So you got an Android application and you would like to temper with its configuration files? Nothing easier than that as long as you have a rooted Android phone, a sqlite editor and a text editor.<\/p>\n
I only wanted to temper with the databases of the app. I used this script (pull-databases.sh) to get the databases:<\/p>\n
\r\nAPP=com.example.theNameInYourAndroidManifest\r\nTMP=\/data\/local\/tmp\r\nAPP_UID=`adb shell dumpsys package $APP|grep userId=|cut -d " " -f 5|cut -d "=" -f 2`\r\n#after first run, maybe hardcode, so you can also push files when Android is still starting up and before the app started:\r\n#APP_UID=10000\r\necho "[+] Removing local folder"\r\nrm -r .\/$APP-databases\r\necho "[+] The applications UID and GID is:"\r\necho $APP_UID\r\necho "[+] Copying database to tmp dir"\r\nadb shell "su -c cp -r \/data\/data\/$APP\/databases $TMP\/$APP-databases"\r\necho "[+] chmoding tmp dir to 777"\r\nadb shell "su -c chmod -R 777 $TMP\/$APP-databases"\r\necho "[+] Pulling database"\r\nadb pull $TMP\/$APP-databases $APP-databases\r\necho "[+] Removing database in tmp"\r\nadb shell "su -c rm -r $TMP\/$APP-databases"\r\n<\/pre>\nYou might need to change the cut commands, as they might not work in every case. Then, to upload the databases back to the phone, use this script (push-databases.sh):<\/p>\n
\r\nAPP=com.example.theNameInYourAndroidManifest\r\nTMP=\/data\/local\/tmp\r\nAPP_UID=`adb shell dumpsys package $APP|grep userId=|cut -d " " -f 5|cut -d "=" -f 2`\r\n#after first run, maybe hardcode, so you can also push files when Android is still starting up and before the app started:\r\n#APP_UID=10000\r\necho "[+] The applications UID and GID is:"\r\necho $APP_UID\r\necho "[+] Pushing to tmp dir"\r\nadb push $APP-databases $TMP\/$APP-databases\r\necho "[+] Copying from tmp to app dir"\r\nadb shell "su -c cp -pr $TMP\/$APP-databases\/* \/data\/data\/$APP\/databases\/"\r\n#cp -p doesn't seem to preserver mode, but sets it to 666\r\necho "[+] chmoding app dir"\r\n#attention: 777, easy way out, but databases might have different flags...\r\nadb shell "su -c chmod -R 777 \/data\/data\/$APP\/databases"\r\nadb shell "su -c chmod 771 \/data\/data\/$APP\/databases"\r\necho "[+] removing tmp database"\r\nadb shell "su -c rm -r $TMP\/$APP-databases"\r\n#cp -p doesn't seem to preserve owner, but sets it to shell\r\necho "[+] chowning app dir"\r\nadb shell "su -c chown $APP_UID.$APP_UID \/data\/data\/$APP\/databases"\r\nadb shell "su -c chown $APP_UID.$APP_UID \/data\/data\/$APP\/databases\/*"\r\n<\/pre>\nIf you want to get the entire configuration of the app, you can use this script (pull-all.sh):<\/p>\n
\r\nAPP=com.example.theNameInYourAndroidManifest\r\nTMP=\/data\/local\/tmp\r\nAPP_UID=`adb shell dumpsys package $APP|grep userId=|cut -d " " -f 5|cut -d "=" -f 2`\r\n#after first run, maybe hardcode, so you can also push files when Android is still starting up and before the app started:\r\n#APP_UID=10000\r\necho "[+] Removing local folder"\r\nrm -r .\/$APP\r\necho "[+] The applications UID and GID is:"\r\necho $APP_UID\r\necho "[+] Copying app dir to tmp dir"\r\nadb shell "su -c cp -r \/data\/data\/$APP $TMP\/$APP"\r\necho "[+] chmoding tmp dir to 777"\r\nadb shell "su -c chmod -R 777 $TMP\/$APP"\r\necho "[+] Pulling app dir from tmp"\r\nadb pull $TMP\/$APP $APP\r\necho "[+] Removing app dir in tmp"\r\nadb shell "su -c rm -r $TMP\/$APP"\r\n<\/pre>\nAs I didn’t need to push the entire app configuration, I didn’t write a push-all.sh script. That could get messy with the permissions and I didn’t want to do a chmod 777. But of course you can do that if you like.<\/p>\n
These simple scripts got me some really nice results during pentests. Activate apps that I only had in the free version. Reset the app’s PIN lock count. Disable ads showing in the application.<\/p>\n","protected":false},"excerpt":{"rendered":"
So you got an Android application and you would like to temper with its configuration files? Nothing easier than that as long as you have a rooted Android phone, a sqlite editor and a text editor. I only wanted to … Continue reading