{"id":37141841,"url":"https://github.com/eikendev/breaking-bridgefy-again","last_synced_at":"2026-01-14T16:38:46.496Z","repository":{"id":54113790,"uuid":"394042316","full_name":"eikendev/breaking-bridgefy-again","owner":"eikendev","description":"Breaking Bridgefy, again: Adopting libsignal is not enough (Martin R. Albrecht, Raphael Eikenberg, and Kenneth G. Paterson)","archived":true,"fork":false,"pushed_at":"2022-08-06T20:53:14.000Z","size":1952,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-21T16:55:23.522Z","etag":null,"topics":["breakingbridgefy","bridgefy","bridgefy-sdk"],"latest_commit_sha":null,"homepage":"https://eikendev.github.io/breaking-bridgefy-again/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eikendev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-08T18:38:43.000Z","updated_at":"2023-10-03T07:43:39.000Z","dependencies_parsed_at":"2022-08-13T06:51:03.492Z","dependency_job_id":null,"html_url":"https://github.com/eikendev/breaking-bridgefy-again","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/eikendev/breaking-bridgefy-again","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eikendev%2Fbreaking-bridgefy-again","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eikendev%2Fbreaking-bridgefy-again/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eikendev%2Fbreaking-bridgefy-again/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eikendev%2Fbreaking-bridgefy-again/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eikendev","download_url":"https://codeload.github.com/eikendev/breaking-bridgefy-again/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eikendev%2Fbreaking-bridgefy-again/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28426118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:32:27.303Z","status":"ssl_error","status_checked_at":"2026-01-14T16:28:36.419Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["breakingbridgefy","bridgefy","bridgefy-sdk"],"created_at":"2026-01-14T16:38:46.072Z","updated_at":"2026-01-14T16:38:46.491Z","avatar_url":"https://github.com/eikendev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Breaking Bridgefy, again\n\nThis repository contains the code for our proof of concept attacks; see below for a rough overview.\nYou can find out more about our attacks in our [FAQ](https://eikendev.github.io/breaking-bridgefy-again/).\n\n## gzip/\n\nThis directory contains the Go program `ptxtrecov` which is used to simulate the Broadcast Message Recovery attack.\nIt has two subcommands, \"simulate\" and \"attack\".\nThe former collects packets for the simulation phase, while the latter does so for the attack phase.\n\nFor the simulation phase, the program iterates for all possible payload contents through all possible hops the same number of times, and records the packet's length.\nIt outputs a JSON file that represents a mapping `p -\u003e h -\u003e l -\u003e l' -\u003e c`, where `p` is the payload content, `h` is the hop where the packet was recorded, `l` is the length of the packet, `l'` is the length of the packet at the previous hop, and `c` is the count.\n\nFor the attack phase, the program only iterates for through all possible hops for the specified payload content, and records the packet's length.\nIt outputs a JSON file that represents a mapping of the same form, but now `p` takes only the value of the specified payload content.\n\n## hooking/\n\nThis directory contains Frida scripts to perform the TOCTOU attack (Breaking Confidentiality of Private Chats) and other demos.\nTo run the TOCTOU demo, install Python3 and [Frida](https://frida.re/), and execute the script as follows.\n```bash\n./userid-toctou.py \u003cadb_phone_id\u003e 'Bridgefy'\n```\n\nA video demo of this attack is available [here on Twitter](https://twitter.com/eikendev/status/1427542406262575105).\nBe aware that the attack no longer works on more recent versions of Bridgefy.\n\n## match/\n\nThis directory contains a Python program to analyse the files generated by `ptxtrecov`.\nIt reads a simulation file and one or multiple attack files, and outputs the rank of each attack file.\nHere is a snipped of an example output:\n```\nparadise\t4\nparadise\t10\nparadise\t71\n[...]\nkimberly\t18\nkimberly\t45\nkimberly\t27\n```\n\nThe program can be instructed to disregard packets from a certain hop with the `--max-hop` parameter.\nFor smoothing the length frequencies, either Laplace or Good-Turing can be selected with the `--method` parameter.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feikendev%2Fbreaking-bridgefy-again","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feikendev%2Fbreaking-bridgefy-again","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feikendev%2Fbreaking-bridgefy-again/lists"}