Insecure Data Storage - Part 3

When you click on Insecure Data Storage - Part 3, you will be greeted by the following screen:

Insecure Data Storage 3a

It's view is similar to Challenge 3 and Challenge 4. Let's go ahead and enter some credentials.

Insecure Data Storage 3b

We get a message stating that 3rd party credentials saved successfully.

Let's check the pseudocode of this activity with the help of dex2jar and jd-gui. We can find that the code for this challenge is stored in InsecureDataStorage3Activity.class.

Insecure Data Storage 3c

After looking at the code, we can understand that the app creates a temporary file whose name starts with uinfo and then writes the credentials to it. After finishing the task, it prints out the message 3rd party credentials saved successfully.

In Android, temporary files are stored within the package's directory at /data/data. Move to /data/data/jakhar.aseem.diva location to see if any temporary file prepended with uinfo is present.

Insecure Data Storage 3d

Check the contents of the file.

Insecure Data Storage 3e

We finally got the stored credentials.

Takeaway

  • Temporary files of any app are generally created inside /data/data/<package> directory where <package> is the unique package name of the app.