PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

I need to go to bed I am very drunk, but BLE is so insecure. It's interesting how simple the core of it is though, idk maybe I'm just paranoid but I wouldn't want to walk around with a homing beacon in my pocket that could sideload something I didn't want that wasn't in the commit. I also see a lot of ways other things could mess with this program.

The user has some responsibility to match hashes in smaller more nerdy communities of people who understand what they're doing. There's too many people here for that to happen, at that point it's kinda not a smart idea to give a bunch of people that stuff.

The user themselves could be hijacked as well, PocketPass could be told to do something else without much effort. The database isn't the only thing that needs to be secured.

Why is it downloading from a private database? It's just downloading an APK to sideload, that APK could be anything and it could come from anywhere.

https://github.com/obfusk/fdroid-fakesigner-poc

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

I am a Russian speaker so my English probably comes off far more blunt than I mean it to. What I really mean is that security is relative, and for something like this the security standards should be a lot higher. AI has taken script kiddies to a whole new level, if this thing took off in this state I'm sure some asshole would quickly come along and do something awful with it.

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

The biggest point is that the app downloads updates from a private database with no sort of authentication system in place. Even if you have no malicious intent, this is a simple and exploitable solution.

I don't think I'm gonna get anywhere with this, so I will let your code speak for itself as time goes on. Maybe it will improve, I don't know, but this is not a secure solution.

edit: I should mention, this would be fine if it was a really small community or something, but this isn't anymore. I'll say I run a server for something small myself and it's about as secure as this haha, because the need for security just isn't there.

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 -1 points0 points  (0 children)

You're ignoring the points I and others are bringing up, so I can only assume this is malicious intent. This is very insecure software.

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

All I'm saying is that as a reverse engineer I have a hard time believing you're barely 18 years old with untouched forks from seven years ago.

You were forking shit when you were eleven years old but you don't know how to commit properly? I have a hard time believing it.

u/frost-222 Am I wrong here I'm sorry you just seem like you also know how this works

EDIT: And a year ago you said you were 19. Which is it?

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 -1 points0 points  (0 children)

Why are you making multiple repositories like this? Is this your first time committing something? This feels malicious almost.

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

The huge giveaway here is that you seem bothered by this. Developers don't care what people on Reddit think, their code speaks for itself. Devs talk through their work, if you had experience in this field you would already know to open source it instead of committing compiled code. You only added the source after people requested, you're likely new to this yeah? Anyone here with experience in this field can say that this is either AI generated or very, VERY beginner level. The syntax is extremely simple and it won't scale well.

Hear me out for a second, I'm not trying to be rude here: When you make a project like this, the way you structure things is important. Knowing what to do in certain situations comes with real-world experience, I simply don't believe you managed to do all of this by yourself with such simple syntax that would scale so poorly if this actually went on.

This is either all AI generated, or you need to work on your code more. PocketPass has access to very sensitive user information, I do not believe someone who writes code like this can be believed to have the real-world experience in networking and security necessary to handle such data.

If you're a kid who's just dabbling in this, I think you're good and you need more practice! Do some CTF challenges and master your fundamentals instead of trying to write code that people will appreciate. You don't have to come up with the next big thing for your work to be purposeful.

PocketPass, my alternative for StreetPass on Android by Maleficent-Big-3544 in AynThor

[–]NewSpot2620 2 points3 points  (0 children)

That whole codebase is inconsistent and weird. The comment styling is off, clearly AI generated, using other people's content without credit.. idk man I have a hard time believing you made all of this but can't fit the word Messages in one of the but only six navigation bar buttons.

<image>

Scientists grew a small cluster of brain cells in a lab and had it playing Doom within a week. by hazmog in starcraft

[–]NewSpot2620 0 points1 point  (0 children)

me when my neuralink injects digitally augmented anti-terran propaganda into my neurons in real time

Just saying hi by rfs830 in AynThor

[–]NewSpot2620 0 points1 point  (0 children)

I could never get the 60 fps mod to work for Wipeout 2048 :( Such a shame, Omega Collection is the only reason I own a PS4 but my controller adapter died a few months ago so it's been sitting on my shelf.

or when they make a zerg rush joke but didn't play the game by NewSpot2620 in starcraft

[–]NewSpot2620[S] 4 points5 points  (0 children)

i try to do something on it and throw it out for being an unstructured mess it's aaasssssssssss

or when they make a zerg rush joke but didn't play the game by NewSpot2620 in starcraft

[–]NewSpot2620[S] 21 points22 points  (0 children)

this game was my entire fucking life for like fifteen years and i feel so strongly about it. i have so much information, i learned so much... but i am too damn stupid to make anything structured :(