Where is the clone one and how to extract it?
One cannot be in two places at once. Do you know what's "Dual Apps"? Manufactures like Xiaomi,Oppo,Huawei offer "Dual Apps" feature which allows users to run two different accounts of the same app on his/her phone. Let's take "Facebook" for example. The scenario is that a suspect's phone running Android 7 and we have to extract his/her "Facebook", including the original one and the clone one.
Now there are two Facebook Apps on suspect's phone. What's the clone one looks like? You could take a look as below. On the left side is the original one and the other side is the clone one.
Take a guess if you conduct "Downgrade Extraction" on suspect's phone to extract "Facebook", could you got both of these two "Facebook" without fail? The answer is "No". You only got the original one. So the question is: Where is the clone one and how to extract it? To achieve this, I borrow a rooted Xiaomi from a friend of mine and take a took. Very interesting there are two uid running the same app Facebook. u999? That's weird~
I've looked everywhere to search for the clone one facebook. I want to know exactly where it is. That's it. The path what I\m looking for is /data/user/999/ .
Of course the path may differ from brand to brand. Now "Downgrade Extraction" could extract the original one, but not working on the clone one. The challenge for Mobile forensic tools is to extract both "Dual Apps" on phones running Android 7 or above.
- Colored SQL--How to force the AWR to capture a specified SQL even if it is not the top one
- What is the PPA and How to do with it ?
- How to create a StackOverflowException. And how to figure out where it is happening.
- Introduction to COM - What It Is and How to Use It.(ZT)
- “API design is like sex: Make one mistake and support it for the rest of your life.”
- [Err] 1418 - This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creator【s
- Windows 7: What is Account Auditing And How To Enable It
- know how it works is the best way to understand all
- Working on your thesis: how to get started and how to keep it going?
- (Page 1 of 3 )A walking tour of JavaBeans What JavaBeans is, how it works, and why you want to use it
- How do I fix the linker error in project upgraded from VS2010 to VS2013 where the linker is looking
- How to Export and Import the AWR Repository From One Database to Another (文档 ID 785730.1)
- 32-bit Assembler is Easy, why and how to develop using the assembler; start learning to program in Assembly now!
- ext4 file systems and the 16 TB limit – how to *solve* it
- Science Says This Is How to Make the Perfect First Impression You only get one chance for a first i
- a survey about how to make a file dynamically and offer it to download,but still not save the file!
- Understanding the SharePoint calendar and how to export it to iCal format
- Introduction to COM - What It Is and How to Use It.
- DeprecationWarning: Calling an asynchronous function without callback is deprecated. - how to find where the “function:” is?
- (Page 2 of 3 )A walking tour of JavaBeans 2 :What JavaBeans is, how it works, and why you want to use it