Security Analysis of Dropbox.
https://www.usenix.org/looking-inside-drop-box
(includes video now!)
Download Dropbox and "install" it.
$ cd ~ $ wget https://dl-web.dropbox.com/u/17/dropbox-lnx.x86_64-2.4.1.tar.gz $ tar -xzf dropbox-lnx.x86_64-2.4.1.tar.gz
Build "dedrop". Switch to this repository and do,
$ cd src/dedrop $ make $ cp libdedrop.so ~
Use LD_PRELOAD and inject libdedrop.so into Dropbox.
$ cd ~ $ export BLOB_PATH=.dropbox-dist/dropbox $ LD_PRELOAD=`pwd`/libdedrop.so .dropbox-dist/dropbox
De-compile the "fixed" bytecode files.
$ uncompyle2 pyc_decrypted/client_api/hashing.pyc ...
Study the soure-code, find bugs and make Dropbox better!
texlive
texlive-minted
texlive-texments
python-pygments
yum install texlive texlive-minted python-pygments texlive-texments \ texlive-ifplatform texlive-endnotes
ReflectiveDLLInjection is written by Stephen Fewer
See https://github.com/stephenfewer/ReflectiveDLLInjection.git
uncompyle2
- Find alternatives to "tray_login" method since it is going to be patched soon.
- "While your submission was interesting, there has been other research on similar topics. There is nothing wrong with talking about the same topic more than once, especially one that has a large impact but if you are expanding on a topic, make sure to highlight how you are taking the research to a new level. Be clear with the review board about how what you are doing is extending the research." <= (apply this feedback to the paper and presentation).
- Looking deeper into the (Drop) box.
- dump bytecode from memory (revive pyREtic).