1
00:00:00,810 --> 00:00:06,090
For the next section we're going to be taking a look at the different ways of saving data and which

2
00:00:06,090 --> 00:00:08,490
ones are potentially insecure.

3
00:00:08,490 --> 00:00:12,920
And one thing that's going to help a lot with this is actually having access to a reading device or

4
00:00:12,930 --> 00:00:16,830
device that we can use super user with energy to do this.

5
00:00:16,830 --> 00:00:20,010
We can do it using emulators inside of Android Studio.

6
00:00:20,070 --> 00:00:24,480
So this doesn't require you to route a device or have your own routed device or actually a few that

7
00:00:24,480 --> 00:00:26,300
are built into Android Studio.

8
00:00:26,370 --> 00:00:29,960
But the way of accessing them is not always particularly clear.

9
00:00:29,970 --> 00:00:35,970
So I'm going to show you how to setup a routed device and access it through HDB through this through

10
00:00:35,970 --> 00:00:36,820
Android Studio.

11
00:00:37,770 --> 00:00:40,260
So we're going to create a virtual device as we typically do.

12
00:00:40,560 --> 00:00:46,400
And the devices that I like to use for these are any of the ones with the placed or icons on them.

13
00:00:46,830 --> 00:00:51,710
And usually for instance I would pick one that is just sort of like a generic device.

14
00:00:51,860 --> 00:00:57,360
There's generic devices are usually just like more compatible with the different images but it does

15
00:00:57,360 --> 00:01:01,580
it really matter in reality which when you pick really any of these will work.

16
00:01:01,710 --> 00:01:05,530
But I think without the placed or icon it's typically what we want to stick with.

17
00:01:05,550 --> 00:01:11,550
So I'm going to pick the five point four inch FTB VBA I will hit next.

18
00:01:11,550 --> 00:01:16,440
Now the image that we're using is also very important instead of using the typical recommended images

19
00:01:16,710 --> 00:01:24,290
we want to use an x 86 image and we want to use one that will not have the Google API included or.

20
00:01:24,330 --> 00:01:27,750
Well you can pick any of the ones in the Google API as well but you want to pick one from here that

21
00:01:27,750 --> 00:01:28,920
doesn't help like.

22
00:01:29,190 --> 00:01:33,510
The typical place setup the one I mean by that is essentially like when you're taking a look at these

23
00:01:33,510 --> 00:01:36,860
ones these ones are for specifically by Google Inc.

24
00:01:36,930 --> 00:01:39,400
And these ones are through the android open source project.

25
00:01:39,410 --> 00:01:41,160
So to give a little bit of background.

26
00:01:41,460 --> 00:01:46,530
Android is an open source operating system which means that anyone could build images of them the images

27
00:01:46,530 --> 00:01:51,600
that are in the 86 images are more generic and essentially the benefit of this is that we're able to

28
00:01:51,600 --> 00:01:56,700
do things such as like accessing the permissions on them rather than the ones that are built by Google

29
00:01:56,700 --> 00:02:01,440
which they have locked down to the point where you aren't able to access them without finding some form

30
00:02:01,440 --> 00:02:03,780
of exploit to be able to do that.

31
00:02:03,780 --> 00:02:10,190
So in this case I'm using the the PI one which is nine point so the 86 built so once you've selected

32
00:02:10,220 --> 00:02:13,400
the one that you want to use you can click next and then we'll give it a name.

33
00:02:13,400 --> 00:02:15,270
I'll just call this one name.

34
00:02:16,090 --> 00:02:22,840
I'll call it routed to because I already have one that's routed and we'll press finish.

35
00:02:22,980 --> 00:02:26,700
Now when we put this up we'll get the typical sort of android emulator device.

36
00:02:26,790 --> 00:02:31,620
This specific one that I picked has a bit of a larger resolution compared to the original one that we

37
00:02:31,620 --> 00:02:32,340
were working with.

38
00:02:32,370 --> 00:02:34,130
So I'm gonna go ahead and let this boot.

39
00:02:34,140 --> 00:02:38,920
And while that's booting up I'm gonna launch up my command line and what I want to do is going to demonstrate

40
00:02:38,920 --> 00:02:46,060
to you how you can enable the route permissions and the route aspects of Android through this device.

41
00:02:46,080 --> 00:02:51,480
So once you have the device put it up you're able to still utilize like ADP in the same place you could

42
00:02:51,480 --> 00:02:54,720
do a ADP shell to shell into the device.

43
00:02:54,720 --> 00:02:59,790
You can also use ADP install to install the applications onto the device that we've been using.

44
00:02:59,820 --> 00:03:03,500
The main thing is once you're inside of the shell typically we don't have full permissions.

45
00:03:03,520 --> 00:03:06,550
You can see here permissions are denied for instance.

46
00:03:06,630 --> 00:03:12,780
Now if you want to fix this you can just type in Eskew and this will escort you to super user which

47
00:03:12,780 --> 00:03:17,260
you can tell by the pound symbol that is now on the command line instead of the dollar sign.

48
00:03:17,280 --> 00:03:20,830
Once you have this you'll see that you know we can get the permission denied errors.

49
00:03:20,850 --> 00:03:23,520
This means that you are now a user on the device.

50
00:03:23,550 --> 00:03:25,280
So it's really as simple as this.

51
00:03:25,290 --> 00:03:31,140
Now again the reason I want to show you this is because there are specific folders such as data folders

52
00:03:31,140 --> 00:03:34,160
here that will store data for all of the applications.

53
00:03:34,170 --> 00:03:37,950
And as you can see as a root user we can access these files.

54
00:03:37,950 --> 00:03:42,960
So what are the times when people are making applications they'll see data to these files that is sensitive

55
00:03:42,960 --> 00:03:43,340
data.

56
00:03:43,740 --> 00:03:48,080
And if we're able to access it as a root user then it could potentially mean that there are vulnerabilities.

57
00:03:48,080 --> 00:03:52,920
For instance if they're stirring things like their api keys or something like that or the string data

58
00:03:52,920 --> 00:03:59,160
that database that is confidential to them then we might be able to access that and be able to exploit

59
00:03:59,160 --> 00:04:00,150
that information.

60
00:04:00,150 --> 00:04:04,860
So that's a we'll take a look at the next video for this I just want to show you how to get rid of device

61
00:04:04,860 --> 00:04:07,160
through the entry data ADP system.