Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

dschuermann 2014-10-10 03:45:03 -07:00
parent 3bf19136da
commit 33fe2e6879
1 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
App-Security.md

@ -29,15 +29,16 @@ From ``./lint --show AllowBackup``:
### Passphrase Cache
TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain
2. Sign something, caching the passphrase
3.
```
someuser@somehost platform-tools> ./adb shell
$ su
# chmod 777 /data/misc
# ps
USER PID PPID VSIZE RSS WCHAN PC NAME
1. Start OpenKeychain
2. Sign something, caching the passphrase
3.
```
someuser@somehost platform-tools> ./adb shell
$ su
# chmod 777 /data/misc
# ps
USER PID PPID VSIZE RSS WCHAN PC NAME
[...snip...]
app_110 17973 2381 217088 24612 ffffffff afd0ee48 S org.thialfihar.android.apg
shell 18061 2390 648 336 c031b39c afd0eafc S /system/bin/sh
@ -50,18 +51,18 @@ bluetoothd
bluetooth
keystore
vpn
systemkeys
radio
wifi
dhcp
heap-dump-tm1313820900-pid16096.hprof
heap-dump-tm1313854763-pid17973.hprof
# cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/
# $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof .
2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
systemkeys
radio
wifi
dhcp
heap-dump-tm1313820900-pid16096.hprof
heap-dump-tm1313854763-pid17973.hprof
# cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/
# $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof .
2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access