I haven't looked at the MCP server, but generally, reverse engineering with AI is quite underrated. I’ve had success extracting encryption keys from an android app that uses encryption to vendor-lock users by forcing them to use that specific app to open files that should otherwise be in an open format.

By the way, this app had embedded the key into the shader, and it was required to actually run this shader on android device to obtain the key.

My friend and I were able to give claude a (no longer updated) unity arcade game. It decompiled it and created a one-to-one typescript port so it can run in the browser and now we're adding multiplayer support (for personal use, don't worry HN - we won't be distributing it). I'm very excited for what AI can do for legacy software.

> By the way, this app had embedded the key into the shader, and it was required to actually run this shader on android device to obtain the key.

Oh that's clever. I don't suppose you can share more about how this was done?

I agree, I tried RE using multiple tools connected to MCP and a agent, it was tasked to recreate what the source code might have looked like from a binary and what possible vulnerabilities there could be. It did a incredible job when I compared it to the actual source.

You should probably look into https://justthebrowser.com/. This software sets up browser corporate policies to achieve exactly what you want.

By getting you run run arbitrary code when in the end all is does is install this policy file: https://raw.githubusercontent.com/corbindavenport/just-the-b...

Maybe we need a justtheconfig.com

Social media age restriation is just an anonymity ban in disguise. Governments should focus on regulations knowingly addictive and overly engaging mechanics instead.

I really hope this would be geared towards clients being able to verify the server state or just general server related usecases, instead of trying to replicate SafetyNet-style corporate dystopia on the desktop.

Yes, but such tools aren't popular enough for the censor to specifically target.

If it's mandated that banking apps must not run in a user-controlled environment for the sake of security, users should have the right to refuse such "protection" by signing a piece of paperwork at the banks office.

So, how airgapped systems are supposed to get activated from now on?

You pay a lot of money for a special contract, or you plug it into the internet. Whether from incompetence or malice, Microsoft would strongly prefer you did the latter.

> The important part is to not let the placeholder end up in the "finished" product.

Maybe, some sort of a temporary asset management system is required?

Such features should be disabled by default, but as a user of Zen, I really hope it'd be possible to enable AI features.

This would be useful for many people who want to avoid AI features being forced on them by every piece of software imaginable. Hopefully, a centralized kill switch like this will also make it easy for Firefox forks such as Zen and Floorp to let users enable AI features if they want to without changing about:flags.