Updated App Security (markdown)

dschuermann 2014-10-10 03:47:14 -07:00
parent d0735b1a95
commit 89d5c6920f
1 changed files with 3 additions and 3 deletions

@ -32,8 +32,8 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain
2. Sign something, caching the passphrase
3.
```
3. Open a shell and execute these commands:
```
someuser@somehost platform-tools> ./adb shell
$ su
# chmod 777 /data/misc
@ -62,7 +62,7 @@ heap-dump-tm1313854763-pid17973.hprof
2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access