Parts of Duqu trojan written in mystery language

So they're looking at the binaries and wondering what language was used? Most programmers have no idea what the compiler spits out. You'd need some pretty specialized skills for that.

To be honest, the most surprising thing about all this is that it wasn't hand written assembler.
 
quick! find a genius multilingual person to discover the secret language !!
 
Glaucus said:
To be honest, the most surprising thing about all this is that it wasn't hand written assembler.
Click to expand...

Really? Maybe you'd do that to prove how clever or l33t you were but for practical purposes ... plus size just doesn't matter than much these days.
 
FluffyMcDeath said:
Really? Maybe you'd do that to prove how clever or l33t you were but for practical purposes ... plus size just doesn't matter than much these days.
Click to expand...
No, I was thinking more along the lines that they often need to run in kernel mode hitting the metal directly, outside of OS control. Or at least that's what I assumed.
 
Glaucus said:
No, I was thinking more along the lines that they often need to run in kernel mode hitting the metal directly, outside of OS control. Or at least that's what I assumed.
Click to expand...

It all ends up as machine code anyway.

But as to looking at compiler output - I haven't done that in a long time but back in the day when we were working on slower chips with less memory I'd have to get in there from time to time - either trying to tweak the source to see if you could get nicer assembly out or hand crafting the fiddly bits. Learned a lot. Anyone who writes compilers or debuggers would have a good feel for what any given language looks like in assembly.
 
probably using some obscure language like REBOL

You would want to be using some type of Forth influenced language if your messing around with boot loaders and embedded systems.
 
FluffyMcDeath said:
It all ends up as machine code anyway.
Click to expand...
Well ya, but certain things are just tough to do with low level languages like C. Registers for example are out of your control. Self modifying code is a bit tricky with C as well. I imagine these are both important requirements for exploit authors. But that's just my impression. It could also be as simple as poking a single byte into memory (or disk) and viola! The system is hacked!
 
Glaucus said:
I imagine these are both important requirements for exploit authors.
Click to expand...
The article implies that the project is a multi-team project. The section of code they are looking at handles messaging and networking. The exploit writers seem to be a different team. For the actual exploit some assembly may be required. Once you've got to the point of loading the payload, the payload you can write that in whatever gives you the best productivity and tools.
 
Glaucus said:
So they're looking at the binaries and wondering what language was used? Most programmers have no idea what the compiler spits out. You'd need some pretty specialized skills for that.

To be honest, the most surprising thing about all this is that it wasn't hand written assembler.
Click to expand...
As they have stated, the language was most probably object oriented. That doesn't necessarily rule out assembler was used (as the first thing I made in assembler was a primitive object oriented framework) but it does point out that they have tools to analyse patterns in code in a very advanced way.
 
You must log in or register to reply here.
Back
Top