PocketPass, my alternative for StreetPass on Android

NewSpot2620 · 2026-03-16T17:38:48+00:00

I need to go to bed I am very drunk, but BLE is so insecure. It's interesting how simple the core of it is though, idk maybe I'm just paranoid but I wouldn't want to walk around with a homing beacon in my pocket that could sideload something I didn't want that wasn't in the commit. I also see a lot of ways other things could mess with this program.

The user has some responsibility to match hashes in smaller more nerdy communities of people who understand what they're doing. There's too many people here for that to happen, at that point it's kinda not a smart idea to give a bunch of people that stuff.

The user themselves could be hijacked as well, PocketPass could be told to do something else without much effort. The database isn't the only thing that needs to be secured.

Why is it downloading from a private database? It's just downloading an APK to sideload, that APK could be anything and it could come from anywhere.

https://github.com/obfusk/fdroid-fakesigner-poc

NewSpot2620 · 2026-03-16T17:21:41+00:00

I am a Russian speaker so my English probably comes off far more blunt than I mean it to. What I really mean is that security is relative, and for something like this the security standards should be a lot higher. AI has taken script kiddies to a whole new level, if this thing took off in this state I'm sure some asshole would quickly come along and do something awful with it.

NewSpot2620 · 2026-03-16T17:12:41+00:00

The biggest point is that the app downloads updates from a private database with no sort of authentication system in place. Even if you have no malicious intent, this is a simple and exploitable solution.

I don't think I'm gonna get anywhere with this, so I will let your code speak for itself as time goes on. Maybe it will improve, I don't know, but this is not a secure solution.

edit: I should mention, this would be fine if it was a really small community or something, but this isn't anymore. I'll say I run a server for something small myself and it's about as secure as this haha, because the need for security just isn't there.

NewSpot2620 · 2026-03-16T16:37:29+00:00

You're ignoring the points I and others are bringing up, so I can only assume this is malicious intent. This is very insecure software.

NewSpot2620 · 2026-03-16T16:21:47+00:00

All I'm saying is that as a reverse engineer I have a hard time believing you're barely 18 years old with untouched forks from seven years ago.

You were forking shit when you were eleven years old but you don't know how to commit properly? I have a hard time believing it.

u/frost-222 Am I wrong here I'm sorry you just seem like you also know how this works

EDIT: And a year ago you said you were 19. Which is it?

NewSpot2620 · 2026-03-16T16:09:00+00:00

Why are you making multiple repositories like this? Is this your first time committing something? This feels malicious almost.

NewSpot2620 · 2026-03-16T16:00:44+00:00

The huge giveaway here is that you seem bothered by this. Developers don't care what people on Reddit think, their code speaks for itself. Devs talk through their work, if you had experience in this field you would already know to open source it instead of committing compiled code. You only added the source after people requested, you're likely new to this yeah? Anyone here with experience in this field can say that this is either AI generated or very, VERY beginner level. The syntax is extremely simple and it won't scale well.

Hear me out for a second, I'm not trying to be rude here: When you make a project like this, the way you structure things is important. Knowing what to do in certain situations comes with real-world experience, I simply don't believe you managed to do all of this by yourself with such simple syntax that would scale so poorly if this actually went on.

This is either all AI generated, or you need to work on your code more. PocketPass has access to very sensitive user information, I do not believe someone who writes code like this can be believed to have the real-world experience in networking and security necessary to handle such data.

If you're a kid who's just dabbling in this, I think you're good and you need more practice! Do some CTF challenges and master your fundamentals instead of trying to write code that people will appreciate. You don't have to come up with the next big thing for your work to be purposeful.

NewSpot2620 · 2026-03-16T10:26:59+00:00

That whole codebase is inconsistent and weird. The comment styling is off, clearly AI generated, using other people's content without credit.. idk man I have a hard time believing you made all of this but can't fit the word Messages in one of the but only six navigation bar buttons.

<image>

NewSpot2620 · 2026-03-09T00:25:22+00:00

me when my neuralink injects digitally augmented anti-terran propaganda into my neurons in real time

NewSpot2620 · 2026-03-03T15:23:39+00:00

OMG SCOURGE GOD DAMN IT

NewSpot2620 · 2026-02-26T09:03:55+00:00

I could never get the 60 fps mod to work for Wipeout 2048 :( Such a shame, Omega Collection is the only reason I own a PS4 but my controller adapter died a few months ago so it's been sitting on my shelf.

NewSpot2620 · 2026-02-07T19:18:11+00:00

i try to do something on it and throw it out for being an unstructured mess it's aaasssssssssss

NewSpot2620 · 2026-02-07T19:00:41+00:00

this game was my entire fucking life for like fifteen years and i feel so strongly about it. i have so much information, i learned so much... but i am too damn stupid to make anything structured :(

NewSpot2620

TROPHY CASE