this guy is the best. somehow rolled a 20 INT, 20 CHR, and a cyber security trait lol

This guy is next level. Alot of people are very technically strong, knowledgeable or even clever, but they are compartmentalized. He really allows ideas to recurse, cross-pollinate and doesnt stop going with them. To me that is the true definition of genius.

@htomerif

6 жыл бұрын

yeah, but you gotta ask yourself: which of these two things would deter you more: seeing a picture from your sandbox execution environment in a control flow graph, or just plain run of the mill obfuscation?

@0xf7c8

6 жыл бұрын

Since I knew Chris Domas from a video of one of his conferences, I couldn't stop watching them He is truly a genious.

@vuurniacsquarewave5091

6 жыл бұрын

You really need this kind of low-level thinking for that, because there are no constraints, you can do anything when you're close to the metal.

@RobinObinray

5 жыл бұрын

Ronin it's called being geeky without internet's hivemindness.

@thatsweetlilthing2

5 жыл бұрын

@@htomerif Why not both?

Epic. Taking a pic off their webcam if they had one and using that as the image in the CFG would be good too!

@photovi

8 жыл бұрын

Or their IP address 👌🏼

@cpuexpert

7 жыл бұрын

it's tremendously scarier knowing that it is pulling personal photos as opposed to your ip address which it probably already pulled

@xponen

5 жыл бұрын

they fear things like this, that's why they do stuff using virtual machine.

@noobian3314

4 жыл бұрын

@@xponen have u seen this guys other talks, he probably does know some secret instruction that can escape the hypervisor and pull in images from memory.

@nagoshi01

Жыл бұрын

​@@noobian3314Yeah for real. I imagine next version of REpsych will use SMM to control the current running to the CPU, which (if there is particularly noticeable noise from the power supply), could be used to play audio. One day I hope to see malware that causes my PC tower to audibly rickroll me.

Next step: operating system, compiled entirely into MOVs, running inside a VM... also compiled into MOVs. Bonus points for implementing Quicktime drivers as part of the system, so it can _play_ .MOVs using only MOVs (...ahem)

@proxy1035

4 жыл бұрын

so all we need is an open source OS that is entirely written in C, then you can just throw it through the MOV compiler and there you go.

@sycration

4 жыл бұрын

@@proxy1035 linux is

@proxy1035

4 жыл бұрын

@@sycration thing is i'm an absolute noob when it comes to Linux so someone else would need to do that...

@hadinossanosam4459

4 жыл бұрын

Linux isn't written *entirely* in C, and neither can any other OS be, you will always need some inline assembly for stuff that C (and only mov's) cannot accomplish, like port I/O (IN, OUT), setting up the interrupt and global descriptor tables (LIDT, LGDT), enabling interrupts (STI), handling interrupts (IRET, or alternatively some flag manipulation commands to achieve the same behaviour), system calls (INT), ...

@proxy1035

4 жыл бұрын

@@hadinossanosam4459 i mean yea technically, but it still counts as "C" even if you use inline assembly since that is part of the C Syntax...

This is my third talk by Domas, I love this guy, he's funny, a hyper-nerd and I understand around 70% of what he's talking about. His exposition on reverse engineering reversers was awesome.

@markpenrice6253

5 жыл бұрын

The other two (about different CPU backdoors) both put me to sleep. Which is by no means an insult to him or his talks ... it was late at night and trying to comprehend all of what he was saying simply overloaded my brain. It's like the quantum astromechanics of computer hardware hacking. Probably the guys at Intel and AMD have a looser understanding of what's going on inside their processors than he does, right now.

@chomo54andbabyaisha97

3 жыл бұрын

The most insane stuff I have seen. Man is a genious.

"Why is my dog in the malware?" - Hypothetical reverse-engineer who fell for the dumbest malware plan ever

That QR Code got me.

@EwanMarshall

7 жыл бұрын

Well, I deliberately followed it, but my barcode scanner just displayed the URL, then unshortened it to find the real destination and displayed that and I was like, oh, youtube video, I bet it is that one... lols.

@Phoen1x883

6 жыл бұрын

Is it rickroll? I bet it's rickroll.

@Phoen1x883

6 жыл бұрын

It was rickroll.

@ashurean

4 жыл бұрын

@@Phoen1x883 I was watching the video when I got to the qr code bit. At that point, you know this man will destroy the universe to troll people, so I was 99% sure that it was either a gnome link or a rickroll.

@alexoja2918

2 жыл бұрын

@@Phoen1x883 it's not.

This guy is truly a genius

Now I need to go put Clippy in my assembly.

That guy has wayyy too much time :) Best DEFCON talk I have every heard :D

This is bonkers! Just my kind of thing; thanks for sharing. Cheers!

Amazing talk, knowledgeable speaker, makes the talk interesting and knows how to reach to people. Good job!

Something like a surgeon placing atoms in liver in a way that next surgeon would see nice message. What a pro.

@Tuxfanturnip

4 жыл бұрын

or like that scene in The Last Mimzy where they put the teddy bear under an electron microscope and find the Intel logo nano-printed on every hair

imagine this as real malware

Now I need to compile Linux with Movcc

so strong. love to you dude. best talk at 23

Oh my, this dude is a genius, and that's an understatement

33:29 the most laborious one i've ever seen. i salute you, sir.

The Movfuscator is pure genius! But I'm interested to know what Chris can do with Java bytecode.

@ped7g

5 жыл бұрын

you can always delete it, and pretend it didn't exist... or wait until JVM will JIT it into machine code and then treat it like code... a bit retarded one, but whatever, it's highly likely the original Java source was already like that, so why should the final machine code look any better...

I love this. Trolling at an epic level.

This is a whole other level of trolling and genius. Props and wow! So interesting to watch

Can't begin to describe all the thought paths this brought back making my own conclusions after looking at one piece of asm for hours on end... but then to make a compiler just to prove it and bring it to a stage... wtf... EDIT: okay, saw the whole thing now, with the manipulated control graph imagery based on your personal files etc... This guy is legendary.

Good Job !

Wow, that was hilarious. Very good video.. Very good. Smart guy right here.

...i need to rethink my career path...

@thewatcher_476

7 жыл бұрын

I need to too

@RobinObinray

5 жыл бұрын

LaZer Troll security researchers have God-tier coding skills? Enterprise programmers btfo.

That Movfuscator is an atrocity!

23:54 Lesson learned: x86 is the hardware equivalent of Windows, which explains why Windows is mainly an x86 OS and Win 10 on ARM isn't making much progress in the market.

@AgentLeon

Ай бұрын

Intel or amd didn't invented these out of nowhere, it is probably optimises some algorithm or algorithm family and is easily implemented with all the same execution blocks that are already there

oh wow! this one is high level!

It's like emulation engineering via assembly with complex fractal abstrations

Sweet video !!

Talk about extreme RISC, I wonder what a processor with only the mov instruction would look like and if it could be optimized to match modern processors.

@Double-Negative

6 жыл бұрын

en.wikipedia.org/wiki/Transport_triggered_architecture

@newgothwhosdis

5 жыл бұрын

So terrible you would not need to know

Is there any way to rearrange those etch-a-sketch IDA control flow diagrams, due to recode at runtime .. and if so doing a 'lode runner'- 'qbert'- or at least 'snakes'- -'longplay' ??? Or, or, or ... a full Episode of Masters of the Universe! ... hmm reminds me of C=64 .. seems i have to PEEK a lil' deeper into that POKE; anyhow thanks for bringing back the magic via MOVfuscator and actually keeping the record straight for the x86-multiverse. Very entertaining. What worries me is i do understand what you are eloquently speaking about, although i can't remember when and where i could have set video-playback to 2.00x speed ... ;)

The QR code didn't get me. That's the first time I'm thankful for GEMA.

Amazing!

This is something awesome 😁

Godlike!

Achievement unlocked: Inception complete!

Brilliant.

Wow, this was his first talk? No way, he did that visualization stuff in 2012

great talk :)

Great Efforts and Really c00l video, IDA got smashed

This is nuts! I'd go with "We know where you live..."

may be the most!! resounding!! applause!! ever@defcon!!! .... .... .... aRt!!!!

Brilliant

Hmm, now, the modern world has trained us to believe that pixels have to be square, but it wasn't always necessarily thus, and for applications like this it need not be either. For the greyscale photos it's fairly optimal, but there are other types of image where a wider or narrower pixel could be better suited, and certainly cases could be made for one or the other if they better suited an attempt to weave actually useful execution payloads through the maze of dummy code. For example wider ones would tend to suit old-school game sprites, whereas narrower ones are generally better for text (and some other forms of graphics). And of course if they're double/half the size in one dimension vs the other you can always double up where a square is still needed. Particularly with a tall, rather than wide "pixel", you can still retain a degree of greyscale capability with otherwise small blocks (as the shading is dependent on how much of the available height is used, not width), and be able to write a meaningful amount of text within even a relatively small edit window, perhaps even implementing anti-aliasing, but having some freedom over what code goes where as you could write dark-ish text on a light-ish background (which gives the greatest space for writing functional code, as well as obfuscating garbage) and it would still be legible with some degree of "noise", as one or two instructions more or less wouldn't cause the block to get close to the 50% mid-grey point. Text being quite good for really messing with someone, as they might not immediately recognise a random and probably long-forgotten photo or other image from their HDD that's been mashed down to a 64x64 pixel thumbnail in about 10 shades of halftone-simulated grey, but if you can fish their name or operating handle from somewhere on the system (or the name of some contact of theirs and treat it accordingly) and include it in a short passage of mildly threatening but above all _super creepy_ text that appears to rise stochastically out of the code... that's pretty unequivocal and I'm pretty sure that if I saw that happen at 3am after a long hacking session in a dark and suddenly very quiet, very cold, very lonely room, that program and immediately afterwards that laptop would be closed with a bang registerable on local seismometers and flung across the room with no heed paid to possible damage. And of course if you really wanted, photos could be adjusted for non-square pixels: you just have to do a smooth resize with proportions distorted in an inverse relationship to the pixels they'll be encoded as. Once converted into code, and displayed in IDA, they'll automagically reverse that initial distortion and appear with the correct aspect ratio. I wonder also whether fairly sparse code path maps could be used to do more vector-style rather than pixel grid drawing using some kind of viterbi reverse tree search voodoo, if the rules for how IDA arranges and spaces things out could be more concretely determined? It might actually allow for more sophisticated images to be created with smaller output executables...

forget security benefits. this is awesome in its own right

I think it must be time to build a computer that only implements mov instructions.

So a movuscator program would be immune to CPU architecture exploits, right? A program that has two different behaviors between mov code and regular assembly would indicate something was amiss?

So, what is the performance of a mov only program compared to a normal compiled one?

On the fringe of cyber security research

Could embed: "We've been trying to contact you about your Car's extended warranty. This is a final courtesy call..."

IDA GOAT.

Nice :D

Did this guy go for the Cypher look or was it the other way around?

I just had to scan the QR code, didn't I?

@rogerwilco2

8 жыл бұрын

+Twitch · Rick Ashley?

@p4rsec

8 жыл бұрын

*Astley?

@Angloth

7 жыл бұрын

*Ghastly?

@freesoftwaretalk

6 жыл бұрын

Aren't you happy to know that he will never give you up or let you down?

@AndrewTJackson

6 жыл бұрын

You and me both, mate.

But what if you embedded Opcodes in the control graph? Would science go too far?

So this is what being a next-level troll is... :)

Artist absolutely everywhere even in your source source code go have fun with it

sick

lmao i scanned the qr code out of curiosity watching this 4 in the morning.

that is insane

That final piece of "malware" should make use of the webcam... Seeing yourself would be a little weird :)

That's brilliant. Probably Useless, but brilliant.

@xesau

6 жыл бұрын

RogerWilco Art

@RobinObinray

5 жыл бұрын

RogerWilco it's not useless. He showed us a sneak peek of how governments spy on us...

@RobinObinray

5 жыл бұрын

RogerWilco he uses code complexity fractaling?...

@josephsagotti8786

5 жыл бұрын

@@RobinObinray How governments spy on us? This is literally about making reverse engineer's jobs harder by making code harder to read.

wow...the qr code is a rick roll

Epic idea and awesome talk. Sidenote though, regarding the QR-Code @ around 33:30: at least in Germany, the YT-link it takes you to is blocked :-( Still lol'ed pretty hard when I saw the title, but it kinda spoils the idea.

@josephmauck9200

2 жыл бұрын

He's never gonna give you up, he's never gonna let you down... it's a rickroll ;)

What about a kernel written with only mov instructions?...??

@RobinObinray

5 жыл бұрын

Dutch Gh0st what about a dynamic boot-time kernel replacement with a kernel that, if disassembled with IDA, leaks any possible personal data to pastebin and then links to the pastebin url via QR code a reverser will see in CFG

33:25 next level cryptography

I use gdb mostly.

Great talk! Just put in some quotes from the star wars prequels. I mean, how long do you think you can stare at something like “You are in my very soul, tormenting me…” or “I wish I could just wish away my feelings”?

playing last return of the japanese final surrender with TRSi

somehow I knew where that QR code will take me... ^^

This video makes Facebook throw an error message.

can you see AC ?

hehe love it :D

Now to embed goatse in my code

33:33, got me.

lol control flow graph messages

BEST TROLLing EVER !!!

I don't understand any of this... but the drawings were funny ! I feel like a child.

Holy shiiiieeet

Homeboy is an artist. It's like BB King playing the blues. As simple as possible, but no simpler - it just makes you happy.

HOLY SHIT!

This is like ascii art from hell. Or is it what snowcrush is about?:D

I kind of wanted to see what a movoscated program looked like in Ida.

this is great and all but does he not look exactly like the default runescape character

I just don't think that any code should have to be written twice, there's so much time and headache to write it the first time

33:44 Got fucking Rick Rolled x'D

Wait you expect a reverse engineer to run the malware bare metal on their personal machine?:D

"Why is my dog in the malware?" /r/brandnewsentence

Elvis is Alive

Alternative title: How to make pixel art with IDA pro

He is the real king of trolls.

I got lost at 0:00

This man is a fucking legend lmaooo

I have a question for you when it comes to wanting to crack a game. Do you personally know if there is anyone talented enough in the scene to reverse engineer the game Path of Exile? People say it's one of the worst targets they've ever attempted, with a bunch of abstraction layers and you get perma banned if you even look too long. It's a live server client and the game is free, but people want to make their own private server out of it to be able to play the content the way they want, in a non-profit fashion obviously. Any ideas on how you would go about bypassing the drm on this live service client and getting the source code for people to make their own private server out of it?

What a genius lol.

Holy shit, this is evil.

@DJBillyQ

5 жыл бұрын

A security in and of its own...

Every time this guy is in my recommended I hope so badly it's a new one.. but I heard he got hired by Intel so he probably won't be doing these public talks anymore..

@KarlMySuitcase

4 жыл бұрын

That would have been a great call on intels part

oh god idea a full build of gentoo with it mwa hahahaha

And then someone runs your program through MASM... Wow so hard!