| ▲ | JohnMakin 2 days ago | |||||||
“decrypt” function just decoding base64 is almost too difficult to believe but the amount of times ive run into people that should know better think base64 is a secure string tells me otherwise | ||||||||
| ▲ | jcul 2 days ago | parent | next [-] | |||||||
The raw crypt data is base64 encoded, probably just for ease of embedding the strings. There is a decryption function that does the actual decryption. Not to say it wouldn't be easy to reverse engineer or just run and check the return, but it's not just base64. | ||||||||
| ▲ | crtasm 2 days ago | parent | prev | next [-] | |||||||
>However, there is a second stage which is handled by a native library which is obfuscated to hell | ||||||||
| ||||||||
| ▲ | qoez 2 days ago | parent | prev | next [-] | |||||||
They should have off-loaded security coding to the OAI agent. | ||||||||
| ||||||||
| ▲ | pvtmert 2 days ago | parent | prev | next [-] | |||||||
not very much surprising given they left the adb debugging on... | ||||||||
| ▲ | _carbyau_ 2 days ago | parent | prev [-] | |||||||
So easy a fancy webpage could do it. https://gchq.github.io/CyberChef/ I mean, it's from gchq so it is a bit fancy. It's got a "magic" option! Cool thing being you can download it and run it yourself locally in your browser, no comms required. | ||||||||