Jump to content

Password in ram dump

Ontosy

By Ontosy,
in AutoIt General Help and Support

 Share

Recommended Posts

  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

You do not want to store any important account information in a script and expect it to be safe.

Never use Domain Admin level userids, only use a Local Admin type account at best to mitigate the risks of it being reversed engineered.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

That would work fine, so what would be your worry doing it that way?

That the Variable still contains the input value for the duration of the running script?

If that is your worry than you could Read the INPUT, use the Password for whatever purpose you need it and reset the variable to "".

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
Ontosy Universalist

Ontosy

Posted
  • Author
Posted

I ask this because I'm not sure that doing a dump of all the RAM of the system reset even if the variable in the script with $ a = "" is not yet present in the ram.

A reset variable $a="" may still be visible to a forensic inspection with an editor of all the memory dump?

How to completely remove all traces of the variable contents ram after using it?

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

You're certainly right that it will be difficult to be 100% positive that the old variable is actually overwritten and that no copy exist. Not only low-level memory management is getting more and more complex in todays OSes and hardware (and possibly subject to spurious change thru system updates!) but other subtle means can achieve really weird things.

See for example "Research into one VM stealing crypto keys from another VM running on the same hardware."

http://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/ or http://tinyurl.com/d63xgkj

http://gizmodo.com/5958778/how-crypto-keys-can-be-stolen-across-the-cloud or http://tinyurl.com/cx4nvlz

Such safety would most likely require use of cryptographic primitives designed precisely for that task, for instance insuring that the page won't be swapped to disk and things like that. The issue goes far beyond AutoIt, particularly if you lanch a DOS command with the sensitive data as parameter...

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

If you're that worried, turn the computer off after every use, I'm sure that will clear it.

Paranoia is a fine thing as long as you don't take it too far, after all how hard is it to pull the power cord if the police break down the door?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted

If you're that worried, turn the computer off after every use, I'm sure that will clear it.

It might also get stored in the pagefile so if you would also want to clear it at shutdown.
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

If you're paranoid enough, you can always turn off the page file completely so you don't have that as an issue. Of course all bets are off on how well the computer will run if you do that.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted

Agreed, but I can understand the OPs concern...especially after being introduced to tools like Volatility

Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

As I pointed out above, the problem is more complex than that and is, as stated in the first post, unsolvable in my view.

Since the value will be passed to a DOS box and then to a DOS command, over which Ontosy doesn't have the faintest control, it's pretty sure that a number of copies of this sensitive data will persist in physical RAM for some time. From this point of view the issue about actually resetting the variable within AutoIt is rather secondary.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

This part has already been answered at length in the preceeding posts: it will be really hard if you need 100% absolute definitive certainty.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

As for any files on your hard drive, I'd suggest a full drive encryption, that way once the computer is turned off, no one is reading the drive without the password.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...