimal format. Example output:


    EV_ABS       ABS_MT_POSITION_X   000002ac
    EV_ABS       ABS_MT_POSITION_Y   00000583

We convert these values from hexadecimal to decimal:


    x_hex="000002ac"
    y_hex="00000583"
                
    # Convert hexadecimal to decimal
    x_dec=$((16#$x_hex))
    y_dec=$((16#$y_hex))

Simulating a Touch Event

Now that we have the correct X and Y coordinates, we can simulate a click using:


    adb shell input mouse tap $x_dec $y_dec > /dev/null 2>&1

This command will trigger a tap at the specified coordinates, clicking the WhatsApp send button automatically.

Automating WhatsApp Messaging

To send a predefined message, we combine multiple ADB commands:

  1. Launch WhatsApp using adb shell am start -n com.whatsapp/.Main
  2. Input text using adb shell input text "Hello"
  3. Click the send button using the extracted coordinates

    adb shell am start -n com.whatsapp/.Main
    adb shell input text "Hello"
    adb shell input mouse tap $x_dec $y_dec > /dev/null 2>&1

Full Source Code

For the complete script and automation process, check out the GitHub repository:

HackWhatsApp_ADB GitHub Repository

Mitigation

To prevent unauthorized ADB access:

  • Disable ADB debugging when not in use.
  • Use a strong device lock screen to prevent unauthorized access.
  • Monitor running services and revoke unnecessary debugging permissions.

PoC Video

Thanks for reading! If you found this useful, feel free to share it with your fellow hunters. Happy hacking!