WEBVTT 00:00.880 --> 00:07.690 Now, Android has a dictionary where words entered by a user can be saved for future auto correction. 00:09.410 --> 00:16.730 This user dictionary is available to any app without any special permissions or user can add potentially 00:16.730 --> 00:19.820 sensitive information such as a username to the dictionary. 00:20.480 --> 00:26.320 Well, we can get this sensitive information from out of this dictionary, and it's pretty easy. 00:26.840 --> 00:27.830 We show you how to do it. 00:29.630 --> 00:34.550 Users may add the sensitive information to the dictionary, but as you can see, when I select the string, 00:34.790 --> 00:38.200 add to dictionary what's not displayed anymore. 00:39.270 --> 00:44.250 So I guess this vulnerability was also fixed on Android 10. 00:46.780 --> 00:51.490 But why don't we take a look inside at where this dictionary is? 00:52.450 --> 00:59.140 And look even deeper inside of it so the dictionary can be retrieved just by using EDB. 01:00.650 --> 01:02.190 And we'll check the devices. 01:02.950 --> 01:04.550 OK, so we're connected. 01:05.490 --> 01:06.960 Run EDB Shell. 01:08.710 --> 01:18.550 Change directory to slash data, slash data, slash combat android providers, dot user dictionary slash 01:18.550 --> 01:19.630 databases. 01:21.000 --> 01:22.080 List of files. 01:24.020 --> 01:26.300 OK, so here's the user dictionary file. 01:27.330 --> 01:28.320 Exit the shell. 01:29.920 --> 01:31.780 And let's retrieve this file. 01:32.690 --> 01:34.940 So run, EDB, pull. 01:36.240 --> 01:39.310 Copy the location and paste. 01:39.780 --> 01:41.910 Finally, add the file name. 01:43.810 --> 01:45.970 OK, so now we've pulled the file. 01:48.370 --> 01:52.150 Of course, because its database file will open it with askew light. 01:53.870 --> 01:58.160 So we'll install it with the Apte install, as you like, three command. 02:01.200 --> 02:06.450 Just run ask you, like three user underscored Dick that Debbie. 02:07.990 --> 02:14.980 All right, so now we'll need to add a query to get this information to run Select Star from Worts. 02:18.130 --> 02:23.620 So as you can see, we couldn't get any information on Android 10, but you can follow these steps for 02:23.620 --> 02:25.370 older versions of Android. 02:26.020 --> 02:30.880 Well, look at the official walk through is for insecure bank and see what this vulnerability looks 02:30.880 --> 02:31.200 like. 02:31.600 --> 02:35.290 So we'll go to the GitHub page the app and open the walk through this folder. 02:36.430 --> 02:45.490 Click on keyboard cache vulnerability, download the document and open it with word or whatever your 02:45.490 --> 02:48.190 word processing program is. 02:49.350 --> 02:55.410 And as you can see, the add to dictionary option should appear when you select the word in the older 02:55.410 --> 02:56.280 version of Android. 02:57.490 --> 03:03.490 So after opening the database file and running this query, you should see the keyboard dictionary stored 03:03.490 --> 03:04.810 in plain text. 03:05.290 --> 03:06.100 All right, good work.