[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Benjamin Stewart stewartbenjamin at gmail.com
Wed Aug 28 13:33:27 UTC 2013


That was my suspicion. So then, when you go on the defensive, what do you
do? How do you build a system that, even when you can see clearly into it,
provides reasonable security?


On Wed, Aug 28, 2013 at 9:09 AM, Dave Brockman <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 8/28/2013 8:49 AM, Benjamin Stewart wrote:
> > Interesting read, thanks for posting!
> >
> > Question for the security programmer folks: Are there code
> > obfuscation techniques, for Python or other languages, that
> > actually work against such a determined attacker, or is this
> > DropBox client pretty close to "state of the art?"
>
> Short answer is no.  Given enough time, determination and debugger, at
> the very least, whatever assembly code your obfuscated code produces
> can be captured.
>
> > You can't really just say "don't use Python," because C et al. can
> > be decompiled, too.
>
> If it's software, it can be decompiled....
>
> Regards,
>
> dtb
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSHfZ1AAoJEMP+wtEOVbcdWeEH/1IzOSrCIkquTmYrwwz0R3Cx
> /Sr1EldScLl550JyK/tZrU1h1Teni6ITmBPCa1pTdfQdqRp061GiXYM5r3A6dwU7
> VO8n6LaLc96uLojSzYzKM943Uj8KQJdn3YxUrrQGa49/FTuiKL1yAJYT0wFnJE4L
> RBjs4k7wQe+yfnDVd9wPumDRQY0hbfAbDaVvebECsqHYXEfb+5FGDN2V1n7ennJv
> Su9wJFI0pUwnWz0utBDUINqOOIh9Fe9H3BIGjDwCpwgG3tO1h+dyDmN124meqMAF
> 6tDCF12PCjrmA12g6Dv2GEAzLQW98uwK0mWPeAYemSIBmtFYHnv1/D2zfwaeecE=
> =js+H
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>



-- 



                              Benjamin Stewart

                               <o(((><
                               ><)))o>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130828/70e8cc87/attachment.html>


More information about the Chugalug mailing list