{"id":7729,"date":"2013-08-27T15:52:34","date_gmt":"2013-08-27T19:52:34","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=7729"},"modified":"2021-07-03T14:19:33","modified_gmt":"2021-07-03T18:19:33","slug":"researchers-reverse-engineer-the-dropbox-client","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2013\/08\/27\/researchers-reverse-engineer-the-dropbox-client\/","title":{"rendered":"Researchers Reverse-Engineer the Dropbox Client"},"content":{"rendered":"

Michael Kassner<\/a>:<\/p>\n

\n

In their paper Looking inside the (Drop) box<\/a>, Dhiru and\nPrzemyslaw get right to the point:<\/p>\n

“We describe a method to bypass Dropbox’s two-factor authentication and hijack Dropbox accounts.\nAdditionally, generic techniques to intercept SSL data using code injection\ntechniques and monkey patching<\/a> are presented.”<\/p>\n

Dhiru and Przemyslaw\naccomplished this by reverse engineering<\/a> the Dropbox client. That\nmay not seem like much, as reverse engineering is a common practice. What made\ntheir effort unique was figuring out how to reverse engineer the client even\nthough it was an obfuscated application written in Python<\/a>.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"

Michael Kassner: In their paper Looking inside the (Drop) box, Dhiru and Przemyslaw get right to the point: “We describe a method to bypass Dropbox’s two-factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented.” Dhiru and Przemyslaw accomplished this by reverse engineering […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-03T18:19:36Z","apple_news_api_id":"6cf52e09-4a99-44a7-8750-42b47c7c8558","apple_news_api_modified_at":"2021-07-03T18:19:37Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AbPUuCUqZRKeHUEK0fHyFWA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[47,71,232,48,2090,96],"class_list":["post-7729","post","type-post","status-publish","format-standard","hentry","category-technology","tag-dropbox","tag-programming","tag-python","tag-security","tag-two-factor-authentication-2fa","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=7729"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7729\/revisions"}],"predecessor-version":[{"id":33016,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7729\/revisions\/33016"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=7729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=7729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=7729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}