WEBVTT 00:01.000 --> 00:05.260 So in this lecture, we'll continue with the Android manifest file. 00:06.850 --> 00:12.760 The insecure bank has the allowed back up attributes set to true in the manifest file. 00:13.930 --> 00:19.990 So what this does is allows an attacker to make a backup of the application data via EDB even if the 00:19.990 --> 00:21.310 device is not routed. 00:22.690 --> 00:24.050 All right, so let's get started. 00:26.390 --> 00:32.000 So I'm sure you remember that we detected that the app has an old backup attribute set to true in the 00:32.000 --> 00:32.810 manifest file. 00:34.220 --> 00:38.560 I can use the ATV backup command to create a backup of the application. 00:39.730 --> 00:41.740 Now, first we got to check the devices. 00:43.260 --> 00:47.130 All right, so let's run the ATV back up command. 00:52.120 --> 00:59.240 And you can see actually a warning has appeared on the screen so we can select back up my data. 00:59.600 --> 01:00.700 He. 01:01.590 --> 01:03.300 All right, so let's list the files. 01:05.390 --> 01:10.670 And this created a back up that a B file that must be unpacked. 01:12.220 --> 01:20.800 So we'll accomplish this by using a Beja and that stands for Android backup extractor file and that'll 01:20.800 --> 01:23.530 convert the backup file to a file. 01:24.930 --> 01:26.230 Right, so now it's downloaded. 01:27.170 --> 01:28.340 Opened up a Web browser. 01:29.280 --> 01:32.220 Search for GitHub, ABC da. 01:34.260 --> 01:37.040 Click on the first Web site, scroll down a bit. 01:38.620 --> 01:40.180 So we'll look at the syntax. 01:41.130 --> 01:49.320 We'll need to right unpack and if the backup file a name for the new thaat file, finally we can add 01:49.320 --> 01:51.390 a password for the compressed file. 01:53.160 --> 01:55.740 All right, so let's click on the releases page. 01:57.030 --> 01:59.640 Download the latest ABC Jar File. 02:03.020 --> 02:05.810 So I'm going to save it to the folder where the file back up is. 02:08.820 --> 02:10.650 All right, so now that is downloaded. 02:13.020 --> 02:19.440 Run Java, dash jar, jar, unpack, backup file. 02:21.460 --> 02:24.390 So give a name for the new file and set a password. 02:27.560 --> 02:31.610 All right, so here is a compressed file with the TAA extension. 02:33.130 --> 02:38.320 And we can uncompress it with the dash, the F parameter. 02:40.040 --> 02:43.880 And there you go, you can see the extracted files were saved in the apps folder. 02:46.370 --> 02:48.710 So why don't we have a little look inside the directories? 02:51.190 --> 02:57.490 Looking through the contents of the back up, we can see files such as my shared preferences and my 02:57.490 --> 03:02.230 DB and that contain sensitive information about users. 03:04.010 --> 03:09.380 And thanks to the cloud backup feature, it was pretty easy to get all the.