Unprovable data transfer task

    This is a somewhat unformatted post. This post is a question for the Habrasociety, the answer to which I do not know. Perhaps there is no answer. Personally, I did not manage to fully realize the exact formulation of the question.

    This publication, in addition, is the memory of a person from whom I first heard about such a task.

    So, the author of the task is one of the most famous representatives of the crack-scene of the Runet - ms-rem . I am sure many of you who have been involved in reverse engineering have heard of it. ms-rem was not releasing. Instead, out of his pen came the most interesting in its depth study of the article. I don’t know, maybe someone came up with this task earlier, then forgive me for my ignorance.

    To start, I offer you a short interviewgiven by ms-rem to cracklab.ru is interesting and easy to read.

    At the end of the interview, the author gives the statement of the problem (spelling preserved):

    typical tasks are always simple, it is enough to read manuals and articles, but there are tasks for which you need to think with your head and dig through a lot of code in disasma and then debug for more than one week. Of these, I can name the problem of unprovable data transfer .

    That is, for example, there is a troy, it transmits and receives any data, you need to make it so that if the troy is found and all the traffic going through the network is saved, it was impossible to prove that it was transmitting any data, here is an example of one of the very complex tasks.


    I will explain, although everything is clear here.

    You are the creator of a trojan or any other network software (but let it be a trojan). I am against the trojans . We have a TCP / IP network. Your trojan works in it and transfers data from infected computers to the attacker's host (and vice versa), also located inside the network. All traffic running between any hosts is stored by the active equipment in a huge log, from which you can easily find out who, when, where and what data was transmitted.

    When a trojan is detected, you need to make it so that even having its code and all the network traffic available, you could not prove that it was transmitting anything at all. In other words, it was impossible to prove that your trojan is a trojan, and not an aseous client. Something like this.

    No, this is not a legal question, just like it is not a question of proving the guilt of a virus writer, I think this is an engineering task. My opinion is that in theory there is no solution. Maybe I'm wrong.

    Therefore, I propose to some users of Habr to reflect on the theory, to others - to offer practical solutions: how to at least complicate the proof of the functioning of the Trojan as much as possible, if suddenly the problem is not solved at all in theory.

    The problem is more theoretical, the real use of UFOs did not tell me anything.

    How to solve this problem? Is it relevant? What technologies, in addition to encryption, are applicable for hiding an object? No listings on acma, better describe in words.

    Postscript (offtopic)


    If someone else brought this task, I would decide that this is nonsense. But, knowing what kind of qualification ms-rem had , and he did not throw words into the wind, I dare to say that the problem is interesting, and its solution is informative.

    A few words about the author.

    I got lucky. It happened so, I knew Roman (ms-rem) personally. He was a brilliant system programmer, the guru of his time. What can I say, just read his articles . Vulnerabilities that had not yet been published by Microsoft were patched on his computer. He debazed, found and fixed. Do not believe? I did not believe either. Looking at such enthusiastic people, I want to take mountains of books and articles, drill in the village and do, engage in self-improvement.

    Many publications were, in one way or another, related to zero-ring programming , drivers, Win NT memory models, and program protection .

    And his famous crackme was never broken by anyone.

    According to unconfirmed reports , ms-rem died in a car accident in January 2007. Although, many claim that he just beautifully left the stage. Well, that is his right. Be that as it may, his nickname then shut up forever. Perhaps he will even read this post.

    Finally, a quote from one forum:
    The logical end, but it seems that this is the death of a nickname, but not a real person. But it seems that under this nickname we will not see him anymore, maybe he will appear under a different one, but no longer standing out like a bright star in the sky. Well,
    in the Internet, too, their legends, their saints, their heroes ...


    Thanks for attention. Please express your thoughts on the subject in the comments.

    Also popular now: