Nobody likes to be called a dummy by a dummy.

new practical programming lanugage: ???

??? is a new programming language that was used to compile the payload of Stuxnet 2.0.

http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework

Features:

* Everything is an object
* Class instances contain the complete virtual dispatch table and can be modified per object
* Library code and user code are intertangled.
* OO is via method calls run through event handlers.
* There is no intermediary framework, everything ties directly into Windows system calls.
Permalink Idiot 
March 8th, 2012 7:19pm
neat
Permalink line noise 
March 8th, 2012 7:25pm
"everything ties directly into Windows system calls"

So, there's no ADDITIONAL framework, the language itself is an OO framework that ties into Win32 System Calls.

Fair enough.  We used to call that "Visual Basic".
Permalink SaveTheHubble 
March 8th, 2012 7:28pm
It seems that the most popular guess is that it's Lisp.
Permalink Quant 
March 8th, 2012 7:35pm
I thought you actually had to jump through hoops to make a direct Win32 API call in VB.
Permalink line noise 
March 8th, 2012 7:40pm
The more I read about Stux/Duqu, the more I'm impressed.

In order to target the centrifuges, the authors had to:

1. Know what PICs the centrifuges used (brand & version)
2. Know that they were connected to PCs over a network
3. Know that those PCs were air-gapped from the internet
4. Know that those PCs ran Windows (ok, not much of a leap here...)
5. Write a new language
6. Write a compiler for that language
7. Write a linker that would link both standard Windows object files with those output from their custom compiler
8. Write supporting tools that would allow them to test & debug their work
Permalink Send private email xampl9 
March 8th, 2012 8:26pm
In addition, the folks writing Stuxnet had to obtain the code signing keys for several different companies, who each used different signing authorities, so it wasn't as easy as getting Verisign to hand the keys over.
Permalink Peter 
March 8th, 2012 8:33pm
That last part I am sure CIA just handed that stuff over. It's all backdoored.
Permalink Idiot 
March 8th, 2012 9:33pm
backdoored or not, it's pretty clear from recent public press that any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors.  It's a safe assumption that the US intelligence apparatus can read any email and acquire any piece of source that they haven't already acquired through a secret backchannel agreement.
Permalink line noise 
March 8th, 2012 9:46pm
It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.
Permalink SaveTheHubble 
March 8th, 2012 9:47pm
Decompiled code looks like assembly, you don't say...
Permalink Send private email Wayne 
March 8th, 2012 10:52pm
"any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors"

Speaking of which, were you aware that the Stratfor break in was done by hackers who were actually being directed to destroy Stratfor by the FBI.

http://www.theregister.co.uk/2012/03/08/strafor_anon_arrest_analysis/

FBI didn't like Stratfor. Kill two birds with one stone. Destroy Stratfor, and arrest all the hackers that attacked them under FBI direction.
Permalink Idiot 
March 8th, 2012 11:23pm
> It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.

Well, the local perl programmer spent 5 minutes looking at the asm.  We can move along.  It's clearly "C flavor."
Permalink line noise 
March 9th, 2012 12:04am
It's most likely written in HLA:

http://en.wikipedia.org/wiki/High_Level_Assembly
Permalink Dr. Horrorwitz 
March 9th, 2012 4:40am
Very interesting Dr.H thank you.

"The notability of this article's subject is in question."

That's sure as hell fixed if Dr.H is right..
Permalink Troglodyte 
March 9th, 2012 7:15am
> That's sure as hell fixed if Dr.H is right..


Absolutely no reason to suspect he is.
Permalink line noise 
March 9th, 2012 7:22am
Does HLA have virtual tables?

I saw good suggestion here: http://lambda-the-ultimate.org/node/4476

"This code could very well be C + custom v-tables. That would explain why the v-tables aren't in the same location in the object layout. "
Permalink Quant 
March 9th, 2012 7:34am
HLA has been in "disrepute" for simply being an incredibly powerful, fully object-oriented high-level assembler, used by the biggest geeks out there.

The description of the stuxnet code reminds me of HLA's capabilities and how I would imaging the assembled code to appear - conform the description of the StuxNet code.
Permalink Dr. Horrorwitz 
March 9th, 2012 8:42am
Then again, the NSA employs over a thousand of the best mathematicians.

They could easily have created their own language(s).
Permalink Dr. Horrorwitz 
March 9th, 2012 8:43am
And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child.
Permalink Dr. Horrorwitz 
March 9th, 2012 8:44am
I hope people understand that in the US by (secret/defense) presidential order commercial OSes have backdoors.  Windows, OSX and many of the commercial embedded OSes are easily penetrated.

Major CPU manufactures also have Dfx in place to assist in systems penetration.  The publicly known active management technologies are descendents of this.  This, while more difficult, will allow circumvention of a system running an open source OS that has no backdoors.

There are similar things in some (not all) US friendly countries.

So there are many attack vectors from AMD, Intel, ARM, Qualcomm, Cisco, Windows, Windows CE/Mobile, OSX, iOS, Android, BB OS, Symbian, commercial *nix, etc, etc, etc. that the US and friends can easily take advantage of.

And the commercial anti-virus makers are nice enough to remove any signatures they find that the NSA tells them to remove.
Permalink X 
March 10th, 2012 6:09pm
"And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child."

And you were being spoon fed cold gravel. Yeah, whatever.
Permalink Quant 
March 11th, 2012 10:08am
Jealous of my success, oh mediocre programmer?
Permalink Dr. Horrorwitz 
March 11th, 2012 11:01am
No, just tired of your manic delusions.
Permalink Shylock, not Dan 
March 11th, 2012 1:33pm
Wow, Shylock think he's Quant - a classic example of Multiple Personality by Proxy.
Permalink Dr. Horrorwitz 
March 11th, 2012 2:13pm
Or just plain old Jewish envy at the successful Goy?
Permalink Dr. Horrorwitz 
March 11th, 2012 2:17pm

This topic is archived. No further replies will be accepted.

Other topics: March, 2012 Other topics: March, 2012 Recent topics Recent topics