![]() ![]() We now get decrypted PYC files which are still in a compiled form. It turns out the altered Python interpreter implements TEA encryption for the previously seen PYC files. The client also includes a full Python interpreter but not quite identical to the original one as 53 files have been modified. All PYC files (compiled Python sources) are available on the client, stored within an embedded zip in PE resources but with scrambled content. Furthermore, no in-depth analysis or proven record track of the Dropbox concept and protocol existed, leaving many questions open.Ī first look at the client binaries across the supported OSes shows that all Linux, Mac and Windows clients use a similar binary based on Python. ![]() After a short introduction of their employers at EADS Innovation Works (a few hundreds of people within a holding of over 170’000 employees) we got really into the technical details on how Nicolas and his trainee Florian approached the challenge of reversing the Dropbox client as well as the communication protocol.īut first, why starting this investigation? The legend says it started due to strange broadcast packets on the LAN, sent by contractors located in the adjacent room. The topic is certainly appealing but the reputation of Nicolas Ruff aka newsoft (“Security researcher, hacker, blogger, serial speaker, troll herder, happy father & more” as he describes himself) is also a guarantee for an interesting and entertaining presentation. It was a full (or even an overfilled) room, in which several people did not find a seat, which listened to Nicolas Ruff and Florian Ledoux’s presentation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |