1. 11

  2. [Comment removed by author]

    1. 2

      It basically transforms the binary into a Turing machine, with all the specifics of what the programme should do encoded in memory. The ASM dump looks so simple because mov is Turing-complete. More details can be found in the main dependency of reductio: https://github.com/xoreaxeaxeax/movfuscator.

      [edit] it seems there is a project to de-obfuscate the movfuscator code https://github.com/kirschju/demovfuscator

    2. 1

      I know close to no assembly, so this is mostly a guess, but from reading the python file it first passes the program to https://github.com/xoreaxeaxeax/movfuscator which transforms the program into only mov instructions (move a constant into a register, read from the address in this register, write to the address in this register plus the offset in this other register). That part is already mind-blowing, but seems to be possible because a turing machine can represent your program and a turing machine is just a FSM with a transition table, both of which involve nothing more than reading/writing data. More is explained here: http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf (for real, read this. It’s amazing)

      The python program then performs a few transformations which seem to revolve around simplifying the arguments to the mov calls and playing with the addressing to make the next step possible: it pushes all the arguments into a data structure and emits a small loop which “interprets” those arguments. The loop just reads the next set of arguments, calls “mov” with them, then repeats.