ghost
commented
9 years ago Looking to see if we can do this with valgrind/vex
Closed bool101 closed 8 years ago
ghost
commented
9 years ago Looking to see if we can do this with valgrind/vex
zxkevn
commented
9 years ago Hide from who? The ctf organizers, attacking teams, or both?
ghost
commented
9 years ago Mostly from legitbs, but mostly to help get us loaded/injected if we don't have LD_PRELOAD... mostly...
bool101
commented
9 years ago Mostly I mean hide from LBS in case the way we use gatekeeper is "against the spirit of the game."
bool101
commented
9 years ago Some options to help with this, compile gatekeeper off our target box, upload binary only. Compile with -static and strip the binary Change Log() to xor encode the debug strings with clever macros Compile with clang and apply obfuscations a la https://github.com/obfuscator-llvm/obfuscator/wiki/Installation Have a launcher script call back over an RC4 socket retrieving a decryption key that will be used to decrypt gatekeepr in memory only.
ghost
commented
9 years ago It doesn't look like valgrind is going to be doable in the amount of time w/o known the arch beforehand. Looking into other options.
ghost
commented
9 years ago Holding off on this. @nologic expressed some interest (although he doesn't have a github accnt here)
Some of the features in gatekeeper might be interpreted as against the spirit of the defcon ctf game. Can we do things to hide gatekeeper and delay it's detection?