Researchers Reverse-Engineer Dropbox, Cracking Heavily Obfuscated Python App 242
rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."
Where is your god now? (Score:0, Funny)
/popcorn
Re:Where is your god now? (Score:5, Funny)
Wow, amazing. (Score:5, Funny)
They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack...
Wow, they can reverse engineer OpenStack? That's amazing - what do they use, an obscure set of commands called "wget", "git", and "tar"?
Trying to obfuscate python was never going to work (Score:5, Funny)
They should have written it in perl.
Re:Waste of resources (Score:5, Funny)
To lock the crazy people inside.
Re:Well, there goes Eve Online (Score:5, Funny)
And yes, it is possible to decompile the code, and it has been done in the past.
Awesome. With any luck they'll get an alternative client working. Shouldn't be too hard to set it up as a plugin to Microsoft Excel.
Re:Trying to obfuscate python was never going to w (Score:2, Funny)
They should have written it in perl.
They would have missed the fun of seeing how obfuscation made the code harder to read.
Re:Well, there goes Eve Online (Score:5, Funny)
Awesome. With any luck they'll get an alternative client working. Shouldn't be too hard to set it up as a plugin to Microsoft Excel.
You've already got a flight simulator, what more do you want??
Re:Well, there goes Eve Online (Score:5, Funny)
A spreadsheet simulat.... wait...
Re:Trying to obfuscate python was never going to w (Score:5, Funny)
Re:NANDputer (Score:5, Funny)
How do you know the machine building your CPU will not inject a backdoor in it?
Because Kevin Horton's NANDputer was built by hand out of a pile of 74HC00 (quad 2-input NAND gate) ICs on a breadboard [hackaday.com]. There isn't enough room in any single 7400 to insert a backdoor.
Hell, a breadboard full of 7400's is big enough to put in a real back door, complete with hinges.