Even if the device does not have root, we can physically access the device to obtain the application's data, we can also change the data of an application through this method. If an application stores data on the client, using a simple password or pin check, it is possible for an attacker to use this method to bypass these checks. In this article, we will discuss how to use this method to change application-specific data on a device that is not rooted. The main steps are as follows:
Step 1: Backup the target app
Step 2: Remove the header information and save the file
Step 3: Make the necessary changes
Step 4: Get header information from the original ". AB" File
Step 5: Attach the modified content behind the header information
Step 6: Use the modified content to restore the backup
The following is an example of an actual apk to describe the entire operation process.
We first need to install the Star Command line tool, the download link is as follows: http://sourceforge.net/projects/adbextractor/
After downloading, switch to the directory of the Star Command line tool as follows:
Then run the following command to install the Star tool.
Dpkg-i Star_1.5final-2ubuntu2_i386.deb
In this article, we try to modify the contents of an instance program on a device that is not rooted. Let's first make a backup of the target application using the following command:
ADB backup-f Mybackup.ab com.ricebook.activity
From the tablet you can see that the program prompts us to confirm the backup. So we need to click on the confirmation on the device (but the program used in this example does not need to be confirmed).
When we confirm it, it will create a ". Ab" suffix of the Andrope file. Typically, the first 24 bytes are headers. So we use the DD tool to remove the first 24 bytes and then compress it into a tar file, using the following command:
if=mybackup.ab bs= skip=1| OpenSSL zlib-d > Mybackup.tar
The above command reads the source file from the input and skips the 24 bytes of the header
Note that the following error may occur when you execute the above command:
' zlib ' is an invalid command,
The workaround is to install OpenSSL and patches. Reference Link: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html
: http://www.openssl.org/source/openssl-1.0.1k.tar.gz
Patch Address: Http://www.linuxfromscratch.org/patches/blfs/svn/openssl-1.0.1k-fix_parallel_build-1.patch
Compile and install:
Patch -np1-i. /openssl-1.0. 1k-fix_parallel_build-1. Patch &&. /config--prefix=/usr --openssldir=/etc/SSL --libdir=lib gkfx zlib -dynamic && make
To test the compilation result:
make Test
To install as root user:
Make Mandir=/usr/share/maninstall &&install -dv-m755/usr/share/doc/openssl-1.0 . 1k &&cp -VFR doc/* /usr/share/doc/openssl-1.0.1k
After the backup is complete, use tar to create a ". List" file, which is guaranteed to be in the correct order when the backup is repackaged.
tar -tf mybackup. Tar >mybackup.list
Now we have the following documents:
Mybackup.ab: Backup files exported from the device
Mybackup.tar: Files generated from the DD command
Mybackup.list: List file generated from tar file
We create a new folder backup and put these files together with Abe.jar in the new folder.
We can extract the tar file using the following command:
tar -xf mybackup. Tar
As you can see, a new folder "apps" is generated. We can find application-related information in this directory.
View the Location_preferences.xml file with the following contents:
We use vim to change "Beijing" to "American".
Next we need to restore the modified file to the device.
In order to restore the modified file, you need to convert the file into (. ab) format and attach the ". Ab" File header back. The specific methods are:
First, use the Star command to create a ". Tar" file, and then attach the file header back.
Star-c-v-f Newbackup. tar -no-dirslash list=mybackup.list
Now we have the "Newbackup.tar" file. We then appended the original file header to the modified tar file.
DD if=mybackup.ab bs= count=1 of=newbackup.ab
As you can see, we've only copied a piece of paper. File is "Newbackup.ab"
The final step is to append the modified content behind the header, using the following command:
OpenSSL zlib- in Newbackup. tar >> newbackup.ab
At this point, our backup files are ready to be completed. We then use the following command to restore the backup file to the device:
ADB restore Newbackup.ab
得到如下信息:
In the case of the root of the phone we can go directly to the application's path to view the shared preferences file.
In the case of no root, you can view it by backing up the data to the local computer again.
You can see that the file has been modified:
What should we do to protect our applications?
If sensitive information is present in your app, you can deactivate the backup feature. You can modify the Androidmanifest.xml file to:
Android:allowbackup= "false"
Reference article:
http://forum.xda-developers.com/showthread.php?t=2011811
Http://nelenkov.blogspot.in/2012/06/unpacking-android-backups.html
Get APK local storage data with backup technology