<p>looking at another IP camera firmware and their &quot;.bin&quot; firmware format is just a zip archive with like u-boot.bin.img, uImage.img, and so on</p><p>very convenient thank you 🙏</p>

<p>this is one of 7 (seven) different camera SDKs in this application, totaling 145M of dlls</p><p>another one of these ships both openssl and polarssl, you know, just in case you wanted both</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> at least they know how to collect memory and logs instead of just opening a reverse shell for the devs to take a look</p>

<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@tammy" class="u-url mention">@<span>tammy</span></a></span> also it&#39;s encrypted with a hardcoded AES key of `UK*@3oKpFlVVnads`</p>

<p>i think the intended use for it is a crash handler but it looks sketchy as fuck</p>

<p>looking at a library from, presumably, bytedance android sdk, and that thing sure looks like malware</p><p>using syscall() all over the place, parsing /proc/self/maps to call random dalvik functions, encrypting logs to, presumably, send them over the network</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> Been there. </p><p>jq exists for a reason :-)</p><p>Nevertheless, can be a fun exercise as long as you don&#39;t need to maintain the hell you&#39;re creating.</p>

<p>OH: although that may not even be an obfuscation technique, that might be just how their code looks</p>

<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@ldcd" class="u-url mention">@<span>ldcd</span></a></span> i know right</p>