开发者

Bruteforcing Blackberry PersistentStore?

I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess.

So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out:

String result = "result: \n";
            int ub = 3000;
            Date start = Calendar.getInstance().getTime();
            for(int i=0; i<ub; i++){
                PersistentObject o = PersistentStore.getPersistentObject(i);
                if (o.getContents() !=  null){
                    result += (String) o.getContents() + "\n";
                }
            }
            result += "end result\n";
            result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds";

From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to开发者_Python百科 breach the Blackberry?

In general, how secure is BB Persistent Store?


It's very secure. If you're only getting 150 tries per second, it's going to take you about 3.9 billion years to try every long value (18446744073709551616 of them).

Even then, it would only find objects that are not secured further with a ControlledAccess object. If an application wraps the persisted data with a ControlledAccess object, it can only be read by the same signed application that stored the object. See the PersistentObject class docs for more information.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜