Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Reverse-Engineer Dropbox, Cracking Heavily Obfuscated Python App

Posted by Soulskill on from the turns-out-it's-just-23,000-nested-if-statements dept.

rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."

3 of 242 comments (clear)

  1. Re:Python? Really? by epyT-R · · Score: 5, Informative

    even then, all it takes is someone versed in the assembly language of the platform your application runs on, a copy of IDA pro or something similar, and a few hours of his time. I know this is a bit of a lost art in today's world of python and javascript, but it's still valid.

  2. Re:Obfuscated python code? by You're+All+Wrong · · Score: 5, Informative

    Reading the paper, googling for the debug hash, lead to this from 2012 which covers a lot of the same ground:

    http://archive.hack.lu/2012/Dropbox%20security.pptx
    "A critical analysis of Dropbox software security", Florian LEDOUX

    --
    Your head of state is a corrupt weasel, I hope you're happy.
  3. Re:Insecure by design by Anonymous Coward · · Score: 5, Informative

    http://en.wikipedia.org/wiki/Cryptographic_nonce

    It is a crypto term.