In this game, the employer’s App leverages its execution privilege to try to leak a password of the user. The password is “HardToGuess”.
It is supposed that the Core let the Data Task access this password (thus the setting: The core protects the credentials: NO.).
In the following versions of the PDMS, two properties are either disabled or enabled:
- Stateless Data tasks: Each Data task is instantiated for the sole purpose of answering a specific call, after which it is terminated and its RAM wiped.
- Deterministic Data Tasks: Each Data Task produces the same result for the same function code run on the same input.
PDMS version
Password:Run: 00Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right ⇒⇒⇒ |
— waiting for input — |
PDMS version
Password:Run: 00Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right ⇒⇒⇒ |
— waiting for input — |
PDMS version
Password:Run: 00Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right ⇒⇒⇒ |
— waiting for input — |