Add ADB commands for extracting private app data remotely from rooted device

[chibaku-cyber]

If a device is not rooted you can backup app data if ADB backup is enabled. However you can extract app data from any app remotely if device is rooted using these commands that are not listed. Steps to extract data:

1. First obtain root shell using command inside device shell x86_64:/ $ su
2. Make app directory readable x86_64:/ # chmod 777 /data/data/com.package
3. Copy data to Internal Storage x86_64:/ # cp -r /data/data/com.package /sdcard Note: Using ADB attacker cannot obtain data directly by using command " adb pull /data/data/com.package". He is compulsorily required to move data to Internal storage and then he can pull that data.
4. Then simply retrieve data using adb pull "/sdcard/com.package" Then you will simply have app's private data in your hand. An Attacker can abuse this data to perform malicious actions, like attacker can simply store this data in his own rooted device and can login as victim, or Attacker can extract various cookies and token from app's private data. I first exploited this bug to obtain and retrieve Android Chrome Login Data and extract usernames and passwords of victim. I have submitted this bug to google chrome team and you can check that out for more research and better commands. Here is link of Bug Report: https://bugs.chromium.org/p/chromium/issues/detail?id=1129358 Further I have also created tool for extraction of Android chrome Login Data. Here is link of tool https://github.com/chibaku-cyber/ADBstealer Please note that I am not maintaining tool actively and has lot of bugs, sometimes even it will not work. But sometimes it does its task correctly. After doing your own research and reading my report add commands for extracting app data.

[carlospolop]

Thanks mate! You can find this information here: https://book.hacktricks.xyz/pentesting/5555-android-debug-bridge