How to test storage related findings - Android Platform - For rooted and non rooted devices

Add Comment

Recently I wrote article on Zero to Hero - Mobile Application Testing - Android Platform for beginners who like to learn mobile appsec.

I got many mails that how to find the storage related findings etc.

So writing this blog post for those who struggling finding bugs related to mobile storage OR those who don't know from where to start while hunting bug in mobile storage.
For those who are champ in mobile app sec just cheers.

So lets do this too.

1] For rooted device - Android 

Requirement:-

1] Android rooted device. OR Emulator (Genymotion)

2] Install the application which you need to test for the storage related findings in rooted device/emulator and browse entire application in-order to get some juicy fruits XD

Commands:- 

adb devices    => It will list the devices which is attached
adb shell        => It will give you the root access to your cell phone
cd /data/data  => Going in /data/data directory
ls                   => List directory contents



3] Now you need to find the file name of your application

In order to find the file name which you want simply follow below steps

3.1 -  After you do ls there are many file name which is populated

PS:- use su ls command if you are getting error such as opendir failed, Permission denied

3.2 -  In order to minimize your work type below command to find out the name of the file.

root@android:/data/data # ls > find.txt
[  ls > find.txt - This will create file name in the same directory]



root@android:/data/data # grep File_name_which_you_need_to_find find.txt

[ File_name_which_you_need_to_find -
  If you are not able to find or locate the name of the "file" or manifest file of the application, in that case RE the source code and decompile using jd-jui in that check the application name folder.
Pro tip to find the file name in the wild XD]

After you found the file name run below command to extract the application data

root@android:/data/data #adb pull /data/data/file_name_which_you_found C:\Users\Nilesh\Desktop\

The format of the pull request is simple, you start with the command adb pull, then add the file you are pulling and the location you want it to go.

OR

1] You can download ES file explorer in your mobile from play store.
2] Install the application which you need to test for the storage related findings in rooted device/emulator and browse entire application in-order to get some juicy fruits.
3] Browse to / Devices => data => data

Kindly refer below screenshot :-






Now search the file name of your application, download that and then check for the storage.


Some problem and its solution:- 

Some times while connecting your device/emulator if you face issue like
"error: more than one device" then follow below steps to connect to your emulator or device.

If you face any problem while taking shell of the device :-

Problem 1:- error: more than one device/emulator




How to solve:-

Command 1 => adb device -l
Which displays list of attached device






Command 2 => adb -s model:Google_Nexus_5___5_0_0___API_21___1080x1920  shell






2] Non rooted device- Taking backup to check storage


Requirement:-

1] Android phone - non rooted

2] Install the application which you need to test for the storage related findings, after installing browse the application thoroughly in-order to get some juicy fruits XD

3] Now check if you are able to connect your device over adb command.
    3.1 - In your mobile go to Settings => About phone => Build number => Tap 7 times
    3.2 - Now you can see under Settings you have a "Developer options" enabled.
    3.3 - Under "Developer options" Enable "USB debugging"






3.4  -  Now run the command "adb devices" to check your phone is connected or not



Steps to take the storage from non rooted android device :- 

1] Type command as "adb shell"  and then "ls"



2] Then type cd /data/data
You can not view this because your phone is not rooted.


3]  Now we need to find the manifest file of the application which we are testing. Which will look like as follow :-
com.example.app =>  This will be your application manifest file name which you want.
In order to find this name you need to install Manifest Viewer from the play-store.
After that open the Manifest viewer and find that application you will able to see the manifest file name.

4] Run the below command:-
adb backup -f backup.ab -noapk com.example.app



after that you will get the message as "Now unlock your device and confirm the backup operation."



Set the password as required by you and click on "Back up my data"
PS:- In your given path backup.ab file will be created.
Our path was C:\Users\Nilesh\Desktop

5]
Download android-backup-extractor from this link 

and then place your backup.ab file in the extracted folder


Now run the following command:-
 abe.jar unpack backup.ab  <outputfile.tar>

which will be

abe.jar unpack backup.ab anyfilename.tar

After that extract the tar file and check if you can find any storage related bugs.

I hope this helps.