Insecure Data Storage - Part 2
When you click on Insecure Data Storage - Part 2, you would see the following screen.
It's view is similar to the previous challenge. Let's enter some credentials.
We get a message stating that 3rd party credentials saved successfully.
Let's check the pseudocode of this activity with the help of dex2jar and jd-gui.
From the code we can understand that the activity creates a database
ids2 if it doesn't exist. Then creates a table
myuser which holds the strings
password. In the function
saveCredentials(), the app inserts the credentials into the table.
sqlite3 database format is used to store data as they are lightweight and runs on low memory devices. The databases of any app are stored in the location
<package_name> is the unique name for each Android app.
Connect the emulator or the physical device in which the DIVA app is running. Make sure that you are root user. Go to the directory at
/data/data/jakhar.aseem.diva/databases and check if there is any database with the name
Then execute the command
sqlite3 ids2 to open the database.
sqlite3binary is pre-installed in most of the Android emulators and devices. If your physical device doesn't contain this binary, then try to pull the database to the local system with the help of adb (
adb pull /data/data/jakhar.aseem.databases/ids2). Then use a local sqlite database management tool like
sqlitebrowserto view the contents.
.tables and hit enter to view the tables created.
Run the query
.schema myuser to view the schema of the table.
Run the query
select user, password from myuser to get all the stored credentials.
NOTE: Running the query
.dumpwill dump all the previously executed queries of a database.
If we had seen the most recently modified file with the help of
ls -la, we shall have understood that a file under
databases folder had been modified. This method didn't require the decompilation of the app to view source code.
- Android uses
sqlite3databases to store the data
- The databases of apps are stored under
sqlite3in Android we could view (and manage) the data inside the database
.tables- to view tables
.schema <tablename>- to view the schema of the table
.dump- to dump all the executed queries in the database