DIY Portable Secrets Manager With a Raspberry Pi Zero and ARC


For the last few days I’ve been working on a new project which I developed for very specific needs and reasons:

  1. I need to store safely (encrypted) my passwords, sensitive files, notes, etc.
  2. I need to access them from anywhere, with every possible device ( desktop, mobile, terminal ).
  3. I need those objects to be syncronized accros all my devices.
  4. I don’t want to use “the cloud”.
  5. I don’t want to pay for a server.
  6. I don’t want to enable port forwarding and host it myself with DynDNS or alikes.

So I wrote ARC.

arcd

Read More

How I Defeated an Obfuscated and Anti-Tamper APK With Some Python and a Home-Made Smali Emulator.


During this Saturday afternoon I was chatting with a friend of mine ( Matteo ) and he asked for some help to fix a Python script he was working on.

He was trying to deobfuscate an APK in order to understand its obfuscation and anti tampering (more on this later) protections so I started working on it as well.

This was definitely way more challenging ( and fun! ) than my usual APK reversing session ( dex2jar -> jd-gui -> done ), moreover this required me to write a new tool which I find kinda cool and unique ( IMHO of course ), so I’m going to share the story in this post.

I’m going to intentionally skip a few details here and there because I do not want to cause any harm to the people who wrote that application, all the involved protection mechanisms are there to avoid piracy.

Read More