Comment by battledash

Comment by battledash 8 days ago

3 replies

View on Hacker News

Hey, author of the article here! I actually wrote one last year on a ton of Blaze exploits I've found, but didn't end up releasing it. It uses a proprietary format now, and it seems they were very comfortable with security through obscurity by assuming no one would figure out how to interface with it. Hopefully I'll get back around to that post one day, there's some fun stuff to say the least.

Moru 8 days ago

Unfortunately the security by obscurity is backed up by "If a user exploits this, it's a crime and we just contact our legal team." I have seen this happen even in Sweden, local student 16 years old [1] figures out state has a big hole in their school system. He tells state about it and they do nothing so he tries to log in with the admin password he found in a file on his computer. They call the police.

[1] https://www.aftonbladet.se/nyheter/a/bK49Wq/han-kravs-pa-en-...

Reply View 0 replies
phrotoma 8 days ago

Heya, infosec nerd and titanfall fan here. Can you elaborate on the bit where apex was referred to as titanfall3? I didn't notice anything about apex in the accompanying JSON in that section of the writeup.

Reply View 1 reply
  • battledash 7 days ago

    Yeah, it isn't obvious from that section, but I know it's referring to apex because its oauth client ID also has "TITANFALL3" in it.

    Reply View 0 replies