creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/exploiting-insecure-data-storage-in-mobile/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

2.6 KiB
Raw Blame History

API Reference: Insecure Mobile Data Storage Detection

OWASP Mobile Top 10 — M9: Insecure Data Storage

Risk Areas

Storage Type Platform Risk
SharedPreferences Android HIGH (plaintext XML)
SQLite databases Both CRITICAL if unencrypted
Keychain (improper) iOS MEDIUM
External storage Android HIGH (world-readable)
Plist files iOS HIGH (plaintext)

Android Data Locations

App Private Storage

/data/data/<package>/shared_prefs/    # SharedPreferences XML
/data/data/<package>/databases/        # SQLite databases
/data/data/<package>/files/            # App files
/data/data/<package>/cache/            # Cache data

External Storage (World-Readable)

/sdcard/Android/data/<package>/

ADB Commands

Pull App Data

adb pull /data/data/com.target.app/ ./extracted/

List SharedPreferences

adb shell run-as com.target.app ls /data/data/com.target.app/shared_prefs/

Read SharedPreferences

adb shell run-as com.target.app cat shared_prefs/credentials.xml

SQLite Analysis

Python sqlite3

import sqlite3
conn = sqlite3.connect("app.db")
cursor = conn.cursor()
cursor.execute("SELECT name FROM sqlite_master WHERE type='table'")
for table in cursor.fetchall():
    cursor.execute(f"PRAGMA table_info({table[0]})")
    print(cursor.fetchall())

iOS Data Locations

App Sandbox

/var/mobile/Containers/Data/Application/<UUID>/
    Documents/
    Library/Preferences/     # NSUserDefaults (plist)
    Library/Caches/
    tmp/

Keychain

# Using keychain-dumper
./keychain-dumper -a

Frida Scripts for Data Storage Audit

Hook SharedPreferences (Android)

Java.perform(function() {
    var sp = Java.use("android.app.SharedPreferencesImpl$EditorImpl");
    sp.putString.implementation = function(key, value) {
        console.log("SharedPrefs PUT: " + key + " = " + value);
        return this.putString(key, value);
    };
});

Hook NSUserDefaults (iOS)

var NSUserDefaults = ObjC.classes.NSUserDefaults;
var orig = NSUserDefaults["- setObject:forKey:"];
Interceptor.attach(orig.implementation, {
    onEnter: function(args) {
        console.log("NSUserDefaults: " + ObjC.Object(args[3]) + " = " + ObjC.Object(args[2]));
    }
});

Secure Storage Alternatives

Platform Secure Method
Android EncryptedSharedPreferences, Android Keystore
iOS Keychain Services with kSecAttrAccessible
Both SQLCipher for encrypted databases
Reference in New Issue View Git Blame Copy Permalink