Reverse Engineering + Other Stuff
11 February 2009
Now, don't get me wrong here, I'm no "hacker" - however, I do enjoy reverse engineering stuff out of what I would call curiosity, more than anything, and for that reason, I'm not going to reveal the names of programs/files or details of the bugs until they've been fixed (I've given details of them to the developer already so hopefully a fix should be in the works).
The latest app I've been playing around is a music streaming app that has become fairly popular as of late, which partly relies on ad revenue to keep it going. You can probably guess the name, it's not difficult. After playing around with it for a while I've come across two fairly specific bugs:
First: the ads. There is what appears to be a switch buried deep in the program which essentially checks if a file exists. If the file exists, the ads aren't displayed in the program. I can only guess that this was put there as an early test thing. Now, there's no chance of a normal end user finding this (as the filename is 32 random characters in a specific directory), however, it only takes one malicious hacker to find it and publish details of it to dent a huge hole in their ad revenue.
Second: There is a flaw in the streaming authentication that it uses which makes it possible to intercept the media servers and inject unauthorized code via the input stream. The general idea of this bug is that the application only authenticates the server supplying the stream when it initially requests the stream - if the stream gets broken, in some situations, when it attempts to reconnect, it doesn't check if the server is genuine or not.
While this doesn't seem like a big deal, the repercussion I am trying to push here is this: the application is a music streaming app, which relies on user login etc, therefore, it must have a connection to their servers. If you can bypass the incoming feed and inject code, it may be possible to remotely attack their server.
I guess this leads me onto the overall point of this post: sloppy programming. Even though an app such as the one above looks polished, and works perfectly, some fairly bad holes have been left wide open. Now, I agree, that the average end user will never find these holes, however, there's alot of people who do have the ability to find them (I'm not the best programmer in the world and I've managed fairly easily), and it only takes one of these people to have a malicious idea...
I know it's impossible to write bug free code as you're usually unaware of a bug until its effects are found, but I mean, come on, disabling ads if a file exists on the filesystem? And not authenticating upon every connect? That's just sloppy.
On a lighter note: an update about my HP laptop - I still don't have it back - apparently HP are still waiting for a motherboard (although I fail to see how it takes over 3 weeks to find a motherboard). They have no ETA
.
The latest app I've been playing around is a music streaming app that has become fairly popular as of late, which partly relies on ad revenue to keep it going. You can probably guess the name, it's not difficult. After playing around with it for a while I've come across two fairly specific bugs:
First: the ads. There is what appears to be a switch buried deep in the program which essentially checks if a file exists. If the file exists, the ads aren't displayed in the program. I can only guess that this was put there as an early test thing. Now, there's no chance of a normal end user finding this (as the filename is 32 random characters in a specific directory), however, it only takes one malicious hacker to find it and publish details of it to dent a huge hole in their ad revenue.
Second: There is a flaw in the streaming authentication that it uses which makes it possible to intercept the media servers and inject unauthorized code via the input stream. The general idea of this bug is that the application only authenticates the server supplying the stream when it initially requests the stream - if the stream gets broken, in some situations, when it attempts to reconnect, it doesn't check if the server is genuine or not.
While this doesn't seem like a big deal, the repercussion I am trying to push here is this: the application is a music streaming app, which relies on user login etc, therefore, it must have a connection to their servers. If you can bypass the incoming feed and inject code, it may be possible to remotely attack their server.
I guess this leads me onto the overall point of this post: sloppy programming. Even though an app such as the one above looks polished, and works perfectly, some fairly bad holes have been left wide open. Now, I agree, that the average end user will never find these holes, however, there's alot of people who do have the ability to find them (I'm not the best programmer in the world and I've managed fairly easily), and it only takes one of these people to have a malicious idea...
I know it's impossible to write bug free code as you're usually unaware of a bug until its effects are found, but I mean, come on, disabling ads if a file exists on the filesystem? And not authenticating upon every connect? That's just sloppy.
On a lighter note: an update about my HP laptop - I still don't have it back - apparently HP are still waiting for a motherboard (although I fail to see how it takes over 3 weeks to find a motherboard). They have no ETA
.
0
