/andump

For Android Data Forensic

Primary LanguageShellGNU General Public License v3.0GPL-3.0

andump

License: GPL v3

For Android Data Forensic

The different data storage options available on Android:

  • Internal file storage: Store app-private files on the device file system.
  • External file storage: Store files on the shared external file system. This is usually for shared user files, such as photos.
  • Shared preferences: Store private primitive data in key-value pairs.
  • Databases: Store structured data in a private database.

My research https://enderspub.kubertu.com/android-security-research-crypto-wallet-local-storage-attack

Do-na-te

Just in case you love it!

paypal

Plan

  1. Dump data from Sandbox and external enclaves
  2. Print all sensitive data along with its file location
  3. Based on the rules file, this needs to be updated

Internal:

  1. /data/data

External:

  1. /mnt/sdcard/Android/data is a softlink to /sdcard/

Shared Preferences SQLite Databases Realm Databases Internal Storage External Storage

Version

Versions

Installation

./install.sh

Usage

-ls                   : List installed package
-p <packagename>      : Check if sensitive data stored in internal & external data
-l true -f <file.apk> : Check if insecure library is set
-h                    : Help

Example

For Data Forensic: ./andump.sh -p com.google.android

For Unreliable libraries: ./andump.sh -l true -d /home/appcode

You want to find your plaint-text password in the entire application structure from out and in sandbox data, you just need to insert them in /src/rules.txt and run ./andump.sh -p com.yourapp.android