I’ve been working on pentesting mobile applications recently. My interest in mobile devices and mobile apps spawns from the fact that these little electronic devices have become so prevalent in our lives.
One thing that I do as part of my pentests is check what kind of information is persisted in an application backup. I’ll run a backup of the target application with adb backup , which by default creates a file called backup.ab in the directory from which I run the command.
To run my analyses on the backup file (which I do from my pentesting box), I have to convert the file to a format that is readable by my operating system. The android backup file format is rather simple: it is basically a compressed file that is pre-pended with metadata in binary format. In fact, most references you’ll find online provide instructions on how to do this with dd, openssl and tar. I’ve found this a bit janky but it makes sense, to a certain extent; after all, why reinvent the wheel?
I’ve had a few issues with this methodology lately. Nothing that can’t be circumvented, but it’s been irritating enough that I’ve decided to write a python script to address my need once and for all:
Hopefully the code is clear and documented enough to be understandable. The script doesn’t require any libraries that are difficult to find – in fact, there’s a good chance that you already have everything installed. Additionally, it addresses an issue that I’ve had with very large backup files: it doesn’t try to decompress the entire file at the same time, but does it in chunks of 1024 bytes.