前几天有个朋友问我怎么搞Android Forensics,说了半天我也不明白Forensics是干什么,然后他拿出作业,其实很简单,就是从Android的文件系统里面拷贝出通话记录/联系人记录 etc,ssh进去不就得了,我马上说,iPhone思维惯式很严重……不知道Android能不能越狱,在adb shell进去的那个shell里找不到ssh相关的东西,毕竟是个极精简的Linux,据说现在还跟Linux分道扬镳了。 然后找到了Busybox,这个东西以前登录路由器的时候常见到,总以为是个嵌入式Linux发行版,其实是一坨打包的GNU工具集,比如想用tar: /bin/busybox tar cjvf archive.tar.bz2 folder 参数可能少一点,但少的那些也很少用到。 有了这个东西就好办了,找到一个预编译的Busybox for Android,就不用自己交叉编译了,然后用adb push到模拟器里,打开adb shell,假设Busybox装到了/data/busybox,就可以用/data/busybox tar把/system和/data打包,存到/sdcard,这样隐私文件都保存到一个img镜像文件里了,在Linux上用mount -o loop加载,Android的文件系统就一览无遗啦。 简单看了以下,Android的用户数据都是存成了SQLite文件,比如联系人是存在/data/data/com.google.android.providers.contacts/databases/contacts.db,Firefox用SQLite Continue Reading →
-
Pages
-
Profiles
-
Categories
- Brain Storm (1)
- Gadget (9)
- Life (27)
- Misc (3)
- OS (52)
- Programming (26)
-
Archives
- May 2012
- April 2012
- March 2012
- January 2012
- October 2011
- September 2011
- July 2011
- May 2011
- April 2011
- March 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- April 2010
- March 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- March 2008
- December 2007
- January 2007
-
Links