Skip to content
/ lookinsidethebox Public
forked from anvilsecure/lookinsidethebox

Breaks the encryption and obfuscation layers that Dropbox applies to their modified Python interpreter.

anvilventures.com/blog/looking-inside-the-box.html

License

0BSD license
0 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

twong40/lookinsidethebox

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits

doc

doc

 
 

historical

historical

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

NOTES

NOTES

 
 

README.md

README.md

 
 

fetchdeps.sh

fetchdeps.sh

 
 

gendb.py

gendb.py

 
 

opcode.db

opcode.db

 
 

opcodemap.py

opcodemap.py

 
 

patchzip.py

patchzip.py

 
 

setenv.py

setenv.py

 
 

tea.py

tea.py

 
 

unmarshaller.py

unmarshaller.py

 
 

unpacker.py

unpacker.py

 
 

Repository files navigation

Look inside the box

This tool is just the latest implementation that breaks the encryption and obfuscation layers that Dropbox applies to their modified Python interpreter. It's based on work the author did many, many moons ago as well as public work done by others. For more information please see the blogpost.

All this assumes that current versions of the Dropbox Linux client keep being based on Python 3.6. Otherwise work might have to be done to change this to Python 3.7 by adjusting the commands. Of course if Dropbox changes their encryption and obfuscation schemes one will be out of luck too and more work will have to be done to get all this working again.

Requirements

  • Have a recent Python 3.x installation for the unpacking.
  • Make sure that uncompyle6 is installed. You can do this with:
pip3 install uncompyle6
  • For regenerating the opcode database make sure that the Python version installed is 3.6. Please note that there's already a version of this opcode database mapping included so it shouldn't be necessary to rerun it.

Usage

  • Run the included fetchdeps.sh bash script. This will fetch the Python source code as well as download the latest version of the Dropbox for Linux tarball. The Python source code is only needed if one wants to regenerate the opcode database.

  • Execute the following to unpack, decrypt and decompile most of the Dropbox Python source code. It will extract to a default directory named out:

python3 unpacker.py --dropbox-zip `find . -name python-packages-36.zip`
  • To regenerate the opcode mapping database use something like this. Please note that Python 3.6 is a requirement for this to work.
python3.6 gendb.py --dropbox-zip `find . -name python-packages-36.zip` --python-dir tmp/Python-3.6.8 --db opcode.db
  • To patch the ZIP file in the Dropbox distribution and rewrite the pyc files such that the SHA-256 hashes in there are known SHA-256 hashes use the following to rewrite and inject code into the zip.
python3 patchzip.py --dropbox-zip `find . -name python-packages-36.zip` --output-zip out.zip
mv out.zip ~/.dropbox-dist/dropbox-lnx_64-71.4.108/python-packages-36.zip
~/.dropbox-dist/dropbox-lnx_64-71.4.108/dropbox
  • To set the environment variables to enable hidden Dropbox functionality see the setenv.py script. For more information on this please see the blogpost again. Modify at will and then use it like this to setup the environment and run dropbox.
eval `python3 setenv.py`
~/.dropbox-dist/dropbox-lnx_64-71.4.108/dropbox

About

Breaks the encryption and obfuscation layers that Dropbox applies to their modified Python interpreter.

anvilventures.com/blog/looking-inside-the-box.html

Resources

Readme

License

0BSD license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 97.9%
  • Shell 2.1%