I haven’t done any Android development, so maybe this is wrong. But what I saw in \Android\data\com.x8bit.bitwarden
(suffixed with a random unique string, which can be found by running adb shell pm list packages
) are just the .apk files, and not the data.
The data is in the root: \data\com.x8bit.bitwarden
. This is not accessible without root permission. The other way is to use adb run-as
so that we can act as the package and have access to its private data. However it doesn’t work on production builds, only on debug builds.
Rooting the phone however will give sudo
/su
which should let me use adb shell
to go inside the actual data folder. I’ve never done rooting, and it seem to require downloading and installing a lot of untrusted software from random sources. I think I’ll do all that in a throwaway device first.
Then I’ll get the data.json
of a known master password, setup a JS script to run a bunch of combinations and see if it finds the known password. If all that works, then we have a prayer of getting it to work in the main device (assuming my friend wrote a valid hint that does represent the password).