1
00:00:00,300 --> 00:00:02,250
‫Instructor: Hi, within this lecture,

2
00:00:02,250 --> 00:00:05,220
‫we're going to see how data is saved

3
00:00:05,220 --> 00:00:08,430
‫for our applications in Android operating system,

4
00:00:08,430 --> 00:00:11,760
‫and we're going to see how we can encrypt the cryptology

5
00:00:11,760 --> 00:00:13,590
‫in this application.

6
00:00:13,590 --> 00:00:16,050
‫So I'm going to open my terminal

7
00:00:16,050 --> 00:00:19,890
‫and we're going to use adb one more time,

8
00:00:19,890 --> 00:00:22,020
‫like we have done before, okay?

9
00:00:22,020 --> 00:00:25,470
‫So make sure you call adb shell

10
00:00:25,470 --> 00:00:27,570
‫in order to have a shell session

11
00:00:27,570 --> 00:00:29,880
‫with the current emulator over here.

12
00:00:29,880 --> 00:00:32,190
‫And once it's opened,

13
00:00:32,190 --> 00:00:35,430
‫you can run the commands that we have seen before,

14
00:00:35,430 --> 00:00:40,290
‫like am command, remember, in order to fire an intent.

15
00:00:40,290 --> 00:00:43,080
‫Rather than am, I'm gonna go for ls,

16
00:00:43,080 --> 00:00:46,569
‫which will give us to actually opportunity

17
00:00:46,569 --> 00:00:51,569
‫to browse the data inside of our Android device.

18
00:00:51,750 --> 00:00:55,860
‫So right now, I can go over to the data folder

19
00:00:55,860 --> 00:01:00,240
‫where I can find another data folder.

20
00:01:00,240 --> 00:01:02,190
‫As you can see, there are a lot of folders

21
00:01:02,190 --> 00:01:03,750
‫in our data folder.

22
00:01:03,750 --> 00:01:06,570
‫So Android operating system saves a lot

23
00:01:06,570 --> 00:01:09,390
‫of data, as you might guess,

24
00:01:09,390 --> 00:01:12,810
‫but this app-specific data is stored

25
00:01:12,810 --> 00:01:15,870
‫under the data folder under data folder.

26
00:01:15,870 --> 00:01:19,350
‫So you're gonna have to go for data, data.

27
00:01:19,350 --> 00:01:23,400
‫And as you can see, if you run ls -la,

28
00:01:23,400 --> 00:01:25,890
‫it will give you a look like this

29
00:01:25,890 --> 00:01:29,640
‫and you can see the folders with a list.

30
00:01:29,640 --> 00:01:32,370
‫So if you go over here to data

31
00:01:32,370 --> 00:01:34,560
‫by typing cd data,

32
00:01:34,560 --> 00:01:37,260
‫now you're inside of the folder

33
00:01:37,260 --> 00:01:40,920
‫where you can find the application's data.

34
00:01:40,920 --> 00:01:42,360
‫So if you run ls like this,

35
00:01:42,360 --> 00:01:45,210
‫you will see all the folders

36
00:01:45,210 --> 00:01:46,890
‫that are available to you

37
00:01:46,890 --> 00:01:49,680
‫and these are all my applications running

38
00:01:49,680 --> 00:01:51,330
‫on my emulator

39
00:01:51,330 --> 00:01:54,874
‫and all the data that are actually saved

40
00:01:54,874 --> 00:01:57,270
‫by those applications.

41
00:01:57,270 --> 00:02:01,470
‫So if we just browse into our own application,

42
00:02:01,470 --> 00:02:03,300
‫which is insecure banking,

43
00:02:03,300 --> 00:02:04,860
‫I can run ls

44
00:02:04,860 --> 00:02:07,770
‫and I can see the databases like that, right?

45
00:02:07,770 --> 00:02:11,100
‫So I have three folders over here like cache,

46
00:02:11,100 --> 00:02:13,890
‫code_cache, and databases.

47
00:02:13,890 --> 00:02:15,870
‫So let me run this it this way

48
00:02:15,870 --> 00:02:18,060
‫so that we can see it in a clear way.

49
00:02:18,060 --> 00:02:21,840
‫So cache, code_cache and databases.

50
00:02:21,840 --> 00:02:25,860
‫Over here, we generally have sharedPreferences.

51
00:02:25,860 --> 00:02:28,110
‫I'm gonna show you what it is.

52
00:02:28,110 --> 00:02:30,660
‫Let me go to databases

53
00:02:30,660 --> 00:02:34,530
‫and as you can see, I have some databases over here.

54
00:02:34,530 --> 00:02:39,530
‫So there isn't much to see in the databases folder right now

55
00:02:39,990 --> 00:02:42,540
‫because we don't, I believe,

56
00:02:42,540 --> 00:02:47,070
‫have kind of an SQLite thing going on here

57
00:02:47,070 --> 00:02:51,540
‫but we're gonna have to look for sharedPreferences as well.

58
00:02:51,540 --> 00:02:55,440
‫So sharedPreferences is a simple database

59
00:02:55,440 --> 00:02:57,840
‫or a database-like object

60
00:02:57,840 --> 00:03:00,480
‫that we can store simply values.

61
00:03:00,480 --> 00:03:02,940
‫Like if you want to store the username

62
00:03:02,940 --> 00:03:06,090
‫or if you want to store like a score of a game

63
00:03:06,090 --> 00:03:09,390
‫or a high score of a game in your database,

64
00:03:09,390 --> 00:03:14,100
‫you don't have to use a big structure like SQL or SQL.

65
00:03:14,100 --> 00:03:19,100
‫And you can actually use sharedPreferences for that purpose.

66
00:03:19,140 --> 00:03:20,970
‫For example, if I come over here

67
00:03:20,970 --> 00:03:25,650
‫and log in with a standard user like this,

68
00:03:25,650 --> 00:03:28,890
‫and I'm gonna have to give my server IP again.

69
00:03:28,890 --> 00:03:31,320
‫Click Submit and log in.

70
00:03:31,320 --> 00:03:36,030
‫Okay, now most probably, it will store some data

71
00:03:36,030 --> 00:03:37,860
‫in the sharedPreferences.

72
00:03:37,860 --> 00:03:39,120
‫It's very useful tool.

73
00:03:39,120 --> 00:03:41,940
‫We use it a lot in the Android development.

74
00:03:41,940 --> 00:03:45,300
‫And once I do that, it's actually being saved

75
00:03:45,300 --> 00:03:49,650
‫in this folder, in this very folder, cd/data/data

76
00:03:49,650 --> 00:03:52,050
‫package name and under over here,

77
00:03:52,050 --> 00:03:55,110
‫we're gonna have to see some sharedPreferences thing.

78
00:03:55,110 --> 00:04:00,110
‫So maybe if you actually browse into this sharedPreferences,

79
00:04:01,350 --> 00:04:05,280
‫so if you run ls, now we see the sharedPreferences folder,

80
00:04:05,280 --> 00:04:07,320
‫as you can see, okay?

81
00:04:07,320 --> 00:04:09,570
‫It hasn't been created before for me.

82
00:04:09,570 --> 00:04:10,770
‫Now I see this.

83
00:04:10,770 --> 00:04:11,910
‫So most probably,

84
00:04:11,910 --> 00:04:15,120
‫it actually saved the username and password.

85
00:04:15,120 --> 00:04:19,350
‫So let me try to find the username and password.

86
00:04:19,350 --> 00:04:21,420
‫So there is an XML over here.

87
00:04:21,420 --> 00:04:26,420
‫So SharedPreferences is stored in the XML file.

88
00:04:26,520 --> 00:04:27,480
‫Okay?

89
00:04:27,480 --> 00:04:31,650
‫And if we want to have a look at to this XML file,

90
00:04:31,650 --> 00:04:35,970
‫let me try if we have nano over here.

91
00:04:35,970 --> 00:04:38,790
‫So there isn't any nano.

92
00:04:38,790 --> 00:04:40,200
‫Yeah, nano is a text editor

93
00:04:40,200 --> 00:04:43,800
‫but I believe I don't have it on my Mac.

94
00:04:43,800 --> 00:04:45,960
‫So let's try vim.

95
00:04:45,960 --> 00:04:49,470
‫And yeah, I believe we don't have vim.

96
00:04:49,470 --> 00:04:51,120
‫So it's another text editor

97
00:04:51,120 --> 00:04:52,710
‫and I don't have it either.

98
00:04:52,710 --> 00:04:54,690
‫So let's just do cat.

99
00:04:54,690 --> 00:04:57,630
‫Cat mySharedPreferences.xml.

100
00:04:57,630 --> 00:05:00,270
‫And yeah, here you go, we see the content.

101
00:05:00,270 --> 00:05:05,010
‫As you can see, I can see the username and password,

102
00:05:05,010 --> 00:05:07,710
‫but they're actually encrypted.

103
00:05:07,710 --> 00:05:12,120
‫So there are two things to learn in this lecture.

104
00:05:12,120 --> 00:05:14,940
‫First, we have learnt how to see the data

105
00:05:14,940 --> 00:05:18,180
‫that is stored by our own application

106
00:05:18,180 --> 00:05:19,920
‫so that you can gather information

107
00:05:19,920 --> 00:05:21,780
‫about your application and how it works,

108
00:05:21,780 --> 00:05:24,033
‫and what kind of data it stores.

109
00:05:24,960 --> 00:05:27,060
‫And the second thing that we're going to learn

110
00:05:27,060 --> 00:05:29,400
‫is to how to look for encryptions

111
00:05:29,400 --> 00:05:31,830
‫and how to try and decrypt them.

112
00:05:31,830 --> 00:05:33,080
‫So as you can see,

113
00:05:33,080 --> 00:05:37,170
‫it actually does a good job encrypting the data

114
00:05:37,170 --> 00:05:40,830
‫so that it cannot be seen by other applications

115
00:05:40,830 --> 00:05:43,380
‫or the user itself.

116
00:05:43,380 --> 00:05:46,050
‫So it's encrypted over here.

117
00:05:46,050 --> 00:05:49,320
‫However, we can always try to decrypt it.

118
00:05:49,320 --> 00:05:52,519
‫So as you can see, this is the data

119
00:05:52,519 --> 00:05:56,180
‫and it looks like a standard encryption.

120
00:05:56,180 --> 00:05:59,097
‫It looks like an AES-256 encryption

121
00:06:02,400 --> 00:06:06,030
‫because it ends with these two equal signs most of the time.

122
00:06:06,030 --> 00:06:08,280
‫However, I'm not very sure of it,

123
00:06:08,280 --> 00:06:11,220
‫so I'm going to have a look at JDX.

124
00:06:11,220 --> 00:06:14,040
‫Okay, even if I'm sure of it,

125
00:06:14,040 --> 00:06:19,040
‫it isn't a very easy thing to decrypt that kind of thing.

126
00:06:19,740 --> 00:06:22,320
‫So I'm gonna go over to CryptoClass

127
00:06:22,320 --> 00:06:26,100
‫because that's where it's going to be most probably, right?

128
00:06:26,100 --> 00:06:28,350
‫So I'm going to have a look at

129
00:06:28,350 --> 00:06:31,170
‫and I will see that it's actually indeed

130
00:06:31,170 --> 00:06:35,373
‫an AES-256 encryption.

131
00:06:36,690 --> 00:06:40,230
‫And the actual developer is doing a good job

132
00:06:40,230 --> 00:06:42,960
‫to encrypt those values

133
00:06:42,960 --> 00:06:45,420
‫when they store it in the sharedPreferences.

134
00:06:45,420 --> 00:06:47,010
‫However, if we come over here,

135
00:06:47,010 --> 00:06:48,510
‫we can see all the source code,

136
00:06:48,510 --> 00:06:50,970
‫which is not very good for the developer.

137
00:06:50,970 --> 00:06:53,280
‫For example, we see the encrypt method

138
00:06:53,280 --> 00:06:56,280
‫and we see the decrypt method over here.

139
00:06:56,280 --> 00:06:58,230
‫And we see this key

140
00:06:58,230 --> 00:07:02,130
‫and it says that this is the super secret key 123.

141
00:07:02,130 --> 00:07:05,460
‫So the thing about the AES encryption

142
00:07:05,460 --> 00:07:07,770
‫is that we have to give a key

143
00:07:07,770 --> 00:07:09,720
‫and it uses that key

144
00:07:09,720 --> 00:07:13,110
‫in order to create an encryption algorithm

145
00:07:13,110 --> 00:07:14,730
‫or encryption mechanism.

146
00:07:14,730 --> 00:07:17,310
‫Okay, and if we have that key,

147
00:07:17,310 --> 00:07:21,180
‫it would be very easy for us to decrypt it as well.

148
00:07:21,180 --> 00:07:24,840
‫So since we can actually see the key over here,

149
00:07:24,840 --> 00:07:28,992
‫we can try to decrypt the values.

150
00:07:28,992 --> 00:07:30,480
‫So in order to do that,

151
00:07:30,480 --> 00:07:32,370
‫we can just use an online tool.

152
00:07:32,370 --> 00:07:36,330
‫We don't have to open Kali Linux for that reason only.

153
00:07:36,330 --> 00:07:41,330
‫So I'm gonna search for Decrypt AES-256 with key online.

154
00:07:42,810 --> 00:07:46,950
‫And it will take me to some online service most probably.

155
00:07:46,950 --> 00:07:48,933
‫There are a lot of online services for this,

156
00:07:48,933 --> 00:07:51,450
‫like one million results over here.

157
00:07:51,450 --> 00:07:54,510
‫And I'm just gonna go for the first one.

158
00:07:54,510 --> 00:07:57,210
‫You can choose another one if you want.

159
00:07:57,210 --> 00:07:58,440
‫And as you can see,

160
00:07:58,440 --> 00:08:00,300
‫it also does encryption

161
00:08:00,300 --> 00:08:03,630
‫but we're interested in the decryption side of this.

162
00:08:03,630 --> 00:08:06,960
‫So let me just copy and paste the values

163
00:08:06,960 --> 00:08:11,520
‫and try to find the related specifications

164
00:08:11,520 --> 00:08:13,424
‫over here like the input.

165
00:08:13,424 --> 00:08:16,530
‫So let me just come over here

166
00:08:16,530 --> 00:08:18,630
‫and just copy this.

167
00:08:18,630 --> 00:08:21,270
‫I know that this ends with two equal signs

168
00:08:21,270 --> 00:08:23,040
‫but in real time, if you don't know,

169
00:08:23,040 --> 00:08:24,750
‫you can just take the whole thing

170
00:08:24,750 --> 00:08:26,400
‫and try with that as well.

171
00:08:26,400 --> 00:08:27,750
‫So I'm gonna do that.

172
00:08:27,750 --> 00:08:30,390
‫I'm going to take the whole things over here

173
00:08:30,390 --> 00:08:31,650
‫and if it doesn't work,

174
00:08:31,650 --> 00:08:34,710
‫I'm just going to change it a little bit.

175
00:08:34,710 --> 00:08:35,883
‫I'm going to paste it.

176
00:08:37,710 --> 00:08:42,000
‫And let's see if this will cause any problem.

177
00:08:42,000 --> 00:08:44,100
‫So over here, for the mode,

178
00:08:44,100 --> 00:08:47,523
‫we're gonna go for CBC as we can see over here.

179
00:08:48,588 --> 00:08:52,507
‫So it's AES, CBC and it's 256.

180
00:08:53,610 --> 00:08:55,920
‫And we have to give a secret key.

181
00:08:55,920 --> 00:08:58,890
‫So this is why this is not secure.

182
00:08:58,890 --> 00:09:01,230
‫Since we can get this key over here,

183
00:09:01,230 --> 00:09:02,730
‫we can actually decrypt it.

184
00:09:02,730 --> 00:09:04,350
‫If we couldn't have that,

185
00:09:04,350 --> 00:09:09,120
‫it would be very actually hard for us to do.

186
00:09:09,120 --> 00:09:11,820
‫So as you can see,

187
00:09:11,820 --> 00:09:13,770
‫we have already decrypted it.

188
00:09:13,770 --> 00:09:15,510
‫We can see the username,

189
00:09:15,510 --> 00:09:18,660
‫like the #@123$.

190
00:09:18,660 --> 00:09:22,290
‫So let me try to just delete this and try one more time.

191
00:09:22,290 --> 00:09:23,160
‫Yeah, as you can see,

192
00:09:23,160 --> 00:09:25,530
‫we still get the same result over here.

193
00:09:25,530 --> 00:09:28,761
‫So I believe the things at the end

194
00:09:28,761 --> 00:09:33,761
‫are very not very vital to the encryption itself.

195
00:09:33,840 --> 00:09:36,810
‫But eventually, we get the username.

196
00:09:36,810 --> 00:09:40,620
‫So as you can see, if we try to dig deeper,

197
00:09:40,620 --> 00:09:43,110
‫if you try to understand every code

198
00:09:43,110 --> 00:09:44,550
‫in the application.

199
00:09:44,550 --> 00:09:46,650
‫We can find some vulnerabilities.

200
00:09:46,650 --> 00:09:50,130
‫And we can gather much more data using those vulnerabilities

201
00:09:50,130 --> 00:09:53,160
‫and we can eventually hack into the application

202
00:09:53,160 --> 00:09:55,590
‫using different techniques.

203
00:09:55,590 --> 00:09:59,070
‫So if you're gonna use AES encryption,

204
00:09:59,070 --> 00:10:04,070
‫make sure that you don't just give the key over here.

205
00:10:04,110 --> 00:10:05,400
‫Try to encrypt it

206
00:10:05,400 --> 00:10:08,760
‫or try to get it from the server itself

207
00:10:08,760 --> 00:10:12,000
‫so that users won't be able to see it,

208
00:10:12,000 --> 00:10:15,450
‫and they won't be able to hack it anyway.

209
00:10:15,450 --> 00:10:17,940
‫So here you go, that's it, it's it for this lecture.

210
00:10:17,940 --> 00:10:19,620
‫We're going to stop here

211
00:10:19,620 --> 00:10:21,060
‫and within the next lecture,

212
00:10:21,060 --> 00:10:25,203
‫we're going to have a look at another vulnerability.