Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,806,147 Members 48,574 Now Online
XDA Developers Android and Mobile Development Forum

[Q] .DATA Files in WP8 Isolated Storage

Tip us?
 
shadowD1026
Old
#1  
Junior Member - OP
Thanks Meter 0
Posts: 20
Join Date: Feb 2014
Location: Seattle
Default [Q] .DATA Files in WP8 Isolated Storage

Hello - I'm doing some security testing on a WP8 application. The isolated storage has a bunch of .DATA files. If I try and view these in notepad ++ it is gibberish. Any ideas on how to view the contents of these files? I'm assuming they are database files.
 
GoodDayToDie
Old
#2  
Recognized Developer
Thanks Meter 2,699
Posts: 5,680
Join Date: Jan 2011
Location: Seattle
OK, first of all, you already asked this in another thread. DON'T DO THAT.

Without knowing what the app in question is - which I don't really expect you to tell me - I can't much help you. I assume this is a blackbox assessment, or you'd have checked the source code. If the app is managed code, you can try decompiling it (you can try this if it's native code too - IDA Pro supports ARM - but that's obviously more difficult).

The extension .DATA doesn't mean anything. There are only a few common database formats used on WP8, so it might be one of those... but then, it could also be encrypted so even if you figure out the format you'll need the key too. It could just be a flat text file that has been compressed and/or encrypted, for that matter. You could try checking the file for magic numbers, either manually using a hex editor or by checking the file using libmagic (on *nix systems, /bin/file is usually a front-end to libmagic and should be able to tell you if the file is, for example, a known compressed format).
Win8/Windows RT projects:
List of desktop apps for hacked RT devices

WP8 projects:
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool

WP7 projects:
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.


Do not private message me with questions that should have been posted on the forum! Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.
The Following 2 Users Say Thank You to GoodDayToDie For This Useful Post: [ Click to Expand ]
 
shadowD1026
Old
#3  
Junior Member - OP
Thanks Meter 0
Posts: 20
Join Date: Feb 2014
Location: Seattle
Quote:
Originally Posted by GoodDayToDie View Post
OK, first of all, you already asked this in another thread. DON'T DO THAT.

Without knowing what the app in question is - which I don't really expect you to tell me - I can't much help you. I assume this is a blackbox assessment, or you'd have checked the source code. If the app is managed code, you can try decompiling it (you can try this if it's native code too - IDA Pro supports ARM - but that's obviously more difficult).

The extension .DATA doesn't mean anything. There are only a few common database formats used on WP8, so it might be one of those... but then, it could also be encrypted so even if you figure out the format you'll need the key too. It could just be a flat text file that has been compressed and/or encrypted, for that matter. You could try checking the file for magic numbers, either manually using a hex editor or by checking the file using libmagic (on *nix systems, /bin/file is usually a front-end to libmagic and should be able to tell you if the file is, for example, a known compressed format).
Sorry about posting in multiple spots. I figured I shouldnt ask multiple questions (diff topics) in one thread so I thought I would do a stand alone. Won't happen again. The vendor has told me that these files are encrypted...but I am also trying to get some more info on what that actually means and what they are doing for key storage.
 
GoodDayToDie
Old
#4  
Recognized Developer
Thanks Meter 2,699
Posts: 5,680
Join Date: Jan 2011
Location: Seattle
It's quite likely that the files are encrypted using the data protection API for WP8 apps (http://msdn.microsoft.com/en-us/libr...v=vs.105).aspx). From what I've read, that uses 3DES with a key derived from the user (probably meaning app) and system (probably meaning device-specific) identities. The key derivation and management is invisible to the user, though.
Win8/Windows RT projects:
List of desktop apps for hacked RT devices

WP8 projects:
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool

WP7 projects:
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.


Do not private message me with questions that should have been posted on the forum! Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes