From: “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>
To: cypherpunks@toad.com
Message Hash: add53603170b65ec37f33da7ab20c098f444a7a32396b0b4267dba524a3c4e9c
Message ID: <960229113215.20230778@hobbes.orl.mmc.com>
Reply To: N/A
UTC Datetime: 1996-02-29 19:18:21 UTC
Raw Date: Fri, 1 Mar 1996 03:18:21 +0800
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 1 Mar 1996 03:18:21 +0800
To: cypherpunks@toad.com
Subject: Copyrighted code and executable ASCII
Message-ID: <960229113215.20230778@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain
Since several have asked and it serves several points, I present
the following (also am interested in coderpunks - does this
constitute a qualification ?).
Point the first. A couple of years ago questions arose concerning
executable ASCII. I had played with the concept back around the time
I was doing memory maps of Bendix 930s and Mil-Std-1750s but never went
very far with it. The concept was ressurected c.a. 1988 with a concern
about multi-platform viruses (not talking macros or portable source,
but true multi-platform binaries - can to the conclusion that dual
platform was doable, triple possible but very difficult, and four
bl**dy unlikely.
Around 1990 some people in Germany developed a program (sorry, I do
not recall the citation but wanted to acknowlege the fact - believe
the program is on SimTel mirrors). That program was buggy and not
suitable for E-mail through certain gateways and recipients.
In 1994, there was a flurry of concern about E-Mail vulnerability
and the subject came up again. We have had "ASCIIrizers" for some time:
TekHex was one of the first I was aware of, then UUencode, PGP "Ascii
Armor", and others. All required an client side file for decoding or
the even cruder DEBUG scripting mechanisms. Looking at an Intel CPU
instruction map, it became apparent that there was an entire class
of instructions contained wholly within the RFC-822 compliant area.
The result was my 1994 "Christmas Card". Since then I improved the
algorithm somewhat reducing the first 129 character line to 64 characters
(not sure why that was a target other than the max & min terms said
yes and that is what UUencode uses so is known to work).
This brings up the second point. Rewriting Copyrighted algorithms as
is being discussed in relation to Royal Crown Cola (tm). Was once told
that one test was that at least 20% of the code must be different.
Now when using a compiler this is difficult to demonstrate because the
included libraries make up much of the code. Assembly programming is
different. Sometimes things must be done in a particular order to work
at all. The enclosed code is an example: the bulk of the program is
trivial, compression is lousy but that was not the intent. The key
is in the first lime of code that makes it all possible, operable on
everything from an 8088 to a 486 (do not know about Pentium - do not
have one, nor a power PC but no one who received last year's card
complained).
It may be possible to change some of the registers and possibly
some of the order but the stack is the stack. So here is a question:
can that first line be changed sufficiently to satisfy the "independantly
developed" tests whatever they may be. No credit for lengthening the
line. Kudos for shortening but would be surprised if more than a
couple of bytes could be removed while maintaining the functionality
(some things were done to maintain compatability with the different
pipeline mechanisms used by Intel and at least one kludge was
necessary to avoid a bug in the Intel microcode).
For those who would like the source code: sorry, it does not exist,
all programming of the first line was done using DEBUG. There is
an .ASM of the whole file but it contains a long "DB" directive.
I have signed the code for authenticity. The executable file must
start with the first "X" as the first byte (could have put logo
in front. Didn't.). All the "P"s were deliberate.
Will only work with true .COM files up to about 30k. Does not need to
be so limited, just is & has nothing to do with the first line, just
is a PoP & I was lazy 8*).
Coderpunks are also welcome to comment.
Warmly,
Padgett
ps have launched .COM directly from ccMail attachment before.
-----BEGIN PGP SIGNED MESSAGE-----
XP[@PPD]5`P(f#(f((f?5!QP^P_u!2$=po}l=!!rZF*$*$ =0%GF%!!%PP$P$Ps-
$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%Xm6lW%Xm6mWl6m6m=ld%ylVmqlJ
mqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:mAm1mBlal6m0l1%f%r%r%rl&$W
%z${$z%yl"%qm"l&$a%Vl&$j%b$`%_%`$X$X$|l&%z%v%v$xl1m0l&%q%[$[$W%`
$Y$X%Yl&%bl&${%q%k%ll&$_%^$\%`l&$X%[l&%b$[l&%r%i%q%n%nl&%`$V%`%a
%X$X%b$a$\%`l&%Y$X$Y%^$[%_l&l1m0l&%n$[$W%[%a%b$X%^%[$[$ul&%f%r%r
%rl&$t$_%^$\%`$[%b%\%`$sl&l1m0l&%k$Y%^%_%^$[%b$\l&$_%^$\%`l&%W%^
$\$\l&$a%`l&$Y%`$[%b%\%`$`l&${%k$i%ol&l)l$m0l1l$l6l$l6l6l6l6l6l6
$rm6lWlvl6l#lql0lvm:l6%Xl0lYm5m6l\m2mPm&lZl6$lmPm&$omql+mem6$ym7
lqmJm5lGl#mrm+lql4$tl&%Xm4$ol7mRmAm<$ym@mqlK%jmql7l^${l=l_mqm;m`
m$%c%c%t%q%k%Xm3l`l$%c$t%l$Xm#lYm7m6mAlX$o%^$\%`l&$`%[%`%Yl&$[%[
$Xl&$^%b$W%`l&${%q%k%ll&%`$V$X%`$[%Y%^%[$[l$%fmumBl4mql=mr$wmpl5
mWmPl4m!m:mr$smrl5%gm=ld%cl\$gmPm&%Y%YlY$ol5l^m5mB%Xm7%q%[%X$\$`
l&$[%[$Xl&$Y%`$[%b%\%`l&${%q%k%ll&$_%^$\%`l&$X%[l&${%k$i%o${l$lY
$Yl5l^l3mB%nm7%q%[%X$\$`l&$[%[$Xl&%[$Z%`$[l&$_%^$\%`${l$l6l6l6l6
l6l6l6l6l&%q%[$[$W%`$Y%Y%^%[$[l&$Z$Y%[%a%`%Y%Yl&%a%[%\%\%`$[%a%^
$[%_${${${l$lZl6$tmPm&$Yl]memql5mqmKlZl6%tmPm&$Ylcmemsl5lYmol5l\
m2mPm&mZ$ql6lYlLl4lBlsm6%ym@mZ%xl6lBlOl6mNmFlB$Wm6lZl6%smql'msl5
mZl6l5lYl*m4mPm&%Ym&lYm8l5l^m4mBlWl7l&$q%b$`l&$_%^$\%`l&$Y%`%b$`
l&$Y%`$Z%[$Y$X%`$`l&l$mqlRmul:l6$Sm5mBmvl6mZl5l6lYlMl4lB$xm6mZ$q
l6lY$xm5lBm!m6mA$qm0l1%c%c%c%c%f%r%r%r%c%a%[$Z%V$Y%^%_$^$X%cl"%q
m"%c%z%v%v$x%c$a%V%c$j%b$`%_%`$X$X$|%c%b$\$\%c$Y%^%_$^$X%Y%c$Y%`
%Y%`$Y$W%`$`%c%c%c%c%clBm+l6l\m2lYmum5l^l6mB$vl7${${${%a%[%\$Z$\
%`$X%`${l$l\$smql'msl5mPm&l\$smql'mql5mPm&mUlBm2l6mNmFlBm^l6mB$v
m7mU%jlWl*m4mWl*m3%ylV%ymIl`lbm6$Xl5l7mUlvmQl$$tl^%Wl4$t$|%Tm5lv
mQ$nl!mUl;lJlNlBlqmElslFma%pmum8l&$Tm2%ym@mf$xm5ma$f$r$jlEmQ%fmf
mam6m5mVm5mV$Yl4memam6mUlBlkm7lZl6%rmql+mpl5mPm&%Ym)lYm0l4l^l2mB
l_m8%i%^$U%`%{$p%`$\%`$X%`l&%`$Y$Y%[$Y${l$lZl6$gmql+mrl5mq$smpl5
mPm&lY%xl4l^m2mBlsm8%k$Y%^%_%^$[%b$\l&${%q%k%ll&$_%^$\%`l&$X%[%[
l&$a%^%_$|l&%`$V%^$X%^$[%_${l$lYl*m3lZl6$rmql'mql5mPm&$Ym6mUlY%Z
l4l^m3mB$mm8%p$Y$Y%[$Yl&%W$Y%^$X%^$[%_l&$X%[l&${%q%k%ll&$_%^$\%`
${l$l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6${%[$Y%_l6$Z$Z$f$j%e$r$j$j$p%d%x$b$jl"$_m%l"$_l"l"$_%s%xm&%j
$j$c$j%c%Xm&$yl$%t$Z%[%T$\%tm&m&$Y$e$ol!l$l!l$l&%t$zm$%o$om$m&m&
m$$j$jl$$jl$$j%Y%|m0l1$Z$Z$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%X
m6lW%Xm6mWl6m6m=ld%ylVmqlJmqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:
mAm1l6l6l6pp
____YAAA_copyright_(C)_1994_by_Padgett,_all_rights_reserved_____
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBMTXclIVuK+48ORdVAQHq4QP/TgAirDLN2dONcfdmfPK02mjTHF2jg4zY
nFqWZ9CuirrD+THVszeDbHjwmyBAgZVnnesDwVIDaNc4kdySVrPVwtX5xgA1sjXE
oKrJxP5+YRTL5M0dbQUmbWLsEK9g2IToAqWIODVLHOI8K5l99/CQz8J+71zWzu9e
VaQP4Mppdy4=
=C3xl
-----END PGP SIGNATURE-----
Return to February 1996
Return to ““A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>”
1996-02-29 (Fri, 1 Mar 1996 03:18:21 +0800) - Copyrighted code and executable ASCII - “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>