3.3 Analyze local storage

3.3.1 LOCAL DATABASE

sqlite

adb shell
cd /data/data/com.x.x.x/database/
sqlite3 db_name

Within sql-shell:

list existing tables within db:

.tables

list table schema:

.schema table_name

or

SELECT sql FROM sqlite_master WHERE tbl_name = 'insert_table_name' AND type = 'table';

realm

adb pull path/to/database/on/phone/name.realm path/to/store/db/on/pc/

open within RealmStudio

Common locations

• /data/data/com.x.x.x/

  • shared_prefs/

    (search for keysets -> used to encrypt files --> might be encrypted as well, if handled properly)

  • cache/

  • database/

• /sdcard/Android/com.x.x.x/

KEEP YOUR EYES OPEN FOR:

• developer files

  • build configs

  • resources (i.e: res/values/strings.xml)

• backup files

• old (maybe unused) files

3.3.2 THINGS TO REPORT

• Hardcoded cryptographics key

• Cleartext credentials stored in .config/.xml & sqlite-/realm-DB

• Misplaced files (i.e. creds.txt stored on SD-Card)

• Wrong file permissions set (also have a look @ 1.4)

3.3.3 MORE DETAILS

Data storage security on Android