INSECURE DATA STORAGE 3 - TEMPORARY FILES
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN3ysPFDiLz71tKNKtTbQ-gbYIMOvFyzCKI9CWL78TjPKjXRWYpCIlFmXgXhGx2AJ03-cD6Vx-LMBzN8gZzBhlbR1mLbvF3IFft3RoDMDfuNW6_eUA1t68o-9wqG_cxHU7to9FSgnsuPpq/s1600/screenshot.1.jpg)
- Connecting from Santoku to Nexus 5 with ADB:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYPhk653C14QA8vth06HWnXBRzLa4itaCupLrevAArhsXls8xlPnBjqnB7G9OexQ9Gw-iTW0IdEsuYLhnHoyJgNyT3ta6dIQkIP20bRiI7-iGSeLanLEgnTEoAxE4-6vAsDxFRU1Bfsk6C/s1600/screenshot.2.jpg)
- Launching the application:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz26LudzftvVhlVECnYZvnq2eZHOOhCD0Ku501fUdU0VM2la60N2SRK0UcblEUUP2u7NKDULpBFOE4H4eZbq09qhg1-k-HFMB1AvTWLoaymRoY21KQJ5kMcplr3hUecqXdIup0YuKXvHjT/s400/screenshot.3.jpg)
- The fifth challenge is based on the fact that some applications store sensitive information in temporary files.
- Clicking the challenge 5 tab:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTEfCGQyGm6YcJ4XOJ5-HANMsDw-lFTtAzIlfb4nCN-hOjAE1O-Qj2Nb7263vxZTdhSUKIPl6E6YOE2v5N1-EqwLg0KzFVJGqBG6BHJtefuhcfoVioy0-E7j8BoNfX07wpZdJV3EIkTRpl/s320/screenshot.4.jpg)
- The application asks for credentials, username and password, and then saves them:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEht927AQUTyic8fdeAE5jbqvJLZXuYxjYpNZKfvBXMu8syM6uLuHStXPCRlMquBrf6xyKq-FYkBDUVyUjARSSnv9Ang3wvHSmPcixNODJtSzEkbsJkUKhRNg8dttKYAP5JtMDH6hC_ryQFH/s1600/screenshot.5.jpg)
- Looking at the Java source code of the activity for this challenge, InsecureDataStorage3Activity.java, we have a hint about where the credentials have been stored:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQSRbUtfE5mjMm3KP1GkdE8_gwSdR6O7NmHn1Q7gCw3hT_1lFhbaLfgQaFmWa6QoyjNT_o4w8f2ygdwVOjK2exumIOIUzxV6rTc2S_JwkOdRcBXEnJhcr2bR6gi9hunt998al4XqSqndoz/s1600/screenshot.6.jpg)
- The method saveCredentials informs about the storage procedure for the credentials. A temporary file uinfo is created, where the credentials coming from the user input are saved:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0Bf7Mt8eYq4rx6NoI8mrxAcWDH81Q1IZJYH2uBPH-fTHCKt3SIvk92dX7d9gCCHOtRop2CRDp4ulcziJAx8eypU_UxyIDUCU798FXJX6sN8yT6hjH-s5Nec5qMjTxXXsKrc1tNzauOZY1/s1600/screenshot.8.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiniMWE9dBZaEJcdSscNUDJm29yt4cZYjeNygIMx3g4N7zu_w_VkcItGsanbaKHDVhJWcEQs9pBFMPmGM8_6DoJobWPKP1GEgWBbw_1HoyEGJ1OIoAfZryiys17AI-IhWInBP93Qu3GnNQ4/s1600/screenshot.7.jpg)
- Looking for the temporary file contained at the data directory:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6Wz2VLRM80fyUY53DDkx3ijhJ6e3Jyy1bafXevVut7Xzj2YscJAS4d7lNKnVec8VsQqFoqXDT0yHRPc1CxLMVrSmgT7HlAybPWKP7s1w1G2DrQPgJEXqcUXVc7B1K0KaCj4roED8jlOzN/s1600/screenshot.9.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq3YdqcvCMjtDS6L9iYaeBb0mbPwCjcHuWqxY9FuJnvpA6Su18blxaKbS_GTR_QxUzYTsrvaKVr85mIolzQFvnec3-xE4QSchdlJNNwc_Q3BpzdMRQPnh_n8zrZBy-QHZ1Afan9qeTSltp/s1600/screenshot.10.jpg)
- The credentials are available inside the temporary file:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWlAq3muNblFwyS0PRghEYAoQgHV3R9XWS6Trp47JzSEz04bkKwUEiqwzbouu_FVM3jI6yD4uN2Hmn_kSDUqCIdam0Z2qy2jEfmydttN2f_LAyuxWcj-GgHGR7lI9ypPXTo5xHQBr5Lyiv/s1600/screenshot.11.jpg)