How to crack EncryptedLocalStore in Adobe Air?

Question

Assume user Tom installed an Adobe Air app named X, and X stores some secret in EncryptedLocalStore; then Tom wants to crack EncryptedLocalStore (inspect and alter its content), how could he do that?

Thanks!

Answer 1

According to AS3 language reference:

The data in the encrypted local store is protected by the user’s operating system account credentials. Other entities cannot access the data in the store unless they can login as that user. However, the data is not secure against access by other applications run by an authenticated user. Thus, data that your application may want to keep secret from users, such as keys used for licensing or digital rights management, is not secure. The ELS is not an appropriate location for storing such information. It is only an appropriate place for storing a user’s private data, such as passwords.

Some notes about encryption:

AIR uses DPAPI on Windows, KeyChain on Mac OS and iOS, and KeyRing or KWallet on Linux to associate the encrypted local store to each application and user.

The encrypted local store uses AES-CBC 128-bit encryption.

On Android, the data stored by the EncryptedLocalStorage class are not encrypted.

Let's summarize:

• If someone can login to the user account, he can access the EncryptedLocalStore
• The EncryptedLocalStore is managed by the operating system, not AIR
• Data are encrypted but not on Android

If you want to crack such storage you would have to:

• Retrieve the content of the storage
• Break the encryption (which is pretty good)
• Find specification about parsing such data repository
• Write your own data reader