Updated App Security (markdown)
parent
d0735b1a95
commit
89d5c6920f
|
@ -32,8 +32,8 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894
|
|||
|
||||
1. Start OpenKeychain
|
||||
2. Sign something, caching the passphrase
|
||||
3.
|
||||
```
|
||||
3. Open a shell and execute these commands:
|
||||
```
|
||||
someuser@somehost platform-tools> ./adb shell
|
||||
$ su
|
||||
# chmod 777 /data/misc
|
||||
|
@ -62,7 +62,7 @@ heap-dump-tm1313854763-pid17973.hprof
|
|||
2666 KB/s (4361160 bytes in 1.597s)
|
||||
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
|
||||
someuser@somehost platform-tools> jhat apg.hprof
|
||||
```
|
||||
```
|
||||
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
|
||||
|
||||
### Attacking passphrase cache with root access
|
||||
|
|
Loading…
Reference in New Issue