Before I start this part of article I want to thanks all of you who have appreciated me for this series. I’m very excited to continue writing on WP8 application security testing.
Previous article we learned setup proxy with device and perform dynamic analysis on the WP8 Applications. In this article we are going to learn analysis of Isolated storage or local file system using Windows power tool.
In case you haven't rooted your device and wants to analysis dynamically local storage of the application, then this article will help you to check local storage of the application. You can able to check local storage or isolated storage for only developer signed apps using Unlocked device. If you haven't Unlocked your device yet then I recommend you to unlock your device using my part 1 article.
So next we need one developer signed application for our demo purpose right. In my previous article I mention found youtube developer signed app from XDA forum. You can also download this application for your learning purpose from here.
Isolated storage is used to store local data on a Windows Phone. It is "isolated" because other applications can't access this data.
All I/O operations are restricted to isolated storage and do not have direct access to the underlying OS file system, which helps to provide security and prevents unauthorized access and data corruption from other apps. If you want to share data between two applications, you will need some kind of cloud-based service that can share that data for you.
Microsoft has provided two way to store data locally for their developers. The first way is to collection of name/value pairs call IsolatedStorageSetting and other way is through the creation of actual files and folders called IsolatedStorageFile. We will check this later while doing static or reverse engineering analysis.
Windows Phone power Tool
As in my previous article I already written about Windows Phone Power Tool which is powerful tool to deploy WP8 Applications (Only developer signed App) and analysis isolated storage in device. We will use this tool for analysis dynamically storing data into device. If you want to install Windows Phone Power Tool please read my previous blog post.
Let deploy the Youtube application into device using WP power tool
You can see the information about the application in Dev Apps
Now we’ll going to inspect isolated storage. As you can see there is no data found at this time.
Lets use the application by exploring application functionality and save some data. You can also login into application using google account.
After using the application you can refresh the app in WP Power tool by right click on application. Now you can see there are bunch of data available for inspection.
Isolated Storage Explorer
This is one more tool which can help you to explore or modify dynamically storing data into device (isolated storage). You can download and install from here.
Isolated Storage Explorer (ISETool.exe)
Isolated Storage Explorer (ISETool.exe) is a command-line tool that is installed with the Windows Phone SDK. ISETool provide you to explore list of Isolated Storage or you can copy and replace the files into directories of the application.
This tool you can find from the following path.
C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\IsolatedStorageExplor
ISETool.exe <cmd[:param]> <target-device[:param]> <product-id> [<desktop-path>]<cmd[:param]> - Specifies the command to be executed (one of the following)ts -(takesnapshot) to download the contents of isolated store from <target-device> to desktoprs -(restoresnapshot) to upload the contents of isolated store from desktop to <target-device>dir - lists the contents of the device folder.EnumerateDevices - lists the valid device targets along with their device indices.<target-device[:param]> - Specifies the target device (one of the following)xd - default emulatorde - Windows Phone device connected to the desktopdeviceindex:n - device listed at index n. To get the list of devices use the following command"ISETool EnumerateDevices"<product-id> - Specifies the GUID of the product. This is located inWMAppManifest.xml file of the project<desktop-path> - desktop path for download and upload
To get the list of devices use the following command
If you want to get application Product ID or GUID of the product which is located in WMAppManifest.xml. In order to get manifest file you have change application extension .xap to .zip and extract the file. (Only this is for developer signed applications)
Now lists the Application contents of the device folder.
C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\IsolatedStorageExplorerTool\ISETool.exe dir de dcbb1ac6-a89a-df11-a490-00237de2db9e
Now to download the contents of isolated store from device to desktop.
C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\IsolatedStorageExplorerTool λ ISETool.exe ts de dcbb1ac6-a89a-df11-a490-00237de2db9e G:\test\
Now you can inspect all the file and folder manually. Later we will learn more about the individual files and their functionality.
In this article we learned about Isolated Storage, tools and technique to inspect isolated files and folders. You can analysis the data of application and how/which data storing inside isolated storage. Later will learn more about the file and their functionality in terms of security.