About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Looking Inside the Box- 425

Vincent Berg - AnvilPosted 5 Years Ago
  • Dropbox does a lot of obfuscation and encryption on the network traffic and native clients. The native client uses Python, but a heavily altered version.
  • The main Python interpreter (pyc file) is encrypted and the author could not find the key. Because of this, they altered a library to add a backdoor into it. Using this backdoor, it was trivial to execute code in the Python interpreter now.
  • Several of the features that make Python easy to reverse were removed from the interpreter, such as co_code. Additionally, the Python disassembler had been removed. Finally, all of the opcodes had been completely remapped!
  • So, Vincent decided to remap the remapping! The idea is to take a common library, such as socket.py and do an opcode comparison to find the mapping changes. However, to even do this, the code objects had to be decrypted, which was done via some reverse engineering and scripting.
  • After the decrypting and remapping of the opcodes, the author could use the uncompyle6 tool to get back the original Python source code.
  • With the ability to patch the files now, they turned on debugging functionality and added the ability to inject code into the Dropbox process.
  • I really enjoy this article because the amount of references made to previous work; it makes me feel that we are standing on the shoulders of giants instead of figuring everything out for ourselves the first time.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed