Forensics on PDAs, notes from the field
Thomas Shaddack
shaddack at ns.arachne.cz
Fri Aug 13 10:44:09 PDT 2004
On Fri, 13 Aug 2004, Morlock Elloi wrote:
> > A cool thing for this purpose could be a patch for gcc to produce unique
> > code every time, perhaps using some of the polymorphic methods used by
> > viruses.
>
> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look for
> stego, right?
In better case, this. In worse case, to force the adversary to face an
unknown, unexpected situation they aren't trained to handle.
> The last time I checked the total number of PDA programs ever offered to public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
> trivially checked for. Any custom-compiled executable will stand out as a sore
> thumb.
Until a Gentoo-like Linux distro for PDAs appears. Then custom-compiled
code becomes quite common in that segment of consumers.
Another possible way for wrecking the set of file signatures "in the wild"
could be releasing a product (which then would have to become popular, so
it has to be useful) to do a function modifying the executables - may be a
code packer (flash space is still a premium in the PDAs), may be a
realtime patcher (for eg. protecting against some generic code exploits),
in extreme cases may be an otherwise benign trojan or worm.
> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.
Yes, but the same applies to your colleague. Would you like it to be easy
for your colleague to betray you?
> Just use the fucking PGP. It's good for your genitals.
Unless the adversary beats the passphrase from your colleague and then
comes for you.
Don't be so selfish. :)
More information about the cypherpunks-legacy
mailing list