Collection of things you might find useful when doing security assessment of Naver LINE. This is mostly related to the App's voice call stack, which was based on a modified version of PJSIP at the time. It has since been rewritten (thank God), so YMMV.
This was created in 2018 as you can see from this page :) (even though I ended up not using the content of this repo).
In my tests, the SIP data exchanged between my phone and LINE's servers wasn't
encrypted, but just used a modified ZLIB version with custom dictionary.
There was support for encryption in the voice call library (libamp.so
), but
I didn't reverse enough of it to understand how it is used.
bline/
: a library for compressing/decompressing the custom ZLIB that LINE usesdata/heartbeat.ksy
: Kaitai Struct definition of LINE's heartbeat protocolscripts/bline
: pipe binary data in and compresses/decompresses it
I also have more scripts but I can't shared them at the moment since they have
personal information copy-pasted in them.
For example, I have a script that does MITM of voice calls and can dump the
packets in a tshark
-like fashion (even though I didn't have time to understand
the payload format for audio data).
Ping @pmontesel on twitter if you want to have a chat about what I know.
See LICENSE.