??? is a new programming language that was used to compile the payload of Stuxnet 2.0.

http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework

Features:

* Everything is an object
* Class instances contain the complete virtual dispatch table and can be modified per object
* Library code and user code are intertangled.
* OO is via method calls run through event handlers.
* There is no intermediary framework, everything ties directly into Windows system calls.

neat

"everything ties directly into Windows system calls"

So, there's no ADDITIONAL framework, the language itself is an OO framework that ties into Win32 System Calls.

Fair enough.  We used to call that "Visual Basic".

It seems that the most popular guess is that it's Lisp.

I thought you actually had to jump through hoops to make a direct Win32 API call in VB.

Some more on it:
http://www.wired.com/threatlevel/2012/03/duqu-mystery-language/

The more I read about Stux/Duqu, the more I'm impressed.

In order to target the centrifuges, the authors had to:

1. Know what PICs the centrifuges used (brand & version)
2. Know that they were connected to PCs over a network
3. Know that those PCs were air-gapped from the internet
4. Know that those PCs ran Windows (ok, not much of a leap here...)
5. Write a new language
6. Write a compiler for that language
7. Write a linker that would link both standard Windows object files with those output from their custom compiler
8. Write supporting tools that would allow them to test & debug their work

In addition, the folks writing Stuxnet had to obtain the code signing keys for several different companies, who each used different signing authorities, so it wasn't as easy as getting Verisign to hand the keys over.

That last part I am sure CIA just handed that stuff over. It's all backdoored.

backdoored or not, it's pretty clear from recent public press that any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors.  It's a safe assumption that the US intelligence apparatus can read any email and acquire any piece of source that they haven't already acquired through a secret backchannel agreement.

It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.

Decompiled code looks like assembly, you don't say...

"any major corporation's IT security is no match for a group of loosely organized teenagers to say nothing of the efforts of state funded actors"

Speaking of which, were you aware that the Stratfor break in was done by hackers who were actually being directed to destroy Stratfor by the FBI.

http://www.theregister.co.uk/2012/03/08/strafor_anon_arrest_analysis/

FBI didn't like Stratfor. Kill two birds with one stone. Destroy Stratfor, and arrest all the hackers that attacked them under FBI direction.

> It looked like stock Pentium assembly code to me, with a flavor of 'C' perhaps.

Well, the local perl programmer spent 5 minutes looking at the asm.  We can move along.  It's clearly "C flavor."

It's most likely written in HLA:

http://en.wikipedia.org/wiki/High_Level_Assembly

Very interesting Dr.H thank you.

"The notability of this article's subject is in question."

That's sure as hell fixed if Dr.H is right..

> That's sure as hell fixed if Dr.H is right..


Absolutely no reason to suspect he is.

Does HLA have virtual tables?

I saw good suggestion here: http://lambda-the-ultimate.org/node/4476

"This code could very well be C + custom v-tables. That would explain why the v-tables aren't in the same location in the object layout. "

HLA has been in "disrepute" for simply being an incredibly powerful, fully object-oriented high-level assembler, used by the biggest geeks out there.

The description of the stuxnet code reminds me of HLA's capabilities and how I would imaging the assembled code to appear - conform the description of the StuxNet code.

Then again, the NSA employs over a thousand of the best mathematicians.

They could easily have created their own language(s).

And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child.

I hope people understand that in the US by (secret/defense) presidential order commercial OSes have backdoors.  Windows, OSX and many of the commercial embedded OSes are easily penetrated.

Major CPU manufactures also have Dfx in place to assist in systems penetration.  The publicly known active management technologies are descendents of this.  This, while more difficult, will allow circumvention of a system running an open source OS that has no backdoors.

There are similar things in some (not all) US friendly countries.

So there are many attack vectors from AMD, Intel, ARM, Qualcomm, Cisco, Windows, Windows CE/Mobile, OSX, iOS, Android, BB OS, Symbian, commercial *nix, etc, etc, etc. that the US and friends can easily take advantage of.

And the commercial anti-virus makers are nice enough to remove any signatures they find that the NSA tells them to remove.

"And I comment as someone who has designed a language myself and coded up the compiler for it. When I was still a child."

And you were being spoon fed cold gravel. Yeah, whatever.

Jealous of my success, oh mediocre programmer?

No, just tired of your manic delusions.

Wow, Shylock think he's Quant - a classic example of Multiple Personality by Proxy.

Or just plain old Jewish envy at the successful Goy?