The future is now: reverse engineering in 2024

March 13, 2024

the-future-is-now--reverse-engineering-in-2024  Facebook  Twitter  Google +  

In terms of computing everything is about bit banging. If you know where the PE file starts, where it ends, you can easily extract resources from them. If you know which method used to compress them, you can easily uncompress them.

Well, that was 90's. Nobody gives a shit about desktop apps today. Even big tech companies doesn't hesitate to release a full metal 1gb web browser bundle for their 10kb chat app.

The thing is today they're storing secrets in their own servers. You just have to ask them nicely. Most companies just relying on TLS/SSL and appending their api keys to HTTP headers. If you eavesdrop their communication such a methods like MiTM or DLL Injection with your own socket hook functions, you can extract their static key and do custom api requests to their servers.

Most of distributable software including the mobile apps bring their own CA certificate in order to prevent MiTM based http sniffing. In that case TLS handshake will fail if you use a custom CA certificate on your OS. This is where your oldschool skills came in, unpack the app, replace the certificate with your own and do your usual MiTM sniffing.

How to secure your handshakes
Technically no system is secure, even a single bit can be changed on transport due to a neutrino from some solar storm or a galactic explosion but that's another topic that a youtuber might scretch into eleven video series. If you know the steps of an app, you can reproduce them. Most common one is hashing a static key with device fingerprint and sending to server, server rehashing that key with it's own device id and sending back to you in order to use it in your next request.

Another technique is time mapping like WW2 military handshakes, soldiers were using a word for every day of week and that wordlist was changing periodically. Computers can do this in nanoseconds precision but not all computers have the same clock due to general relativity so software engineers divide the time into specific pieces like 5 minutes or 3 hours. That's why you can't watch cat videos at youtube when your BIOS battery died out.

My personal method is asking a galactic constant like square root of PI, autobiographical or a self-descriptive number. You can sniff out the constants but not the if else statements of the code, well you can but that requires a lot of effort which is questionable to worth it. Lion stops chasing gazelle if it's spent more energy than that meat provides.

Maybe one more method is, diversion. If you can't hide something from enemy, confuse them. I was compressing my applications with UPX but renaming PE sections to ".aspack" (another PE compression tool) but was it worth it to spend days just to protect those productions for all costs, that's also questionable. I was assuming we're going to use windows OS in our pockets in future but that didn't happened. Microsoft is kinda a relic now, future is all about scripting

  Most popular entries

VR Experiences #1: Oculus Rift

The 80's childs are familiar with virtual reality term. we seen this subject in the action at johnny mnemonic, the lawnmowerman etc.if you're not living in a cave, probably should know the

Stealing sneakers from NIKE

as the whole crafty geeks knows, nike has a rvsp system via twitter. they

Bytecheleby at revision

Looks like our portable shell "Bytecheleby" still useful on scene. im started to enhance it by using my newest libraries and lots of new stuff. stay connected for latest releases

Pain and Suffer inside: Displaylink Adapter

as mentioned on my recent tweets, was looking for a low cost multi-display solution about couple weeks. gaming oriented gfx cards already

Entering system level command line

I get this trick from a sysadmin friend. it allows to enter system level shell access in Windows Vista and later versions. useful for bypass UAC and ntfs file permission create SuperC