I do a lot of Android security assessment work lately, and there are a few commands I’m finding to be really helpful.
Pulling Data With Sudo
Sometimes it’s just a hassle to copy data with long paths and such. This is a creative solution when you have root:
adb shell su -c cat /data/data/app.package.name/databases/application.sqlite | sed 's/\r$//' > application.sqlite
Thanks to Sergei Shetsov for that tip (http://blog.shvetsov.com/2013/02/access-android-app-data-without-root.html)
In the same post, Sergei points out that you can do a backup over ADB and, if you don’t give it a password, you can pull data out of the backup:
adb backup -f ~/data.ab -noapk app.package.name
Then all you have to do is extract the data. Sergei points out that Nikolay Elenkov posted on the backup file format and provided a Java program to pack and unpack backup files.
Once you’ve got your backup, open it in your favorite file carver, or just do a quick dd command to extract it:
dd if=data.ab bs=1 skip=24 | openssl zlib -d | tar -xvf -
That’s all!
Need more info? Read Sergei’s blog post. I document things here so I have one-stop shopping; all the credit goes to Sergei for a great work-around.
No comments:
Post a Comment