Bruteforcing Blackberry PersistentStore?

Question

Hello, I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess.

So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out:

String result = "result: \n";
            int ub = 3000;
            Date start = Calendar.getInstance().getTime();
            for(int i=0; i<ub; i++){
                PersistentObject o = PersistentStore.getPersistentObject(i);
                if (o.getContents() !=  null){
                    result += (String) o.getContents() + "\n";
                }
            }
            result += "end result\n";
            result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds";

From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to breach the Blackberry?

In general, how secure is BB Persistent Store?

Answer 1

It's very secure. If you're only getting 150 tries per second, it's going to take you about 3.9 billion years to try every long value (18446744073709551616 of them).

Even then, it would only find objects that are not secured further with a ControlledAccess object. If an application wraps the persisted data with a ControlledAccess object, it can only be read by the same signed application that stored the object. See the PersistentObject class docs for more information.