search

TamerPlatform / Tools_Repository

This repository will only hold issues around various Tools to be bundled in AndroidTamer
12 stars 5 forks source link

android backup vuln exploiting #347

Open pentagramz opened 6 years ago

pentagramz commented 6 years ago

android backup vuln exploiting , not possible in tamer .

Openssl issue , need to fix asap

pentagramz commented 6 years ago

adb backup com.package.test -f vuln.ab dd if=vuln.ab bs=24 skip=1| openssl zlib -d > vuln.tar tar -xvf vuln.tar

anantshri commented 6 years ago

Instead of openssl zlib did you tried.

zlib-flate -uncompress > backup.tar

you might have to install zlib-flate via

apt-get install qpdf

that might help

On Thu, Feb 15, 2018 at 1:27 PM, Blessen Thomas notifications@github.com wrote:

adb backup com.package.test -f vuln.ab dd if=vuln.ab bs=24 skip=1| openssl zlib -d > vuln.tar tar -xvf vuln.tar

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/AndroidTamer/Tools_Repository/issues/347#issuecomment-365850523, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOdK0oGdX1LgGHRV6Tl-0sWCIdr0-Uuks5tU-NbgaJpZM4SGcGZ .

anantshri commented 6 years ago

more details openssl has zlib disabled by upstream:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736186

recommended alternatives are zlib-flate

Other untest alternatives are

https://unix.stackexchange.com/questions/22834/how-to-uncompress-zlib-data-in-unix#comment67353_22837

To be clear modifying openssl library to add any extra support would require reocmpiling a larger arrray of tools which is totally out of scope for this project at this point coz of the sheer amount of work involved in it, hence better idea is to find alternatives.

-anant

On Thu, Feb 15, 2018 at 1:39 PM, Anant Shrivastava anant@anantshri.info wrote:

Instead of openssl zlib did you tried.

zlib-flate -uncompress > backup.tar

you might have to install zlib-flate via

apt-get install qpdf

that might help

On Thu, Feb 15, 2018 at 1:27 PM, Blessen Thomas notifications@github.com wrote:

adb backup com.package.test -f vuln.ab dd if=vuln.ab bs=24 skip=1| openssl zlib -d > vuln.tar tar -xvf vuln.tar

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/AndroidTamer/Tools_Repository/issues/347#issuecomment-365850523, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOdK0oGdX1LgGHRV6Tl-0sWCIdr0-Uuks5tU-NbgaJpZM4SGcGZ .

pentagramz commented 6 years ago

python

pentagramz commented 6 years ago

this may break drozer..!!