Pure Python Data Mangling or Encrypting
Chris Angelico
rosuav at gmail.com
Sat Jun 27 02:52:38 EDT 2015
On Sat, Jun 27, 2015 at 3:59 PM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> On Fri, Jun 26, 2015 at 7:21 PM, Chris Angelico <rosuav at gmail.com> wrote:
>> On Sat, Jun 27, 2015 at 6:09 AM, Randall Smith <randall at tnr.cc> wrote:
>>> Give me one plausible scenario where an attacker can cause malware to hit
>>> the disk after bytearray.translate with a 256 byte translation table and
>>> I'll be thankful to you.
>>
>> The entire 256-byte translation table is significant ONLY if you need
>> all 256 possible bytes. Suppose I want to generate the following byte
>> sequence:
>>
>> "\xCD\x19"
>>
>> (Okay, this is a slightly oversimplified example, as this attack
>> doesn't work on a modern Windows. But back in the days of DOS, this
>> program would reboot your computer.)
>
> Nice! When I suggested the possibility of a two byte value malicious
> payload, I thought it an extreme example of the hypothetical attack. I
> didn't expect that somebody might actually produce one.
I'm fairly sure this won't actually work on a modern system (I tried
it and all that happened was that debug.exe terminated), but it's
entirely possible there are other attacks. Or attacks that require
only a small number of bytes - maybe create a gzip bomb that will
expand to petabytes of data, that probably wouldn't need many unique
byte values.
ChrisA
More information about the Python-list
mailing list