Mastering SQLite3 on Android

Read SIM card info

 sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select icc_id,card_id,carrier_name,display_name,mcc,mnc from siminfo'

Retrieve table names

adb shell sqlite3 -line <database_file> "SELECT name FROM sqlite_master WHERE type='table';"

Dump all data from a table

adb shell sqlite3 -line <database_file> "SELECT * FROM <table_name>;"

Dumps all schemas and tables from all .db

find /data/data -type f -name "*.db" -exec sh -c 'echo "Dumping schema for $1"; sqlite3 -line "$1" ".schema"' _ {} \;

Dump data from multiple databases

#!/bin/bash

find /data/data -type f -name "*.db" -exec sh -c '
     echo "-----------------------------------"
    dbfile="$1"
    echo -e "Processing database file: \e[1;32m$dbfile\e[0m"
    for table in $(sqlite3 "$dbfile" ".tables"); do
        echo "Dumping data from table: $table"
          echo "-----------------------------------"
        sqlite3 -line "$dbfile" "SELECT * FROM \"$table\""
    done
' _ {} \;

Dump data from multiple databases (parallel execution)

This was used when I was trying to find my pincode back in the days before this was solved in a recent vulnerability

#!/bin/sh

directory="/data/data"
find "$directory" -name "*.db" -print0 | xargs -0 -n1 -P4 sh -c '
    database_file="$1"
    echo "-----------------------------------"
    echo "Dumping data from database: $database_file"
    echo "-----------------------------------"
    table_names=$(sqlite3 "$database_file" ".tables")
    for table_name in $table_names; do
        echo "Dumping data from table: $table_name"
        sqlite3 -line "$database_file" "SELECT * FROM \"$table_name\";"
        echo
    done
' sh|grep -i "<foo>"

find /data/data -type f -name "*.db" -exec sh -c '
dbfile="$1"
if sqlite3 "$dbfile" .schema >/dev/null 2>&1; then
    echo "-----------------------------------"
    echo "Processing database file: $dbfile"
    for table in $(sqlite3 "$dbfile" ".tables"); do
        echo "Dumping data from table: $table"
        echo "-----------------------------------"
        sqlite3 -line "$dbfile" "SELECT * FROM \"$table\"" | grep foo | while read -r line; do
            echo "$dbfile: $line"
        done
    done
else
    echo "Skipping non-database file: $dbfile"
fi
' _ {} \;

Access the log file containing previous commands

adb shell su -c cat /data/user_de/0/com.android.providers.telephony/Log/FileLog0.log

Read carrier information

adb shell su -c cat //data/user_de/0/com.android.providers.telephony/files/carrierconfig-com.android

Read Lock Settings from the telephony database

adb shell sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from locksettings;'

Read SIM card information from the telephony database

LocalesPrint all data from CarrierSelect all daata from original tablePrint all esim and sim info

sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from android_metadata'

sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from carrier'

sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from original'

sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from siminfo'

Do we have esim active

1 = True
0 = False

sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select * from siminfo;'|grep -i "embedded"

Print active phone number

sqlite3 -list /data/user_de/0/com.android.providers.telephony/databases/telephony.db 'select phone_number_source_ims from siminfo;' | grep -Eo --color=never '\+46[0-9]{7,10}'

Grab all file extensions of a kind and download to PC

for i in `adb shell "su -c find /data /system -name '*.key'"`; do 
   mkdir -p ".`dirname $i`";adb shell "su -c cat $i" > ".$i";
done"

Bypass Google Pay Block

* Stop wallnetfcrel

```bash
am force-stop /data/data/com.google.android.apps.walletnfcrel
```

* Hide root for Google apps:

```bash
for google_apps in $(cmd package list packages|grep -i com.google |cut -d: -f2); do 
    magiskhide add ${google_apps}; 
done      
```

Print ICCID from the qcril_manual_prov_table in qcril.db

```bash
sqlite3 /data/vendor/radio/qcril.db 'select ICCID from qcril_manual_prov_table'
```

Print data in .db files (clean)

grep -vx -f <(adb shell sqlite3 <database_file> .dump) <(adb shell sqlite3 <database_file> .schema)

Update dg.db file

adb shell sqlite3 /data/data/com.google.android.gms/databases/dg.db "update main set c='0' where a like '%attest%';"

Grab all file extensions of a specific kind and download them to PC

for i in `adb shell su -c find /data /system -name '*.key'`; do 
   mkdir -p ".`dirname $i`";adb shell su -c cat $i > ".$i";
done

Find all database files (`*.db`) recursively in the specified directory

directory="/data/data"
database_files=$(adb shell find "$directory" -name "*.db")

# Iterate over each database file
for database_file in $database_files; do
  echo "Database file: $database_file"

  # Get the table names from the database file
  table_names=$(adb shell sqlite3 -line "$database_file" "SELECT name FROM sqlite_master WHERE type='table';")

  # Iterate over each table and dump the data
  for table_name in $table_names; do
    echo "Dumping data from table: $table_name"
    adb shell sqlite3 -line "$database_file" "SELECT * FROM $table_name;"
    echo
  done

  echo "-----------------------------------"
done

Dump data from multiple databases (null-separated)

directory="/data/data"
find "$directory" -name '*.db' -print0 | xargs -0 -n1 -P 10 sh -c '
    database_file="$0"
    echo "Database file: $database_file"

    table_names=$(adb shell sqlite3 -line "$database_file" "SELECT name FROM sqlite_master WHERE type='"'"'table'"'"';")
    for table_name in $table_names; do
        echo "Dumping data from table: $table_name"
        adb shell sqlite3 -line "$database_file" "SELECT * FROM $table_name;"
        echo
    done

    echo "-----------------------------------"
' \;

Send a long press event for KEYCODE_VOLUME_UP

adb shell input keyevent --longpress KEYCODE_VOLUME_UP

Send a long press event for KEYCODE_VOLUME_DOWN

adb shell input keyevent --longpress KEYCODE_VOLUME_DOWN

Send key events for volume up/down

for i in {0..50}
do
  echo "Trying function ID: $i"
  adb shell service call audio $i i32 3 i32 1 i32 1
  sleep 1
done

Send key events using getevent

adb shell getevent -l | awk '{ system("adb shell input keyevent " $4) }'

Print everything from carriers (APN etc)

echo 'select * from carriers;'|sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db

Print GPS chip info

cat /data/vendor/gps/chip.info ;echo
Broadcom,BCM4775,545188

Print APN value from telephony.db

$ echo 'select apn from carriers;'|sqlite3 -line /data/user_de/0/com.android.providers.telephony/databases/telephony.db |grep \S
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = VZWIMS
apn = COMCAST.RSLR.VZWENTP
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = gprs.BASE.be
apn = mms.BASE.be
apn = IMS
apn = IMS
apn = CARREFOURMMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = IMS
apn = VSBLINTERNET
apn = VSBLINTERNET
apn = VSBLIMS
apn = VSBLAPP
apn = VSBLADMIN
apn = VSBLINTERNET
apn = VSBLIMS
apn = VSBLAPP
apn = VSBLADMIN
apn = IMS
apn = VSBLADMIN
apn = VSBLIMS
apn = VSBLAPP
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = SATURNmobil
apn = SATURNmobil
apn = SATURNmobil
apn = SATURNmobil
apn = SATURNmobil
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = webSP
apn = mmsSP
apn = IMS
apn = MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = IMS
apn = HOS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = HOS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = IMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = Solavei
apn = VZWIMS
apn = VZWIMS
apn = OEMSETUPA
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = IMS
apn = VSBLINTERNET
apn = VSBLADMIN
apn = VSBLIMS
apn = VSBLAPP
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = VZWIMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = MMS
apn = SMARTNET
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = TATA.DOCOMO.MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = AWCC MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = MMS
apn = MMS
apn = IMS
apn = IMS
apn = Sphone
apn = IMS
apn = IMS
apn = MMS
apn = MMS
apn = hcmMMS
apn = MCI-GPRS
apn = MCI-GPRS
apn = MCI-GPRS
apn = MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = HOS
apn = HOS
apn = SUNMobile
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = SUNMobile
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = SmarTone
apn = SmarTone
apn = HOS
apn = SmarTone
apn = HOS
apn = HOS
apn = HOS
apn = SUNMobile
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = HOS
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = HOS
apn = HOS
apn = IMS
apn = HOS
apn = HOS
apn = IMS
apn = HOS
apn = IMS
apn = AXIS
apn = AXIS
apn = Smartfren4G
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = Smartfren4G
apn = IMS
apn = TPGMMS
apn = IMS
apn = IMS
apn = OoredooMMS
apn = IMS
apn = IMS
apn = Safaricom
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS
apn = Solavei
apn = IMS
apn = IMS
apn = IMS
apn = MMS
apn = IMS
apn = IMS
apn = IMS
apn = IMS