[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

De-anonymizing Programmers via Code Stylometry

To: Troy Benjegerdes <[email protected]>
Subject: De-anonymizing Programmers via Code Stylometry
From: [email protected] (Travis Biehn)
Date: Thu, 31 Dec 2015 15:06:37 -0500
Cc: Georgi Guninski <[email protected]>, "[email protected]" <[email protected]>
In-reply-to: <[email protected]>
References: <CAJVRA1R=Rj0-VYB4midZMBu-r1=ifdEEoh+C9Nh9vTe=aaTTwA@mail.gmail.com> <CAJVRA1TnQy0XGz9kFuA9q9NdavLkFSRLMMbMGx8m5KuYQ+tqXg@mail.gmail.com> <[email protected]$> <CAJVRA1RX9kZx7ks1=cp3LDVm3DN-UcaFCaZM=5N0sdQLmgaLXQ@mail.gmail.com> <[email protected]>

Decisions in application architecture, class, method/function, IPC/RPC &
other data-flow are fairly unique between coders. Also, very difficult to
loose those characteristics with obfuscation routines.

The generation of equivalent functional code, and higher-level
understanding of these concepts in code by the obfuscating engine would be
required. That's not trivial.

Of course, if you are unskilled, that is, if you don't use 'patterns' at
all - it is trivial to make you look like everyone else.

-Travis

On Thu, Dec 31, 2015 at 12:41 PM, Troy Benjegerdes <[email protected]> wrote:

> On Thu, Dec 31, 2015 at 04:49:53AM -0800, coderman wrote:
> > On 12/31/15, Georgi Guninski <[email protected]> wrote:
> > > ...
> > > Have they tried it on perl or assembler (or whitespace or brainfuck and
> > > other esoteric languages)?
> >
> > yes, even intentionally obfuscated disasm resistant mungifications of
> > compiled programs.
> >
> >
> > > Obfuscated perl appears hard (in case it significantly different than
> > > the preimage ;) )
> >
> > the key aspect is that it is well distinguished among obfuscated perl
> > programs written by other coders, especially architecturally complex
> > perl programs (of any variety)
>
> Seems like if you have code that is both complex and has good performance
> characteristics, then this leaves signals in the code that come from the
> collective experience of the neural network(s) that created said code.
>
> Obfuscation works by adding noise, and performance overhead.
>
> Now the real question on my mind is how much of what I see in bitcoin's
> main.cpp is obfuscation by Satoshi, or is someone going to run this
> analysis on code running at banks and figure out who he really is?
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20151231/eb9490a8/attachment.html>

References:
- De-anonymizing Programmers via Code Stylometry
  - From: [email protected] (coderman)
- De-anonymizing Programmers via Code Stylometry
  - From: [email protected] (coderman)
- De-anonymizing Programmers via Code Stylometry
  - From: [email protected] (Georgi Guninski)
- De-anonymizing Programmers via Code Stylometry
  - From: [email protected] (coderman)
- De-anonymizing Programmers via Code Stylometry
  - From: [email protected] (Troy Benjegerdes)

Prev by Date: Flare-dbg: Malware reverse engineering debugger script tool
Next by Date: art
Previous by thread: De-anonymizing Programmers via Code Stylometry
Next by thread: De-anonymizing Programmers via Code Stylometry
Index(es):
- Date
- Thread