Finding the Key
Now that SQLCipher has encrypted the database, our security problem shifts to “Where can we hide the key?” If we can find the key, then we’re going to be able to open the database, just like we did in Chapter 2. We can take the following steps to pull the APK off the device.
1. The APK is in the /data/app folder on the phone. It will also be called the same package name we used in the adb backup command but with -1.apk appended. The complete command to get the APK off the phone is the following:
adb pull /data/app/com.riis.sqlcipher-1.apk
2. Convert the APK back into a jar file using the dex2jar command:
dex2jar com.riis.sqlcipher-1.apk
3. We can now view the source using ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
