[PATCH] Adding diversity for security
Alp Toker
alp at nuanti.com
Fri Jan 24 01:18:47 PST 2014
On 24/01/2014 06:19, Nadav Rotem wrote:
>
> On Jan 23, 2014, at 9:57 PM, Alp Toker <alp at nuanti.com
> <mailto:alp at nuanti.com>> wrote:
>
>>
>> The feature is sufficient to decisively thwart the recent trend of
>> "farming" sites that crawl, scrape and reapply cracks within hours of
>> each new point release. These automated attacks will never do
>> decompilation or analysis -- they just search and replace byte patterns.
>>
>> Reverse engineers aren't cheap to hire and these sites are only
>> profitable because they're automated.
>
> The original intent of the patch was to prevent Return-to-Program
> attacks, so this is slightly off-topic. The security industry is a
> lot mode advanced than what you describe. It is really easy to remove
> NOPs in order to get signatures, and modern anti viruses do stuff like
> that.
Hi Nadav,
I'd be surprised if the adversary's skills go far beyond that of a 14
year old VBScript writer.
This isn't a high-stakes game like cryptanalysis so a sprinkling of nops
seems satisfactory to prevent most kinds of automated binary patching
and resale, pending more advanced regalloc/scheduling tweaks in LLVM.
We have a tendency to dive into the theoretical deep end when subjects
like Return-to-Program attacks come up so this is just a reminder that
the patches provide a key user feature in addition to whatever R&D might
have been commissioned.
Alp.
--
http://www.nuanti.com
the browser experts
More information about the llvm-commits
mailing list