Researchers Reverse-Engineer Dropbox, Cracking Heavily Obfuscated Python App

Posted by Soulskill on Tuesday August 27, 2013 @06:11PM from the turns-out-it's-just-23,000-nested-if-statements dept.

rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."

1 of 242 comments (clear)

Min score:

Reason:

Sort:

Re:Doesn't the Dropbox EULA... by epyT-R · 2013-08-27 19:03 · Score: 5, Interesting

Why? If you're looking for the selfish angle, maybe he/they just wanted the notoriety. However, he/they might've just wanted to do a public service. Most people trust dropbox to be secure. Of course, slashdot users should all know better than to trust the 'cloud' for anything sensitive, but a way to get this info to people who would not otherwise know this is to make a splash about a successful pen-test.
Lots of guys see it as a challenge; the digital equivalent of saying 'you can't have this.' Well, challenge accepted.