Sina
Case Files / Public Index

Field Notes from the Paywall

Bug bounty write-ups, reverse engineering walkthroughs, and security postmortems. Each story is a self-contained read on a specific trust boundary that quietly failed.

Public versions only Selective disclosure Sensitive details redacted

Stories

02
May 7, 2026 iOS · Protobuf Reverse Engineering

Trying to Secure Your App Paywalls? Don’t Do What Flighty Did

Why “the response looks encrypted” almost never means the app is secure — and a step-by-step walkthrough of reconstructing Flighty’s protobuf schema from a Mach-O binary and rewriting subscription state in transit.

Read case file
01
Dec 1, 2025 Business Logic Closed · Informative

Authorization Bypass Let Free Users Reach Premium Hinge Features Through the API

A redacted write-up about a subscription boundary that existed in the interface, but not where it mattered most: backend authorization.

Read case file