phoebe
@flowerfield.dev
i like music and making computer things as unreadable as possible
she/her
she/her
oh lmao i didn't realise, the repository itself is populated though which is funny
May 8, 2025 at 11:34 AM
oh lmao i didn't realise, the repository itself is populated though which is funny
contact page denies access so rip disclosure
April 5, 2025 at 11:35 AM
contact page denies access so rip disclosure
fair, i guess for cases where an attacker can only observe the network noise really makes the timing leaks much less helpful
April 4, 2025 at 6:40 PM
fair, i guess for cases where an attacker can only observe the network noise really makes the timing leaks much less helpful
thank you so much!
i feel like i came across unencrypted Chat messages as i looked into the app, but it is likely that those ended up being a different packet type and that the app just always encrypts "Chat" messages everytime. it might have been an attempt of having security perhaps
i feel like i came across unencrypted Chat messages as i looked into the app, but it is likely that those ended up being a different packet type and that the app just always encrypts "Chat" messages everytime. it might have been an attempt of having security perhaps
February 25, 2025 at 4:30 PM
thank you so much!
i feel like i came across unencrypted Chat messages as i looked into the app, but it is likely that those ended up being a different packet type and that the app just always encrypts "Chat" messages everytime. it might have been an attempt of having security perhaps
i feel like i came across unencrypted Chat messages as i looked into the app, but it is likely that those ended up being a different packet type and that the app just always encrypts "Chat" messages everytime. it might have been an attempt of having security perhaps
i don't know too much abt it personally. there was a case of qq browser being scrutinized for using non-cryptographic PRNG before. and looking into wechat there does seem to be another proprietary protocol but at a quick glance backed by actual cryptography
February 25, 2025 at 12:57 PM
i don't know too much abt it personally. there was a case of qq browser being scrutinized for using non-cryptographic PRNG before. and looking into wechat there does seem to be another proprietary protocol but at a quick glance backed by actual cryptography
thank you so much for helping me get this out there 😭
this means the world to me
this means the world to me
February 25, 2025 at 12:51 PM
thank you so much for helping me get this out there 😭
this means the world to me
this means the world to me
yep, the encryption pretty much acts more as obfuscation than encryption and you can even end up authenticating with this API without needing to know the encryption is a thing that happens.
the authentication is always in plaintext and you can then just find the "send message" proto and send one
the authentication is always in plaintext and you can then just find the "send message" proto and send one
February 25, 2025 at 12:47 PM
yep, the encryption pretty much acts more as obfuscation than encryption and you can even end up authenticating with this API without needing to know the encryption is a thing that happens.
the authentication is always in plaintext and you can then just find the "send message" proto and send one
the authentication is always in plaintext and you can then just find the "send message" proto and send one