Will the source code parser model be relevant for backdoors?

T

thatscriptkid2014-07-17 11:36:50

Information Security

thatscriptkid, 2014-07-17 11:36:50

Hello! I had this idea and decided to share it. Suppose there is a program that receives source text as input and it analyzes it for, say, "unwanted" system calls, access to the wrong libraries / files, unknown / "unreasonable" ports / ip.
The goal is to make life easier for paranoid people, to know approximately what files the program accesses, to convince them of the absence / presence of backdoors. At the output, upload some beautifully designed xml file. Will such a program be relevant for the community? What should the model of such a program look like?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Entelis, 2014-07-17
@DmitriyEntelis

While I am not directly related to information security, I can think of N ways to obfuscate the code so that no automated program will find it.
Especially since there are so many languages.
In the end, everything will slide down to the search for code signatures "download php rootkit for free without SMS"
So the answer is: it will be relevant, but technically it is most likely not normally realizable.

P

Puma Thailand, 2014-07-17
@opium

In principle, for php maldet catches almost all suspicious functions in general, it is not so difficult to go over them later.
For other languages, to be honest, I don’t see a simple way like for PHP.