De-anonymizing Programmers via Code Stylometry

Travis Biehn tbiehn at gmail.com
Thu Dec 31 12:06:37 PST 2015


Decisions in application architecture, class, method/function, IPC/RPC &
other data-flow are fairly unique between coders. Also, very difficult to
loose those characteristics with obfuscation routines.

The generation of equivalent functional code, and higher-level
understanding of these concepts in code by the obfuscating engine would be
required. That's not trivial.

Of course, if you are unskilled, that is, if you don't use 'patterns' at
all - it is trivial to make you look like everyone else.

-Travis

On Thu, Dec 31, 2015 at 12:41 PM, Troy Benjegerdes <hozer at hozed.org> wrote:

> On Thu, Dec 31, 2015 at 04:49:53AM -0800, coderman wrote:
> > On 12/31/15, Georgi Guninski <guninski at guninski.com> wrote:
> > > ...
> > > Have they tried it on perl or assembler (or whitespace or brainfuck and
> > > other esoteric languages)?
> >
> > yes, even intentionally obfuscated disasm resistant mungifications of
> > compiled programs.
> >
> >
> > > Obfuscated perl appears hard (in case it significantly different than
> > > the preimage ;) )
> >
> > the key aspect is that it is well distinguished among obfuscated perl
> > programs written by other coders, especially architecturally complex
> > perl programs (of any variety)
>
> Seems like if you have code that is both complex and has good performance
> characteristics, then this leaves signals in the code that come from the
> collective experience of the neural network(s) that created said code.
>
> Obfuscation works by adding noise, and performance overhead.
>
> Now the real question on my mind is how much of what I see in bitcoin's
> main.cpp is obfuscation by Satoshi, or is someone going to run this
> analysis on code running at banks and figure out who he really is?
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2793 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151231/eb9490a8/attachment-0002.txt>


More information about the cypherpunks mailing list