Sign in to follow this  
Followers 0
Ontosy

Password in ram dump

18 posts in this topic

If i use a script to launch a command dos to mount a crypted volume, the password sended via script and dos remain in ram? do it is possible to erase it certainly?

Share this post


Link to post
Share on other sites



You do not want to store any important account information in a script and expect it to be safe.

Never use Domain Admin level userids, only use a Local Admin type account at best to mitigate the risks of it being reversed engineered.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I not say store information in a script but write in a inputbox.

Share this post


Link to post
Share on other sites

That would work fine, so what would be your worry doing it that way?

That the Variable still contains the input value for the duration of the running script?

If that is your worry than you could Read the INPUT, use the Password for whatever purpose you need it and reset the variable to "".

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I ask this because I'm not sure that doing a dump of all the RAM of the system reset even if the variable in the script with $ a = "" is not yet present in the ram.

A reset variable $a="" may still be visible to a forensic inspection with an editor of all the memory dump?

How to completely remove all traces of the variable contents ram after using it?

Share this post


Link to post
Share on other sites

You're certainly right that it will be difficult to be 100% positive that the old variable is actually overwritten and that no copy exist. Not only low-level memory management is getting more and more complex in todays OSes and hardware (and possibly subject to spurious change thru system updates!) but other subtle means can achieve really weird things.

See for example "Research into one VM stealing crypto keys from another VM running on the same hardware."

http://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/ or http://tinyurl.com/d63xgkj

http://gizmodo.com/5958778/how-crypto-keys-can-be-stolen-across-the-cloud or http://tinyurl.com/cx4nvlz

Such safety would most likely require use of cryptographic primitives designed precisely for that task, for instance insuring that the page won't be swapped to disk and things like that. The issue goes far beyond AutoIt, particularly if you lanch a DOS command with the sensitive data as parameter...


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

If you're that worried, turn the computer off after every use, I'm sure that will clear it.

Paranoia is a fine thing as long as you don't take it too far, after all how hard is it to pull the power cord if the police break down the door?


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

If you're that worried, turn the computer off after every use, I'm sure that will clear it.

It might also get stored in the pagefile so if you would also want to clear it at shutdown.

Share this post


Link to post
Share on other sites

If you're paranoid enough, you can always turn off the page file completely so you don't have that as an issue. Of course all bets are off on how well the computer will run if you do that.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Agreed, but I can understand the OPs concern...especially after being introduced to tools like Volatility

Yes, my question born from here.

What does this mean "OPs concern..."?

Share this post


Link to post
Share on other sites

"Original Poster"


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

As I pointed out above, the problem is more complex than that and is, as stated in the first post, unsolvable in my view.

Since the value will be passed to a DOS box and then to a DOS command, over which Ontosy doesn't have the faintest control, it's pretty sure that a number of copies of this sensitive data will persist in physical RAM for some time. From this point of view the issue about actually resetting the variable within AutoIt is rather secondary.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

and if the value will not be passed to a DOS box, do it is possible?

Share this post


Link to post
Share on other sites

This part has already been answered at length in the preceeding posts: it will be really hard if you need 100% absolute definitive certainty.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

As for any files on your hard drive, I'd suggest a full drive encryption, that way once the computer is turned off, no one is reading the drive without the password.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0