De-anonymizing Programmers via Code Stylometry

Georgi Guninski guninski at guninski.com
Thu Dec 31 06:40:37 PST 2015


On Thu, Dec 31, 2015 at 04:49:53AM -0800, coderman wrote:
> the key aspect is that it is well distinguished among obfuscated perl
> programs written by other coders, especially architecturally complex
> perl programs (of any variety)
> 
> fun stuff!
>

Likely they can distinguish code written by honest humans.

Strongly suspect sufficiently sophisticated obfuscator
will give them troubles and the best they can do is tell
"using the same obfuscator".

Almost surely they can't fully parse the language they are 
analyzing.

Obfuscator need not produce the same output for the same
source each times it is run -- it needs produce (nearly)
functionally equivalent code. Say put many NOPs, replace
|a += 2| by |a=a+3;a=a-1|, inline many functions with different
output, etc.

What is the complexity of deciding functional equivalence
of programs in a (high level) language?



More information about the cypherpunks mailing list