Researchers Reverse-Engineer Dropbox, Cracking Heavily Obfuscated Python App

← Back to Stories (view on slashdot.org)

Researchers Reverse-Engineer Dropbox, Cracking Heavily Obfuscated Python App

Posted by Soulskill on Tuesday August 27, 2013 @06:11PM from the turns-out-it's-just-23,000-nested-if-statements dept.

rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."

11 of 242 comments (clear)

Min score:

Reason:

Sort:

Where is your god now? by Anonymous Coward · 2013-08-27 18:14 · Score: 0, Funny

/popcorn
1. Re:Where is your god now? by Anonymous Coward · 2013-08-27 18:32 · Score: 5, Funny
  
  Better delete your dropbox-hosted /copporn
Wow, amazing. by RightSaidFred99 · 2013-08-27 18:36 · Score: 5, Funny

They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack...
Wow, they can reverse engineer OpenStack? That's amazing - what do they use, an obscure set of commands called "wget", "git", and "tar"?
Trying to obfuscate python was never going to work by Anonymous Coward · 2013-08-27 18:54 · Score: 5, Funny

They should have written it in perl.
Re:Waste of resources by Anonymous Coward · 2013-08-27 19:41 · Score: 5, Funny

To lock the crazy people inside.
Re:Well, there goes Eve Online by MBGMorden · 2013-08-27 19:50 · Score: 5, Funny

And yes, it is possible to decompile the code, and it has been done in the past.
Awesome. With any luck they'll get an alternative client working. Shouldn't be too hard to set it up as a plugin to Microsoft Excel.

--
"People who think they know everything are very annoying to those of us who do."-Mark Twain
Re:Trying to obfuscate python was never going to w by Anonymous Coward · 2013-08-27 20:07 · Score: 2, Funny

They should have written it in perl.
They would have missed the fun of seeing how obfuscation made the code harder to read.
Re:Well, there goes Eve Online by Anonymous Coward · 2013-08-27 20:20 · Score: 5, Funny

Awesome. With any luck they'll get an alternative client working. Shouldn't be too hard to set it up as a plugin to Microsoft Excel.
You've already got a flight simulator, what more do you want??
Re:Well, there goes Eve Online by Anonymous Coward · 2013-08-27 20:29 · Score: 5, Funny

A spreadsheet simulat.... wait...
Re:Trying to obfuscate python was never going to w by Buchenskjoll · 2013-08-27 22:41 · Score: 5, Funny

Yes, only with Perl would they be able to implement security through obscurity and open-source it at the same time.

--
-- Make America hate again!
Re:NANDputer by ColdWetDog · 2013-08-28 02:48 · Score: 5, Funny

How do you know the machine building your CPU will not inject a backdoor in it?
Because Kevin Horton's NANDputer was built by hand out of a pile of 74HC00 (quad 2-input NAND gate) ICs on a breadboard. There isn't enough room in any single 7400 to insert a backdoor.
Hell, a breadboard full of 7400's is big enough to put in a real back door, complete with hinges.

--
Faster! Faster! Faster would be better!