Researchers have found a way to reverse engineer an obfuscated application written in Python for the first time. How did they do it? By applying the action to popular file sharing client Dropbox, an accomplishment that has only been partially achieved by others.
Dhiru Kholia and Przemyslaw Wegrzyn did what many others have been unable to do. Not only was it tried with Dropbox in the past, but it has been with many other programs using the same Python based coding. Experts have long since claimed it just cannot be done.
But if we know anything from years of technological advances, the idea of something being impossible is nothing but a challenge to the ones who eventually prove that idea wrong.
Why is this such a big deal? The same reason that all reverse engineering is such a major topic in the tech world: code repurposing. The paper released by these two pretty much offer a step by step look through the Dropbox program. It also overrides the current security that exists in the client. Not only does that expose user accounts to potential exploitation (the two already managed to gain access to a victim’s account and files), it also gives out the “secret sauce”.
Now that the information is out there, it will be possible for Dropbox rip-offs or third-party, open source alternatives to be created. Something that Dropbox clearly didn’t want, as they took so much trouble to obfuscate their coding to begin with. In other words, this is bad news for the program’s owners.
Another worry is that someone is going to make a Dropbox clone that is used for nefarious purposes. We have all seen fake applications and websites created to try and steal user data like passwords, bank accounts, etc. This could potentially be used to steal files, gain access to someone’s computer, or commit identity fraud. It is hard to say for sure what the implications might be.
In the end, this is an incredibly impressive feat that does the important job of showing that Python is not invulnerable like so many people have claimed. But it could spell bad news for Dropbox users and the company itself, and is sure to leave them scrambling to do something about it.
Source: Tech Republic