Battelle is great. They also created some software called Cantor Dust [1] that turns files into images to allow humans to easily spot obfuscated data or files.
The sad thing about this kind of work, because I love it, is that to get paid to do it you need clearances and polygraphs and periodic reinvestigations/continuous monitoring and all sorts of things that I find unpleasant.
I'm not sure what you mean but I was a security researcher for a large company for a bit and required none of that. I was required to work airgapped at home, however.
LPisGood 6 hours ago [-]
Really? You were doing offensive security work not for a government (/contractor)? What sorts companies, aside from some enterprise pen testers, employ these roles?
saagarjha 3 hours ago [-]
The tools you’re talking about are not exclusive to offensive security. They’re plenty useful for malware analysis and other reverse engineering tasks.
mmastrac 6 hours ago [-]
Email is in my profile -- happy to clarify/share some very rough details if you'd like.
beng-nl 5 hours ago [-]
Agreed that is a fine piece of work. But the author is Chris Domas. Which is plain from the repo readme, but it’d be clearer to link to his repo.
bangaladore 4 hours ago [-]
I was originally going to link their repo [1]. But I saw it was forked from the one I linked so I just gave that one instead.
Chris used to (maybe still does?) work at Batelle.
tromp 8 hours ago [-]
Am I right in deducing that this language gets its power from self-modifying code? I.e. flipping bits within addresses of the opcodes of the running program?
tomhee 8 hours ago [-]
You are indeed right
tromp 8 hours ago [-]
I would have expected the language documentation to focus more on this observation and to explain for instance how self modification is used to implement while loops. But I don't even see the term mentioned anywhere?!
It was once in the Readme but as I kept developing it more it become longer and longer, so I moved it into the wiki, and especially to here: https://esolangs.org/wiki/FlipJump
I would also be very curious to see if it's possible to make a decompiler for this type of obfuscated program.
saagarjha 3 hours ago [-]
Typically these obfuscators are applied in an automated fashion so yes.
pizza 7 hours ago [-]
Ah interesting.. wonder if you can model this with a recursively expanded algebraic expression. I've been thinking lately along similar lines about polynomials that encode pushdown automata, so this is cool to see.
tomhee 7 hours ago [-]
If you have an answer I'd be happy to hear it!
tonetegeatinst 5 hours ago [-]
Looking forward to the poor security researcher who gets to reverse engineer some malware sample they compiles this into for obfuscation... Its going to be an interesting blog post.
dlcarrier 8 hours ago [-]
Maxim (now owned by Analog) actually manufactures a single-instruction processor series, called MAXQ. It uses a single move instruction, with a flag for literals, and a transport triggered architecture.
tomhee 8 hours ago [-]
By the way, as a challenge, try how you can program an "If" statement in Flipjump.
8 hours ago [-]
platz 8 hours ago [-]
How is a jump realized by Not Gates?
tomhee 8 hours ago [-]
I dont think that the jump can be realized by NOT gates, but it's essentially "where to find the next NOT command".
The jump is indeed a crucial part of the language, as it allows going back, and especially to make self-modifying code.
Jerrrry 8 hours ago [-]
I'm guessing by not jumping into a terminating/ halting NOOP.
That was a long time ago, though, and the project is interesting enough, so I'm going to assume you've learned your lesson and unban you. Please stop using multiple accounts for this though!
tomhee 9 hours ago [-]
Thanks man, I appreciate it.
jimbob45 9 hours ago [-]
Dang, I have to know what triggered you to say this. It’s not the same user account so you would have had to have recognized the URL and written based on that.
Do you keep notes on each astroturfed submission and auto-trigger reposts to notify yourself? Or did you just happen to recognize this? 20 minutes from his post to your comment is absurdly good moderation.
dang 9 hours ago [-]
https://news.ycombinator.com/item?id=42742462 was on the front page. We got an email suggesting that the URL should be https://github.com/tomhea/c2fj instead of https://github.com/tomhea/flip-jump. That made sense, except it turned out that github.com/tomhea was banned. That seemed odd because we don't normally ban github domains, so I looked at the history https://news.ycombinator.com/from?site=github.com%2Ftomhea (most of which will only be visible to users who have 'showdead' set to 'yes' in their profile), and it was pretty easy to see that https://news.ycombinator.com/item?id=34856792 was, let's call it, the original sin in this chain of woe. It was also pretty obvious that the other submitting accounts were all related. Since the project itself is interesting I figured the best thing to do was give the submitter a second chance, so I picked the earlier post from today (the OP) and swapped it out for the other one (42742462).
I hope that answers your question!
doormatt 7 hours ago [-]
You sir, are amazing. Thank you for being so utterly transparent.
[1] https://github.com/Battelle/movfuscator
The sad thing about this kind of work, because I love it, is that to get paid to do it you need clearances and polygraphs and periodic reinvestigations/continuous monitoring and all sorts of things that I find unpleasant.
[1] https://github.com/Battelle/cantordust
[1] https://github.com/xoreaxeaxeax/movfuscator
It was once in the Readme but as I kept developing it more it become longer and longer, so I moved it into the wiki, and especially to here: https://esolangs.org/wiki/FlipJump
The logic is within the branching.
https://github.com/tomhea/flip-jump/wiki/Learn-FlipJump
This will let you understand how to implement the very basic "if" in flipjump.
I tried to make it as easy for newcomers, but please feel free and update me if something is written complicated.
After you understand up to the macros, you can try yourself to understand the xor macro, which most of the library is built based on it: https://github.com/tomhea/flip-jump/blob/fe51448932e78db7d76...
That was a long time ago, though, and the project is interesting enough, so I'm going to assume you've learned your lesson and unban you. Please stop using multiple accounts for this though!
Do you keep notes on each astroturfed submission and auto-trigger reposts to notify yourself? Or did you just happen to recognize this? 20 minutes from his post to your comment is absurdly good moderation.
I hope that answers your question!