Programs often have secrets that their programmers want to hide, and it is not always possible to just store them server side. Whether you’re Snapchat hiding the algorithm to generate request tokens, Widevine hiding a private key used for DRM, or Google hiding the signals ReCaptcha collects to determine whether...
[Read More]
Reducing Memory Allocations in Golang
Go’s place between C and Python in terms of abstraction and garbage collection memory management model has made it attractive to programmers looking for a fast but reasonably high level language. However, there is no free lunch. Go’s abstractions, especially with regards to allocation, come with a cost. This article...
[Read More]
How Websites Know You're Lying About Your User-Agent
Spoofing a browser’s user agent is often hailed as a privacy enhancing technique. On the Chrome Store, there are dozens of extensions allowing you to switch your user agent. Unfortunately, due to the abundance of other methods to detect browser and operating system information (as will be discussed in this...
[Read More]
A Simple Anti Gdb Trick
After reading Alex O’Mara’s post about preventing disassembly with Hopper by including the Hopper self-protection signature in the binary, I remembered this trick I discovered a while back to prevent files from being opened by gdb.
[Read More]
Deobfuscated PerimeterX Code
I deobfuscated PerimeterX’s bot detection JavaScript using the shift-refactor library.
[Read More]