[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Dave Brockman dave at brockmans.com
Wed Aug 28 13:09:09 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/28/2013 8:49 AM, Benjamin Stewart wrote:
> Interesting read, thanks for posting!
> 
> Question for the security programmer folks: Are there code
> obfuscation techniques, for Python or other languages, that
> actually work against such a determined attacker, or is this
> DropBox client pretty close to "state of the art?"

Short answer is no.  Given enough time, determination and debugger, at
the very least, whatever assembly code your obfuscated code produces
can be captured.

> You can't really just say "don't use Python," because C et al. can
> be decompiled, too.

If it's software, it can be decompiled....

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSHfZ1AAoJEMP+wtEOVbcdWeEH/1IzOSrCIkquTmYrwwz0R3Cx
/Sr1EldScLl550JyK/tZrU1h1Teni6ITmBPCa1pTdfQdqRp061GiXYM5r3A6dwU7
VO8n6LaLc96uLojSzYzKM943Uj8KQJdn3YxUrrQGa49/FTuiKL1yAJYT0wFnJE4L
RBjs4k7wQe+yfnDVd9wPumDRQY0hbfAbDaVvebECsqHYXEfb+5FGDN2V1n7ennJv
Su9wJFI0pUwnWz0utBDUINqOOIh9Fe9H3BIGjDwCpwgG3tO1h+dyDmN124meqMAF
6tDCF12PCjrmA12g6Dv2GEAzLQW98uwK0mWPeAYemSIBmtFYHnv1/D2zfwaeecE=
=js+H
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list