Skip to content

MASTG-DEMO-0010: File System Snapshots from Internal Storage

Download MASTG-DEMO-0010 APK Open MASTG-DEMO-0010 Folder Build MASTG-DEMO-0010 APK

Sample

The snippet below shows sample code that creates a file on the internal storage using using the filesDir property of the context object.

MastgTest.kt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package org.owasp.mastestapp

import android.content.Context
import android.util.Log
import java.io.File
import java.io.FileOutputStream
import java.io.IOException

class MastgTest (private val context: Context){

    fun mastgTest(): String {
        mastgTestWriteIntFile()
        return "SUCCESS!!\n\nFile has been written to internal files dir"
    }

    private fun mastgTestWriteIntFile() {
        val internalStorageDir = context.filesDir
        val fileName = File(internalStorageDir, "secret.txt")
        val fileContent = "secr3tPa\$\$W0rd\n"

        try {
            FileOutputStream(fileName).use { output ->
                output.write(fileContent.toByteArray())
                Log.d("WriteInternalStorage", "File written to internal storage successfully.")
            }
        } catch (e: IOException) {
            Log.e("WriteInternalStorage", "Error writing file to internal storage", e)
        }
    }

}

Steps

  1. Install an app on your device.
  2. Execute run_before.sh which runs adb.
  3. Open an app and exercise it to trigger file creations.
  4. Execute run_after.sh.
  5. Close the app once you finish testing.
1
2
3
4
5
6
#!/bin/bash

# SUMMARY: This script creates a dummy file to mark a timestamp that we can use later
# on to identify files created while the app was being exercised

adb shell "touch /data/local/tmp/test_start"
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#!/bin/bash

# SUMMARY: List all files created after the creation date of a file created in run_before

adb shell "find /data/user/0/org.owasp.mastestapp/ -type f -newer /data/local/tmp/test_start" > output.txt
adb shell "rm /data/local/tmp/test_start"
mkdir -p new_files
while read -r line; do
  adb pull "$line" ./new_files/
done < output.txt

Observation

There is a list of all created files inside output.txt.

output.txt
1
/data/user/0/org.owasp.mastestapp/files/secret.txt

Their content is inside the ./new_files/ directory and contains:

A password:

new_files/secret.txt
1
secr3tPa$$W0rd

The file was created in /data/user/0/org.owasp.mastestapp/files/ which is equivalent to /data/data/org.owasp.mastestapp/files/.

Evaluation

This test fails because the file is not encrypted and contains sensitive data (a password). You can further confirm this by reverse engineering the app and inspecting the code.