The challenge of unprovable data transfer
This is a somewhat unformatted post. This post is a question for the Habrasoobshchestvo, the answer to which I do not know. Perhaps the answer is no. Personally, I did not manage to fully understand the exact formulation of the question.
This publication, in addition - the memory of the person from whom I first heard about such a task.
So, the author of the problem is one of the most famous representatives of the crack runet scene - ms-rem . I am sure many of you who were engaged in reverse engineering, heard about it. ms-rem did not deal with releases. Instead, he wrote interesting articles in their depths from under his pen. I don’t know, maybe someone came up with this task earlier, then forgive my ignorance.
To begin with, I offer you a short interview given to ms-rem on cracklab.ru, it is interesting and easy to read.
')
At the end of the interview, the author cites the problem statement (spelling is preserved):
Let me explain, although everything is clear here.
You are the creator of a trojan or any other network software (but let it be a trojan).I am against Trojans . We have a TCP / IP network. Your trojan runs on it and transfers data from infected computers to the malicious user's host (and back), also located inside the network. All traffic running between any hosts is kept active equipment in a huge log, from which you can easily find out who, when, where and what data transmitted.
When a trojan is detected, you need to make it so that even having its code and all network traffic available, it was impossible to prove that it transmitted anything at all. In other words, it was impossible to prove that your trojan is a trojan, and not an ad-hoc client. Something like this.
No, this is not a legal issue, exactly as it is not a question of proving the guilt of a virus writer, this, I think, is an engineering task. My opinion is that there is no solution in theory. Maybe I'm wrong.
Therefore, I propose to reflect on the theory to some Habr users, to offer practical solutions to others: how to at least complicate the proof of the functioning of a Trojan, if in theory the problem is not solved at all.
The problem is more theoretical, about the real use of a UFO did not tell me anything.
How to solve this problem? Is it relevant? What technologies besides encryption are applicable to hiding an object? No listings on the asm, better describe in words.
If this task were brought by someone else, I would have decided that this is nonsense. But, knowing what qualifications ms-rem had , and he did not throw words to the wind, I dare to say that the problem is interesting, and its solution is informative.
A few words about the author.
I was lucky. It so happened, I knew Roman (ms-rem) personally. It was a brilliant system programmer, a guru of his time. What can I say, it is enough to read his article . On his computer were patched vulnerabilities that have not yet been published by Microsoft. He debugged, found and fixed. Do not believe? I also did not believe. Looking at such enthusiastic people, I want to take mountains of books and articles, bury myself in the village and study and practice self-improvement.
Many publications were, in one way or another, related to programming on the zero ring, drivers, Win NT memory models and program protection .
And his famous crackme was never broke.
According to unconfirmed reports , ms-rem died in a car accident in January 2007. Although many claim that he just beautifully left the stage. Well, that's his right. Whatever it was, his nickname after that was silent forever. He may even read this post.
Finally, a quote from one forum:
Thanks for attention. Please express your thoughts on a subject in the comments.
This publication, in addition - the memory of the person from whom I first heard about such a task.
So, the author of the problem is one of the most famous representatives of the crack runet scene - ms-rem . I am sure many of you who were engaged in reverse engineering, heard about it. ms-rem did not deal with releases. Instead, he wrote interesting articles in their depths from under his pen. I don’t know, maybe someone came up with this task earlier, then forgive my ignorance.
To begin with, I offer you a short interview given to ms-rem on cracklab.ru, it is interesting and easy to read.
')
At the end of the interview, the author cites the problem statement (spelling is preserved):
Typical tasks are always simple, it is enough to read manuals and articles, but there are tasks for solving which you need to think about your head and a lot of code in dysasm to search and debug then more than one week. Of these, I can call the task of unprovable data transfer .
That is, for example, there is a troy, it transmits and receives any data, you need to do it so that if troy is found and all traffic going over the network is saved, it was impossible to prove that he transmitted any data, here’s an example of one of the most complex tasks.
Let me explain, although everything is clear here.
You are the creator of a trojan or any other network software (but let it be a trojan).
When a trojan is detected, you need to make it so that even having its code and all network traffic available, it was impossible to prove that it transmitted anything at all. In other words, it was impossible to prove that your trojan is a trojan, and not an ad-hoc client. Something like this.
No, this is not a legal issue, exactly as it is not a question of proving the guilt of a virus writer, this, I think, is an engineering task. My opinion is that there is no solution in theory. Maybe I'm wrong.
Therefore, I propose to reflect on the theory to some Habr users, to offer practical solutions to others: how to at least complicate the proof of the functioning of a Trojan, if in theory the problem is not solved at all.
The problem is more theoretical, about the real use of a UFO did not tell me anything.
How to solve this problem? Is it relevant? What technologies besides encryption are applicable to hiding an object? No listings on the asm, better describe in words.
Postscript (offtop)
If this task were brought by someone else, I would have decided that this is nonsense. But, knowing what qualifications ms-rem had , and he did not throw words to the wind, I dare to say that the problem is interesting, and its solution is informative.
A few words about the author.
I was lucky. It so happened, I knew Roman (ms-rem) personally. It was a brilliant system programmer, a guru of his time. What can I say, it is enough to read his article . On his computer were patched vulnerabilities that have not yet been published by Microsoft. He debugged, found and fixed. Do not believe? I also did not believe. Looking at such enthusiastic people, I want to take mountains of books and articles, bury myself in the village and study and practice self-improvement.
Many publications were, in one way or another, related to programming on the zero ring, drivers, Win NT memory models and program protection .
And his famous crackme was never broke.
According to unconfirmed reports , ms-rem died in a car accident in January 2007. Although many claim that he just beautifully left the stage. Well, that's his right. Whatever it was, his nickname after that was silent forever. He may even read this post.
Finally, a quote from one forum:
The logical end, but it seems that this is the death of Nick, but not a real person. But it seems that under this nickname we will not see it anymore, perhaps it will appear beneath another, but no longer standing out as a bright star in the sky. Well
Ineta also has its own legends, its saints, its heroes ...
Thanks for attention. Please express your thoughts on a subject in the comments.
Source: https://habr.com/ru/post/86512/
All Articles