new practical programming lanugage: ???
??? is a new programming language that was used to compile the payload of Stuxnet 2.0.
* Everything is an object
* Class instances contain the complete virtual dispatch table and can be modified per object
* Library code and user code are intertangled.
* OO is via method calls run through event handlers.
* There is no intermediary framework, everything ties directly into Windows system calls.
March 8th, 2012 7:19pm
March 8th, 2012 7:25pm
"everything ties directly into Windows system calls"
So, there's no ADDITIONAL framework, the language itself is an OO framework that ties into Win32 System Calls.
Fair enough. We used to call that "Visual Basic".
March 8th, 2012 7:28pm
It seems that the most popular guess is that it's Lisp.
March 8th, 2012 7:35pm
I thought you actually had to jump through hoops to make a direct Win32 API call in VB.
March 8th, 2012 7:40pm
March 8th, 2012 8:16pm
The more I read about Stux/Duqu, the more I'm impressed.
In order to target the centrifuges, the authors had to:
1. Know what PICs the centrifuges used (brand & version)
2. Know that they were connected to PCs over a network
3. Know that those PCs were air-gapped from the internet
4. Know that those PCs ran Windows (ok, not much of a leap here...)
5. Write a new language
6. Write a compiler for that language
7. Write a linker that would link both standard Windows object files with those output from their custom compiler
8. Write supporting tools that would allow them to test & debug their work
In addition, the folks writing Stuxnet had to obtain the code signing keys for several different companies, who each used different signing authorities, so it wasn't as easy as getting Verisign to hand the keys over.
March 8th, 2012 8:33pm
That last part I am sure CIA just handed that stuff over. It's all backdoored.
March 8th, 2012 9:33pm
backdoored or not, it's pretty clear from recent public press that any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors. It's a safe assumption that the US intelligence apparatus can read any email and acquire any piece of source that they haven't already acquired through a secret backchannel agreement.
March 8th, 2012 9:46pm
It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.
March 8th, 2012 9:47pm
Decompiled code looks like assembly, you don't say...
March 8th, 2012 10:52pm
"any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors"
Speaking of which, were you aware that the Stratfor break in was done by hackers who were actually being directed to destroy Stratfor by the FBI.
FBI didn't like Stratfor. Kill two birds with one stone. Destroy Stratfor, and arrest all the hackers that attacked them under FBI direction.
March 8th, 2012 11:23pm
> It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.
Well, the local perl programmer spent 5 minutes looking at the asm. We can move along. It's clearly "C flavor."
March 9th, 2012 12:04am
March 9th, 2012 4:40am
Very interesting Dr.H thank you.
"The notability of this article's subject is in question."
That's sure as hell fixed if Dr.H is right..
March 9th, 2012 7:15am
> That's sure as hell fixed if Dr.H is right..
Absolutely no reason to suspect he is.
March 9th, 2012 7:22am
Does HLA have virtual tables?
I saw good suggestion here: http://lambda-the-ultimate.org/node/4476
"This code could very well be C + custom v-tables. That would explain why the v-tables aren't in the same location in the object layout. "
March 9th, 2012 7:34am
HLA has been in "disrepute" for simply being an incredibly powerful, fully object-oriented high-level assembler, used by the biggest geeks out there.
The description of the stuxnet code reminds me of HLA's capabilities and how I would imaging the assembled code to appear - conform the description of the StuxNet code.
March 9th, 2012 8:42am
Then again, the NSA employs over a thousand of the best mathematicians.
They could easily have created their own language(s).
March 9th, 2012 8:43am
And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child.
March 9th, 2012 8:44am
I hope people understand that in the US by (secret/defense) presidential order commercial OSes have backdoors. Windows, OSX and many of the commercial embedded OSes are easily penetrated.
Major CPU manufactures also have Dfx in place to assist in systems penetration. The publicly known active management technologies are descendents of this. This, while more difficult, will allow circumvention of a system running an open source OS that has no backdoors.
There are similar things in some (not all) US friendly countries.
So there are many attack vectors from AMD, Intel, ARM, Qualcomm, Cisco, Windows, Windows CE/Mobile, OSX, iOS, Android, BB OS, Symbian, commercial *nix, etc, etc, etc. that the US and friends can easily take advantage of.
And the commercial anti-virus makers are nice enough to remove any signatures they find that the NSA tells them to remove.
March 10th, 2012 6:09pm
"And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child."
And you were being spoon fed cold gravel. Yeah, whatever.
March 11th, 2012 10:08am
Jealous of my success, oh mediocre programmer?
March 11th, 2012 11:01am
No, just tired of your manic delusions.
Shylock, not Dan
March 11th, 2012 1:33pm
Wow, Shylock think he's Quant - a classic example of Multiple Personality by Proxy.
March 11th, 2012 2:13pm
Or just plain old Jewish envy at the successful Goy?
March 11th, 2012 2:17pm