Skip to content

MASTG-DEMO-0010: File System Snapshots from Internal Storage

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Sample

The snippet below shows sample code that creates a file on the internal storage using using the filesDir property of the context object.

MastgTest.kt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package org.owasp.mastestapp

import android.content.Context
import android.util.Log
import java.io.File
import java.io.FileOutputStream
import java.io.IOException

class MastgTest (private val context: Context){

    fun mastgTest(): String {
        mastgTestWriteIntFile()
        return "SUCCESS!!\n\nFile has been written to internal files dir"
    }

    private fun mastgTestWriteIntFile() {
        val internalStorageDir = context.filesDir
        val fileName = File(internalStorageDir, "secret.txt")
        val fileContent = "secr3tPa\$\$W0rd\n"

        try {
            FileOutputStream(fileName).use { output ->
                output.write(fileContent.toByteArray())
                Log.d("WriteInternalStorage", "File written to internal storage successfully.")
            }
        } catch (e: IOException) {
            Log.e("WriteInternalStorage", "Error writing file to internal storage", e)
        }
    }

}

Steps

  1. Install an app on your device.
  2. Execute run_before.sh which runs adb.
  3. Open an app and exercise it to trigger file creations.
  4. Execute run_after.sh.
  5. Close the app once you finish testing.
1
2
3
4
5
6
#!/bin/bash

# SUMMARY: This script creates a dummy file to mark a timestamp that we can use later
# on to identify files created while the app was being exercised

adb shell "touch /data/local/tmp/test_start"
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#!/bin/bash

# SUMMARY: List all files created after the creation date of a file created in run_before

adb shell "find /data/user/0/org.owasp.mastestapp/ -type f -newer /data/local/tmp/test_start" > output.txt
adb shell "rm /data/local/tmp/test_start"
mkdir -p new_files
while read -r line; do
  adb pull "$line" ./new_files/
done < output.txt

Observation

There is a list of all created files inside output.txt.

output.txt
1
/data/user/0/org.owasp.mastestapp/files/secret.txt

Their content is inside the ./new_files/ directory and contains:

A password:

new_files/secret.txt
1
secr3tPa$$W0rd

The file was created in /data/user/0/org.owasp.mastestapp/files/ which is equivalent to /data/data/org.owasp.mastestapp/files/.

Evaluation

This test fails because the file is not encrypted and contains sensitive data (a password). You can further confirm this by reverse engineering the app and inspecting the code.