For Android Data Forensic
The different data storage options available on Android:
- Internal file storage: Store app-private files on the device file system.
- External file storage: Store files on the shared external file system. This is usually for shared user files, such as photos.
- Shared preferences: Store private primitive data in key-value pairs.
- Databases: Store structured data in a private database.
My research https://enderspub.kubertu.com/android-security-research-crypto-wallet-local-storage-attack
Just in case you love it!
- Dump data from Sandbox and external enclaves
- Print all sensitive data along with its file location
- Based on the rules file, this needs to be updated
Internal:
- /data/data
External:
- /mnt/sdcard/Android/data is a softlink to /sdcard/
Shared Preferences SQLite Databases Realm Databases Internal Storage External Storage
./install.sh
-ls : List installed package
-p <packagename> : Check if sensitive data stored in internal & external data
-l true -f <file.apk> : Check if insecure library is set
-h : Help
Example
For Data Forensic: ./andump.sh -p com.google.android
For Unreliable libraries: ./andump.sh -l true -d /home/appcode
You want to find your plaint-text password in the entire application structure from out and in sandbox data, you just need to insert them in /src/rules.txt and run ./andump.sh -p com.yourapp.android