[A]ndroid [A]pplication [P]entest [G]uide
  • AAPG
  • 1. MANUAL STATIC ANALYSIS
    • 1.1 Decompile APK
    • 1.2 Check certificate
    • 1.3 Analyze AndroidManifest.xml
    • 1.4 Source Code Analysis
  • 2. AUTOMATED STATIC ANALYSIS
  • 3. MANUAL DYNAMIC ANALYSIS
    • 3.1 Install application & use it
    • 3.2 Bypass detections
    • 3.3 Analyze local storage
    • 3.4 Attack surface
      • 3.4.1 Activities
      • 3.4.2 ContentProvider
      • 3.4.3 Services
    • 3.5 Log analysis
    • 3.6 More HOW and WHAT! (still work in progress)
  • 4. APK TAMPERING
    • 4.1 DIY - Simple Reverse Meterpreter (Non-Xamarin)
    • 4.2 Quick Proof-of-Concept (Meterpreter)
Powered by GitBook
On this page
  • 3.3.1 LOCAL DATABASE
  • sqlite
  • realm
  • Common locations
  • 3.3.2 THINGS TO REPORT
  • 3.3.3 MORE DETAILS

Was this helpful?

  1. 3. MANUAL DYNAMIC ANALYSIS

3.3 Analyze local storage

Previous3.2 Bypass detectionsNext3.4 Attack surface

Last updated 5 years ago

Was this helpful?

3.3.1 LOCAL DATABASE

sqlite

adb shell
cd /data/data/com.x.x.x/database/
sqlite3 db_name

Within sql-shell:

list existing tables within db:

.tables

list table schema:

.schema table_name

or

SELECT sql FROM sqlite_master WHERE tbl_name = 'insert_table_name' AND type = 'table';

realm

adb pull path/to/database/on/phone/name.realm path/to/store/db/on/pc/

open within

Common locations

  • /data/data/com.x.x.x/

    • shared_prefs/

      (search for keysets -> used to encrypt files --> might be encrypted as well, if handled properly)

    • cache/

    • database/

  • /sdcard/Android/com.x.x.x/

KEEP YOUR EYES OPEN FOR:

  • developer files

    • build configs

    • resources (i.e: res/values/strings.xml)

  • backup files

  • old (maybe unused) files

3.3.2 THINGS TO REPORT

  • Hardcoded cryptographics key

  • Cleartext credentials stored in .config/.xml & sqlite-/realm-DB

  • Misplaced files (i.e. creds.txt stored on SD-Card)

  • Wrong file permissions set (also have a look @ 1.4)

3.3.3 MORE DETAILS

RealmStudio
Data storage security on Android