From 89d5c6920f8669cb68476d6726616aac1e43cf60 Mon Sep 17 00:00:00 2001 From: dschuermann Date: Fri, 10 Oct 2014 03:47:14 -0700 Subject: [PATCH] Updated App Security (markdown) --- App-Security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/App-Security.md b/App-Security.md index 96a5eed..8af14d3 100644 --- a/App-Security.md +++ b/App-Security.md @@ -32,8 +32,8 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894 1. Start OpenKeychain 2. Sign something, caching the passphrase - 3. -``` + 3. Open a shell and execute these commands: + ``` someuser@somehost platform-tools> ./adb shell $ su # chmod 777 /data/misc @@ -62,7 +62,7 @@ heap-dump-tm1313854763-pid17973.hprof 2666 KB/s (4361160 bytes in 1.597s) someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof someuser@somehost platform-tools> jhat apg.hprof -``` + ``` 4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517) ### Attacking passphrase cache with root access