Post Reply

[Q] .DATA Files in WP8 Isolated Storage

OP shadowD1026

2nd April 2014, 12:27 AM   |  #1  
OP Junior Member
Flag Seattle
Thanks Meter: 0
 
20 posts
Join Date:Joined: Feb 2014
More
Hello - I'm doing some security testing on a WP8 application. The isolated storage has a bunch of .DATA files. If I try and view these in notepad ++ it is gibberish. Any ideas on how to view the contents of these files? I'm assuming they are database files.
2nd April 2014, 06:30 PM   |  #2  
Recognized Developer
Flag Seattle
Thanks Meter: 2,708
 
5,731 posts
Join Date:Joined: Jan 2011
More
OK, first of all, you already asked this in another thread. DON'T DO THAT.

Without knowing what the app in question is - which I don't really expect you to tell me - I can't much help you. I assume this is a blackbox assessment, or you'd have checked the source code. If the app is managed code, you can try decompiling it (you can try this if it's native code too - IDA Pro supports ARM - but that's obviously more difficult).

The extension .DATA doesn't mean anything. There are only a few common database formats used on WP8, so it might be one of those... but then, it could also be encrypted so even if you figure out the format you'll need the key too. It could just be a flat text file that has been compressed and/or encrypted, for that matter. You could try checking the file for magic numbers, either manually using a hex editor or by checking the file using libmagic (on *nix systems, /bin/file is usually a front-end to libmagic and should be able to tell you if the file is, for example, a known compressed format).
The Following 2 Users Say Thank You to GoodDayToDie For This Useful Post: [ View ]
2nd April 2014, 07:19 PM   |  #3  
OP Junior Member
Flag Seattle
Thanks Meter: 0
 
20 posts
Join Date:Joined: Feb 2014
More
Quote:
Originally Posted by GoodDayToDie

OK, first of all, you already asked this in another thread. DON'T DO THAT.

Without knowing what the app in question is - which I don't really expect you to tell me - I can't much help you. I assume this is a blackbox assessment, or you'd have checked the source code. If the app is managed code, you can try decompiling it (you can try this if it's native code too - IDA Pro supports ARM - but that's obviously more difficult).

The extension .DATA doesn't mean anything. There are only a few common database formats used on WP8, so it might be one of those... but then, it could also be encrypted so even if you figure out the format you'll need the key too. It could just be a flat text file that has been compressed and/or encrypted, for that matter. You could try checking the file for magic numbers, either manually using a hex editor or by checking the file using libmagic (on *nix systems, /bin/file is usually a front-end to libmagic and should be able to tell you if the file is, for example, a known compressed format).

Sorry about posting in multiple spots. I figured I shouldnt ask multiple questions (diff topics) in one thread so I thought I would do a stand alone. Won't happen again. The vendor has told me that these files are encrypted...but I am also trying to get some more info on what that actually means and what they are doing for key storage.
4th April 2014, 07:39 AM   |  #4  
Recognized Developer
Flag Seattle
Thanks Meter: 2,708
 
5,731 posts
Join Date:Joined: Jan 2011
More
It's quite likely that the files are encrypted using the data protection API for WP8 apps (http://msdn.microsoft.com/en-us/libr...v=vs.105).aspx). From what I've read, that uses 3DES with a key derived from the user (probably meaning app) and system (probably meaning device-specific) identities. The key derivation and management is invisible to the user, though.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Windows Phone 8 Development and Hacking by ThreadRank