Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

“decrypt” function just decoding base64 is almost too difficult to believe but the amount of times ive run into people that should know better think base64 is a secure string tells me otherwise





The raw crypt data is base64 encoded, probably just for ease of embedding the strings.

There is a decryption function that does the actual decryption.

Not to say it wouldn't be easy to reverse engineer or just run and check the return, but it's not just base64.

reply


>However, there is a second stage which is handled by a native library which is obfuscated to hell

reply


That native obfuscated crap still has to do an HTTP request, that's essentially a base64

reply


They should have off-loaded security coding to the OAI agent.

reply


they probably did.

reply


not very much surprising given they left the adb debugging on...

reply


So easy a fancy webpage could do it. https://gchq.github.io/CyberChef/

I mean, it's from gchq so it is a bit fancy. It's got a "magic" option!

Cool thing being you can download it and run it yourself locally in your browser, no comms required.

reply




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: