Hacker News Comments on
Compiling C to printable x86, to make an executable research paper
suckerpinch
·
Youtube
·
191
HN points
·
7
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this video.That last one (Tom 7's executable x86 paper) is incomplete without the video where he demonstrates running the paper (or running the paper yourself).
tom7 made a while video explaining how to create an executable only with printable characters [0]. He even write a compiler called 'ABC' for it.
⬐ Rendellotom7 / suckerpinch is great, I love his "30 Weird Chess Algorithms" video:⬐ FpUserI loved the video and presentation style. And the idea itself is very much fun.⬐ MarioMan⬐ secondcomingIf you like this brand of wonderful nonsense, you should check out his other videos. He usually posts a video on at least one wacky idea each year, then publishes a research paper about it at SIGBOVIK[0], a joke computer science conference with proceedings released every April 1st.⬐ FpUserThank you.I think I read about this a long time ago where it was thought that this could be used to potentially bypass anti-virus checks⬐ gus_massa⬐ timonokoI think antivirus would be fine. There is a test file by EICAR https://en.wikipedia.org/wiki/EICAR_test_file . It's also 100% text, but it's and ".com" instead of a ".exe" so the internal structure is easier. And more importantly, it use self-modifying code to modify an instruction and run a non printable instruction, that is somewhat cheating.⬐ dale_glass⬐ kuroguroWhy cheating?I don't think complying with any kind of "fairness" was ever the point. EICAR was created to fulfill a need to test antiviruses with some additional requirements, and how exactly it achieved it wasn't really important.
I'm not sure if anybody ever described the official design goals for it, but based on some previous reading it seems that being able to type it on a keyboard was a requirement.
I'm guessing this is because the kind of environment in which one experiments with viruses and their detection, it's desirable to maintain physical separation, and so using any kind of media or requiring a network connection would create danger. Or perhaps they also wanted it to be suitable for testing locked down environments where a more convenient way of introducing the test would have already been removed.
⬐ gus_massaThe part about cheating was tongue in check, self modifying code makes writing printable executables easier.An excuse to avoid it is that some operative system are trying to enforce W^X, so executable code can't be modified. (But I think the real reason is that he wanted the harder challenge.)
To be fair something as simple as adding a self-signed cert bypasses more AVs than it should.It would work as long as it doesn't become popular. Very few people would put in as much effort as long as there are easier ways around.
I have a story about executable text-file and it goes like this:In 1990 I got Atari Portfolio from liquidation sale in Sweden. Copyright was expired so there were no romcard, which contained various tools to program the bloody thing. It was an empty MSDOS-machine without DEBUG or anything. All I could do was to copy 7 bit ASCII-characters to a file from the keyboard. After few days, or maybe weeks, I managed to construct small ASCII TXT-file, which, when renamed to EXE-file, executed a loop, which read and interpreted hexadecimal code from keyboard and executed this piece of code at <CR>.
This was the gateway and bootstrap to everything else.
And yes: I was now in Finland. So there was no other Atari Portfolio owner anywhere nearby from whom I could have borrowed this romcard.
⬐ em-beecould you share the rest of the story please?what does "copy from keyboard" mean? was there a way to type numbers to produce any 7bit sequence?
and with that you wrote a program that could read hex (which was easier to type than raw 7bit code)?
so you wrote the initial program in raw machinecode? not as a script that would be interpreted?
and then what did you type in hex? the whole contents of the romcard? and you got that from where? you had a printout of that?
⬐ timonokoThis is what I was trying to do:Now. Imagine that you study very hard raw machine code and find a new string (replacing ABCDEFG), which constitute valid EXE-header and a piece of code, which does not cause error and does something useful.c:\> echo ABCDEFG > file.txt c:\> ren file.txt file.exe c:\> file.exe DOSBOX: Exit to error: Illegal GRP4 Call 5
And useful thing here was to interpret letter-pairs in the string as hexadecimal numbers, so you then can write any program you want.
Did this help any?
⬐ em-beeyes, you are confirming what i guessed. so you were able to type out the initial program only with the keys on the keyboard? how did you find what to type?and then once you had the hex-reader, where did you get the hexdump to type in? which programs did you create this way?
⬐ timonokoNo thank you kindly. I give up. This was 31 years ago and it was once-only issue. Who cares.Remembered however that COM-files were the simple ones. EXE-headers were more complicated.
But quite obviously I made a program that read stuff from serial port. And once you had ZMODEM you could copy rest of standard MSDOS command set from anywhere. The machine was truly empty, the was only hardwired COMMAND.COM running.
⬐ em-beewell, that wasn't obvious to me. thank you. so you did have access to the right executables, just no direct way to get them into the machine.i only dabbled with old unix workstations. the oldest one being a machine from 1989 running apollo domain OS. and i remember booting an AIX workstation into some kind of rescue mode and using ed to fix config files (fstab probably) to allow it to boot.
Every one of this guy's SIGBOVIK papers/videos are pure gold. His video about the printable x86[1] is my favorite engineering video of all time.
⬐ pdkl95LOL... from "Reverse emulating the NES to give it SUPER POWERS!"[1] (which is insa^Wbizza^Wa very creative hack):"The cartridge is the dual of the Nintendo."
[1] https://www.youtube.com/watch?v=ar9WRwCiSr0
edit: for a very impressive variation on the SMW "joke" in [1], I recommend this[2] video of TASbot streaming Skype realtime to [2xNES, SNES+SuperGameBoy] through the controller ports.
⬐ phaedrus"Now, for good reasons that I will explain later, this paper must contain 8,224 repetitions of the string "~~Q(", another weird flower."Quotes like this from the paper put me in mind of exposition from a Culture series (Iain Banks) novel.
He's a mad genius! I like his compiler that generates executables made up only of printable characters: https://www.youtube.com/watch?v=LA_DrBwkiJA / https://news.ycombinator.com/item?id=16312317He's super playful and awesomely smart!
There's a nice video that does a great job of walking through what is happening here: https://www.youtube.com/watch?v=LA_DrBwkiJA
⬐ bringtheactionThat is demoscene level awesomeness! Kudos to the author. Excellent video as well. And not least, lovely ending <3
On The Turing Completeness of PowerPoint https://www.youtube.com/watch?v=uNjxe8ShM-8Compiling C to printable x86, to make an executable research paper https://www.youtube.com/watch?v=LA_DrBwkiJA
HDR Photography in Microsoft Excel?! https://www.youtube.com/watch?v=bkQJdaGGVM8
Zebras All the Way Down https://www.youtube.com/watch?v=fE2KDzZaxvE
Solving Layout Problems with CSS Grid and Friends https://www.youtube.com/watch?v=2XkzpgWoYEI
Console Security - Switch https://media.ccc.de/v/34c3-8941-console_security_-_switch
Let's move SMM out of firmware and into the kernel https://www.youtube.com/watch?v=6GEaw4msq6g
Bringing Linux back to server boot ROMs with NERF and Heads https://media.ccc.de/v/34c3-9056-bringing_linux_back_to_serv...
Sharing the Chisel https://youtu.be/2C8F7GBRluY?t=11m31s (looks like the actual conference video wasn't released)
and you can make plain text files that are executable in x86 land:
⬐ obituary_latteThat was AWESOME. Thanks for sharing.
⬐ shaknaDamn. No mov (no movfuscator approach), and no interrupts. And only jumping forwards, so no loops, they have to be unfolded in the compiler.This is awesome.
⬐ loup-vaillant⬐ gallerdudeActually, there are loops: jumps are performed modulo 2^16, so jumping past the end of the program actually wraps back to the beginning. By dividing the program into blocks, and jump as many times as required, you can perform loops. Just one problem: it takes a looong time.⬐ jsjohnstMovfuscator is comparably just as slow or worse.Totally recommend Dr. Tom PhD. Made a great video on automatically making NES games 3D.⬐ NoneNone⬐ techwizrdThe brown paper and explanations reminded me of a Numberphile video (another good channel to check out on YouTube). I'm very impressed out how he was able to break down what he did and explain it simply.⬐ JoshTriplett⬐ danbrucLikewise; that impressed me just as much as the details themselves did. An explanation that clear is a rare thing.I actually appreciated the degree to which he glossed over certain things. For instance, he described a register as a temporary thing inside the processor, and then described the stack the same way. For the purposes of the explanation he gave, it doesn't matter that the stack actually lives in memory. And anyone who already knows about the stack will already know that.
I wonder why he implemented a | b as (a & b) - ((a ^ b ^ -1) + 1) instead of (a & b) ^ a ^ b which seems much easier.⬐ infogulch⬐ cwyersHe acknowledged this in the comments and said that he didn't notice! But also that using add demonstrated the point he was making much better: decompose an inaccessible desired instruction into a longer series of accessible instructions. I agree.That was amazing.⬐ hprotagonisttom7 is a crazy man :D⬐ saagarjhaDid not expect to get rickrolled while learning about assembly…