DEF CON 23 – Chris Domas – Repsych: Psychological Warfare in Reverse Engineering



Views:65871|Rating:4.95|View Time:38:49Minutes|Likes:1789|Dislikes:17
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they’ll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route – encryption, obfuscation, anti-debugging – or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted assembly, we’ll show how to break down a reverse engineer by sending them misleading, intimidating, and demoralizing messages through the control flow graphs of their favorite RE tools – turning their beloved IDA (Hopper, BinNavi, Radare, etc) into unwitting weapons for devastating psychological warfare in reverse engineering.

SOeaker bio:
Chris is an embedded systems engineer and cyber security researcher, focused on innovative approaches to low level hardware and software RE and exploitation.

Twitter: @xoreaxeaxeax

You may also like...

27 Responses

  1. Bob Bobucles says:

    So a movuscator program would be immune to CPU architecture exploits, right? A program that has two different behaviors between mov code and regular assembly would indicate something was amiss?

  2. MrSonny6155 says:

    Mov made me think of Brainfuck. This is just worse though.

  3. douro20 says:

    PSYWAR… really?

  4. billigerfusel says:

    Holy shit, this is evil.

  5. Warutteri says:

    33:44 Got fucking Rick Rolled x'D

  6. Leahpar Suidualc says:

    Is there any way to rearrange those etch-a-sketch IDA control flow diagrams, due to recode at runtime .. and if so doing a 'lode runner'- 'qbert'- or at least 'snakes'- -'longplay' ???

    Or, or, or … a full Episode of Masters of the Universe! … hmm reminds me of C=64 .. seems i have to PEEK a lil' deeper into that POKE; anyhow thanks for bringing back the magic via MOVfuscator and actually keeping the record straight for the x86-multiverse. Very entertaining.

    What worries me is i do understand what you are eloquently speaking about, although i can't remember when and where i could have set video-playback to 2.00x speed … 😉

  7. FlamingSquirlLauncher says:

    He Rick-rolled us.

  8. Great Value Bleach says:

    cough… HolyC…cough

  9. nullplan01 says:

    The QR code didn't get me. That's the first time I'm thankful for GEMA.

  10. Das Inhaberlicht says:

    I got lost at 0:00

  11. flapeee says:

    BEST TROLLing EVER !!!

  12. Frosty. says:

    this guy is the best.

    somehow rolled a 20 INT, 20 CHR, and a cyber security trait lol

  13. Hendrik Granna says:

    He is the real king of trolls.

  14. AnorakTrend says:

    Now I need to compile Linux with Movcc

  15. mrlithium says:

    QR code is a rickroll 🙂

  16. james degriz says:

    This video makes Facebook throw an error message.

  17. Evan Perry-Giblin says:

    I just don't think that any code should have to be written twice, there's so much time and headache to write it the first time

  18. bluescanfly1981 says:

    Homeboy is an artist. It's like BB King playing the blues. As simple as possible, but no simpler – it just makes you happy.

  19. Dutch Gh0st says:

    What about a kernel written with only mov instructions?…??

  20. James Grimwood says:

    That final piece of "malware" should make use of the webcam… Seeing yourself would be a little weird 🙂

  21. Nuno Silva says:

    So this is what being a next-level troll is… 🙂

  22. Ferib Hellscream says:

    imagine this as real malware

  23. Memorias de un Informatico says:

    Amazing talk, knowledgeable speaker, makes the talk interesting and knows how to reach to people.
    Good job!

  24. Some Dude says:

    What a genius lol.

  25. MrDontCare says:

    hahahahaha I am so fucking amassed, pleas adopt me :D:D:D

  26. Andrew Fielden says:

    The Movfuscator is pure genius! But I'm interested to know what Chris can do with Java bytecode.

  27. dipi says:

    This is bonkers! Just my kind of thing; thanks for sharing. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *