*ret_login_server = xstrdup(login_server) Return error_other(message, session, "Unable to determine login failure cause.") *cause = xml_error_cause( *reply, "cause") ( *session) ->server = xstrdup(login_server) *reply = http_post_lastpass_v(login_server, "login.php", NULL, NULL, args) Static bool ordinary_login( const char *login_server, const unsigned char key, char **args, char **cause, char **message, char **reply, struct session **session, LastPass API endpoint for logging in will almost certainly be a string starting My first aim will be to log in and get any necessary session tokens. Until you hit the juicy parts, similar to how a debugger works. Hand, the Top-Down approach starts at main() and steps through the program sending a HTTP request to the login endpoint)Īnd tracing backwards to see how you construct the right inputs. The Bottom-Up strategy involves finding the snippet There are a couple strategies you can use when trying to reverse engineer anĮxisting application. Remote: Total 2388 (delta 0), reused 0 (delta 0), pack-reused 2388 I figure the best course of action here is to just copy what lpass do.Ĭloning into '/home/michael/Documents/lastpass/vendor/lastpass-cli'. Pbkdf2 crates already exist and are well-respected), but it’sĮasy to mess things up an accidentally introduce a security vulnerability. Need to implement any cryptography routines ourselves (the aes and I’m a little worried about the crypto side of things. The reqwestĬrate provides a robust and fully-featured asynchronous HTTP client, and weĬan leverage serde’s serialization superpowers to make sending or I’d also consider the HTTP bit a solved problem. So we’ve already made our job 33% easier. You don’t need to keep entering your master password every time)Īs a library, the third point is usually left up to the frontend application Login sessions across multiple invocations of the lpass command (e.g.
0 Comments
Leave a Reply. |