movfuscator
fq
movfuscator | fq | |
---|---|---|
82 | 45 | |
9,013 | 9,402 | |
- | - | |
0.0 | 9.4 | |
about 1 year ago | 8 days ago | |
C | Go | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
movfuscator
- M/o/Vfuscator: The single instruction C compiler (2020)
-
controversialOpinion
Everything can be reduced to assignments. https://github.com/xoreaxeaxeax/movfuscator
- M/o/Vfuscator: The single instruction C compiler
-
Subtraction Is Functionally Complete
However, the movfuscator as implemented does still require a sigaction(2) syscall to set up a signal handler, under the justifications that "it is not actually part of the program" and that "if we were in ring 0, we wouldn't need help from the kernel" [0]. However, the latter part seems a little dubious to me: without the help of the kernel running non-MOV instructions, you'd never be able to escape from 16-bit real mode into 32-bit protected mode, since you wouldn't be able to load a valid GDT with the LGDT instruction (as far as I am aware).
[0] https://github.com/xoreaxeaxeax/movfuscator/blob/90a49f31219...
-
The bigger the interface, the weaker the abstraction
I _think_ the idea is thinking of an "interface" as "something that you use as a way to interact with something from outside an abstraction". I'd summarize their argument as reasoning that if the goal of an abstraction is to avoid having to care about the internal details of something, an interface is a way to expose a subset of ways to interact with it, and the more you expand it, the more it exposes the internals of the thing being abstracted. I don't think they necessarily mean this only in terms of programming, but you could apply this argument to a programming language interface; if you use an interface for interacting with something instead of its direct functionality, each additional method you add to the interface exposes more details of the inner value, which makes it less of an abstraction.
Assuming my interpretation is correct, I'm not sure I totally buy this argument because there doesn't seem to be an obvious way to define the "size" of an interface where it holds true. The naive way to define the size would be number of methods, but I'd argue that methods can vary so much in terms of the amount of cognitive overhead they "expose" to the user that it's not very meaningful. Consider the Movfuscator compiler[0], which compiles code into binaries only using MOV x86 instructions because it happens to be Turing complete; as complex as it might be to learn x86 assembly as a whole and start writing programs directly in it, I'm dubious that trying to do so only with MOV would somehow be easier. Put another way, an x86 instruction set that only contains the MOV instruction is not a "stronger" abstraction than the actual one because it _introduces_ complexity that doesn't exist in the original. Does adding an ADD instruction alongside MOV increase the strength of the abstraction, or weaken it? I don't think there's an answer that we'd immediately all agree on for this sort of thing.
Ultimately, I think trying to measure interfaces through the number of methods they expose is similar to trying to measure code by the number of lines in it; while there are some extreme cases where we'd likely all agree (e.g. for a fizzbuzz implementation, having 10 lines of code is probably better than thousands of lines of code[1]), we can't really come up with a good objective metric because the "target" number is based on the complexity of what you're trying to define, and we don't have a way of quantifying that complexity. I think the ideas here are still super interesting though, not because they have definitive right or wrong answers, but because thinking about stuff like this overall improves one's ability to write good software for usage by other programmers.
[0]: https://github.com/xoreaxeaxeax/movfuscator
- The M/o/Vfuscator contains a complete mov-only floating point emulator. Since it is approximately 500,000 instructions, you must explicitly link to it if you need it
-
Can the RISC instruction set be simplified even further?
The mov instruction in x86-64 is Turing complete. Someone even made a C compiler using only mov.
-
This is definitely not the best way to initialize an array
Are you sure they didn't use the MOVFUSCATOR?
-
Can every function defined in popular libraries/frameworks be traced back to primitive data types, conditional statements and loops?
Yep. In fact you can reduce everything to just one simple assembly instruction.
- I am going to learn goto
fq
-
How to Use JSON Path
I see, thanks for replying and no worries! yeap some of the "self-describing" formats like msgpack, cbor etc will because of how fq works have to be decoded into something more of a meta-msgpack etc.
About blobs, if you want to change how (possibly large) binaries are represented as JSON you can use the bits_format options, see https://github.com/wader/fq/blob/master/doc/usage.md#options, so fq -o bits_format=md5 torepr ...
I can highly recommend to learn jq, it's what makes fq really useful, and as a bonus you will learn jq in general! :)
-
Reverse-engineering an encrypted IoT protocol
Hey! fq author here. I have a bunch of related tools in the readme https://github.com/wader/fq?tab=readme-ov-file#tools two suggestions: gnu poke and wireshark (can decode lots of more things then just network protocol)
-
To a Man with `Jq`, Everything Looks Like JSON
Did someone say let's represent structured data as json? a bit of shameless plug: https://github.com/wader/fq :) It's using a fork of gojq btw!
-
Jaq – A jq clone focused on correctness, speed, and simplicity
https://github.com/wader/fq has a REPL and can read JSON. Tip is to use "paste | from_json | repl" in a REPl to paste JSON into a sub-REPL, you can also use `` with fq which is a raw string literal
-
jq 1.7 Released
I do lots of exploratory work in various structure data, in my case often debugging media filea via https://github.com/wader/fq, which mean doing lots of use-once-queries on the command line or REPL. In those cases jq line-friendly and composable syntax and generators really shine.
- fq (jq for binary formats) has a new v0.7.0 version
- FLaNK Stack 5-June-2023
- fq: jq for binary formats - tool, language and decoders for working with binary and text formats
- Fq: Jq for Binary Formats
- GitHub - wader/fq: jq for binary formats - tool, language and decoders for working with binary and text formats
What are some alternatives?
demovfuscator - A work-in-progress deobfuscator for movfuscated binaries [Moved to: https://github.com/leetonidas/demovfuscator]
jq - Command-line JSON processor [Moved to: https://github.com/jqlang/jq]
obfuscator
jq - Command-line JSON processor
Molebox - MoleBox lets you convert your application into an all-sufficient stand-alone executable, containing everything needed: components, media assets, registry entries.
Kaitai Struct - Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby
onelinerizer - Shamelessly convert any Python 2 script into a terrible single line of code
HexFiend - A fast and clever hex editor for macOS
sectorlisp - Bootstrapping LISP in a Boot Sector
nq - Unix command line queue utility
Unity-game-hacking - A guide for hacking unity games
miller - Miller is like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON