These days everyone talks about data “in the cloud.” However, before that phrase was fashionable, there were a few pioneers and one of the most famous of these is Dropbox — a service that let you store files on a remote server that dates back to 2007. [Vincent Berg] first noticed some odd network traffic on a hotel network, and figured out that it was a feature of Dropbox that allows computers on the same network to update each other. This led him to start investigating the undocumented Dropbox protocol and reverse engineering the Linux client.
We won’t ask why [Vincent] was poking around the hotel network to start with. However, a cursory glance at the Dropbox client gave away that it was using Python. The byte-compiled classes were — at the time — in a ZIP file added to the executable (which was nothing but a modified copy of Python). The files were encrypted, but [Vincent] used a clever technique. He built a shared object using normal Python and put a backdoor in it that gave him access to the Dropbox Python interpreter.
Apparently, however, Dropbox knew that was possible. They had built in several anti-debugging measures in their code and [Vincent] explains some of them. For example, though, the custom Python interpreter remapped opcodes to different numbers and marshaling was now encrypted to some extent.
The Dropbox client has changed over that time period and [Vincent] has kept up with it. His current code and the first version is in a GitHub repo if you are interested in doing what he’s done. Honestly, we don’t really want to reverse engineer the Dropbox client and protocol, but we learned a lot about hacking into a Python executable by looking over [Vincent’s] shoulder.
If you are interested in the same sort of tricks with Android, we suggest you read this post with a refreshing beverage. Just remember, too much decompilation can come with significant legal fees.
No comments:
Post a Comment