[julkali]

I tried the same thing, and while I managed to patch the application and intercept the requests, I gave up when trying to RE the shared object responsible for request signing. I couldn't even find the entry point. For a relatively small social media app they had insane security already back in 2015.

[dvt]

> I couldn't even find the entry point.

Ha, same. I think I was eventually trying to hook into kernel-level functions and do it that way (I was using the Android client) but couldn't get far there either, though I think it's technically doable. IIRC, they were using some kind of vtable patching protection around kernel functions to ensure integrity.

I built anti-cheat software (and hardware) before, and it felt like anti-cheat level security. I had an axe to grind with Snapchat, as they rejected me after the first interview round :P

[callalex]

Snapchat’s founding principle and only differentiator from day one has been untrusted client security. There were way too many years where the general public believed that a Snapchat could not be saved. I give huge credit to Snapchat for accidentally teaching the public that if human eyeballs can see something, it can be recorded forever. Now that is taken for granted, even last week’s Saturday Night Live TV sketch referenced what a fundamentally flawed security model Snapchat has.

[thaumasiotes]

What? That wasn't a principle of theirs. They explicitly exclude "screenshot detection avoidance" from their bug bounty policy: https://hackerone.com/snapchat?type=team . They always have. As far as they're concerned, that's not a security issue.

[fullspectrumdev]

BBP policies don’t align with anything except “we cba paying for that”

[saagarjha]

Snap has always had pretty beefy client security. Since, of course, a hacked client breaks the entire premise of their app.

[ridafkih]

Snapchat and TikTok both boast pretty gnarly RE-prevention measures.

[lwansbrough]

For the uninitiated: TikTok is known to send and receive telemetry packages through headers in other requests (IIRC), and employs the use of a virtual machine(!) to execute encrypted client code.

[weinzierl]

Any source for that? What does "other" requests mean? Other than what? I doubt it could modify the headers of other apps.

[crtasm]

Requests it makes for things required to function at all, video data etc. I guess? But this is the first time I've heard this claim.

[eddyg]

See https://www.nullpt.rs/reverse-engineering-tiktok-vm-1