-
Python re-implementation of Cryptomator encryption scheme
Cryptomator is an open-source file-based encryption system. Encrypted data is stored as files which can be easily uploaded to arbitrary cloud storage services, and there is a one-to-one relationship between plaintext and encrypted files. In order to increase privacy, filenames are encrypted and there is… »
-
Extracting TOTP keys from a proprietary Android 2FA app
This is an analysis of an early 2010s proprietary Android-based two-factor authentication (2FA) application for a particular cloud service provider – à la Okta, or Microsoft Authenticator. This particular cloud service has been publicly criticised for not supporting industry standard 2FA algorithms such as time-based… »
-
Investigating and disabling hard-coded certificate pinning in an Android application
mitmproxy is an open source interactive HTTPS proxy, which makes it easy to intercept HTTPS for reverse engineering, including an Android clients. It does this by installing its own CA certificate on the client device.1
Recently, I was attempting to reverse engineer the HTTPS… »
-
Broken Uno house rules; or, the importance of systems thinking, rather than ‘reasoning by Lego’
House rules are a staple of card and board games, and Uno is no exception. Recently with friends, we played some games of Uno, observing a common house rule:
… »House Rule 1. A player who incorrectly calls ‘Uno’ must draw two cards.1 (Each player
-
Investigating a recent ebook DRM system (c. 2018)
Background
This post concerns a DRM system used in an online ebook platform, released circa 2018. Users of the platform can purchase ebooks and either view them online, or download them for offline viewing using a proprietary Android/iOS app.
As usual, the particular DRM system… »
-
Crypto failures in the wild
Sony PlayStation 3 ECDSA random number reuse
The Sony PlayStation 3 (2006) uses Elliptic Curve DSA (ECDSA) to sign executable binaries.
ECDSA takes a private key \(d_A\) and a random number \(k\) with public parameters \(G\), \(n\) and public key \(Q_A = d_A G\), and… »
-
Investigating an early-2010s gaming DRM system: Part 4
Last time, we investigated how an early-2010s gaming DRM system approached machine-based licensing. This time, we'll investigate exactly how the DRM system interacts with the game to accomplish its ends.
Structure of the DRM system
Looking at the game binary, FooBarBazX.exe, for the… »
-
Investigating an early-2010s gaming DRM system: Part 3
Last time, we investigated how an early-2010s gaming DRM system stored licences for games. This time, we'll investigate how those licences are tied to particular devices.
From last time, we know that the licence file contains an encrypted XML payload:
… »<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -
Investigating an early-2010s gaming DRM system: Part 2
Last time, we investigated part of a gaming DRM system from the early-2010s, looking at some of the configuration files. This time, we'll investigate how the licences for these games are stored.
Is is known that the licence data for the games is stored… »
-
Investigating an early-2010s gaming DRM system: Part 1
Background
This post concerns a DRM system used in a PC gaming platform introduced in the early 2010s. The particular DRM system is not relevant and will not be identified, but will be familiar to many.
One function of the DRM system is to require… »