It's not really possible to detect in any systematic way. Suppose I have:
unsigned char obf[BUFSIZ];
then memcpy(obf, pointer-to-some-known-place, sizeof(obf));, where the 'known place'
has the ascii values I need. then a bit of pointer arithmetic can construct the file name/process name/whatever
I am looking for in a manner which would not show up via grep or strings() on the binary.
So, if I wanted to open a wallet.dat file in source it would be pretty easy to hide it from all but other
knowledgeable and interested developers.
A google search for 'obfuscated C Code testing apps' isn't going to help out.
Topic: compiling from source (Read 373 times)
There are a couple obfuscated C Code testing apps out there, that will check for possible malicious code. A simple Google search should get you on your way.
Compiling from source is not an absolute guarantee of safety... unless you read and understand all the code, but how many people can/will do that? It is not too difficult to obfuscate at the source code level (look at the obfuscated C contest each year).
Bad binary behavior starts to get noticed quickly when people start losing something. Until then, it is unlikely the time would be spent to uncover 'issues'.
Bad binary behavior starts to get noticed quickly when people start losing something. Until then, it is unlikely the time would be spent to uncover 'issues'.
Jump to: