| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAv_oXuw4qGjo68whLZyWKXa8PtppkfujmE2bimi6hNkMZ91jA@mail.gmail.com> Date: Sat, 10 Mar 2012 17:17:49 -0300 From: Alberto Fabiano <alberto@...puter.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: The Mystery of the Duqu Framework Well, I'm suspecting that O'Caml is compiled with ocamlc, will analyze a bit to confirm my suspicion. []s On Sat, Mar 10, 2012 at 16:16, Laurelai <laurelai@...echan.org> wrote: > On 3/10/2012 9:00 AM, 夜神 岩男 wrote: >> On 03/10/2012 03:51 AM, fd@...erted.net wrote: >>> http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework >>> >>> Haven't seen this (or much discussion around this) here yet, so I >>> figured I'd share. >> From the description, it looks like someone pushed some code from a >> Lisp[1] variant (like Common Lisp, which is preprocesed into ANSI C by >> GCL, for example, before compilation) into a C++ DLL. Normal in the >> deper end of Linux dev or Hurd communities, but definitely not standard >> practice in any established industry that makes use of Windows. >> >> I could be wrong, I didn't take the time to walk myself through the >> decompile with any thoroughness and compare it to code I generate. >> Anyway, I have no idea the differences between how VC++ and g++ do >> things -- so my analysis would probably be trash. But from the way the >> Mr. Soumenkov describes things it seems this, or something similar, >> could be the case and why the code doesn't conform to what's expected in >> a C++ binary. >> >> -IY >> >> 1. [Caveat] I say "Lisp" but some other languages come to mind as well; >> maybe Haskell would come out that way. I'm not sure because I'm most >> familiar with Lisp and know it can be cobbled with C/C++ without >> complications because of the way most of its C-based implementations >> work. Anyway, if I were looking for a lock on how this code was >> produced, I would ignore C-based languages and focus instead on >> languages that behave this way natively first, because I think that's >> the least exotic explanation for the features this segment of code exhibits. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > Lisp? Are you serious? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Alberto Fabiano C. de Medeiros alberto@...puter.org PGP Key ID: 232D3D06 - .... . -... . ... - .-- .- -.-- - --- .--. .-. . -.. .. -.-. -- .... . ..-. ..- - ..- .-. . .. ... - -- .. -. ...- . -. - .. - .- .-.. .- -. -.- .- -.-- k'bɪt Y> "The best way to predict the future is to invent it." --Alan Kay k'bɪt X> "Chance favors the prepared mind." --Louis Pasteur k'bɪt Z> "The world is full of fascinating problems waiting to be solved" --Eric S.Raymond _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists