Создан открытый прототип клиента DropBox

Чуваки из Openwall распилили официальнй клиент DropBox. Ознакомиться с подробностями исследования можно github Looking inside the (Drop) box "Пошаговая инструкция" на usenix.org

Орининал новости opennet.ru.

Может быть вы думаете, что это сомнительная история? А как вам, клиенты других компаний можно зареверсить по этой же методологии. Примечательно, что DropBox -ssl, двуфакторная аторизация. Все как мы любим. Как дальше жить?

Joomla! Debug Console

71 Queries Logged

SELECT `session_id` FROM `j25_session` WHERE `session_id` = 'e9c2404fbcd60befbef0992de6a6e56c' LIMIT 0, 1
INSERT INTO `j25_session` (`session_id`, `client_id`, `time`) VALUES ('e9c2404fbcd60befbef0992de6a6e56c', 0, '1747305338')
SELECT b.id FROM j25_usergroups AS a LEFT JOIN j25_usergroups AS b ON b.lft <= a.lft AND b.rgt >= a.rgt WHERE a.id = 1
SELECT id, rules FROM `j25_viewlevels`
SELECT m.id, m.menutype, m.title, m.alias, m.note, m.path AS route, m.link, m.type, m.level, m.language,m.browserNav, m.access, m.params, m.home, m.img, m.template_style_id, m.component_id, m.parent_id,e.element as component FROM j25_menu AS m LEFT JOIN j25_extensions AS e ON m.component_id = e.extension_id WHERE m.published = 1 AND m.parent_id > 0 AND m.client_id = 0 ORDER BY m.lft
SHOW FULL COLUMNS FROM `j25_easyblog_configs`
SELECT * FROM j25_easyblog_configs WHERE `name` = 'config'
SHOW FULL COLUMNS FROM `j25_easyblog_post`
SELECT a.`id` FROM j25_easyblog_post as a WHERE a.`permalink` = 'sozdan:otkrytyj-prototip-klienta-dropbox'
SELECT a.`id` FROM j25_easyblog_post as a WHERE a.`permalink` = 'sozdan-otkrytyj-prototip-klienta-dropbox'
SELECT * FROM j25_easyblog_post WHERE `id` = '366'
DELETE FROM `j25_easyblog_mailq` WHERE `status`='1' AND DATEDIFF(NOW(), `created`) >= 7
SELECT `id` FROM `j25_easyblog_mailq` WHERE `status` = 0 ORDER BY `created` ASC LIMIT 5
SELECT * FROM `j25_easyblog_post` WHERE `publish_up` <= '2025-05-15 10:35:38' AND `published` = '2' AND `ispending` = '0' ORDER BY `id` LIMIT 5
UPDATE `j25_easyblog_post` SET `published` = '0' WHERE `publish_down` > `publish_up` AND `publish_down` <= '2025-05-15 10:35:38' AND `publish_down` != '0000-00-00 00:00:00' AND `published` != '0' AND `published` != '3' AND `ispending` = '0'
SELECT a.rules FROM j25_assets AS a WHERE (a.id = 1) GROUP BY a.id, a.rules, a.lft
SHOW FULL COLUMNS FROM `j25_assets`
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT b.rules FROM j25_assets AS a LEFT JOIN j25_assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt WHERE (a.id = 1) GROUP BY b.id, b.rules, b.lft ORDER BY b.lft
SHOW FULL COLUMNS FROM `j25_easyblog_users`
SELECT COUNT(*) FROM `j25_easyblog_configs` WHERE `name` = 'default'
SELECT * FROM j25_easyblog_configs WHERE `name` = 'default'
SELECT * FROM `j25_easyblog_acl` WHERE `published`=1 ORDER BY `id` ASC
SELECT * FROM `j25_easyblog_acl_group` WHERE `content_id`='1' AND `type`=' group'
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT id, keywords, description, indexing FROM `j25_easyblog_meta` WHERE content_id = '366' and type = 'post'
SELECT * FROM j25_easyblog_post WHERE `id` = '366'
SHOW FULL COLUMNS FROM `j25_easyblog_category`
SELECT * FROM j25_easyblog_category WHERE `id` = '2'
SELECT COUNT(1) FROM `j25_easyblog_category` WHERE `alias`='news' AND `id`!='2'
SELECT * FROM j25_easyblog_post WHERE `id` = '366'
SELECT * FROM j25_easyblog_category WHERE `id` = '2'
SELECT COUNT(1) FROM `j25_easyblog_category` WHERE `alias`='news' AND `id`!='2'
SHOW FULL COLUMNS FROM `j25_discuss_users_history`
INSERT INTO `j25_discuss_users_history` (`user_id`,`title`,`command`,`created`,`content_id`) VALUES ('0','Viewed blog post, Создан открытый прототип клиента DropBox.','easyblog.view.blog','2025-05-15 10:35:38','0')
UPDATE j25_easyblog_post SET `hits` = (`hits` + 1) WHERE id = '366'
SHOW FULL COLUMNS FROM `j25_komento_configs`
SELECT * FROM j25_komento_configs WHERE `component` = 'com_komento'
SELECT COUNT(1) FROM `j25_easyblog_featured` WHERE `content_id` = '366' AND `type` = 'post'
SELECT a.`id`, a.`title`, a.`alias` FROM `j25_easyblog_tag` AS a LEFT JOIN `j25_easyblog_post_tag` AS b ON a.`id` = b.`tag_id` WHERE b.`post_id` = '366' AND a.`published` = '1' ORDER BY a.`title` ASC
SELECT * FROM j25_easyblog_users WHERE `id` = '63'
SHOW FULL COLUMNS FROM `j25_users`
SELECT * FROM `j25_users` WHERE `id` = 63
SELECT `g`.`id`,`g`.`title` FROM `j25_usergroups` AS g INNER JOIN `j25_user_usergroup_map` AS m ON m.group_id = g.id WHERE `m`.`user_id` = 63
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT * FROM j25_easyblog_category WHERE `id` = '2'
SELECT COUNT(1) FROM `j25_easyblog_category` WHERE `alias`='news' AND `id`!='2'
SELECT `title` FROM `j25_easyblog_category` WHERE `id` = '2'
SELECT id FROM j25_assets WHERE parent_id = 0
SELECT * FROM j25_tagmeta_rules WHERE ( ( ('/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP BINARY url)>0 AND (case_sensitive<>0) AND (decode_url<>0) AND (request_only<>0) ) OR ( ('/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP BINARY url)>0 AND (case_sensitive<>0) AND (decode_url=0) AND (request_only<>0) ) OR ( ('https://networkdoc.ru/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP BINARY url)>0 AND (case_sensitive<>0) AND (decode_url<>0) AND (request_only=0) ) OR ( ('https://networkdoc.ru/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP BINARY url)>0 AND (case_sensitive<>0) AND (decode_url=0) AND (request_only=0) ) OR ( ('/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP url)>0 AND (case_sensitive=0) AND (decode_url<>0) AND (request_only<>0) ) OR ( ('/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP url)>0 AND (case_sensitive=0) AND (decode_url=0) AND (request_only<>0) ) OR ( ('https://networkdoc.ru/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP url)>0 AND (case_sensitive=0) AND (decode_url<>0) AND (request_only=0) ) OR ( ('https://networkdoc.ru/entry/sozdan-otkrytyj-prototip-klienta-dropbox?print=1&tmpl=component' REGEXP url)>0 AND (case_sensitive=0) AND (decode_url=0) AND (request_only=0) ) ) AND published=1 ORDER BY ordering

39 Query Types Logged, Sorted by Occurrences.

SELECT Tables:

25 × SELECT id FROM j25_assets
3 × SELECT * FROM j25_easyblog_post
3 × SELECT COUNT(1) FROM `j25_easyblog_category`
3 × SELECT * FROM j25_easyblog_category
2 × SELECT a.`id` FROM j25_easyblog_post as a
2 × SELECT * FROM j25_easyblog_configs
1 × SELECT * FROM j25_komento_configs
1 × SELECT COUNT(1) FROM `j25_easyblog_featured`
1 × SELECT a.`id`, a.`title`, a.`alias` FROM `j25_easyblog_tag` AS a LEFT JOIN `j25_easyblog_post_tag` AS b ON a.`id` = b.`tag_id`
1 × SELECT * FROM `j25_users`
1 × SELECT * FROM j25_tagmeta_rules
1 × SELECT `title` FROM `j25_easyblog_category`
1 × SELECT `g`.`id`,`g`.`title` FROM `j25_usergroups` AS g INNER JOIN `j25_user_usergroup_map` AS m ON m.group_id = g.id
1 × SELECT id, keywords, description, indexing FROM `j25_easyblog_meta`
1 × SELECT * FROM j25_easyblog_users
1 × SELECT COUNT(*) FROM `j25_easyblog_configs`
1 × SELECT `id` FROM `j25_easyblog_mailq`
1 × SELECT m.id, m.menutype, m.title, m.alias, m.note, m.path AS route, m.link, m.type, m.level, m.language,m.browserNav, m.access, m.params, m.home, m.img, m.template_style_id, m.component_id, m.parent_id,e.element as component FROM j25_menu AS m LEFT JOIN j25_extensions AS e ON m.component_id = e.extension_id
1 × SELECT id, rules FROM `j25_viewlevels
1 × SELECT b.id FROM j25_usergroups AS a LEFT JOIN j25_usergroups AS b ON b.lft <= a.lft AND b.rgt >= a.rgt
1 × SELECT * FROM `j25_easyblog_post`
1 × SELECT a.rules FROM j25_assets AS a
1 × SELECT * FROM `j25_easyblog_acl`
1 × SELECT `session_id` FROM `j25_session`
1 × SELECT b.rules FROM j25_assets AS a LEFT JOIN j25_assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt
1 × SELECT * FROM `j25_easyblog_acl_group`

OTHER Tables:

1 × INSERT INTO `j25_discuss_users_history` (`user_id`,`title`,`command`,`created`,`content_id`) VALUES ('0','Viewed blog post, Создан открытый прототип клиента DropBox.','easyblog.view.blog','2025-05-15 10:35:38','0'
1 × SHOW FULL COLUMNS FROM `j25_discuss_users_history
1 × UPDATE j25_easyblog_post SET `hits` = (`hits` + 1)
1 × SHOW FULL COLUMNS FROM `j25_komento_configs
1 × SHOW FULL COLUMNS FROM `j25_users
1 × SHOW FULL COLUMNS FROM `j25_easyblog_category
1 × SHOW FULL COLUMNS FROM `j25_easyblog_users
1 × SHOW FULL COLUMNS FROM `j25_easyblog_post
1 × SHOW FULL COLUMNS FROM `j25_easyblog_configs
1 × DELETE FROM `j25_easyblog_mailq`
1 × UPDATE `j25_easyblog_post` SET `published` = '0'
1 × SHOW FULL COLUMNS FROM `j25_assets
1 × INSERT INTO `j25_session` (`session_id`, `client_id`, `time`) VALUES ('e9c2404fbcd60befbef0992de6a6e56c', 0, '1747305338'

Joomla! Debug Console

Session

__default

user

Profile Information

Memory Usage

Database Queries

71 Queries Logged

39 Query Types Logged, Sorted by Occurrences.

SELECT Tables:

OTHER Tables: