
Show HN: Snapception – Intercept all snapchats received over the network - thebradbain
https://github.com/thebradbain/snapception
======
tomfitz
Snapchat use ECB as the cipher mode of operation:
[https://github.com/thebradbain/snapception/blob/781ebb13cd7e...](https://github.com/thebradbain/snapception/blob/781ebb13cd7ee75cb56c744a94fa3945e764dd7a/snapception/decrypt_snap.rb#L15)

To see why this is a problem, see the ECB-encrypted Tux image on
[http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#...](http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29)

Oops.

~~~
teraflop
To be fair, that demo only works on an uncompressed bitmap image with large
areas of solid color. It relies on the fact that identical input blocks
encrypt to identical outputs, leading to visible repeating patterns. In a
format like JPEG, which has an entropy-coding stage and all kinds of internal
headers, the chance of encountering two identical blocks in a file is
miniscule.

Of course ECB is still a very bad choice, because there are plenty of other
ways to attack it. But recovering Snapchat images without the key would not be
nearly as trivial as that example might suggest.

~~~
Nursie
I don't know a lot about the specifics of JPG file format, but... with a
complex file format you can probably make some educated guesses about the
content of some of the blocks and perhaps start building up a sort of
dictionary... ?

Yeah, ECB is BAD.

~~~
yk
To the extend that AES is a good random number generator, only if you have a
complete dictionary of all blocks. Simply because a random number generator
should produce independent output even if you only have a small perturbation
in the input. That is, there should be no relation between a completely white
block and an one where one of the pixels has a value of 0xfffeff.

~~~
Nursie
Absolutely! There's no way I know to get at partial blocks where you have some
knowledge, but even then you may have the start of some plaintext-leakage with
the known-data and dictionary approach.

------
elwell
> Intercept and decrypt all snapchats received over your network

Somewhat misleading in light of:

> Anyway, for Snapception to intercept your snapchats, you must be connected
> to the computer via a proxy and have installed its CA

Interesting, nevertheless, because it exposes that:

> they use one, hardcoded key for all video and image encryption

~~~
ChuckMcM
Their point was, I believe, that you could store copies of all snaps sent to
you without anything on your device which snapchat could "check" to see if it
was being interfered with.

~~~
Pengwin
This has been reality for more than a year. In fact, i've been running a bot
based off [https://github.com/JorgenPhi/php-
snapchat](https://github.com/JorgenPhi/php-snapchat) for the past 11 months.

it has over 5000 friends, and its popularity puts me to shame :(

------
primitivesuave
Connecting via a proxy and installing a CA means this is more of a tool for a
snooping parent to intercept the snapchats of their kids while they are at
home, rather than a scary-looking tool for intercepting the general stream of
snaps (as it is made out to be).

~~~
chrissnell
Not necessarily. If you control the gateway, it's possible to transparently
redirect outbound connections into your proxy. I used to do this back in the
90s to force our employees browsers through an ad-blocking proxy. Depending on
your user base (kids?), it could be as simple as setting up an open wifi
access point in a place where all other APs are password-locked.

Edit: I just realized that this proxy requires the device users to load a CA
cert. That makes things a little more difficult but still not impossible.
Through creative social/software engineering, you might be able to persuade
the users of your rogue access point to load the CA cert "in order to use this
free service".

~~~
brazzledazzle
Yes, but they would be clued in because the SSL certificate wouldn't be valid
unless they trust your CA.

~~~
maccard
Have you met a teenager? They will blindly just click ignore/ok until they can
do what they want. an invalid cert error isn't going to stop them unless it
actually blocks (rather than warns and lets them proceed)

~~~
ColinDabritz
In fact, most users will behave this way, it's not exclusive to teenagers.

------
enimodas
But snapchat updated its encryption just a couple of days ago:
[https://github.com/programa-stic/snapchat-
decrypt](https://github.com/programa-stic/snapchat-decrypt)

You will need the android id of the phone, which I don't think you can easily
get as a man in the middle?

~~~
ne0n
What do the android ids look like? I'm assuming it's just a number, but I
don't know how big. The page you linked to says the key is md5(android_id +
"seems legit..."). It seems to me like this could potentially be brute forced
to find the android_id using a captured encrypted image.

~~~
e12e
Except for versions 2.2, it appears to be a random 64bit integer:

[http://developer.android.com/reference/android/provider/Sett...](http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID)

That would take some time to brute force I guess. Especially if the only way
to check each guess is to try and decrypt and look for a valid (part of an)
image header.

------
timr
Really seems like more of a snapanopticon than a snapception.

------
droopybuns
Snapchat's supposed valuation at $10b while they appear to be completely
inattentive to the security of their product is hard to reconcile.

~~~
icelancer
It is? Startups are taught to move fast and break things. Security usually
requires to be thoughtful and not intentionally ruin stuff. Runs counter to
the whole new modern movement.

~~~
logn
Their selling point is that the snaps are ephemeral. I don't think anyone's
expecting fool-proof security, but the overall impression is that the privacy
aspect is all just marketing hype. It's not that big of a deal but then again
it's not a big deal to switch to the next messenger app either.

------
never_snapped
Where did the key come from? Leaked by the application or something else?

..edit, found out they hard coded the string as constant in the app, smh.

------
philangist
[https://github.com/thebradbain/snapception/blob/master/snapc...](https://github.com/thebradbain/snapception/blob/master/snapception/decrypt_snap.rb#L17)

Oh lordy. I wonder if they eval() arbitrary input from users as well.

~~~
thebradbain
Developer here — I think I recognized I had written some hastily written code
in the bottom of my repo. Please, feel free to submit a pull request.

~~~
philangist
I think maybe I should've been more clear. I was referring to Snapchat's
horrible security policies in that comment, it was not a criticism of your
code.

~~~
thebradbain
Don't worry about it. I made a system call using process.call() and thought
maybe that's what you were referring to.

~~~
nkozyra
What other bad practices should we be looking for ;)

~~~
spacemanmatt
Standard disclaimer applies: Code is dangerous, yo. ;)

------
superuser2
The only "news" here is that you can MITM HTTPs when you own a trusted CA.

Of course you can break Snapchat if you can get users to install your CA cert.
Snapchat is no different from every other application in that respect.

------
snappieT
lol1 @ using a single key to decrypt everything; lol2 @ not using certificate
pinning

------
ankushio
I can't get this to work on my iPhone. When I visit mitm.it from my phone, or
any other device, it redirects me to grit.io. How do I install the CA. I have
the proxy up and running on my Macbook pro.

------
exabrial
Doesn't seem to work. It's catching traffic but the snaps directory is empty.

------
rohanpai
If you can man in the middle traffic, aren't all authentication cookies
compromised anyway?

Wouldn't any service then be subject to "interception"?

~~~
devindotcom
Not with proper encryption, I believe? In this case you can get someone else's
supposedly private snaps if they're on your network, because the key is the
same as the one for decrypting your snaps.

~~~
Nursie
Correct. Properly set up TLS should protect you regardless of MITMs.

The issue comes if someone can get you to accept their CA. In both this case
and for MITM attacks on TLS. At that point it's game over.

------
joelanders
There _are_ trusted software client things (Spotify, Netflix, etc.) that seem
to work well enough. Snapchat should be able to do better.

~~~
ris
Totally different incentive. Spotify only needs protection that's enough of a
pain the the ass to make it easier to just get the content from somewhere else
or perhaps just pay the $n.99 for it.

Snapchat is full of (supposedly private) information that is not available
anywhere else. Attackers will be far more determined.

~~~
joelanders
See links for a bit of reading about how hard it is to break DRM on Spotify or
Netflix. They're doing a lot more than Snapchat. The difference between "you
just need to reverse engineer the HTTP API to make a 3rd-party client" and
"you need to run IDA Pro and PANDA and whatever else" is significant. The
latter exploit would have far less reach.

[1] [http://moyix.blogspot.de/2014/07/breaking-spotify-drm-
with-p...](http://moyix.blogspot.de/2014/07/breaking-spotify-drm-with-
panda.html)

[2] [https://www.usenix.org/node/182951](https://www.usenix.org/node/182951)

~~~
johnsoft
I read through the Spotify article, and if I understood it correctly, you
don't _need_ to run QEMU+PANDA to get at the unencrypted stream. That was just
the method the author chose to analyze the running code. He tracked every
memory read and write made by the CPU, and looked for byte distributions that
looked like encrypted data, and found the decryption function at address
00719b84. He then located that code inside the Spotify binary, at 0x0042e2ed.

Once you know that, you don't need to repeat the initial analysis every time.
You can just set up a hook to record all the data that flows through that
function after it's decrypted.

~~~
joelanders
Yes, that's my understanding as well; my other comment was sloppy. I'm unsure
what was meant by "hook," though. Is that something you set up with the target
process running under a debugger? That much privilege wouldn't be available to
apps in an app store, right?

~~~
johnsoft
I meant "hook" in the most vague, hand-wavy sense of the word… anything from
attaching a debugger at runtime, to modifying the binary so it automatically
saves every song on your desktop. Obviously if you did something like the
latter, no extra privilege would be needed.

------
scope
quick heads up, on [http://bradba.in](http://bradba.in) under Technical skills
> Web Frameworks you've put Node --- Node is NOT a framework it's a platform

------
elwell
Technically a misuse of the -ception meme.

~~~
tghw
Interception? Seems like a reasonable use to me.

~~~
thebradbain
As the developer, I was going for combining "Snapchat" with "Interception",
and "Snapception" was the result. I wasn't even thinking of Inception at the
time, an oversight on my part.

~~~
eastbayjake
Intersnaption?

------
_RPM
Man, I was hoping it was written in C, or at least C++, not Python.

~~~
jeffreyrogers
Out of curiosity, how come? Python runs on pretty much any platform you'd want
to use and is much easier to develop in than C/C++.

~~~
_RPM
I was hoping to see low level socket programming, you know, connect, close,
open, bind, accept, recvfrom

~~~
teraflop
All of those system calls are available in Python, FWIW.

[https://docs.python.org/2/library/socket.html](https://docs.python.org/2/library/socket.html)

