Month: August 2013
Recently published on the SD Times (Software Development Times) is an article of how and who cracked the DropBox obfuscated python app. Two developers Dhiru Kholia and Przemyslaw Wegrzyn successfully reverse engineered DropBox’s heavily obfuscated python app. And we got an early Christmas gift too, they documented the entire procedure, step-by-step, so that we can do it too!
They claim to have used standard existing reverse engineering practices and invented new methods (also documented in their PDF paper). It seems that no one is cutting DropBox any slack, with their 2 factor authentication being bypassed (discovered by security researcher and personal friend of mine Zouheir Abdallah) and now the internals of their application is exposed. New techniques of account hi-jacking and SSL snooping are being developed to invade the privacy of users.
Lessons learned? Obfuscation is not real protection.