Looking inside the (Drop) box

Security Analysis of Dropbox.

Web-based Presentation

We are able to handle Dropbox version 73.4.118 from 29-May-2019.

Note: For handling modern (> late 2018) Dropbox versions use "dedrop-ng" which
is included in this repository.

https://github.com/kholia/dedrop/tree/master/src/dedrop-ng
Download Dropbox and extract it.

::

$ cd ~

$ export DROPBOX_VERSION="dropbox-lnx.x86_64-23.4.19"

$ wget -c "https://www.dropbox.com/download?plat=lnx.x86_64" -O $DROPBOX_VERSION.tar.gz

$ tar -xzf $DROPBOX_VERSION.tar.gz
Build "dedrop". Switch to this repository and do,

::

$ cd src/dedrop

$ make

$ cp libdedrop.so ~
Use LD_PRELOAD and inject libdedrop.so into Dropbox.

::

$ cd ~

$ export BLOB_PATH=.dropbox-dist/$DROPBOX_VERSION/dropbox

$ LD_PRELOAD=pwd/libdedrop.so .dropbox-dist/dropboxd
De-compile the "fixed" bytecode files.

::

$ uncompyle6 pyc_decrypted/client_api/hashing.pyc
...
Study the soure-code, find bugs and make Dropbox better!
You might need to do xhost local:root to start Dropbox.

Find alternatives to "tray_login" method since it is going to be patched
soon. This is now redundant since Dropbox client now uses 2FA properly.
"While your submission was interesting, there has been other research on
similar topics. There is nothing wrong with talking about the same topic more
than once, especially one that has a large impact but if you are expanding on
a topic, make sure to highlight how you are taking the research to a new
level. Be clear with the review board about how what you are doing is
extending the research." <= (apply this feedback to the paper and
presentation).
Looking deeper into the (Drop) box.
- dump bytecode from memory (revive pyREtic).

名稱與所有者	zikichombo/sio
主編程語言	Go
編程語言	Makefile (語言數: 4)
平台
許可證	BSD 3-Clause "New" or "Revised" License