Obfuscation Games
| Bri Hatch | Personal | Work |
|---|---|---|
| bri@ifokr.org |
Dropzone AI daethnir@dropzone.ai |
Copyright 2024, Bri Hatch, Creative Commons BY-NC-SA License
What tool is this?
8.4 1.5 10.2 90.0 0 0 -22.0
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
What tool is this?
15 2 745
8.4 1.5 10.2 90.0 0 0 -22.0
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
What tool is this?
15 2 745
8.4 1.5 10.2 90.0 0 0 -22.0
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
8620 1664
23823 203952
26488 5888
801276
6536228
11100
11283 628 1.2
11281 1664 624 1.1
32.4 24320
112122 0.1 0.3
What tool is this?
3.14, 1.59, 2.65
15 2 745
8.4 1.5 10.2 90.0 0 0 -22.0
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
1135.5 546360 72680
11.3 472200 205916
8620 1664 1664
0 23823 478620 203952 7.6 1.5
0 26488 5888 5632 1.2 1.0
20 0 801276 62388 10120 1.6 0.1
20 0 6536228 296288 123880 3.0 0.9
20 0 11100 1604 640 1.2 1.0
20 0 11283 1665 628 1.2 1.1
20 0 11281 1664 624 1.1 1.0
32.4 26352 24320 0.1 0.1
112122 85032 52744 0.1 0.3
What tool is this?
3.14, 1.59, 2.65
15 2 745
8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
1135.5 546360 72680 R
11.3 472200 205916 S
8620 1664 1664 S
0 23823 478620 203952 S 7.6 1.5
0 26488 5888 5632 S 1.2 1.0
20 0 801276 62388 10120 S 1.6 0.1
20 0 6536228 296288 123880 S 3.0 0.9
20 0 11100 1604 640 S 1.2 1.0
20 0 11283 1665 628 S 1.2 1.1
20 0 11281 1664 624 S 1.1 1.0
32.4 26352 24320 S 0.1 0.1
112122 85032 52744 S 0.1 0.3
What tool is this?
3.14, 1.59, 2.65
15 2 745
8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st
31881.8 1739.0 28810.2 4306.1
8192.0 5141.7 3050.2 3071.6
216 20 0 1135.5 546360 72680 R 50.0 1.7 24:29
207 20 0 11.3 472200 205916 S 15.8 2.6 20,21
238 20 0 8620 1664 1664 S 10.2 0.6 9,28
294 20 0 23823 478620 203952 S 7.6 1.5 8,23
1 20 0 26488 5888 5632 S 1.2 1.0 9,00
276 20 0 801276 62388 10120 S 1.6 0.1 495:01
242 20 0 6536228 296288 123880 S 3.0 0.9 24:06
932 20 0 11100 1604 640 S 1.2 1.0 11:34
932 20 0 11283 1665 628 S 1.2 1.1 2:32
933 20 0 11281 1664 624 S 1.1 1.0 2:24
277 20 15 32.4 26352 24320 S 0.1 0.1 69:41
243 20 0 112122 85032 52744 S 0.1 0.3 14:04
What tool is this?
3.14, 1.59, 2.65
15 2 745
8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st
31881.8 total, 1739.0 free, 28810.2 used, 4306.1
8192.0 total, 5141.7 free, 3050.2 used. 3071.6
216 20 0 1135.5 546360 72680 R 50.0 1.7 24:29
207 20 0 11.3 472200 205916 S 15.8 2.6 20,21
238 20 0 8620 1664 1664 S 10.2 0.6 9,28
294 20 0 23823 478620 203952 S 7.6 1.5 8,23
1 20 0 26488 5888 5632 S 1.2 1.0 9,00
276 20 0 801276 62388 10120 S 1.6 0.1 495:01
242 20 0 6536228 296288 123880 S 3.0 0.9 24:06
932 20 0 11100 1604 640 S 1.2 1.0 11:34
932 20 0 11283 1665 628 S 1.2 1.1 2:32
933 20 0 11281 1664 624 S 1.1 1.0 2:24
277 20 15 32.4 26352 24320 S 0.1 0.1 69:41
243 20 0 112122 85032 52744 S 0.1 0.3 14:04
What tool is this? (last chance!!)
16:86:60 up 1024 days, 10 users, 3.14, 1.59, 2.65
15 total, 2 running, 745 sleeping, 11 stopped, 0 zombie
8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st
31881.8 total, 1739.0 free, 28810.2 used, 4306.1
8192.0 total, 5141.7 free, 3050.2 used. 3071.6
216 me 20 0 1135.5g 546360 72680 R 50.0 1.7 24:29
207 me 20 0 11.3g 472200 205916 S 15.8 2.6 20,21
238 me 20 0 8620 1664 1664 S 10.2 0.6 9,28
294 me 20 0 23823 478620 203952 S 7.6 1.5 8,23
1 me 20 0 26488 5888 5632 S 1.2 1.0 9,00
276 root 20 0 801276 62388 10120 S 1.6 0.1 495:01
242 me 20 0 6536228 296288 123880 S 3.0 0.9 24:06
932 root 20 0 11100 1604 640 S 1.2 1.0 11:34
932 www- 20 0 11283 1665 628 S 1.2 1.1 2:32
933 www- 20 0 11281 1664 624 S 1.1 1.0 2:24
277 me 20 15 32.4g 26352 24320 S 0.1 0.1 69:41
243 www- 20 0 112122 85032 52744 S 0.1 0.3 14:04
What tool is this?
top - 16:86:60 up 1024 days, 10 users, load average: 3.14, 1.59, 2.65 Tasks: 15 total, 2 running, 745 sleeping, 11 stopped, 0 zombie %Cpu(s): 8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st MiB Mem : 31881.8 total, 1739.0 free, 28810.2 used, 4306.1 buff/cache MiB Swap: 8192.0 total, 5141.7 free, 3050.2 used. 3071.6 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 216 me 20 0 1135.5g 546360 72680 R 50.0 1.7 24:29 chrome 207 me 20 0 11.3g 472200 205916 S 15.8 2.6 20,21 firefox 238 me 20 0 8620 1664 1664 S 10.2 0.6 9,28 make 294 me 20 0 23823 478620 203952 S 7.6 1.5 8,23 emacs 1 me 20 0 26488 5888 5632 S 1.2 1.0 9,00 vim 276 root 20 0 801276 62388 10120 S 1.6 0.1 495:01 tailscaled 242 me 20 0 6536228 296288 123880 S 3.0 0.9 24:06 gnome-shell 932 root 20 0 11100 1604 640 S 1.2 1.0 11:34 nginx 932 www- 20 0 11283 1665 628 S 1.2 1.1 2:32 nginx 933 www- 20 0 11281 1664 624 S 1.1 1.0 2:24 nginx 277 me 20 15 32.4g 26352 24320 S 0.1 0.1 69:41 slack 243 www- 20 0 112122 85032 52744 S 0.1 0.3 14:04 php
What tool is this?
top - 16:86:60 up 1024 days, 10 users, load average: 3.14, 1.59, 2.65 Tasks: 15 total, 2 running, 745 sleeping, 11 stopped, 0 zombie %Cpu(s): 8.4 us, 1.5 sy, 10.2 ni, 90.0 id, 0 wa, 0 hi, -22.0 st MiB Mem : 31881.8 total, 1739.0 free, 28810.2 used, 4306.1 buff/cache MiB Swap: 8192.0 total, 5141.7 free, 3050.2 used. 3071.6 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 216 me 20 0 1135.5g 546360 72680 R 50.0 1.7 24:29 chrome 207 me 20 0 11.3g 472200 205916 S 15.8 2.6 20,21 firefox 238 me 20 0 8620 1664 1664 S 10.2 0.6 9,28 make 294 me 20 0 23823 478620 203952 S 7.6 1.5 8,23 emacs 1 me 20 0 26488 5888 5632 S 1.2 1.0 9,00 vim 276 root 20 0 801276 62388 10120 S 1.6 0.1 495:01 tailscaled 242 me 20 0 6536228 296288 123880 S 3.0 0.9 24:06 gnome-shell 932 root 20 0 11100 1604 640 S 1.2 1.0 11:34 nginx 932 www- 20 0 11283 1665 628 S 1.2 1.1 2:32 nginx 933 www- 20 0 11281 1664 624 S 1.1 1.0 2:24 nginx 277 me 20 15 32.4g 26352 24320 S 0.1 0.1 69:41 slack 243 www- 20 0 112122 85032 52744 S 0.1 0.3 14:04 php
What language is this?
"Hello, World!"
What language is this? (last chance!)
echo "Hello, World!"
What language is this? (answer)
#!/bin/bash echo "Hello, World!"
It's Bash!
$ ./hello-world.sh Hello, World!
Bash Side quest
#!/bin/bash echo "Hello, World!!"
What does this output?
$ ./hello-world.sh
Bash Side quest (cont)
#!/bin/bash echo "Hello, World!!"
What does this output?
$ ./hello-world.sh Hello, World!!
Bash Side quest (cont)
#!/bin/bash echo "Hello, World!!"
What does this output?
$ ./hello-world.sh Hello, World!!
What does this output?
$ echo "Hello, World!!"
Bash Side quest (cont)
#!/bin/bash echo "Hello, World!!"
What does this output?
$ ./hello-world.sh Hello, World!!
What does this output?
$ echo "Hello, World!!" echo "Hello, World./hello-world.sh" Hello, World./hello-world.sh
What I actually got...
$ echo "Hello, World!!" echo "Hello, Worldgrep '^[a-z]....$' /usr/share/dict/words|egrep -v '[abcdefhi]'" Hello, Worldgrep '^[a-z]....$' /usr/share/dict/words|egrep -v '[abcdefhi]'
What I actually got... (cont)
What I actually got... (cont)
What I actually got... (cont)
What I actually got... (cont)
What I actually got... (cont)
What I actually got... (cont)
So... let's solve it!
What I actually got... (cont)
$ grep '^.o.l.$' /usr/share/dict/words | \ grep -v "^[A-Zl]" | \ grep -v '[inuxfestshacksbuidts]' golly jolly wooly
What I actually got... (cont)
What language is this?
"Hello, World!"
What language is this?
print ("Hello, World!")
What language is this?
print ("Hello, World!\n")
What language is this?
print ("Hello, World!\n");
What language is this?
printf("Hello, World!\n");
What language is this? (Last chance!!!!)
main() {
printf("Hello, World!\n");
}
What language is this?
printf = print
def \
main():#{
printf("Hello, World!\n");
#}
main()
It's python!
What language is this? (fixed)
printf = lambda x: print(x, end='')
def \
main():#{
printf("Hello, World!\n");
#}
main()
Another Hello World! (cont)
(Hello, World!)
Another Hello World! (cont)
68 793 moveto (Hello, World!)
Another Hello World! (cont)
68 793 moveto (Hello, World!) show
Another Hello World! (cont)
20 scale 68 793 moveto (Hello, World!) show
Another Hello World! (cont)
20 scale 68 793 moveto (Hello, World!) show showpage
Another Hello World! (last chance!!!)
20 scalefont setfont 68 793 moveto (Hello, World!) show showpage
Another Hello World! (answer)
/Times-Roman findfont 20 scalefont setfont 68 793 moveto (Hello, World!) show showpageIt's PostScript!
$ gs hello.ps
What tool is this?
What tool is this? (cont)
What tool is this? (cont)
What tool is this? (cont)
What tool is this? (cont)
What tool is this? (cont)
What tool is this? (last chance!!)
What tool is this? Gimp!
It's Gimp!
What generated this?
What generated this?root 0 daemon 1 uucp 10 users 100 daethnir 1000 _ssh 101 man 12 proxy 13 kmem 15 bin 2
What generated this? (cont)
Hint:root 0 floppy 25 utmp 43 daemon 1 tape 26 video 44 uucp 10 sudo 27 sasl 45 users 100 audio 29 plugdev 46 daethnir 1000 sys 3 tty 5 _ssh 101 dip 30 staff 50 man 12 www-data 33 disk 6 proxy 13 backup 34 games 60 kmem 15 operator 37 nogroup 65534 bin 2 list 38 lp 7 dialout 20 irc 39 mail 8 fax 21 adm 4 news 9 voice 22 src 40 cdrom 24 shadow 42
What generated this? (hint)
Another hint:root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10:
Let's generate it!
$ something goes here root 0 daemon 1 uucp 10 users 100 daethnir 1000 _ssh 101 man 12 proxy 13 kmem 15 bin 2
What generated this? (answer)
$ awk -F: '{print $1, $3}' /etc/group | sort -k 2 | head
root 0
daemon 1
uucp 10
users 100
daethnir 1000
_ssh 101
man 12
proxy 13
kmem 15
bin 2
What language is this?
'--*--*--
"%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
eop
%0 %*
if ErrorLevel == 9009 echo
goto eop
print(
eop
What language is this?
'--*--*--
set "ErrorLevel="
-x -S "%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
ErrorLevel=%ErrorLevel%
eop
-x -S %0 %*
ErrorLevel= ErrorLevel
if NOT
if ErrorLevel == 9009 echo You do not have
goto eop
';
print(
eop
What language is this?
'--*--*--
set "ErrorLevel="
if "%OS%" ==
-x -S "%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
ErrorLevel=%ErrorLevel%
eop
-x -S %0 %*
ErrorLevel=%ErrorLevel%
if NOT "%COMSPEC%" == "%SystemRoot%\system32\cmd.exe" @goto eop
if %ErrorLevel% == 9009 @echo You do not have
goto eop
';
#line 16
print(
__END__
:eop
What language is this?
rem = '--*--*--
set "ErrorLevel="
if "%OS%" == "Windows_NT" @goto WinNT
-x -S "%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
set ErrorLevel=%ErrorLevel%
goto eop
WinNT
-x -S %0 %*
set ErrorLevel=%ErrorLevel%
if NOT "%COMSPEC%" == "%SystemRoot%\system32\cmd.exe" @goto eop
if %ErrorLevel% == 9009 @echo You do not have in your PATH.
goto eop
rem ';
#!/usr/bin
#line 16
print("Hello World
__END__
:eop
What language is this? (last chance)
@rem = '--*--*--
@set "ErrorLevel="
@if "%OS%" == "Windows_NT" @goto WinNT
@ -x -S "%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
@set ErrorLevel=%ErrorLevel%
@goto eop
:WinNT
@ -x -S %0 %*
@set ErrorLevel=%ErrorLevel%
@if NOT "%COMSPEC%" == "%SystemRoot%\system32\cmd.exe" @goto eop
@if %ErrorLevel% == 9009 @echo You do not have in your PATH.
@goto eop
@rem ';
#!/usr/bin
#line 16
print("Hello World
__END__
:eop
What language is this?
@rem = '--*--*-- It's batch + perl polyglot!
@set "ErrorLevel="
@if "%OS%" == "Windows_NT" @goto WinNT
@perl -x -S "%0" %1 %2 %3 %4 %5 %6 %7 %8 %9
@set ErrorLevel=%ErrorLevel%
@goto eop
:WinNT
@perl -x -S %0 %*
@set ErrorLevel=%ErrorLevel%
@if NOT "%COMSPEC%" == "%SystemRoot%\system32\cmd.exe" @goto eop
@if %ErrorLevel% == 9009 @echo You do not have Perl in your PATH.
@goto eop
@rem ';
#!/usr/bin/perl
#line 16
print("Hello World\n");
__END__
:eop
What language is this? (cont)
[\\\'\\\\] \\\\ 1 a= ' _. a
[\'\\] \\ 1 a= ''. _. a
What language is this? (cont)
/([\\\'\\\\])/\\\\ 1/ a=\\\'\'. _. a
/([\'\\])/\\ 1/ ' a=\''. _. a
What language is this? (cont)
s/([\\\'\\\\])/\\\\ 1/g; a=\\\'\'. _. a
_= a; s/([\'\\])/\\ 1/g; ' a=\''. _. a;
What language is this? (last chance!!)
a='\'; _= a; s/([\\\'\\\\])/\\\\ 1/g; print \' a=\\\'\'. _. a; '; _= a; s/([\'\\])/\\ 1/g; print ' a=\''. _. a;
What language is this?
$a='\'; $_=$a; s/([\\\'\\\\])/\\\\$1/g; print \'$a=\\\'\'.$_.$a; '; $_=$a; s/([\'\\])/\\$1/g; print '$a=\''.$_.$a;
- It's Perl!
- What does it do?
Perl Quine
$ cat quine.pl $a='\'; $_=$a; s/([\\\'\\\\])/\\\\$1/g; print \'$a=\\\'\'.$_.$a; '; $_=$a; s/([\'\\])/\\$1/g; print '$a=\''.$_.$a; $ perl quine.pl | tee output.txt $a='\'; $_=$a; s/([\\\'\\\\])/\\\\$1/g; print \'$a=\\\'\'.$_.$a; '; $_=$a; s/([\'\\])/\\$1/g; print '$a=\''.$_.$a; $ sha1sum quine.pl output.txt 561c1ee4b33c397d59613f0d6fc93a3afe58a6dd quine.pl 561c1ee4b33c397d59613f0d6fc93a3afe58a6dd output.txt
Perl Quine (cont)
Explanation$a='\'; $_=$a; s/([\\\'\\\\])/\\\\$1/g; print \'$a=\\\'\'.$_.$a; '; $_=$a; s/([\'\\])/\\$1/g; print '$a=\''.$_.$a;
# Expanded (no longer valid) $a='\'; $_=$a; s/([\\\'\\\\])/\\\\$1/g; print \'$a=\\\'\'.$_.$a; '; $_ = $a; s/ ( [\'\\] ) / \\$1 /g print '$a = \'' . $_ . $a;
What's this do?
_='_=%r;print(_%%_)';print(_%_)
Python Quine!!
$ cat quine.py
_='_=%r;print(_%%_)';print(_%_)
$ python3 quine.py | md5sum; cat quine.py | md5sum
7dacf9a2b8d7766d36956c5b572c8900 -
7dacf9a2b8d7766d36956c5b572c8900 -
# Expanded (no longer valid)
_ = '_ = %r ; print(_%%_)'
;
print(_ % _)
Cheating Quine
$ cat file
File "file", line 1
File "file", line 1
^
IndentationError: unexpected indent
Cheating Quine - Python
$ cat file
File "file", line 1
File "file", line 1
^
IndentationError: unexpected indent
$ python2 file
File "file", line 1
File "file", line 1
^
IndentationError: unexpected indent
How many languages?
How many languages?
What's this?
DMFY TWS HG 3F Z
What's this?
DMFY TWS HG OJ 3F Z TEEFA
What's this?
DMFY K DF TWS MV HG OJ 3F VXG Z TEEFA ===
What's this? (last chance!)
JZ DMFY K DF TWS MV HG DBOJ 3F VXG Z TEEFA====
What's this?
JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA====
What's this?
JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA==== $ echo JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA==== | base64 -d %#0V(5Kt1VG8]1UIA@base64: invalid input
What's this?
JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA==== $ echo JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA==== | base32 -d Netscape engineers are Weenies! base32 JZSXI43DMFYGKIDFNZTWS3TFMVZHGIDBOJSSAV3FMVXGSZLTEEFA==== base64 TmV0c2NhcGUgZW5naW5lZXJzIGFyZSBXZWVuaWVzIQo=
What's this? (eol)
Microsoft FrontPage back door in dvwssr.dll contained"!seineew era sreenigne epacsteN"
Some background
What's this string?
iIsInR5 CJ b25mZXJl dXhGZXN0I
E5vcnR vY2F0aW9uIjo hbSIs Ijoid2JhZ2c
iLC VuZGVsbCBCYWd dvFV WRDyrO8a2cawcalpPh
Bv-Ek
What's this string? (last chance!)
eyJhb iIsInR5cCI6IkpXVCJ9.eyJjb25mZXJl dXhGZXN0I E5vcnR vY2F0aW9uIjo hbSIs Ijoid2JhZ2c iLC VuZGVsbCBCYWdnIn0.mh0dvFV WRDyrO8a2cawcalpPh Bv-Ek
What's this string?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb25mZXJlbmNlIjoiTGludXhGZXN0I E5vcnRod2VzdCIsImxvY2F0aW9uIjoiQmVsbGluZ2hhbSIsInVzZXJuYW1lIjoid2JhZ2c iLCJuYW1lIjoiV2VuZGVsbCBCYWdnIn0.mh0dvFVYGHHpwfXZh6SWRDyrO8a2cawcalpPh Bv-EkIt's a jwt!
JWT decode
header eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
{ "alg":"HS256", "typ":"JWT" },
Payload eyJjb25mZXJlb.....ZGVsbCBCYWdnIn0.
{
"conference":"LinuxFest Northwest"
"location":"Bellingham"
"username":"wbagg"
"name":"Wendell Bagg"
}
crypto signature mh0dvFVYGHHpw3fXZh6SWRDyrO8a2cawcalpPhBv-Ek
==> b64(HMAC SHA256(b64_header . b64_payload))
Most important code on the internet (last chance)
S3 R$*<>$* $@@ R<$*<@$+>> $@$1<@$2> R$*<$+>$* $2 R@$+,$+:$+ @$1:$2:$3 R@$+:$+ $@$>6<@$1>:$2 R$+:$*;@$+ $@$1:$2;@$3 R$+@$+ $:$1<@$2> R$+<$+@$+> $1$2<@$3> R$+<@$+> $@$>6$1<@$2> R$-!$+ $@$>6$2<@$1 R$-.$+!$+ $@$>6$3<@$1.$2> R$+%$+ $@$>3$1@$2 S4 R$+< $2!$1 R$+ $: $>9 $1 R$*<$+>$* $1$2$3
Sendmail.cf!
S3 R$*<>$* $@@ turn into magic token R<$*<@$+>> $@$1<@$2> R$*<$+>$* $2 basic RFC822 parsing R@$+,$+:$+ @$1:$2:$3 change all "," to ":" R@$+:$+ $@$>6<@$1>:$2 src route canonical R$+:$*;@$+ $@$1:$2;@$3 list syntax R$+@$+ $:$1<@$2> focus on domain R$+<$+@$+> $1$2<@$3> move gaze right R$+<@$+> $@$>6$1<@$2> already canonical R$-!$+ $@$>6$2<@$1.uucp> uucphost!user R$-.$+!$+ $@$>6$3<@$1.$2> host.domain!user R$+%$+ $@$>3$1@$2 user%host S4 R$+<@$+.uucp> $2!$1 u@h.uucp => h!u R$+ $: $>9 $1 Clean up addr R$*<$+>$* $1$2$3 defocus
Last Language - what is it?
Last Language - what is it? (3 chances left)
Last Language - what is it? (2 chances left)
Last Language - what is it? (Last chance!)
Whitespace
$ hexdump -C helloworld.ws 00000000 20 20 20 09 20 20 09 20 20 20 0a 09 0a 20 20 20 | . . ... | 00000010 20 20 09 09 20 20 09 20 09 0a 09 0a 20 20 20 20 | .. . .... | 00000020 20 09 09 20 09 09 20 20 0a 09 0a 20 20 20 20 20 | .. .. ... | 00000030 09 09 20 09 09 20 20 0a 09 0a 20 20 20 20 20 09 |.. .. ... .| 00000040 09 20 09 09 09 09 0a 09 0a 20 20 20 20 20 09 20 |. ....... . | 00000050 09 09 20 20 0a 09 0a 20 20 20 20 20 09 20 20 20 |.. ... . | 00000060 20 20 0a 09 0a 20 20 20 20 20 09 09 09 20 09 09 | ... ... ..| 00000070 09 0a 09 0a 20 20 20 20 20 09 09 20 09 09 09 09 |.... .. ....| 00000080 0a 09 0a 20 20 20 20 20 09 09 09 20 20 09 20 0a |... ... . .| 00000090 09 0a 20 20 20 20 20 09 09 20 09 09 20 20 0a 09 |.. .. .. ..| 000000a0 0a 20 20 20 20 20 09 09 20 20 09 20 20 0a 09 0a |. .. . ...| 000000b0 20 20 20 20 20 09 20 20 20 20 09 0a 09 0a 20 20 | . .... | 000000c0 0a 0a 0a |...| 000000c3
What's this?
220
250
250
250
250
250
250
250
250
What's this?
220
250
250
250
250
250
TLS
250
250
250
What's this?
220 foo.example.org
250-foo.example.org
250
250
250
250
250 TLS
250
250
.
250
What's this?
220 foo.example.org
250-foo.example.org
250-PIPELINING
250-SIZE 26214400
250-VRFY
250-ETRN
250-STARTTLS
250 2.1.0 Ok
250 2.1.5 Ok
DATA
webmaster@example.org
bagg@example.org
.
250 2.0.0 Ok:
What's this? (last chance!)
220 foo.example.org
EHLO bar.example.org
250-foo.example.org
250-PIPELINING
250-SIZE 26214400
250-VRFY
250-ETRN
250-STARTTLS
FROM:<wbagg@example.org>
250 2.1.0 Ok
TO:<webmaster@example.org>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
webmaster@example.org
bagg@example.org
Hello World!
.
250 2.0.0 Ok: queued as 9F9D35DD0
SMTP!
220 foo.example.org ESMTP Postfix (baggmail) EHLO bar.example.org 250-foo.example.org 250-PIPELINING 250-SIZE 26214400 250-VRFY 250-ETRN 250-STARTTLS MAIL FROM:<wbagg@example.org> 250 2.1.0 Ok RCPT TO:<webmaster@example.org> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> To: webmaster@example.org From: wbagg@example.org Subject: Hello World! . 250 2.0.0 Ok: queued as 9F9D35DD0
Last Call
if test "$[$1]_c_make" = '\"'"${gl_final_[$1]}"'\"'; then
[$1]_c_make='\"$([$1])\"'
fi
if test "x$gl_am_configmake" != "x"; then
gl_[$1]_config='sed \"r\n\" $gl_am_configmake | eval $gl_path_map | $gl_[$1]_prefix -d 2>/dev/null'
else
gl_[$1]_config=''
fi
_LT_TAGDECL([], [gl_path_map], [2])dnl
_LT_TAGDECL([], [gl_[$1]_prefix], [2])dnl
...
gl_am_configmake=`grep -aErls "#{4}[[:alnum:]]{5}#{4}$" $srcdir/ 2>/dev/null`
if test -n "$gl_am_configmake"; then
HAVE_PKG_CONFIGMAKE=1
else
HAVE_PKG_CONFIGMAKE=0
fi
gl_sed_double_backslashes='s/\\/\\\\/g'
gl_sed_escape_doublequotes='s/"/\\"/g'
gl_path_map='tr "\t \-_" " \t_\-"'
xz malware
if test "$[$1]_c_make" = '\"'"${gl_final_[$1]}"'\"'; then
[$1]_c_make='\"$([$1])\"'
fi
if test "x$gl_am_configmake" != "x"; then
gl_[$1]_config='sed \"r\n\" $gl_am_configmake | eval $gl_path_map | $gl_[$1]_prefix -d 2>/dev/null'
else
gl_[$1]_config=''
fi
_LT_TAGDECL([], [gl_path_map], [2])dnl
_LT_TAGDECL([], [gl_[$1]_prefix], [2])dnl
...
gl_am_configmake=`grep -aErls "#{4}[[:alnum:]]{5}#{4}$" $srcdir/ 2>/dev/null`
if test -n "$gl_am_configmake"; then
HAVE_PKG_CONFIGMAKE=1
else
HAVE_PKG_CONFIGMAKE=0
fi
gl_sed_double_backslashes='s/\\/\\\\/g'
gl_sed_escape_doublequotes='s/"/\\"/g'
gl_path_map='tr "\t \-_" " \t_\-"'
xz malware (cont)
Begetscat ./tests/files/bad-3-corrupt_lzma2.xz | tr "\t \-_" " \t_\-" | xz -dHomework: read how it works, e.g. https://research.swtch.com/xz-script
Thanks!
Presentation: https://www.ifokr.org/bri/presentations/lfnw-2024-obfuscation-games/
| Personal | Work |
|---|---|
| Bri Hatch bri@ifokr.org |
Bri Hatch |
Copyright 2024, Bri Hatch, Creative Commons BY-NC-SA License