http://taossa.com/index.php/2008/10/13/bugs-vs-flaws/#more-83
I didn't see this post beforehand, and I would like to comment on it (mainly because commenting on his blog post might be the easiest way of getting into a conversation with Mr. McDonald these days ;), but I don't have time right now. Will fix this later this week hopefully.
Friday, December 26, 2008
Sometimes, diffing can remove obfuscation (albeit rarely)
Hey all,
apologies for the sensationalist title, but I found another amusing example today where the same function was present in two different executables -- in two differently obfuscated forms. Amusingly, DiffDeluxe identified the "common components" between these two functions, effectively removing a lot of the obfuscation.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWE59a-fsJNR9W5WZUP2GRSFybpic9Lt07VFb62ft_v-NBhvmMa5GYCcLc2Lf37yUyQxRUN5_CMfpV0o1-UnEnQXULuW5XWNcXft4X6CQOsHFIC4zktmRDI26PxohWYrhX6GfB/s320/XPWorkVM+%40+2008-12-26+21:01:29.png)
While this is clearly not a typical case, it nonetheless made me smile.
Merry Christmas everyone !
apologies for the sensationalist title, but I found another amusing example today where the same function was present in two different executables -- in two differently obfuscated forms. Amusingly, DiffDeluxe identified the "common components" between these two functions, effectively removing a lot of the obfuscation.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWE59a-fsJNR9W5WZUP2GRSFybpic9Lt07VFb62ft_v-NBhvmMa5GYCcLc2Lf37yUyQxRUN5_CMfpV0o1-UnEnQXULuW5XWNcXft4X6CQOsHFIC4zktmRDI26PxohWYrhX6GfB/s320/XPWorkVM+%40+2008-12-26+21:01:29.png)
While this is clearly not a typical case, it nonetheless made me smile.
Merry Christmas everyone !
Subscribe to:
Posts (Atom)