- Kairos@lemmy.todayEnglish2 days
Good thing I use pirated copies that give me paid features and remove these SDKs
- sad_detective_man@sopuli.xyzEnglish2 days
ayyyyyyy mines getting a little dated, I had to go back versions a bit to get one without the ads hard-coded in. are you using a version newer than 6.31.7?
- Kairos@lemmy.todayEnglish2 days
Yes. I visit mobilism about once a month and download the latest Baltan release.
- sad_detective_man@sopuli.xyzEnglish2 days
I’ll go check his again. would you say there’s any annoyances lately with the cracks?
- Kairos@lemmy.todayEnglish2 days
There’s inconsistent behavior but nothing on the fault of the patches.
- XLE@piefed.socialEnglish2 days
ByteDance applies real cryptographic protection to the data valuable to their business: ad impressions, click attribution, revenue tracking. But the device fingerprints they harvest from users? Those get the key-taped-to-the-doorframe treatment.
Frankly I want the opportunity to peer into everything, or at least prevent all of it
- Lee@retrolemmy.comEnglish1 day
It says it can’t be decrypted with passive means due to a proper ECDH key exchange, but if they are not doing any sort of verification that theor server sent or created the key, then it would be possible to do an active attack like MITM that manipulates the key exhcnage. What I mean is, your MITM proxy would substitute the real key with one that you have the keypair to and hand that to the target application. The target application then encrypts using the key you provide, your MITM proxy decrypts and reencrypts with the real key and all seems legit from both sides.
If there are server validation of some sort, signature checks or whatever, then it would require extra work like patching out or otherwise modifying those checks in the application, extracting the key from the application’s memory, or something like this.
I guess myvpoint is, if you’re motivated enough, you can make it happen.