Investigating and disabling hard-coded certificate pinning in an Android application
mitmproxy is an open source interactive HTTPS proxy, which makes it easy to intercept HTTPS for reverse engineering, including an Android clients. It does this by installing its own CA certificate on the client device.1
Recently, I was attempting to reverse engineer the HTTPS… »
Broken Uno house rules; or, the importance of systems thinking, rather than ‘reasoning by Lego’
House rules are a staple of card and board games, and Uno is no exception. Recently with friends, we played some games of Uno, observing a common house rule:
House Rule 1. A player who incorrectly calls ‘Uno’ must draw two cards.1 (Each player
Investigating a recent ebook DRM system (c. 2018)
This post concerns a DRM system used in an online ebook platform, released circa 2018. Users of the platform can purchase ebooks and either view them online, or download them for offline viewing using a proprietary Android/iOS app.
As usual, the particular DRM system… »
Crypto failures in the wild
Sony PlayStation 3 ECDSA random number reuse
The Sony PlayStation 3 (2006) uses Elliptic Curve DSA (ECDSA) to sign executable binaries.
ECDSA takes a private key \(d_A\) and a random number \(k\) with public parameters \(G\), \(n\) and public key \(Q_A = d_A G\), and… »
Investigating an early-2010s gaming DRM system: Part 4
Last time, we investigated how an early-2010s gaming DRM system approached machine-based licensing. This time, we'll investigate exactly how the DRM system interacts with the game to accomplish its ends.
Structure of the DRM system
Looking at the game binary, FooBarBazX.exe, for the… »
Investigating an early-2010s gaming DRM system: Part 3
Last time, we investigated how an early-2010s gaming DRM system stored licences for games. This time, we'll investigate how those licences are tied to particular devices.
From last time, we know that the licence file contains an encrypted XML payload:… »
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Investigating an early-2010s gaming DRM system: Part 2
Last time, we investigated part of a gaming DRM system from the early-2010s, looking at some of the configuration files. This time, we'll investigate how the licences for these games are stored.
Is is known that the licence data for the games is stored… »
Investigating an early-2010s gaming DRM system: Part 1
This post concerns a DRM system used in a PC gaming platform introduced in the early 2010s. The particular DRM system is not relevant and will not be identified, but will be familiar to many.
One function of the DRM system is to require… »
Questionable crypto - Neal Asher's ‘Depature’
Last time, we investigated some questionable design choices in the TLS-like AF protocol from Autonomous. Today's unfortunate victim is a TOTP-like monstrosity from Neal Asher's The Departure. Near the end of the novel, the main character, Saul, commandeers a network of robots… »
Questionable crypto in Annalee Newitz's ‘Autonomous’
Autonomous is a 2017 novel from former io9 editor Annalee Newitz. One of the viewpoint characters is a bot, Paladin, and during his first few pages, we are treated to the following exchange between him and another bot, Fang:
The mantis [Fang] beamed Paladin a