danger/u/
This thread is permanently archived
Anyone tried to reverse-engineer this app?

| Just found la/u/ncher on Google play, is there something to hack in this app? Should i reverse-engineer this app? Or have anyone tried before?


| why


| The better question is why not and
What we waiting for?
We need check if is dangerous or saferous
The weak part is we has been indexed for freaking Google


| Well i really don't know the app and what it is making it special. Should it always stay private? Is it a darknet replica? Should the packets sent from client to server be extremely encrypted?


| >reverse engineering an already Free and Open-Source app
https://github.com/nilesr/united4


| >>289031
Reverse engineering is not only the proccess of understanding what the app does. I mean maybe we can find some security bugs? Maybe we can improve the app's functionality?


| >>289035
I believe that's called contributing and testing.


| >>289037
I think it's called contributing or testing when the developer does it. Not the users. Anyways, what would you do if you had the chance to hack anything in this app? What would benefit?


| It's a fucking game-inspired textboard.


| Too late, it has been sending your smol dick pics to the server


| >>289043 And it's called reverse engineering when the users do it??? I'm confused, if you'd like to contribute to the app you can just fork the repo, and fuck that shit up.


| >>289182
You may be right, forget it, let's just call it beep-boop, so what should we beep-boop in this app?


| I have already checked the app source code its a great app i can tell you but it dose not completely seal your identity.Packages can still be "cached" and identified they way anonymity works is more for those who use it and i have no problem with that is still great.


| >>289043
The thing about FOSS is, that any user can become a developer, only restricted by knowledge and skill but not by license policy.


| Use the website.
Problem solved.


| But it uses the bad HTTP. No 'S' in there. It's a 'S'ecurity hole


| Is there any feature in this app like "see all the posts by user id : xxxxxx" ? If not, it can probably be done by writing a simple bot.


| >>2ff48f
Exactly. Stop trying to figure the meaning of this app


| >>289509 That's what they would say!


| >>289432
You sure no SSL is used in the app? Because the website has SSL.


| >>289793
Using SSL doesn't help by itself, you have to use SSL pinning too. Otherwise a reverse engineer can read the encrypted data with a custom SSL certificate. Even though the pinning is bypassable too, it can prevent webrequest sniffing in most cases if it's done properly.


| >>289803 And the app solves this shortcoming, how?


| >>289851
Haven't inspected this app yet, but if their server uses SSL but the client (the app) doesn't have SSL pinning, it's nonsense. Pinning means the client allows you to connect with a specific certificate only. So you can not use custom ones to decipher data.


| Lain is so putting this thread on his watchlist


| >>290811
>his
Did you just assume Lain's gender to be male?


| ITT people discuss reverse engineering the app, and Lain fixes stuff in the background


| Did you just assume it may be wrong


| >>290811 >>290890 heresy

Total number of posts: 28, last modified on: Fri Jan 1 00:00:00 1526984010

This thread is permanently archived