gnh1201/kakaotalk_analysis
1
0
Fork 0
mirror of https://github.com/stulle123/kakaotalk_analysis.git synced 2025-02-06 15:05:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update RECON.md

Browse Source
This commit is contained in:
stulle123 2023-04-26 22:43:42 +02:00 committed by GitHub
parent cb72775b82
commit 4a0d0e301c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
RECON.md
View File

@ -13,8 +13,65 @@ obbDir /storage/emulated/0/Android/obb/com.kakao.talk
packageCodePath /data/app/com.kakao.talk-wRI5HzbljAi9o-6SZLN55g==/base.apk packageCodePath /data/app/com.kakao.talk-wRI5HzbljAi9o-6SZLN55g==/base.apk
``` ```
Shared Preferences:
**TO-DO**: Check Shared Prefs for sensitive information.
```
FirebaseHeartBeatW0RFRkFVTFRd+MTo1NTIzNjczMDMxMzc6YW5kcm9pZDpiNjUwZmVmOGI2MDY1MzVm.xml
KakaoTalk.Qr.preferences.xml
KakaoTalk.bg.perferences.xml
KakaoTalk.calendar.preferences.xml
KakaoTalk.drawer.preferences.xml
KakaoTalk.fcm.xml
KakaoTalk.hw.perferences.xml
KakaoTalk.jordy.preferences.xml
KakaoTalk.locoLog.xml
KakaoTalk.more.perferences.xml
KakaoTalk.multiprofile.preferences.xml
KakaoTalk.music.preferences.xml
KakaoTalk.notification.channel_revision.xml
KakaoTalk.plusfriend.preference.xml
KakaoTalk.profile.preferences.xml
KakaoTalk.search.preferences.xml
KakaoTalk.shop.perferences.xml
KakaoTalk.vox.perferences.xml
KakaoTalk.warehouse.preferences.xml
WebViewChromiumPrefs.xml
com.google.android.gms.appid.xml
com.google.android.gms.measurement.prefs.xml
com.google.firebase.crashlytics.xml
com.kakao.adfit.preference.xml
com.kakao.talk_tiara.xml
d0ede325b798076919f0012eba6dab8b.xml
kakao.talk.item.store.preferences.xml
kakao.talk.openlink.preferences.xml
kakaotalk.cache.xml
talk_pass_preferences.xml
tiaraAB.xml
voiceMode.xml
zzng.xml
```
SQL databases (in `/data/user/0/com.kakao.talk/databases`):
```
KakaoTalk.db
KakaoTalk2.db
calendar_database
com.google.android.datatransport.events
crypto_database (password protected)
google_app_measurement_local.db
kakao_talk_pass.db
multi_profile_database.db
```
**TO-DO**: Find the password for the `crypto_database`.
Java interfaces with interesting Rest APIs (interface names generated by `jadx`): Java interfaces with interesting Rest APIs (interface names generated by `jadx`):
**TO-DO**: Add GET and POST requests. Use `sqlmap -r` to *fuzz* the Rest APIs.
``` ```
com.kakao.p129i.appserver.AppApi com.kakao.p129i.appserver.AppApi
com.kakao.talk.net.retrofit.BackupRestoreService com.kakao.talk.net.retrofit.BackupRestoreService
@ -31,6 +88,34 @@ e31.ReAuthService
p360hh.AuthApi p360hh.AuthApi
``` ```
## WebViews
**TO-DO**: Check for interesting [WebViews](./recon/nuclei_android_results.txt).
## Intents
**TO-DO**: Check for interesting [Intents](./recon/nuclei_android_results.txt).
## Native Libs
**TO-DO**: Check for memory corruption bugs in native libs (located in `/data/app/com.kakao.talk-wRI5HzbljAi9o-6SZLN55g==/lib/arm64`):
```bash
libACExternalCore.so libc++_shared.so libopencv_java4.so
libDSToolkitV30Jni.so libdialoid-apklib.so libpl_droidsonroids_gif.so
libDaumMapEngineApi.so libdigitalitem_image_decoder.so librenderscript-toolkit.so
libFaceprintex.so libdiskusage.so libsentry-android.so
libJniS1Pass.so libdream.so libsentry.so
libK3fAndroid.so libed25519_android.so libsgmain.so
libMagicMRSv2.so libespider.so libsqlcipher.so
libNSaferJNI.so libfincubescanner.so libtensorflowlite_jni.so
libSecOtp.so libglide-webp.so libtinytraceroute.so
libVoxCore.so libjingle_peerconnection_so.so libtoyger.so
libYaft.so libmcache.so
```
The code for `libed25519_android.so` can be found [here](https://github.com/dazoe/Android.Ed25519).
## Crypto ## Crypto
Android KeyStore Android KeyStore