← Back to context

Comment by cosmicgadget

16 hours ago

The source is available?

Understanding program flow is very different from understanding the composition of data passing though the program.

5 comments

cosmicgadget

Reply
quesera  15 hours ago

At some level, the machine code is the source code -- but decompiling AArch64 mobile apps into something like Java is common practice.

As GP alludes, you would be looking for a secondary pathway for message transmission. This would be difficult to hide in AArch64 code (from a skilled practitioner), and extra difficult in decompiled Java.

It would be "easy" enough, and an enormous prize, for anyone in the field.

  • cosmicgadget  15 hours ago

    I am familiar with disassembly and decompilation and what you just said is a huge handwave.

    > a secondary pathway for message transmission

    That's certainly the only way messages could be uploaded to Facebook!

    • quesera  15 hours ago

      I'm curious why you think it's handwavy.

      I've done this work on other mobile apps (not WhatsApp), and the work is not out of the ordinary.

      It's difficult to hide subtleties in decompiled code. And anything that looks hairbally gets special attention, if the calling sites or side effects are interesting.

      (edit for edit)

      > That's certainly the only way messages could be uploaded to Facebook!

      Well, there's a primary pathway which should be very obvious. And if there's a secondary pathway, it's probably for telemetry etc. If there are others, or if it isn't telemetry, you dig deeper.

      All secrets are out in the open at that point. There are no black boxes in mobile app code.

      2 replies →