DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering 

This guy is next level. Alot of people are very technically strong, knowledgeable or even clever, but they are compartmentalized. He really allows ideas to recurse, cross-pollinate and doesnt stop going with them. To me that is the true definition of genius.

this guy is the best. somehow rolled a 20 INT, 20 CHR, and a cyber security trait lol

Epic. Taking a pic off their webcam if they had one and using that as the image in the CFG would be good too!

This is my third talk by Domas, I love this guy, he's funny, a hyper-nerd and I understand around 70% of what he's talking about. His exposition on reverse engineering reversers was awesome.

Next step: operating system, compiled entirely into MOVs, running inside a VM... also compiled into MOVs. Bonus points for implementing Quicktime drivers as part of the system, so it can _play_ .MOVs using only MOVs (...ahem)

"Why is my dog in the malware?" - Hypothetical reverse-engineer who fell for the dumbest malware plan ever

This guy is truly a genius

Now I need to go put Clippy in my assembly.

Amazing talk, knowledgeable speaker, makes the talk interesting and knows how to reach to people. Good job!

That QR Code got me.

33:29 the most laborious one i've ever seen. i salute you, sir.

This is bonkers! Just my kind of thing; thanks for sharing. Cheers!

That guy has wayyy too much time :) Best DEFCON talk I have every heard :D

Can't begin to describe all the thought paths this brought back making my own conclusions after looking at one piece of asm for hours on end... but then to make a compiler just to prove it and bring it to a stage... wtf... EDIT: okay, saw the whole thing now, with the manipulated control graph imagery based on your personal files etc... This guy is legendary.

Something like a surgeon placing atoms in liver in a way that next surgeon would see nice message. What a pro.

Hmm, now, the modern world has trained us to believe that pixels have to be square, but it wasn't always necessarily thus, and for applications like this it need not be either. For the greyscale photos it's fairly optimal, but there are other types of image where a wider or narrower pixel could be better suited, and certainly cases could be made for one or the other if they better suited an attempt to weave actually useful execution payloads through the maze of dummy code. For example wider ones would tend to suit old-school game sprites, whereas narrower ones are generally better for text (and some other forms of graphics). And of course if they're double/half the size in one dimension vs the other you can always double up where a square is still needed. Particularly with a tall, rather than wide "pixel", you can still retain a degree of greyscale capability with otherwise small blocks (as the shading is dependent on how much of the available height is used, not width), and be able to write a meaningful amount of text within even a relatively small edit window, perhaps even implementing anti-aliasing, but having some freedom over what code goes where as you could write dark-ish text on a light-ish background (which gives the greatest space for writing functional code, as well as obfuscating garbage) and it would still be legible with some degree of "noise", as one or two instructions more or less wouldn't cause the block to get close to the 50% mid-grey point. Text being quite good for really messing with someone, as they might not immediately recognise a random and probably long-forgotten photo or other image from their HDD that's been mashed down to a 64x64 pixel thumbnail in about 10 shades of halftone-simulated grey, but if you can fish their name or operating handle from somewhere on the system (or the name of some contact of theirs and treat it accordingly) and include it in a short passage of mildly threatening but above all _super creepy_ text that appears to rise stochastically out of the code... that's pretty unequivocal and I'm pretty sure that if I saw that happen at 3am after a long hacking session in a dark and suddenly very quiet, very cold, very lonely room, that program and immediately afterwards that laptop would be closed with a bang registerable on local seismometers and flung across the room with no heed paid to possible damage. And of course if you really wanted, photos could be adjusted for non-square pixels: you just have to do a smooth resize with proportions distorted in an inverse relationship to the pixels they'll be encoded as. Once converted into code, and displayed in IDA, they'll automagically reverse that initial distortion and appear with the correct aspect ratio. I wonder also whether fairly sparse code path maps could be used to do more vector-style rather than pixel grid drawing using some kind of viterbi reverse tree search voodoo, if the rules for how IDA arranges and spaces things out could be more concretely determined? It might actually allow for more sophisticated images to be created with smaller output executables...

The Movfuscator is pure genius! But I'm interested to know what Chris can do with Java bytecode.

23:54 Lesson learned: x86 is the hardware equivalent of Windows, which explains why Windows is mainly an x86 OS and Win 10 on ARM isn't making much progress in the market.

Oh my, this dude is a genius, and that's an understatement

So a movuscator program would be immune to CPU architecture exploits, right? A program that has two different behaviors between mov code and regular assembly would indicate something was amiss?

Is there any way to rearrange those etch-a-sketch IDA control flow diagrams, due to recode at runtime .. and if so doing a 'lode runner'- 'qbert'- or at least 'snakes'- -'longplay' ??? Or, or, or ... a full Episode of Masters of the Universe! ... hmm reminds me of C=64 .. seems i have to PEEK a lil' deeper into that POKE; anyhow thanks for bringing back the magic via MOVfuscator and actually keeping the record straight for the x86-multiverse. Very entertaining. What worries me is i do understand what you are eloquently speaking about, although i can't remember when and where i could have set video-playback to 2.00x speed ... ;)

I love this. Trolling at an epic level.

Talk about extreme RISC, I wonder what a processor with only the mov instruction would look like and if it could be optimized to match modern processors.

It's like emulation engineering via assembly with complex fractal abstrations

imagine this as real malware

This is a whole other level of trolling and genius. Props and wow! So interesting to watch

Now I need to compile Linux with Movcc

The QR code didn't get me. That's the first time I'm thankful for GEMA.

Wow, this was his first talk? No way, he did that visualization stuff in 2012

That Movfuscator is an atrocity!

so strong. love to you dude. best talk at 23

...i need to rethink my career path...

That final piece of "malware" should make use of the webcam... Seeing yourself would be a little weird :)

This is nuts! I'd go with "We know where you live..."

Achievement unlocked: Inception complete!

I think it must be time to build a computer that only implements mov instructions.

So this is what being a next-level troll is... :)

Wow, that was hilarious. Very good video.. Very good. Smart guy right here.

Could embed: "We've been trying to contact you about your Car's extended warranty. This is a final courtesy call..."

oh wow! this one is high level!

Great Efforts and Really c00l video, IDA got smashed

may be the most!! resounding!! applause!! ever@defcon!!! .... .... .... aRt!!!!

forget security benefits. this is awesome in its own right

I just had to scan the QR code, didn't I?

On the fringe of cyber security research

That's brilliant. Probably Useless, but brilliant.

Epic idea and awesome talk. Sidenote though, regarding the QR-Code @ around 33:30: at least in Germany, the YT-link it takes you to is blocked :-( Still lol'ed pretty hard when I saw the title, but it kinda spoils the idea.

Homeboy is an artist. It's like BB King playing the blues. As simple as possible, but no simpler - it just makes you happy.

lmao i scanned the qr code out of curiosity watching this 4 in the morning.

Good Job !

Artist absolutely everywhere even in your source source code go have fun with it

So, what is the performance of a mov only program compared to a normal compiled one?

Wait you expect a reverse engineer to run the malware bare metal on their personal machine?:D

Alternative title: How to make pixel art with IDA pro

But what if you embedded Opcodes in the control graph? Would science go too far?

What about a kernel written with only mov instructions?...??

Did this guy go for the Cypher look or was it the other way around?

wow...the qr code is a rick roll

This is like ascii art from hell. Or is it what snowcrush is about?:D

Godlike!

Great talk! Just put in some quotes from the star wars prequels. I mean, how long do you think you can stare at something like “You are in my very soul, tormenting me…” or “I wish I could just wish away my feelings”?

I don't understand any of this... but the drawings were funny ! I feel like a child.

Sweet video !!

great talk :)

IDA GOAT.

33:25 next level cryptography

I have a question for you when it comes to wanting to crack a game. Do you personally know if there is anyone talented enough in the scene to reverse engineer the game Path of Exile? People say it's one of the worst targets they've ever attempted, with a bunch of abstraction layers and you get perma banned if you even look too long. It's a live server client and the game is free, but people want to make their own private server out of it to be able to play the content the way they want, in a non-profit fashion obviously. Any ideas on how you would go about bypassing the drm on this live service client and getting the source code for people to make their own private server out of it?

playing last return of the japanese final surrender with TRSi

This video makes Facebook throw an error message.

Brilliant.

This is something awesome 😁

Every time this guy is in my recommended I hope so badly it's a new one.. but I heard he got hired by Intel so he probably won't be doing these public talks anymore..

33:44 Got fucking Rick Rolled x'D

"Why is my dog in the malware?" /r/brandnewsentence

lol control flow graph messages

Amazing!

Elvis is Alive

I kind of wanted to see what a movoscated program looked like in Ida.

I just don't think that any code should have to be written twice, there's so much time and headache to write it the first time

this is great and all but does he not look exactly like the default runescape character

He is the real king of trolls.

that is insane

I use gdb mostly.

can you see AC ?

somehow I knew where that QR code will take me... ^^

And then someone runs your program through MASM... Wow so hard!

Now to embed goatse in my code

BEST TROLLing EVER !!!

33:33, got me.

For anyone else who is wondering what that QR Code leads to, it's a Rick Roll. (facepalm laughs)

Holy shit, this is evil.

This man is a fucking legend lmaooo

oh god idea a full build of gentoo with it mwa hahahaha

Nice :D

HOLY SHIT!

Imagine an endless sea of MOV instructions, punctuated by discouraging messages and symbols. Bet no one would want to reverse engineer that.

sick

One dude I reversed his code lots of Bible verses...

Hes the Tai Lopez of reverse engineering

I hate myself so I'll reverse engineer this