Saturday, December 31, 2016

ANDROID PT - DIVA / 5 - Insecure Data Storage 3 - Temporary Files


- Layout for this exercise:

- Connecting from Santoku to Nexus 5 with ADB:

- Launching the application: 

- The fifth challenge is based on the fact that some applications store sensitive information in temporary files.

- Clicking the challenge 5 tab:

- The application asks for credentials, username and password, and then saves them:

- Looking at the Java source code of the activity for this challenge,, we have a hint about where the credentials have been stored:

- The method saveCredentials informs about the storage procedure for the credentials. A temporary file uinfo is created, where the credentials coming from the user input are saved:

- Looking for the temporary file contained at the data directory:

- The credentials are available inside the temporary file: