Does Source Code Even Matter Anymore?

Thomas Ptacek | June 24th, 2005 | Filed Under: Uncategorized

This is a really cool video, doing structured assembly code analysis. It’s just an illustration of using assembly/bblock diff to reverse engineer an MSFT patch, which is “old news”, but the meme it infects me with is: if we can visualize basic blocks and call graphs, restoring structure to assembly code, what good is keeping the source code secure anymore? I know Halvar’s response would be, “no shit”, and many people (myself included) have found vulnerabilities by reading assembly code. But this is something subtly different: it’s 80% of the value of a decompilation —- it’s effectively a new form of source code, an inescapable translation into a new, equivalent higher-level language.

hAH-hAH!

Note to the CISSP guys who think this is “case in point” for why we should obscure or encrypt security patches: you can diff a running image just as easily as you can diff a file. Getting access to the assembly instructions isn’t hard for anyone; it’s making sense of them, versus reading the source code, that presents the challenge. Or, presented a challenge.