zoukankan      html  css  js  c++  java
  • Where is the clone one and how to extract it?

    One cannot be in two places at once. Do you know what's "Dual Apps"? Manufactures like Xiaomi,Oppo,Huawei offer "Dual Apps" feature which allows users to run two different accounts of the same app on his/her phone. Let's take "Facebook" for example. The scenario is that a suspect's phone running Android 7 and we have to extract his/her "Facebook", including the original one and the clone one.


    Now there are two Facebook Apps on suspect's phone. What's the clone one looks like? You could take a look as below. On the left side is the  original one and the other side is the clone one.

    Take a guess if you conduct "Downgrade Extraction" on suspect's phone to extract "Facebook", could you got both of these two "Facebook" without fail? The answer is "No". You only got the original one. So the question is: Where is the clone one and how to extract it? To achieve this, I borrow a rooted Xiaomi from a friend of mine and take a took. Very interesting there are two uid running the same app Facebook. u999? That's weird~

    I've looked everywhere to search for the clone one facebook. I want to  know exactly where it is. That's it. The path what Im looking for is /data/user/999/ .

    Of course the path may differ from brand to brand.  Now "Downgrade Extraction" could extract the original one, but not working on the clone one. The challenge for Mobile forensic tools is to extract both "Dual Apps" on phones running Android 7 or above.

  • 相关阅读:
    list extend 和 append
    构建同元素的列表
    Python拷贝(深拷贝deepcopy与浅拷贝copy)
    MySQL之对数据库库表的字符集的更改
    Shell之while循环
    安装keepalived
    Zabbix监控MySQL
    Ganglia监控MySQL
    将Nagios监控信息存入Mysql
    Hadoop之回收站
  • 原文地址:https://www.cnblogs.com/pieces0310/p/10720901.html
Copyright © 2011-2022 走看看