dex2jar
ricochet
dex2jar | ricochet | |
---|---|---|
5 | 12 | |
11,875 | 3,680 | |
- | 0.0% | |
5.0 | 0.0 | |
24 days ago | over 2 years ago | |
Java | C++ | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dex2jar
-
Understanding security in React Native applications
App tampering and repackaging can be performed by using reverse engineering or tampering tools, such as Apktool, dex2jar, etc.
-
What Happens When Your Phone Is Spying on You
A week ago I purchased a bluetooth device that takes some measurements. You require an Android or iOS application. The first thing the iOS app did was request permission for your location. Immediate fired up MITMproxy [1] running in transparent `--mode wireguard` and installed it's certificate in the iOS trust store. It was sending a whole bunch of data to China and HK. Since I don't have a jailbroken iPhone, it's off to Android.
For BLE scanning, Android does require permissions for location, but this application is using a Chinese branded tracking SDK and sending encrypted (within already encrypted TLS). So it's time to start reversing and instrumenting the runtime.
Well - not so easy, they used a commercial packer that encrypts their compiled bytecode and decrypts and runs it within a C++ library. I managed to bull the Dalvik out of memory using Frida[2], covert it to java bytecode with dex2jar[3] then into decompiled java with jadx [3].
Since the developer relied on the packer to hide/obfuscate their software, it's quite easy to follow. The libraries that do the location tracking on the otherhand are obfuscated so now I'm at the stage of identifying where to hook before the encrypted blobs are sent to servers in China.
I've sunk about 8 hours into this so far. The message here is that to understand what some applications on your phone does you need to really invest time and effort. The developers increase the cost to the consumer to know what their application is doing by obfuscation, encryption and packing. It's asymmetric.
[1] https://mitmproxy.org/posts/wireguard-mode/
[2] https://frida.re/docs/android/
[3] https://github.com/skylot/jadx
[3] https://github.com/pxb1988/dex2jar
-
Reverse Engineering Tools in 2022
I think they forgot to google translate the disadvantages of JEB Decompiler
I haven't used JEB to comment, but I've gotten a lot of mileage out of https://github.com/pxb1988/dex2jar#readme and then feed the normal Java jars it produces into https://github.com/mstrobel/procyon#readme and (of course) one shouldn't overlook picking your favorite tool for dealing with AndroidManifest.xml which often has fun things hiding in it
While digging up those links, I was reminded that some folks enjoy https://github.com/Konloch/bytecode-viewer#is-there-a-demo because it can be easier to "try out" a few of the decompilation engines, but I don't use it because it's hard to do batch things with it, versus dex2jar into procyon is automation friendly
- The Code the FBI Used to Wiretap the World
-
Decompilers for android
Take a look at apktool: https://ibotpeaches.github.io/Apktool/ and dex2jar: https://github.com/pxb1988/dex2jar
ricochet
-
Open source P2P alternative to Slack and Discord built on Tor and IPFS
This looks like a much more polished alternative to Ricochet: https://github.com/ricochet-im/ricochet
-
Where is there a tutorial for Ricochet Relay?
Ricochet seems dead. It's been five years since its last commit to their git repo, and their website's certificate expired last year. This is probably why you can't find much information.
-
The Code the FBI Used to Wiretap the World
I think something like Ricochet (if it were still actively maintained) could be a good solution.
https://github.com/ricochet-im/ricochet
Every user is their own Tor onion service, so you get E2E encryption and no centralized servers. The whole thing hinges on the security of Tor itself which is probably a safe enough bet.
-
Ricochet reborn: A user friendly TorChat for everybody available for GNU/Linux and in the Mac Store and Windows Store.
With that being said, if I had just one piece of advice - try to avoid ostentatious phrases like Speek is by far the most secure way to converse or 100% anonymous. Tor itself is not 100% anonymous, so that should immediately make anyone cautious. One of the things that I admired about the original Ricochet was that the developers never made brazen claims about their software. In fact, quite the opposite.
-
How to build large-scale end-to-end encrypted group video calls
Check out https://github.com/ricochet-im/ricochet/blob/master/doc/prot.... It is metadata-free. It does not require a centralized server. It uses Tor.
-
Documents Shows Just How Much The FBI Can Obtain From Encrypted Communication Services
[1] https://cwtch.im/ [2] https://ricochet.im/
- Darknet chat
-
Why don't we have a privacy-compliant peer-to-peer communication platform yet? (something like the bittorrent of messaging and chat and blogs etc)
Abandoned, unmaintained, deprecated or unreleased: Ricochet, TOR Messenger, Cwtch
-
TOR Messenger
ricochet.im website not working (??)
-
A Statement on Recent Events Between Signal and the Anti-Censorship Community
> there isn't a currently easily available obvious way to have private secure conversations.
Ricochet[1] works really well. It uses Tor hidden services to communicate. Your Ricochet ID is your onion address. To add a contact, you input their Ricochet ID and a short message, and Ricochet connects to their onion address and sends a contact request. If the contact request is accepted then you'll each show up as a contact on each other's client and can chat whenever you want.
Tor is really perfect for this, you can't get more private or censorship-resistant than Tor.
The UI is currently not great, but that's not a protocol problem.
The biggest problem with Ricochet is that hardly anyone is using it.
[1] https://ricochet.im/
What are some alternatives?
Apktool - A tool for reverse engineering Android apk files
Tox - The future of online communications.
comm - Comm is the working name of this open source messaging project.
session-desktop - Session Desktop - Onion routing based messenger
vineflower - Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
ricochet-refresh - Anonymous peer-to-peer instant messaging
Recaf - The modern Java bytecode editor
Speek - Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications
procyon - Procyon java decompiler - Procyon is a binary star system in Canis Minor
Signal-TLS-Proxy
bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
jami-cli - Jami client for terminal