3.3 Analyze local storage

3.3.1 LOCAL DATABASE

sqlite

adb shell
cd /data/data/com.x.x.x/database/
sqlite3 db_name

Within sql-shell:

list existing tables within db:

.tables

list table schema:

.schema table_name

or

SELECT sql FROM sqlite_master WHERE tbl_name = 'insert_table_name' AND type = 'table';

realm

adb pull path/to/database/on/phone/name.realm path/to/store/db/on/pc/

open within RealmStudio

Common locations

  • /data/data/com.x.x.x/

    • shared_prefs/

      (search for keysets -> used to encrypt files --> might be encrypted as well, if handled properly)

    • cache/

    • database/

  • /sdcard/Android/com.x.x.x/

KEEP YOUR EYES OPEN FOR:

  • developer files

    • build configs

    • resources (i.e: res/values/strings.xml)

  • backup files

  • old (maybe unused) files

3.3.2 THINGS TO REPORT

  • Hardcoded cryptographics key

  • Cleartext credentials stored in .config/.xml & sqlite-/realm-DB

  • Misplaced files (i.e. creds.txt stored on SD-Card)

  • Wrong file permissions set (also have a look @ 1.4)

3.3.3 MORE DETAILS

Data storage security on Android

Previous3.2 Bypass detectionsNext3.4 Attack surface

Last updated