Pure Python Data Mangling or Encrypting
Jon Ribbens
jon+usenet at unequivocal.co.uk
Sat Jun 27 05:26:04 EDT 2015
On 2015-06-27, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> On Fri, Jun 26, 2015 at 7:21 PM, Chris Angelico <rosuav at gmail.com> wrote:
>> On Sat, Jun 27, 2015 at 6:09 AM, Randall Smith <randall at tnr.cc> wrote:
>>> Give me one plausible scenario where an attacker can cause malware to hit
>>> the disk after bytearray.translate with a 256 byte translation table and
>>> I'll be thankful to you.
>>
>> The entire 256-byte translation table is significant ONLY if you need
>> all 256 possible bytes. Suppose I want to generate the following byte
>> sequence:
>>
>> "\xCD\x19"
>>
>> (Okay, this is a slightly oversimplified example, as this attack
>> doesn't work on a modern Windows. But back in the days of DOS, this
>> program would reboot your computer.)
>
> Nice! When I suggested the possibility of a two byte value malicious
> payload, I thought it an extreme example of the hypothetical attack. I
> didn't expect that somebody might actually produce one.
It's a good example of the interesting things that people can come up
with (for example, "binary" executable files that in fact are
comprised entirely of printable ASCII characters), but it isn't in
any sense an "attack" on the system described in this thread.
More information about the Python-list
mailing list