Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

dschuermann 2014-10-10 03:47:14 -07:00
parent d0735b1a95
commit 89d5c6920f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
App-Security.md

@ -32,8 +32,8 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain 1. Start OpenKeychain
2. Sign something, caching the passphrase 2. Sign something, caching the passphrase
3. 3. Open a shell and execute these commands:
``` ```
someuser@somehost platform-tools> ./adb shell someuser@somehost platform-tools> ./adb shell
$ su $ su
# chmod 777 /data/misc # chmod 777 /data/misc
@ -62,7 +62,7 @@ heap-dump-tm1313854763-pid17973.hprof
2666 KB/s (4361160 bytes in 1.597s) 2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof someuser@somehost platform-tools> jhat apg.hprof
``` ```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517) 4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access ### Attacking passphrase cache with root access