Clarification - WipeMemoryService #25
Labels
question
Molly development or support question
Comments
|
It is an anti-forensic feature against RAM acquisition and analysis. I'm going to write a wiki post about how it works. I'll add the link to this ticket later so you can read then. |
|
Thanks |
|
I wish I could write the proper article to explain the details. But lately I don't have much time. Basically, when Molly get locked:
Then the wipe service allocates large chunks of memory and overwrites them with random data, until there is no more free RAM available in the device. Then it frees everything and finalize. It takes a few seconds to complete, and you can see a notification and the progress bar. All of this is to prevent forensic RAM analysis after Molly is locked. It's somehow a workaround to the known issue of JVM apps to overwrite its own memory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on my understanding, it is used to overwrite values in app memory.
Why it's done? Security issue? is there any POC for that?
The text was updated successfully, but these errors were encountered: