undefined | Better HN

0 pointsgeographomics11y ago0 comments

I reversed it back when it was version 1.1.something, it was basically all compiled Python modules with custom encrypted code objects and non-standard opcode mappings for the bytecode.

Quite interesting to see how it worked, and useful to get the key for the encrypted logs, to see it what it actually did while running. Back then you could intercept the https connections as well as they hadn't pinned the certificates yet, to get an even fuller picture.

There was nothing obviously nefarious going on back then, but that was quite a few years ago of course.

0 comments

saalweachter11y ago

So what you're saying is that, if I wanted to launch a nefarious file-stealing Dropbox-like application, I should first launch the non-nefarious version, and then when it gets up to 3.6 or so, turn evil?

0942v865311y ago

Yes. That's exactly the right time to turn evil.

https://xkcd.com/792/

j / k navigate · click thread line to collapse