Update RECON.md

2025-02-06 06:55:29 +00:00 · 2023-04-26 22:43:42 +02:00 · 2023-04-26 22:43:42 +02:00 · 4a0d0e301c
commit 4a0d0e301c
parent cb72775b82
1 changed files with 85 additions and 0 deletions
--- a/RECON.md
+++ b/RECON.md
@ -13,8 +13,65 @@ obbDir                  /storage/emulated/0/Android/obb/com.kakao.talk
 packageCodePath         /data/app/com.kakao.talk-wRI5HzbljAi9o-6SZLN55g==/base.apk
 ```

+Shared Preferences:
+
+**TO-DO**: Check Shared Prefs for sensitive information.
+
+```
+FirebaseHeartBeatW0RFRkFVTFRd+MTo1NTIzNjczMDMxMzc6YW5kcm9pZDpiNjUwZmVmOGI2MDY1MzVm.xml
+KakaoTalk.Qr.preferences.xml
+KakaoTalk.bg.perferences.xml
+KakaoTalk.calendar.preferences.xml
+KakaoTalk.drawer.preferences.xml
+KakaoTalk.fcm.xml
+KakaoTalk.hw.perferences.xml
+KakaoTalk.jordy.preferences.xml
+KakaoTalk.locoLog.xml
+KakaoTalk.more.perferences.xml
+KakaoTalk.multiprofile.preferences.xml
+KakaoTalk.music.preferences.xml
+KakaoTalk.notification.channel_revision.xml
+KakaoTalk.plusfriend.preference.xml
+KakaoTalk.profile.preferences.xml
+KakaoTalk.search.preferences.xml
+KakaoTalk.shop.perferences.xml
+KakaoTalk.vox.perferences.xml
+KakaoTalk.warehouse.preferences.xml
+WebViewChromiumPrefs.xml
+com.google.android.gms.appid.xml
+com.google.android.gms.measurement.prefs.xml
+com.google.firebase.crashlytics.xml
+com.kakao.adfit.preference.xml
+com.kakao.talk_tiara.xml
+d0ede325b798076919f0012eba6dab8b.xml
+kakao.talk.item.store.preferences.xml
+kakao.talk.openlink.preferences.xml
+kakaotalk.cache.xml
+talk_pass_preferences.xml
+tiaraAB.xml
+voiceMode.xml
+zzng.xml
+```
+
+SQL databases (in `/data/user/0/com.kakao.talk/databases`):
+
+```
+KakaoTalk.db
+KakaoTalk2.db                   
+calendar_database
+com.google.android.datatransport.events
+crypto_database (password protected)
+google_app_measurement_local.db
+kakao_talk_pass.db
+multi_profile_database.db
+```
+
+**TO-DO**: Find the password for the `crypto_database`.
+
 Java interfaces with interesting Rest APIs (interface names generated by `jadx`):

+**TO-DO**: Add GET and POST requests. Use `sqlmap -r` to *fuzz* the Rest APIs.
+
 ```
 com.kakao.p129i.appserver.AppApi
 com.kakao.talk.net.retrofit.BackupRestoreService
@ -31,6 +88,34 @@ e31.ReAuthService
 p360hh.AuthApi
 ```

+## WebViews
+
+**TO-DO**: Check for interesting [WebViews](./recon/nuclei_android_results.txt).
+
+## Intents
+
+**TO-DO**: Check for interesting [Intents](./recon/nuclei_android_results.txt).
+
+## Native Libs
+
+**TO-DO**: Check for memory corruption bugs in native libs (located in `/data/app/com.kakao.talk-wRI5HzbljAi9o-6SZLN55g==/lib/arm64`):
+
+```bash
+libACExternalCore.so            libc++_shared.so                libopencv_java4.so
+libDSToolkitV30Jni.so           libdialoid-apklib.so            libpl_droidsonroids_gif.so
+libDaumMapEngineApi.so          libdigitalitem_image_decoder.so librenderscript-toolkit.so
+libFaceprintex.so               libdiskusage.so                 libsentry-android.so
+libJniS1Pass.so                 libdream.so                     libsentry.so
+libK3fAndroid.so                libed25519_android.so           libsgmain.so
+libMagicMRSv2.so                libespider.so                   libsqlcipher.so
+libNSaferJNI.so                 libfincubescanner.so            libtensorflowlite_jni.so
+libSecOtp.so                    libglide-webp.so                libtinytraceroute.so
+libVoxCore.so                   libjingle_peerconnection_so.so  libtoyger.so
+libYaft.so                      libmcache.so
+```
+
+The code for `libed25519_android.so` can be found [here](https://github.com/dazoe/Android.Ed25519).
+
 ## Crypto

 Android KeyStore