|
Fun stuff. classes.dex in the apk has some interesting strings: select * from js_injection where name=?
select * from pwd where hid>=? and hid<? order by hid
CREATE TABLE IF NOT EXISTS local_ap_info ( hid integer primary key autoincrement, ssid text, bssid text, security_level text,
pwd text, x_user text, x_pwd text, stat text, lati text, longi text, type text, html text, create_dt text, last_update_dt text)
CREATE TABLE IF NOT EXISTS private_ap_info(ID integer primary key autoincrement,ssid text,bssid text,security_level text,
pwd text,hid text,create_dt text,last_update_dt text,last_update_opr text,wkflg char(8))
CREATE TABLE IF NOT EXISTS unlock_ap(id integer primary key autoincrement,ssid text,bssid text,security_level text,
pwd text,uploaded integer(1))
Cleaned up your sqlite commands: sqlite> .tables
pwd
sqlite> .schema pwd
CREATE TABLE "pwd" ("password" TEXT NOT NULL );
sqlite> SELECT * FROM pwd;
a30e502c125899a41cb562a7a36b4bd0 c58675db0ba9266fb5307982e4368ab0 5631e619f6e280c0740704a25a8298f6 ...
Looks like it may not be fully seeded on install?Edit: Getting a different result for the database in the apk: $ sqlite3 ap8.db
SQLite version 3.8.10.1 2015-05-09 12:14:55
Enter ".help" for usage hints.
sqlite> .tables
android_metadata ap_info js_injection pwd
sqlite> .schema pwd
CREATE TABLE pwd(hid integer primary key autoincrement,pwd text);
sqlite> select * from pwd;
1|df5b74fb19b8b150bcf07bbb4e43456d
2|a1b574f8cf46c461f1e15fa52e3b2110
3|c8c28c03de3e02d7814d86b14dfcf1f5
4|7635726149e6d0f0e8f3e9224b8109dc
Most "pwd" are 32 chars long, some are 64 chars, and a few are 96 chars for some odd reason.ap_info, and js_injection tables are empty so you'd have to get at it after syncing to their servers. |
This from the ap8.db from the Android download. I didn't want to install this piece of shit on a real phone, the source does update and get a newer version.
This was an easy CTF.