RELEASE: CIA Vault 7 part 3 "Marble"

twitter.com/wikileaks/status/847749901010124800
>RELEASE: CIA Vault 7 part 3 "Marble"
wikileaks.org/vault7
youtu.be/uxmMt4EW3PQ

>today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

>Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

>Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

>The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

Other urls found in this thread:

youtube.com/watch?v=JWzjn0N9g4g&t=98s
twitter.com/NSFWRedditGif

Is there some point you wanted to make? Perhaps you are mistaken and simply think this is a news aggregate site.

...

Anyone who is gonna care already knows. Either make a point or fuck off.

"Russian hackers" could be the CIA or anyone in America or the world that got access to these Vault 7 tools when they hit the black market

Thank you.

bump for justice

>"lives" in a foreign embassy to avoid arrest and lawful extradition

or they could be russian hackers.

Jesus fuck let it die.

>I can't be russian hackers, the_donald would never lie to me

about you just let yourself die

Spoier: it's the CIA

I meant the thread, numbnuts.

any day now, the election in Ecuador is going to be finalized. the guy touted to win has vowed to kick Wizzy out of the embassy. so has the woman coming second.

i can not wait. this is going to be so funny.

Alrighty Sup Forums, I decided to take the time to check out what this marble really is.

What the algorithm does is it scans Marble.h for all of the listed possible XOR functions. If there is an uncommented one, it will use that one exclusively, otherwise it picks a random xor function.

A vast majority of the files are really basic xor functions. A random seed + xor in about 4 different flavors, then trying a _slightly_ different method of reversible "encryption." Marble picks from one of these.

Then the actual program works like this, it scans all files in a directory to find specific text strings, for example, the word "Marble."

When the text string is found, it reads back to the beginning of the string until a non-alnum + non-space character is found. It takes this position in the file, and indexes it. Then once it has found all of the strings, it takes the randomly selected xor function and encrypts all of the strings and generates a receipt file.

The receipt file can be used to reverse the string encryption (because it's xor). The validator project simply validates that the receipt matches the output file (so for example it scans for strings, and if it finds unencrypted strings with the text "marble" then the file does not validate; then it makes sure that all strings in the receipt are matching with the results it found).

Ultimately, you get something that is about 40% random algorithm selection code, and 50% random xor functions. The rest driver code is really simplistic and just drives the "find files in folder, and apply selected algorithm" concept.

Now honestly, this code is basically intro-to-compsci level projects. The author even uses goto randomly, and it bothers the hell out of me. In the end, this makes me less confident that our government is competent than anything else. Feel free to interpret that as you will (e.g. false flag, intentional release, hype train, etc).

Happy Hacking

the Zeus bot did that some 10 years ago... and their authors prolly copied it from someone else

quit compromising our national security

the CIA should be allowed to keep secrets from us because any one of us might be a terrorist and if terrorists know then the rest of us are fucked

as far as I'm concerned anyone who might be helping terrorists learn information that compromises us to them -- whether knowingly or not -- is basically also a terrorist, so I HOPE "Julian ASS-ange" gets a "heart attack," and I wish the same on the entire Wikileaks project

Jesus Christ, this place is not for you. You must have an IQ of 90+ to post here.

>disregard this if you're an Indian developer that struggles with english and java (your primary programming lang)
We love you guys.

iq 140 but iq is for jews

So that means you're a Jew?

no, jews are ruin america, i am real american i work every day to make money not like poor people who are bad!! coca col

...

So like, worse than using something like vmprotect/themida?

OAH IT ARE MAGIC?!?!?

Computer security researcher here.

I looked over the release and it's nothing of significance.

youtube.com/watch?v=JWzjn0N9g4g&t=98s

wow no one knows what a polymorphic engine is

11/10 nice bait

WEAK CIA niggers- 9/9/99 SOON

bump