Reverse Challenge Entry - Bob Mathews

Questions

  1. The binary is designed to allow someone to remotely control a compromised machine, and use it to launch denial-of-service attacks. With the proper control program, a number of machines could be coordinated to attack the same target at once.
  2. The program's features are:
  3. The network data is encrypted by a simple addition scheme. To each byte, the value of the previous encrypted byte is added, plus 0x17. I have written a short Perl script to decode such packets, and it is inluded in the file decodepkt.pl.
  4. I did not find any features in the binary that seemed to be specifically meant to make reverse engineering more difficult. In some places, the code is more complex than it apparently needs to be, but applying Hanlon's Razor leads one to the conclusion that these are simply goofs on the part of the programmer rather than deliberate obfuscation.

Bonus Questions