1 |
Figure - Ascii view of 010 hex editor with ktx template |
2 |
glInternalFormat |
3 |
0x93B0 |
4 |
COMPRESSED_RGBA_ASTC_4x4 (2) |
5 |
astc_decomp |
6 |
Figure 2 - Embedded plist for screentime notification |
7 |
WeeklyReportNotificationNegativeDeltaBody |
8 |
"Your screen time was down %@ last week, for an average of %@ a day." |
9 |
15% |
10 |
6 hours, 24 minutes |
11 |
"Your screen time was down 15% last week, for an average of 6 hours, 24 minutes a day." |
12 |
Figure 3 - Snippet of Localizable.strings plist |
13 |
WeeklyReportNotificationt**le |
14 |
Weekly Report Available |
15 |
protoc.exe (3) |
16 |
Figure - Allowed wire types fromhttps://developers.google.com/protocol-buffers/docs/encoding#structure |
17 |
protoc (2) |
18 |
string |
19 |
bytes |
20 |
Length-delimited |
21 |
varint |
22 |
addressbook.proto |
23 |
tester_pb |
24 |
types |
25 |
str |
26 |
The Google app keeps you in the know about things that matter to you. Find quick answers, explore your interests, and stay up to date with Discover. The more you use the Google app, the better it gets. Search and browse: - Nearby shops and restaurants - Live sports scores and schedules - Movies times, casts, and reviews - Videos and images - News, stock information, and more - Anything you’d find on the web |
27 |
Figure 1 - Google Search / Personal a***istant Bar |
28 |
Figure 2 - Folder 'recently' has no entries when no account was logged on. |
29 |
Figure 3 - Folder 'recently' has files when searches were performed after logging in |
30 |
[email protected] |
31 |
If you aren't familiar with protobuf decoding, read this. |
32 |
Figure 4 - Screenshot of search for"dolphin" |
33 |
Figure 5 - Screenshot for news article clicked from link in google app |
34 |
Figure 6 - .binarypb files |
35 |
Figure 7 - ALEAPP output showing Google App / Personal a***istant queries |
36 |
Figure 1 - File 1572840777639 - raw hex view (complete file not shown) |
37 |
..a language-neutral, platform-neutral extensible mechanism for serializing structured data. |
38 |
Figure 2 - XML usagestats snippet |
39 |
Figure 3 - aosp source code on github |
40 |
Figure 4 - usagestatsservice.proto file snippet |
41 |
your_proto_file |
42 |
package = com.android.settingspackage_index: 58last_time_active_ms: 663647total_time_active_ms: 4897app_launch_count: 3last_time_service_used_ms: -1572840673324last_time_visible_ms: 673237total_time_visible_ms: 25221 |
43 |
config { |
44 |
font_scale: 1.0 |
45 |
locales { |
46 |
language: "en" |
47 |
country: "US" |
48 |
} (5) |
49 |
screen_layout: 268435794 |
50 |
color_mode: 5 |
51 |
touchscreen: 3 |
52 |
keyboard: 2 |
53 |
keyboard_hidden: 1 |
54 |
hard_keyboard_hidden: 1 |
55 |
navigation: 1 |
56 |
navigation_hidden: 2 |
57 |
orientation: 1 |
58 |
screen_width_dp: 411 |
59 |
screen_height_dp: 659 |
60 |
smallest_screen_width_dp: 411 |
61 |
density_dpi: 560 |
62 |
window_configuration { |
63 |
app_bounds { |
64 |
right: 1440 (2) |
65 |
bottom: 2392 |
66 |
windowing_mode: 1 |
67 |
bounds { |
68 |
bottom: 2560 |
69 |
last_time_active_ms: 662163 |
70 |
total_time_active_ms: 37 |
71 |
count: 1 |
72 |
package = com.google.android.apps.nexuslauncher |
73 |
cla*** = com.google.android.apps.nexuslauncher.NexusLauncherActivity |
74 |
task root package = com.google.android.apps.nexuslauncher |
75 |
task root cla*** = com.google.android.apps.nexuslauncher.NexusLauncherActivity |
76 |
type = MOVE_TO_FOREGROUND |
77 |
time_ms: 34440 |
78 |
On to the next artifact.. |
79 |
Figure 1 - diskutil output showing a split Macintosh HD volume into two |
80 |
Bi-directional wormhole in path traversal. Firmlinks are used on the system volume to point to the user data on the data volume. |
81 |
Parent of root |
82 |
root |
83 |
private-dir |
84 |
Figure 2 - Contents of root showing files from both SYSTEM and DATA |
85 |
Read-only volume. |
86 |
<Backup.adb> |
87 |
They are backed up only if you specified the -keyvalue optionand are available on non-rooted devices too. |
88 |
Yes, you can get wifi pa***words from an adb backup now! |
89 |
Figure 1 - Snippet of Wifi saved settings from com.android.providers.settings.data showing SSIDs & pa***words |
90 |
Figure 2 - Data from 'global' key |
91 |
Figure 3 - Data from 'system' key |
92 |
Figure 4 - Data from 'secure' key |
93 |
Figure 5 - Data from 'softap_config' key |
94 |
Figure 6 - Data from 'lock_settings' key |