Insecure Data Storage - Part 4
We have now arrived at the last part in Insecure Data Storage challenge series. If you click on Insecure Data Storage - Part 4, you would see the following:
Let's enter credentials as we did in Challenge 3, Challenge 4 and Challenge 5.
We got a message stating that 3rd party credentials saved successfully.
Let's check the pseudocode of this activity with the help of dex2jar and jd-gui. We can find that the code for this challenge is stored in InsecureDataStorage4Activity.class.
Something looks interesting. The source code creates an object to write files to the external storage. Then it gets the credentials from the user and stores that at /.uinfo.txt.
Here,
/doesn't mean the root folder. Why ?As you can see from the source code that an object (
localObject2) which utilizes external storage is created. Then that object is used to write the data to the file located at root directory in external storage.
In Android, external storage is mounted at /sdcard/ location. So /.uinfo.txt refers to the actual location /sdcard/.uinfo.txt.
Let's connect to the emulator or physical device using adb and check if the file .uinfo.txt is present at the location.
Let's check its contents.
Voila ! We cracked the challenge.
NOTE: The file is prepended with a dot (
.) which means it is hidden. To view all the files (including hidden) always use the commandls -a.
Takeaway
- When you are running an emulator, make sure that you have mounted a virtual SD card. If not, we might miss out some notable actions of Android apps.
- Files written to the external storage could be read by other apps which have
READ_EXTERNAL_STORAGEpermission. - When you are pentesting an Android app, always execute
ls -lato see files in a directory. It lets you see which files have been recently modified and shows the files which are intentionally hidden.