[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Stephen Haywood stephen at averagesecurityguy.info
Wed Aug 28 13:03:13 UTC 2013


Everything can be decompiled, reverse engineered, or otherwise deobfuscated. Security through obscurity NEVER works.
--
Stephen Haywood
Owner, ASG Consulting
CISSP, GSEC, OSCP
423.305.3700
stephen at averagesecurityguy.info




On Aug 28, 2013, at 8:49 AM, Benjamin Stewart <stewartbenjamin at gmail.com> wrote:

> Interesting read, thanks for posting!
> 
> Question for the security programmer folks: Are there code obfuscation
> techniques, for Python or other languages, that actually work against such
> a determined attacker, or is this DropBox client pretty close to "state of
> the art?"
> 
> You can't really just say "don't use Python," because C et al. can be
> decompiled, too.
> 
> 
> On Tue, Aug 27, 2013 at 7:54 PM, Dave Brockman <dave at brockmans.com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> https://www.usenix.org/system/files/conference/woot13/woot13-kholia.pdf
>> 
>> Regards,
>> 
>> dtb
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.17 (MingW32)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>> 
>> iQEcBAEBAgAGBQJSHTweAAoJEMP+wtEOVbcdZCwIAKi48E5a8CMoeaDv4PvJ/WhX
>> 7zBm4XEyfU/TYcD3nPKOKN97HiPqW2WYiys1pqCqfCHXHv9fUf27GEaAlQLY/azW
>> NRp6AwGvehY4zzVjRLJ8aAGtMiUfdnyNDW3NC9uR7P33cdlT/sknoJ9XsF4RGggc
>> KzMZrNvdGmCbTgIXcBesXlNyFl7XFpbLFgAkzGM+cs//Sg7MrRu5MtrDUh8u80eu
>> k61zdr7sFo7Z5+1XsbJK74yCGmPPCMSfjOoSclb++Wc+xewfrA9aSdR/dsZ6xqs7
>> eihPnsXZjQ1ZsgmRjI+S89A4218FqwQEQgnHprKvcvzsPrsfrPJAaDYblyMgFTM=
>> =JPeG
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>> 
> 
> 
> 
> -- 
> 
> 
> 
>                              Benjamin Stewart
> 
>                               <o(((><
>> <)))o>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130828/0c990e97/attachment.pgp>


More information about the Chugalug mailing list