Insecure Data Storage - Part 3
When you click on Insecure Data Storage - Part 3, you will be greeted by the following screen:
We get a message stating that 3rd party credentials saved successfully.
Let's check the pseudocode of this activity with the help of dex2jar and jd-gui. We can find that the code for this challenge is stored in
After looking at the code, we can understand that the app creates a temporary file whose name starts with
uinfo and then writes the credentials to it. After finishing the task, it prints out the message 3rd party credentials saved successfully.
In Android, temporary files are stored within the package's directory at
/data/data. Move to
/data/data/jakhar.aseem.diva location to see if any temporary file prepended with
uinfo is present.
Check the contents of the file.
We finally got the stored credentials.
- Temporary files of any app are generally created inside
<package>is the unique package name of the app.