CRY.ME is a new application developed by the National Agency for Information Systems Security (ANSSI). Developed in open source, it deliberately contains encryption flaws. Curious, right?
This secure messaging application offers security professionals training in identifying and exploiting vulnerabilities. It is developed from the Apache 2.0 license and is available for download on the famous GitHub platform. Familiarization with the weaknesses of computer systems and the various attack techniques is essential in the field of cybersecurity. It is exactly with this in mind that ANSSI has developed CRY.ME. Thus, the use of this app allows effective training in real conditions for the pros.
ANSSI posts its app on GitHub
ANSSI is the leading French organization responsible for promoting and defending the security of information systems. As part of its many missions, it encourages openness and the sharing of knowledge in the field of cybersecurity. That’s why she decided to publish CRY.ME as open source on the GitHub platform.
This is a popular basis for collaborative development and version control for software projects. It allows developers to collaborate and contribute to existing projects by sharing their source codes. ANSSI chose this platform to facilitate access to the application. Professionals can thus study its operation and contribute to its continuous development by proposing improvements.
The Apache 2.0 License and Source Projects
CRY.ME is distributed as open source, under the Apache 2.0 license. The latter is widely used in the field of software development. It gives users the possibility of benefiting from extended rights, in particular the freedom to modify the source code. Apache 2.0 also offers legal protection to ANSSI, which allows it to disclaim all liability in the use of the application.
The app is based on the source codes of several projects: Android Element, Matrix SDK and Android YubiKit. The first is a secure messaging project for Android, which offers advanced encryption and data protection features. Matrix SDK is a software development kit that provides a secure communication protocol integrated into applications. Android YubiKit, meanwhile, facilitates the integration of security keys in apps developed on Android.
Thanks to these solid support points, CRY.ME is a very robust practical exercise base. Cryptography and security professionals can thus strengthen their skills in the field by training in the detection and exploitation of software vulnerabilities.
Sources: The Computer World, GitHub, Matrix SDKs
1