0

I am running a vulnerable android application on a rooted device using the Genymotion and i am trying to read shared preferences and a file in files directory inside different android application like: /data/data/xxxx/config.xml and /data/data/xxx/files/xxxx.xml

i am trying to read this data programmatically using a sample java application to show the data in logcat, but when i try to read the files, i get permission issue on the logcat.

The funny thing is the application is running on a rooted device, so i suppose to have access to other applications sharedpreferences.I need something like this, but show this in the logcat: https://lightsec.wordpress.com/2014/04/28/android-sharedpreferences-insecure-storage/.

I have also tries this answer, but it does not work:

Android: Retrieving shared preferences of other application

How can i retrieve all the available keys from sharedpreferences and show in logcat?

david milo
  • 1
  • 1

1 Answers1

2

Both of those links describe using the WORLD_XX constants as in the app you're trying to read from.

Literally no one in the world would use those constants, as they don't want their shared preferences to be read by others. Everyone uses the MODE_PRIVATE constant, so they can't be read by others.

To achieve this, you'll need to do the following:
1) Request Root Access in your app (Having a rooted phone is NOT enough). (A library like RootTools can help you do this)
2) After you get root access, then you have to read the raw .xml file from the file system, and parse it accordingly. Then you can read all the data, and even write to it if you wanted.

Sounds a bit like you're confusing having a rooted phone and your app having root access, those are different things.

Moonbloom
  • 7,738
  • 3
  • 26
  • 38
  • Thanks for your response, My issue is that when i want to change the permission of the xml file no matter using the roottools or androidshell and read it, supersu grant access dialogue appear and ask for grant that i do not know how to bypass it. The problem is that i need to demonstrate the client that it is possible to fetch the sharepreferences data without user interaction and even not adding the permission to androidmanifest, is this feasible? – david milo Jun 20 '17 at 20:53
  • Without user interaction? That is absolutely not possible, not even with root. When you request root access, the user gets prompted to accept or decline that your app should get root access, that dialog can't be circumvented by any means. – Moonbloom Jun 20 '17 at 21:41
  • @Moonbloom you know your stuff, thanks for sharing it! I'd buy you beer for sure! – Diego Palomar Feb 28 '18 at 22:50