Lab 5 - Basic Encryption

In this lab we will extract some sensitive information from the filesystem of the device. In this case the information we need will not be encrypted, and we simply need to find it.

Connect to the emulator with adb shell. You will be given shell access to the Android emulator.Browse to the data store of the app.

(server-env)sartre:AndroidLabs2 maxim$ adb shell
# cd /data/data/com.securitycompass.androidlabs.base
# ls
# cd shared_prefs
# ls

The information we want is in the preferences.xml file

# cat preferences.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<string name="serverpass">password</string>
<string name="localpasssalt">+tm+vXQuNL01T2caEwlG6XBj9ZrS9w5XfVk5EFV15SQ=
<string name="serveruser">jdoe</string>
<boolean name="firstrun" value="false" />
<string name="localpasshash">vt8O7P2Y1dPYjRJG/F7QXADtpc2/DxlvpYya2b/oSIA=

As you can see, the username and password are stored in the strings serveruser and serverpass (these are out of order, but present in the XML file).