Extracting application data using a rooted Android device Date: 2019-04-21 Android version: 9 (P...

Maybe someone else will find this helpful or interesting?

Get Started. It's Free
or sign up with your email address
Rocket clouds
Extracting application data using a rooted Android device Date: 2019-04-21 Android version: 9 (Pie) Brand: Motorola G7 Power by Mind Map: Extracting application data using a rooted Android device  Date: 2019-04-21 Android version: 9 (Pie) Brand: Motorola G7 Power

1. Requires su Currently using Magisk

1.1. As of 2019-04-21, this appears to be the best option available.

1.2. Systemless

1.2.1. Doesn't directly modify the system

1.3. Hides itself, so allows for apps like Google Pay and Pogo

2. SELinux

2.1. setenforce = 0

2.2. setenforce = 1

2.3. getenforce

2.4. Sometimes solves 'operation not permitted' error messages See weird gotchas for another thing that causes it.

3. Finding the data

3.1. find . -n "*unique*" 2>/dev/null

3.1.1. 2>/dev/null prevents your console from being flooded with error messages

3.2. Basic understanding of Android/Linux file system can help make informed decisions as to where to start

3.3. Also, helps to know a bit about the Magisk file system additions and what those folders represent/do

4. Extraction using `adb pull`

4.1. No coding/customization needed

4.2. Sometimes throws errors on certain folders/files; Example: /data/data

5. Extraction using `adb-sync`

5.1. Custom tool available on github

5.1.1. Made by Google

5.2. Allows user to pull or push only new and/or changed files

5.3. Usage: adb-sync -R src, dest

5.3.1. R denotes a pull operation

5.3.2. Lack of R option indicates a push operation

6. Weird gotchas

6.1. Line Endings If transferring scripts or data from Windows to Linux then you need to be sure to run `dos2unix` on the file before attempting to run it in Linux. It won't error in an obvious way and you could potentially spend a large amount of time trying to figure it out... like I did.

6.2. I found 'Operation Not Permitted' to also happen when attempting to cp (copy) a folder without the -R flag

6.3. Package not debuggable Happens when trying to run as the module user of the package

7. Commands I needed to look up or refresh myself on

7.1. Make new directories including all the directories in between the new path you lay out.

7.1.1. mkdir -p /sdcard/data/tmp/bin

7.1.1.1. Both tmp and bin don't exist yet in this scenario but -p allows them to be created at the same time.

7.2. Base for loops

7.2.1. inline example: for item in `cat somefile.txt`; do echo $item; done

7.2.2. external script example: #!/usr/bin for item in `cat somefile.txt`; do echo $item done

7.3. Cut piece of output to get data you need

7.3.1. Example starting string: root ls 2019-04-21 /root Example command: cut -f2 -d " " Returns: `ls`

7.4. Grep inversion; don't include results with this pattern: grep -v *somePatternToNotIncludeInTheResults*

7.5. Find folder or file via pattern

7.5.1. find . -name '*something*'

7.5.2. where . is the folder name is the attribute you're looking for * is a normal mask

7.6. 2>/dev/null

7.6.1. Append this to commands to suppress all error messages.

7.7. tee

7.7.1. Output to stdout and file

8. As of 2019-05-01

8.1. Google Play throws errors on most attempts to update apps

8.1.1. Tried removing it from Magisk Hide