Get APK local storage data with backup technology

Even if the device does not have root, we can physically access the device to obtain the application's data, we can also change the data of an application through this method. If an application stores data on the client, using a simple password or pin check, it is possible for an attacker to use this method to bypass these checks. In this article, we will discuss how to use this method to change application-specific data on a device that is not rooted. The main steps are as follows:

Step 1: Backup the target app

Step 2: Remove the header information and save the file

Step 3: Make the necessary changes

Step 4: Get header information from the original ". AB" File

Step 5: Attach the modified content behind the header information

Step 6: Use the modified content to restore the backup

The following is an example of an actual apk to describe the entire operation process.

We first need to install the Star Command line tool, the download link is as follows: http://sourceforge.net/projects/adbextractor/

After downloading, switch to the directory of the Star Command line tool as follows:

Then run the following command to install the Star tool.

Dpkg-i Star_1.5final-2ubuntu2_i386.deb

In this article, we try to modify the contents of an instance program on a device that is not rooted. Let's first make a backup of the target application using the following command:

ADB backup-f Mybackup.ab com.ricebook.activity

　　

From the tablet you can see that the program prompts us to confirm the backup. So we need to click on the confirmation on the device (but the program used in this example does not need to be confirmed).

When we confirm it, it will create a ". Ab" suffix of the Andrope file. Typically, the first 24 bytes are headers. So we use the DD tool to remove the first 24 bytes and then compress it into a tar file, using the following command:

if=mybackup.ab bs= skip=1| OpenSSL zlib-d > Mybackup.tar

The above command reads the source file from the input and skips the 24 bytes of the header

Note that the following error may occur when you execute the above command:

' zlib ' is an invalid command,

The workaround is to install OpenSSL and patches. Reference Link: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html

: http://www.openssl.org/source/openssl-1.0.1k.tar.gz

Patch Address: Http://www.linuxfromscratch.org/patches/blfs/svn/openssl-1.0.1k-fix_parallel_build-1.patch

Compile and install:

Patch -np1-i. /openssl-1.0. 1k-fix_parallel_build-1. Patch &&. /config--prefix=/usr                  --openssldir=/etc/SSL          --libdir=lib                   gkfx                         zlib -dynamic && make

To test the compilation result:

 make Test

To install as root user:

 Make Mandir=/usr/share/maninstall &&install -dv-m755/usr/share/doc/openssl-1.0 . 1k  &&cp -VFR doc/*     /usr/share/doc/openssl-1.0.1k

After the backup is complete, use tar to create a ". List" file, which is guaranteed to be in the correct order when the backup is repackaged.

tar -tf mybackup. Tar >mybackup.list

Now we have the following documents:

Mybackup.ab: Backup files exported from the device

Mybackup.tar: Files generated from the DD command

Mybackup.list: List file generated from tar file

We create a new folder backup and put these files together with Abe.jar in the new folder.

We can extract the tar file using the following command:

tar -xf mybackup. Tar

As you can see, a new folder "apps" is generated. We can find application-related information in this directory.

View the Location_preferences.xml file with the following contents:

We use vim to change "Beijing" to "American".

Next we need to restore the modified file to the device.

In order to restore the modified file, you need to convert the file into (. ab) format and attach the ". Ab" File header back. The specific methods are:

First, use the Star command to create a ". Tar" file, and then attach the file header back.

Star-c-v-f Newbackup. tar -no-dirslash list=mybackup.list

Now we have the "Newbackup.tar" file. We then appended the original file header to the modified tar file.

DD if=mybackup.ab bs= count=1 of=newbackup.ab

As you can see, we've only copied a piece of paper. File is "Newbackup.ab"

The final step is to append the modified content behind the header, using the following command:

OpenSSL zlib- in Newbackup. tar >> newbackup.ab

At this point, our backup files are ready to be completed. We then use the following command to restore the backup file to the device:

ADB restore Newbackup.ab

得到如下信息：

In the case of the root of the phone we can go directly to the application's path to view the shared preferences file.

In the case of no root, you can view it by backing up the data to the local computer again.

You can see that the file has been modified:

What should we do to protect our applications?

If sensitive information is present in your app, you can deactivate the backup feature. You can modify the Androidmanifest.xml file to:

Android:allowbackup= "false"

Reference article:

http://forum.xda-developers.com/showthread.php?t=2011811

Http://nelenkov.blogspot.in/2012/06/unpacking-android-backups.html

Get APK local storage data with backup technology