Hi all,
my attempts to be figure out some signature on password location into the memory dumps failed.
I was wondering if there is any "best practices" for this kind of problem: "find out signature before/after a NOT encrypted password stored into memory dump".
Thanks,
Massimo
Hi,
thanks to your suggestion, I make great progresses but I still not get the target: localize the master password of an android app.
I run the app and set a password as "mypassword2016". With yarascan I was able to see that this password is store in memory in unicode (I run "python vol.py linux_yarascan -W -A -Y "mypassword2016"").
Then, I would like to see if there some "signature" that helps me to locate the password. So I decide to use volshell and see around the passwod, but I have no luck (see the attachment, where I showed that there is before and after of the two occurrences of the password "mypassword2016").
Of course I've repeated the same workflow for other two passwords, but I did not get anything that helps me to figure out if there is way to locate where the password is store.
Do you have any suggestion, please?
Thanks in advance,
Massimo
_______________________________________________ Vol-users mailing list Vol-users@volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users