Saturday, December 31, 2016

ANDROID PT - DIVA / 4 - Insecure Data Storage 2 - Local Databases


- Layout for this exercise:

- Connecting from Santoku to Nexus 5 with ADB:

- Launching the application: 

- The fourth challenge is based on the fact that some applications store sensitive information in local databases. 

- Clicking the challenge 4 tab:

- The application prompts the user for credentials (username + password) to be saved.

- In this example, let's introduce these simple credentials:

     username: Alice
     password: PasswordForAlice

- The applications displays a message stating that the credentials have been successfully saved:

- Searching inside the package jakhar.assem.diva, there is a folder named databases:

- Opening the folder, there are a number of different databases. We could try any of them until finding interesting information. However, for the sake of simplicity, let's go directly to ids2:

- Android uses SQlite database management system:

- There are 2 tables inside the ids2 database:

- Selecting everything from the table myuser, we find the credentials introduced by the user: