Re: Ants, trees, etc.

[Dave Aitel <dave () immunitysec com>]

Jonatan B wrote:

> > To score, I'd run a quick algo across each block, and if it does what
> > "primary" (original) block does (according to the emulator), then it
> > would have a higher score. 
> >    
>
> If I understood what you wrote correctly, then verifying that these two
> blocks of code yields the same result when given the same input means
> solving the halting problem.
>
> Jonathan.
Maybe in the larger sense, but I'm just comparing register contents and
the state of the stack.

Someone else asked about the difference between this and shellforge, and
I think shellforge (last I looked) maps between C and shellcode (and
then throws a decoder on it). The goal of this is to not need a decoder
at all, and to map from <shellcode with badchars> to <shellcode without
badchars> given any arbitrary shellcode as input.

The benefit of MOSDEF metadata for this is that you can do the reverse
mapping. I.E. You can say "out of all these instructions, which ones
have bad characters". Without tight control of your assembler, doing
this would require some clunky and bizzare algorithms that would be very
painful to write.

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave