It was a real trip for me. I went from ass, to asses, then maybe assets, wondered about asserts for a while, and finally, *finally*, saw assemb-- and figured it out.
We get it it's safe, stop the brainwashing it is safe, it is safe, it is safe, memory safe, memory safe, it is safe, it borrows, no garbage collector, it is safe, safe, safe, safe, safe, safe, rust is good, everyone should use it, it is fast, those C/C++ guys don't get it, use rust, use rust, it is safe, it's portable, it is used in linux, it is safe, memory safe
@@OlegLecinskyPlenty of people have found practical uses for it. While it's rare to refactor everything into Rust it's actually becoming quite common to refactor bits of code into Rust. Things that needs memory safety, speed, parallelism etc.
@@Luredreier This is all again just talk I've heard before. The same talk we've had 20 years ago about "Linux replacing Windows on a desktop" is now "Rust will replace C++". For a language which is supposed to dethrone C++ the results aren't quite visible yet. I'm sure with some time Rust will find its usages, like Linux still exists on desktop, with probably a couple of % of installations.
@@Luredreier What's the use tho? Rust IS NOT a systems programming language. Rust is an userspace language? Kernels and such - heck no. Rust's unsafe is terrible and it's not meant to be used as much as it's needed in low-level space.
I think the most popular languages for wirting this stuff are C, C++, Go and Nim, for specific reasons. C and C++: it is low level and is efficient, so the malware will not use a lot of resources, lowering the chance of detection, also lots of libraries Go: It is easy to write, still can use pointers, decent performace. (You can do pointer arithemitic with the unsafe package.) Nim: Basically C++, but with a python-ish syntax and Garbage collector. (that you can turn off), easy to write, but is a small language, so lacks libraries. (It is so much used for malware that depending on your antivirus, it will flag every Nim program as malware). Rust is only being used more now, because it have more libraries today, the standard library lacks features, like you need to install a crate just to have a random number generator, even the 50 years old C have a a PRNG in the std library. But thankfully Rust is kinda popular today, so you can find lots of crates that make up for the small std library.
Not only "a thing", if you use Linux you should always check bash scripts that you get on the web, it's incredibly easy to write bad stuff with bash. Besides it's very easy to check it since it's just a text file (and usually only one text file)
If a language is used by malwares, you know the language is a real deal. Hackers are still the same software engineers that wanted things fast and reliable after all (imagine the virus crashes itself and get caught in early stage).
"If a language is used by malwares, you know the language is a real deal." I suppose that must then include Visual Basic since it used to be used for a bunch of macro viruses back in the day.
@@seneca983 VB, LUAscript, C++, Powershell, GO, Java, Python, bash-script loaders, etc. All of these are valid attack vectors. IR and malware analysis is reactive so when you're developing in not C/C++, IR has to play catch-up and get to to speed.
Reverse engineering Rust is only hard because writing Rust decompiler hasn't been a priority. If Rust is picking up, then the various software security companies will make this a priority. Back during the time when everyone was worried about the Year 2000 rollover bug there were a lot of legacy programs and libraries whose original source code was lost or there were so many different instances of the program or library and you couldn't tell which version of the source code it mapped to, or if it was even there. Programmers, especially at the various Y2K consulting companies, quickly became really good at reverse engineering from assembly and the various bare bones assembly to C converters. It was right about that time that reverse engineering tools became much more usable. I predict the same will occur now.
It sort of is in a way, it's impossible at first, but those with experience understand it and can deal with it easily(with some occasional deaths/errors)
i very much loved the short explanation of LLVM and how codes of different languages run on different OSes. Can you please make a more in depth video about this? A lot of us want to get into malware research & reverse engineering nd stuff, but have no idea about how a code can run on different OS, and what must be understood about OS/compiler infrastructures/architecture, to understand how a malware runs on computer.
Really high-level but programming languages need to be compiled before they can be run. Essentially languages like C, C++, Rust, the computer knows nothing about this. The computer only knows machine code, instructions which it can operate on. Compilers don't really compile to machine code, they compile to assembly, and then an assembler turns that into an executable. So, a C++ to x86 compiler will convert C++ to x86 assembly, and then the assembler will convert that into machine code for an x86 computer. What LLVM offers is an alternative. A machine-independent Instruction set architecture. It has similar instructions to x86, primitive things, like load, store, jump, branch. Compilers then target LLVM, and LLVM converts it into a platform assembly. Now, not all platforms have the same ISA. But... they are all turing complete. LLVM can often, but not always, transform some instructions. In reality most programs only need a very small set of instructions to run. Some LLVM instructions may compile to 1 x86 instruction, but 2-3 ARM instructions. Now, where do OS come into play? Theoretically, very little. An x86 algorithm will be identical in Windows or Linux. The binary layout should* be exactly the same. However, the executables themselves are different. You need to construct an OS executable type, like an ELF, so the OS will accept it and know how to run it. But that's just the beginning. In addition, most non-trivial programs require OS intervention to run. This isn't obvious in high-level languages like C++. But a function like, say, allocating memory requires the OS to intervene. These calls to the OS are called syscalls. These are unique to the OS. Calling operator new often performs a syscall, which will be different on Linux than Windows. How does a high-level language and compiler deal with this? It would be incredibly annoying if you had to use a different operator new, or different malloc, depending on which OS you're targeting. Well, the language provides a standard implementation for relevant operating systems. This is often called the standard library, like libc or libc++. At compile-time, the compiler chooses which implementation to use. The code is different, but to the programmer the interface is the same. Malloc is always malloc, but behind the scenes the syscall and algorithm malloc uses will be different for each operating system. They also provide platform-independent frontends for other tasks that require syscalls. For example, std::thread in C++, std::filesystem, etc. Some programs include "hardware intrinsics". These are sections of the program written to target specific hardware. For example, inline x86 assembly in C/C++. These cannot be ported, its simply impossible. So, they're generally avoided and only used in user-land code to do very specific things. You can turn these off on some platforms in the code, using the compiler. You can request the compiler check what platform its compiling to, and if the specific hardware code doesn't work there then don't compile it. Very common to see in high-performance hardware-bound applications, like video games.
Hey Jake, This doesn’t surprise me. Any tool can be used for both good and evil. I’m sure that efforts have redoubled to produce reverse engineering tools for Rust as I write this. Great video as usual. 😀
It would be interesting to know how we can tell which malware was written in Rust from examining the binaries. I'm assuming from the runtime/equivalent of libc included?
An easy way is just search the strings for "crate". A Rust binary (that hasn't been completely mangled to hell) will have package strings for every crate that was included by the dependency manager.
Whoever made that language tierlist should _seriously_ consider unlive. C# above C++, bash and Lua in the same tier as php, Go and Assembly in the same tier as Kotlin, Elixir, Python and Ruby in the same tier as Cobol, Zig on par with Rust. This isn't just objectively wrong, this is a cry for help. I wanna know who performed the lobotomy on the person that made this list.
Pedantic nit: "it is almost impossible to make code that crashes using rust" Try accessing an out-of-bounds index in Rust. It will panic and crash, which is actually the "memory-safe" response rather than accessing illegal memory. Rust protects you from data races, but it does not protect you from crashing your application.
If you are trying to use rust on windows, good luck with that because certain crates will just refuse to compile. The llvm backend is used by rust to generate code, but you'll struggle even to get basic functionality like profiling, coverage to work. The only solution is to build the rust compiler from source, so that leaves you in the territory of custom toolchain. I know, because I'm struggling with the same. But static analysis time memory diagnosis looks very neat. Maybe it might become popular in the near future, but it is never replacing C or C++. Who writes malware for Linux anyways?
Well, it really depends on the implementation. I'm writing a library in Go which for now only works on Unix systems due the syscalls I'm using. And the last question, most servers run Unix systems like Linux and BSD, which are greater targets than your neighbour maybe. Also some people have that tendency to think they're safe just because they use Linux, but that overconfidence just make them easier targets. But of course, the majority of malwares are on Windows due it's popularity
@@hdjwkrbrnflfnfbrjrmd I've noticed that all the worst sort of commie scum seem to main that language. That realization snuffed out any desire I had to work with Rust. I refuse to accept them as my peers.
I don't like Rust for its inconsistency, terrible syntax, camel case nightmare and abstractions. It's inconsistency (two ways of declaring variables and functions using and not using "where") will lead to many dialects which will make new code harder to read.
So part of the difficulty in reversing Rust will go away as tools are produced. Are there any language reasons Rust might _always_ be harder to reverse than C/C++ at baseline? To me that's the more interesting question. Out of "more reliable", "more targets", and "reversing is harder", the last is the one with potential.
That was the little bit about "cost-free abstractions". Basically structure in your code that isn't in the binary at all, and therefore can't be reverse engineered out of the binary. That doesn't make the reverse engineering impossible, but it makes understanding what you're reading a little bit harder since you've irrevocably lost a lot of the structural information.
For example, a chain of iterator methods might get inlined and optimised to the same code as a series of `if`s and loops, which will be hard to decompile into anything like the original code.
its also obscure lang so most basic functionality of the lang doesnt have signatures, for example a basic socket connect command and control in python will get detected (in some cases) but in rust it doesnt
This was an interesting vid, but I couldn't stop looking at his shirt. When the mic was covering part of it I kept seeing: "Everything is open source if you can read ass" lol.
Reverse engineering rust isn’t as hard as people think it is, if you spend a few minutes you can find out how it works and follow the execution patterns, sadly though IDA does horribly in displaying rust binaries, but other tools such as radare and binj does so much better
Interesting, I didn't realize that Rust was harder to reverse-engineer, but now that you mention it that makes sense. I may start writing some of my code in Rust, because I do have a project that would benefit from being harder to take apart.
Hi there, i just discovered your channel, and i cant find any video on "who you are" can you create a video on who you are, how you started etc etc?.i want to learn about your background and how you started
I'm so glad to hear malware authors take pride in the quality of their creations. Sadly, currently, many creators of software do not. Personally I think it is professional negligence not to take steps and use tools the help achieve the best software quality one can (In terms of robustness, reliability, security, etc). That is to say negligent to use error prone languages like C and C++ when alternatives like Rust exist that greatly mitigate a lot of silly mistakes we can (and do) make. These malware authors are a great example of professionalism for the rest of us that we would do well to follow.
C and C++ are not "error prone". They simply let you do more than Rust does. Technically there are no such things as "programming errors". There is only a disconnect between the programmer's mental model of what the code does and the actual reality of what the code does. All of my buffers are allocated statically, they are powers of two sized and I generally use a binary mask for the index. That's 100% buffer overflow safe. Rust can't do any better than that, either for scenarios which do not require dynamic memory allocation. At most it can make dynamic memory allocation more convenient than my programming model would. I use finite state machines for parsing of datagrams and they always include conditions that lead to one or several "invalid" states. Rust can't do any better than that, either, because it does not have a mathematical prover that can prove that your datagrams are safe. You have to make sure of that. Using these techniques I have programs out in industrial applications that have 100% uptime and zero known bugs. If that is what you need, then you just have to use your tools in ways that make sure that that is what you get. Relying on a language to do the thinking for you is a guaranteed recipe for failure.
@@lepidoptera9337 Yes, if you want to be pedantic a programming language, (C, C++, anything) is not "error prone". However programmer are. The question is does the language help prevent its users from making silly mistakes. Same like how all kind of dangerous machines are not error prone, their users are, that is why we have all kinds of safety guards and interlocks on dangerous machines. Of course there are such things as programming errors. Same like their are spelling and grammatical errors in normal writing which give the reader the wrong idea, Same like their are errors of judgement that cause drivers to crash their cars. The question is does a programming language help detect those silly programmer mistakes. I'm glad to see you take steps to avoid bugger overruns etc in your code. I don't see why you would not welcome a language that can check all those things for you automatically and save you the trouble. It's wrong to say that Rust cannot do better than you at detecting memory misuse errors. Being human you are prone to making mistakes, you will be tired, or sick, or under pressure to finish, or just have a bad day. Where as Rust will check your work all the time. If nothing else Rust removes the need to check everything yourself all the time. I do agree with you when it comes to program logic or algorithmic correctness. Like you state machines example. Rust cannot save you from writing the wrong algorithm. As you say we don't have the mathematical provers for that. And if we did we would have a very hard time specifying the problem to be proved. Rust does not claim to do that. However the type and memory misuse checking it does is a huge advantage in ensuring program correctness,. Actually state machines is a case where Rust's type system can help greatly in ensuring you write correct state transitions. So not a good example of why Rust does not help. I also agree that if one wants as few bugs as possible and reliable systems one should use the available tools in ways that make sure that is what you get. One of these tools is type safe and memory safe languages like Rust. By your own logic if one wants bug free reliability one should be using languages Rust to help. Nobody is saying rely on the language to do the thinking for you. But I bet you are happy to let a calculator do complex arithmetic for you rather than working it out with pencil and paper. There is no way having a language like Rust check for type and memory misuse can be a recipe for failure. Like you I have been working on industrial applications in languages like C, C++, PL/M, Pascal for a long time. Since 1882 about. I have adopted techniques as you describe to ensure things work reliably. Some other those systems have been running trouble free for twenty years and more. I am very glad to now have a language like Rust that saves me all the tedious and error prone manual checking of everything I do. Many others in industry have had the same experience. For example recently came this story from CloudFlare: blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet.
In terms of reverse engineering as long as any language uses LLvm or Gcc there’re many many tools for that especially they way how these compilers build the windows binary and they’re traceable because rust still use libc, Go on the other hand is a first class citizen of static compilation bypassing layer security checks, directly through the kernel, Go having its own linker, assembler with big binary surpassing antivirus checks limit that’s a big one
It's because it's less common for writing malware and thus has less tools, that's literally the only reason. Malware is practically programming language agnostic the only thing different between PowerShell and Assembly are some of the obfuscation techniques. Also using portability as a reason for Rust is downright hilarious I mean sure there's a C compiler for practically every architecture on earth but Rust can write to a whole five or so different architectures using LLVM!
Nothing says lawful evil like using the most efficient and safe solution to extract as much money as possible. Hey why does that sound like it applies to more than just hackers?
I know I can’t be the only one who saw this in their recommended, thought it was about the survival game, and then was pleasantly surprised by it being a different Rust entirely.
So if, for example if someone wanted to use AI to write code that iterates through millions of attempts to find and exploit CPU vulnerabilities, like Spectre or Meltdown, with a view to replicating itself to other memory space and then other systems, you think Rust would be the way to go. And the top story tonight: The Rust based GPUWorm V23434.32464.1 started at Nvidia cloud platform and spread to all GPUs on the planet, freezing up the internet, communications, financial institutions and travel for the foreseeable future. Experts think it cannot be stopped.
A youtuber who endeavours to teach us low level programing is amazed when his trivial implementation of httpd does not crash... Oh, how low have we fallen!
man i wanna make stuff in C so bad but everytime i try i just end up spending so much and time on build system and getting confused by cmake then i wont know how to get started lol
Just learn zig it’s basically C without all that garbage. Plus you have to pass allocators whenever you allocate memory. So you actual learn how the allocation works instead of just messing with C’s malloc and potentially creating a bug.
I think another important aspect is that cargo makes it trivial to statically link dependencies (such as the crypto you're gonna use to take hospital data hostage), which is useful if you want to produce a single binary without dependencies for your attack. I see other aspects where Rust makes it really easy to raise the barrier to entry on reverse engineering, but sharing too much on these subject is against my ethics, as I wouldn't want to inspire practices that the black hats may not have started using yet.
Parents/Coders who keep a "Play Area Asylum" (Rust) it is their children who upon seeing a clean hallway will immediately run down it with scissors bared and having none of the usual restraints will marvel at your spilled blood like its just another toy. Then chastise you for not using tooth and nail like a proper feral pisshead. Most people have teeth and fingers so why do you need T000lz!? It is a feature of C that you are able to think badly and must be done if you are ever to think at all, mastery over that which is wrong to fully encompass and absolve it. Once the Rust Cult reinvents 'Fortran but with extra steps' they will then 'drink the koolaid' Such disgusting humanist values that will never touch metal always gets yeeted and deleted without a cohesive base. That is Rusts purpose it was coded as a trash collector for these virgin tinkerers.
Rust has a lot of problems: 1. The compiler is too slow (large projects take twice as long to compile as C++); 2. The complex syntax of the language; 3. Backward compatibility of the code is broken; 4. Rust is too heavily promoted.
Hey Low level, I know this might be out your domain. I'm currently learning C and am trying to choose between C++ or Rust. I want to be a machine learning engineer. What would you recommend I learn? I'm going to learn python later
Learn C++ Rust is still a borderline meme lang which despite what stackoverflow might tell you still has pretty much no jobs in. Though frankly speaking if you want to get into ML you should learn Python and Tensorflow.
Yeah, and also because its novelty means that reverse engineering tools are less available and advanced. There's also another related factor: detection software hasn't catalogued a lot of Rust-made malware yet, so the novelty factor also helps them here.
If Rust can be used to make nearly uncrackable malware for evil purposes. Then it can also be used to make nearly uncrackable malware for good purposes.
"Everything is open source if you can read ass" is the only thing I could see throughout the whole video
It was a real trip for me. I went from ass, to asses, then maybe assets, wondered about asserts for a while, and finally, *finally*, saw assemb-- and figured it out.
@@peter9477 Lol 😂
@@peter9477 asm LOL
same lmao
So, Rust enables malware authors to do evil safely.
We get it it's safe, stop the brainwashing it is safe, it is safe, it is safe, memory safe, memory safe, it is safe, it borrows, no garbage collector, it is safe, safe, safe, safe, safe, safe, rust is good, everyone should use it, it is fast, those C/C++ guys don't get it, use rust, use rust, it is safe, it's portable, it is used in linux, it is safe, memory safe
At least someone has found a practical use for it, instead of just talking how great Rust is.
@@OlegLecinskyPlenty of people have found practical uses for it.
While it's rare to refactor everything into Rust it's actually becoming quite common to refactor bits of code into Rust.
Things that needs memory safety, speed, parallelism etc.
@@Luredreier This is all again just talk I've heard before. The same talk we've had 20 years ago about "Linux replacing Windows on a desktop" is now "Rust will replace C++". For a language which is supposed to dethrone C++ the results aren't quite visible yet. I'm sure with some time Rust will find its usages, like Linux still exists on desktop, with probably a couple of % of installations.
@@Luredreier What's the use tho? Rust IS NOT a systems programming language. Rust is an userspace language? Kernels and such - heck no. Rust's unsafe is terrible and it's not meant to be used as much as it's needed in low-level space.
So I should use Rust now.
yup just what I was thinking
Ladies and gentlemen. We got'em!
- -
Highly suggested.Feels like the compiler massages the brain
Reject rust, embrace C
People will write malware in Bash, Python, Go, Java... Literally anything.
It helps that Rust has a well-tested standard library.
I think the most popular languages for wirting this stuff are C, C++, Go and Nim, for specific reasons.
C and C++: it is low level and is efficient, so the malware will not use a lot of resources, lowering the chance of detection, also lots of libraries
Go: It is easy to write, still can use pointers, decent performace. (You can do pointer arithemitic with the unsafe package.)
Nim: Basically C++, but with a python-ish syntax and Garbage collector. (that you can turn off), easy to write, but is a small language, so lacks libraries. (It is so much used for malware that depending on your antivirus, it will flag every Nim program as malware).
Rust is only being used more now, because it have more libraries today, the standard library lacks features, like you need to install a crate just to have a random number generator, even the 50 years old C have a a PRNG in the std library.
But thankfully Rust is kinda popular today, so you can find lots of crates that make up for the small std library.
Bash?
@@Stopinvadingmyhardware Malicious shell scripts are a thing.
Not only "a thing", if you use Linux you should always check bash scripts that you get on the web, it's incredibly easy to write bad stuff with bash. Besides it's very easy to check it since it's just a text file (and usually only one text file)
If a language is used by malwares, you know the language is a real deal. Hackers are still the same software engineers that wanted things fast and reliable after all (imagine the virus crashes itself and get caught in early stage).
Aahahahahahahahaha lol you have a very nice taste in thin sharp humor!
YOur comment deserves 10k likes!
"If a language is used by malwares, you know the language is a real deal."
I suppose that must then include Visual Basic since it used to be used for a bunch of macro viruses back in the day.
@@seneca983 VB used to be it actually, just evolution of the rest of the world pushed it away with time
@@seneca983 VB just got old and unsupported. It was very good for the time the viruses were made.
@@seneca983 VB, LUAscript, C++, Powershell, GO, Java, Python, bash-script loaders, etc.
All of these are valid attack vectors. IR and malware analysis is reactive so when you're developing in not C/C++, IR has to play catch-up and get to to speed.
Rustaceans: Go is a programming language for malware authors!
Malware authors: uses Rust
Rustaceans: 👁️ 👄 👁️
"Rust is the most loved language by malware authors!"
- Not StackOverflow
Literally who says that lmao
Imagine a payload in "go", it would be like 700MB.
me: uses both coz they're both better than many languages 🤓👍
@@monad_tcp 9mb hello world in rust lol
Reverse engineering Rust is only hard because writing Rust decompiler hasn't been a priority. If Rust is picking up, then the various software security companies will make this a priority. Back during the time when everyone was worried about the Year 2000 rollover bug there were a lot of legacy programs and libraries whose original source code was lost or there were so many different instances of the program or library and you couldn't tell which version of the source code it mapped to, or if it was even there. Programmers, especially at the various Y2K consulting companies, quickly became really good at reverse engineering from assembly and the various bare bones assembly to C converters. It was right about that time that reverse engineering tools became much more usable. I predict the same will occur now.
there's plenty of training data, so it's only a matter of time that a deep learning model / LLM is engineered that decompiles Rust
Why stop there, make an LLM driven compiler.
Unfortunately, a rising tide lifts all boats. Thank you for the video!
How eloquent
„The borrow checker” sounds like a Dark Souls boss
It sort of is in a way, it's impossible at first, but those with experience understand it and can deal with it easily(with some occasional deaths/errors)
Because of your mic I see " read assembly" as " Read Ass" 💀
I believe I can now add malware development to my CV 😅
i very much loved the short explanation of LLVM and how codes of different languages run on different OSes.
Can you please make a more in depth video about this? A lot of us want to get into malware research & reverse engineering nd stuff, but have no idea about how a code can run on different OS, and what must be understood about OS/compiler infrastructures/architecture, to understand how a malware runs on computer.
you just earned a sub btw
Really high-level but programming languages need to be compiled before they can be run. Essentially languages like C, C++, Rust, the computer knows nothing about this. The computer only knows machine code, instructions which it can operate on. Compilers don't really compile to machine code, they compile to assembly, and then an assembler turns that into an executable.
So, a C++ to x86 compiler will convert C++ to x86 assembly, and then the assembler will convert that into machine code for an x86 computer. What LLVM offers is an alternative. A machine-independent Instruction set architecture. It has similar instructions to x86, primitive things, like load, store, jump, branch. Compilers then target LLVM, and LLVM converts it into a platform assembly. Now, not all platforms have the same ISA. But... they are all turing complete. LLVM can often, but not always, transform some instructions. In reality most programs only need a very small set of instructions to run. Some LLVM instructions may compile to 1 x86 instruction, but 2-3 ARM instructions.
Now, where do OS come into play? Theoretically, very little. An x86 algorithm will be identical in Windows or Linux. The binary layout should* be exactly the same. However, the executables themselves are different. You need to construct an OS executable type, like an ELF, so the OS will accept it and know how to run it. But that's just the beginning. In addition, most non-trivial programs require OS intervention to run. This isn't obvious in high-level languages like C++. But a function like, say, allocating memory requires the OS to intervene. These calls to the OS are called syscalls. These are unique to the OS. Calling operator new often performs a syscall, which will be different on Linux than Windows.
How does a high-level language and compiler deal with this? It would be incredibly annoying if you had to use a different operator new, or different malloc, depending on which OS you're targeting. Well, the language provides a standard implementation for relevant operating systems. This is often called the standard library, like libc or libc++. At compile-time, the compiler chooses which implementation to use. The code is different, but to the programmer the interface is the same. Malloc is always malloc, but behind the scenes the syscall and algorithm malloc uses will be different for each operating system. They also provide platform-independent frontends for other tasks that require syscalls. For example, std::thread in C++, std::filesystem, etc.
Some programs include "hardware intrinsics". These are sections of the program written to target specific hardware. For example, inline x86 assembly in C/C++. These cannot be ported, its simply impossible. So, they're generally avoided and only used in user-land code to do very specific things. You can turn these off on some platforms in the code, using the compiler. You can request the compiler check what platform its compiling to, and if the specific hardware code doesn't work there then don't compile it. Very common to see in high-performance hardware-bound applications, like video games.
Are u gonna make a guide on how to write malware in Rust?
0:14 "Criminal use it" The best argument for using some technology ;)
Hey Jake,
This doesn’t surprise me. Any tool can be used for both good and evil. I’m sure that efforts have redoubled to produce reverse engineering tools for Rust as I write this. Great video as usual. 😀
Love the mic position in the monologue shots: “everything is open source, if you can read ass”
My biggest barrier to entry on Rust is how every video about it sounds like a sales pitch. I thought this one was going to dish up some critique.
"Everything is Open Source if you can read assembly..." - Ser.
It would be interesting to know how we can tell which malware was written in Rust from examining the binaries. I'm assuming from the runtime/equivalent of libc included?
An easy way is just search the strings for "crate". A Rust binary (that hasn't been completely mangled to hell) will have package strings for every crate that was included by the dependency manager.
Whoever made that language tierlist should _seriously_ consider unlive. C# above C++, bash and Lua in the same tier as php, Go and Assembly in the same tier as Kotlin, Elixir, Python and Ruby in the same tier as Cobol, Zig on par with Rust.
This isn't just objectively wrong, this is a cry for help. I wanna know who performed the lobotomy on the person that made this list.
So, "It takes a good guy with Rust to stop a bad guy with Rust"?
Thanks for sharing the info. Great video.
Thanks for watching!
TLDR: programmers, such as malware authors use rust because it’s a pretty good language.
Pedantic nit: "it is almost impossible to make code that crashes using rust"
Try accessing an out-of-bounds index in Rust. It will panic and crash, which is actually the "memory-safe" response rather than accessing illegal memory.
Rust protects you from data races, but it does not protect you from crashing your application.
If you are trying to use rust on windows, good luck with that because certain crates will just refuse to compile.
The llvm backend is used by rust to generate code, but you'll struggle even to get basic functionality like profiling, coverage to work. The only solution is to build the rust compiler from source, so that leaves you in the territory of custom toolchain. I know, because I'm struggling with the same.
But static analysis time memory diagnosis looks very neat.
Maybe it might become popular in the near future, but it is never replacing C or C++.
Who writes malware for Linux anyways?
Well, it really depends on the implementation. I'm writing a library in Go which for now only works on Unix systems due the syscalls I'm using. And the last question, most servers run Unix systems like Linux and BSD, which are greater targets than your neighbour maybe. Also some people have that tendency to think they're safe just because they use Linux, but that overconfidence just make them easier targets. But of course, the majority of malwares are on Windows due it's popularity
@@_garicas Linux is far more popular than windows - Android and servers. Nobody is safe, but everyone who uses his brain is safer on Linux.
The most evil part about Rust is that at some point it becomes Assembly, the most unBased language. Truly a work of evil.
The most evil part about Rust is that it's a neomarxist programming language.
@@hdjwkrbrnflfnfbrjrmd what does it mean? 😅
@@hdjwkrbrnflfnfbrjrmd what? lol
@@hdjwkrbrnflfnfbrjrmd I've noticed that all the worst sort of commie scum seem to main that language. That realization snuffed out any desire I had to work with Rust. I refuse to accept them as my peers.
@@hdjwkrbrnflfnfbrjrmd so true, fr fr no cap
Hackers are so easy to recognise. They always sit behind a computer wearing a hoody.
I don't like Rust for its inconsistency, terrible syntax, camel case nightmare and abstractions. It's inconsistency (two ways of declaring variables and functions using and not using "where") will lead to many dialects which will make new code harder to read.
For most of this video, I was too distracted by thinking your shirt said, "everything is open source if you can read ass."
Currently falling in love and enjoying the rust book and this is interesting 👀
So part of the difficulty in reversing Rust will go away as tools are produced. Are there any language reasons Rust might _always_ be harder to reverse than C/C++ at baseline?
To me that's the more interesting question. Out of "more reliable", "more targets", and "reversing is harder", the last is the one with potential.
That was the little bit about "cost-free abstractions". Basically structure in your code that isn't in the binary at all, and therefore can't be reverse engineered out of the binary.
That doesn't make the reverse engineering impossible, but it makes understanding what you're reading a little bit harder since you've irrevocably lost a lot of the structural information.
For example, a chain of iterator methods might get inlined and optimised to the same code as a series of `if`s and loops, which will be hard to decompile into anything like the original code.
I guess once someone who knows LLVM starts working on a new decompiler things will get easier. And hey, there's money to be made here!
Dayyum content is blazingly fast. 😂
its also obscure lang so most basic functionality of the lang doesnt have signatures, for example a basic socket connect command and control in python will get detected (in some cases) but in rust it doesnt
people also have written malware in nim in part because it’s different enough to prevent them from getting flagged
This was an interesting vid, but I couldn't stop looking at his shirt. When the mic was covering part of it I kept seeing: "Everything is open source if you can read ass" lol.
Reverse engineering rust isn’t as hard as people think it is, if you spend a few minutes you can find out how it works and follow the execution patterns, sadly though IDA does horribly in displaying rust binaries, but other tools such as radare and binj does so much better
Interesting, I didn't realize that Rust was harder to reverse-engineer, but now that you mention it that makes sense. I may start writing some of my code in Rust, because I do have a project that would benefit from being harder to take apart.
Hot take but I think malware is good on windows because it gives people more reason to switch to a good operating system like Linux or bsd
its kinda funny how his shirt says "everything is opensource if you can read ass" thats pretty sussy if you ask me
Hi there, i just discovered your channel, and i cant find any video on "who you are" can you create a video on who you are, how you started etc etc?.i want to learn about your background and how you started
It's even so good that I only had to use a Debugger twice in the last year of writing Rust and that was because bugs in FFI libraries.
I'm so glad to hear malware authors take pride in the quality of their creations. Sadly, currently, many creators of software do not. Personally I think it is professional negligence not to take steps and use tools the help achieve the best software quality one can (In terms of robustness, reliability, security, etc). That is to say negligent to use error prone languages like C and C++ when alternatives like Rust exist that greatly mitigate a lot of silly mistakes we can (and do) make. These malware authors are a great example of professionalism for the rest of us that we would do well to follow.
C and C++ are not "error prone". They simply let you do more than Rust does. Technically there are no such things as "programming errors". There is only a disconnect between the programmer's mental model of what the code does and the actual reality of what the code does. All of my buffers are allocated statically, they are powers of two sized and I generally use a binary mask for the index. That's 100% buffer overflow safe. Rust can't do any better than that, either for scenarios which do not require dynamic memory allocation. At most it can make dynamic memory allocation more convenient than my programming model would. I use finite state machines for parsing of datagrams and they always include conditions that lead to one or several "invalid" states. Rust can't do any better than that, either, because it does not have a mathematical prover that can prove that your datagrams are safe. You have to make sure of that. Using these techniques I have programs out in industrial applications that have 100% uptime and zero known bugs. If that is what you need, then you just have to use your tools in ways that make sure that that is what you get. Relying on a language to do the thinking for you is a guaranteed recipe for failure.
@@lepidoptera9337 Yes, if you want to be pedantic a programming language, (C, C++, anything) is not "error prone". However programmer are. The question is does the language help prevent its users from making silly mistakes. Same like how all kind of dangerous machines are not error prone, their users are, that is why we have all kinds of safety guards and interlocks on dangerous machines.
Of course there are such things as programming errors. Same like their are spelling and grammatical errors in normal writing which give the reader the wrong idea, Same like their are errors of judgement that cause drivers to crash their cars.
The question is does a programming language help detect those silly programmer mistakes. I'm glad to see you take steps to avoid bugger overruns etc in your code. I don't see why you would not welcome a language that can check all those things for you automatically and save you the trouble.
It's wrong to say that Rust cannot do better than you at detecting memory misuse errors. Being human you are prone to making mistakes, you will be tired, or sick, or under pressure to finish, or just have a bad day. Where as Rust will check your work all the time. If nothing else Rust removes the need to check everything yourself all the time.
I do agree with you when it comes to program logic or algorithmic correctness. Like you state machines example. Rust cannot save you from writing the wrong algorithm. As you say we don't have the mathematical provers for that. And if we did we would have a very hard time specifying the problem to be proved. Rust does not claim to do that. However the type and memory misuse checking it does is a huge advantage in ensuring program correctness,.
Actually state machines is a case where Rust's type system can help greatly in ensuring you write correct state transitions. So not a good example of why Rust does not help.
I also agree that if one wants as few bugs as possible and reliable systems one should use the available tools in ways that make sure that is what you get. One of these tools is type safe and memory safe languages like Rust. By your own logic if one wants bug free reliability one should be using languages Rust to help.
Nobody is saying rely on the language to do the thinking for you. But I bet you are happy to let a calculator do complex arithmetic for you rather than working it out with pencil and paper. There is no way having a language like Rust check for type and memory misuse can be a recipe for failure.
Like you I have been working on industrial applications in languages like C, C++, PL/M, Pascal for a long time. Since 1882 about. I have adopted techniques as you describe to ensure things work reliably. Some other those systems have been running trouble free for twenty years and more. I am very glad to now have a language like Rust that saves me all the tedious and error prone manual checking of everything I do.
Many others in industry have had the same experience. For example recently came this story from CloudFlare: blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet.
I'm a bit amused by how your shirt reads when it's obscured behind the mic stand 😆
In terms of reverse engineering as long as any language uses LLvm or Gcc there’re many many tools for that especially they way how these compilers build the windows binary and they’re traceable because rust still use libc, Go on the other hand is a first class citizen of static compilation bypassing layer security checks, directly through the kernel, Go having its own linker, assembler with big binary surpassing antivirus checks limit that’s a big one
what happened to john hammond
It's because it's less common for writing malware and thus has less tools, that's literally the only reason.
Malware is practically programming language agnostic the only thing different between PowerShell and Assembly are some of the obfuscation techniques.
Also using portability as a reason for Rust is downright hilarious I mean sure there's a C compiler for practically every architecture on earth but Rust can write to a whole five or so different architectures using LLVM!
Is the end of video pointing to another video an April fools joke? I really am interested in the invisible video lol
is there a video where you complete the tierlist you mentioned
EVERYTHING can and probably will be used for evil.
when hackers have clean machine code more than your 6fig nodejs dev that's putting too much faith in WAF
Well, if the malicious code works on Windows computers, fine....
Windows is only useful if that computer is not connected to the internet...
0:12 Love your shirt ("you can read ass")
I know this was publish on April 1st, but I consider the Rust zealots evil
Nothing says lawful evil like using the most efficient and safe solution to extract as much money as possible.
Hey why does that sound like it applies to more than just hackers?
I keep thinking of Rust (the video game) whenever I see it in the title of a video.
I know I can’t be the only one who saw this in their recommended, thought it was about the survival game, and then was pleasantly surprised by it being a different Rust entirely.
So if, for example if someone wanted to use AI to write code that iterates through millions of attempts to find and exploit CPU vulnerabilities, like Spectre or Meltdown, with a view to replicating itself to other memory space and then other systems, you think Rust would be the way to go.
And the top story tonight: The Rust based GPUWorm V23434.32464.1 started at Nvidia cloud platform and spread to all GPUs on the planet, freezing up the internet, communications, financial institutions and travel for the foreseeable future. Experts think it cannot be stopped.
We need common sense Rust control!
Rust enables people to write blazingly fast malware with fearless concurrency.😅
A youtuber who endeavours to teach us low level programing is amazed when his trivial implementation of httpd does not crash... Oh, how low have we fallen!
man i wanna make stuff in C so bad but everytime i try i just end up spending so much and time on build system and getting confused by cmake then i wont know how to get started lol
If you’re still struggling, try asking ChatGPT to help you. Folder structures, linking external libraries, etc.-it will walk you through it all.
Cmake is terrible and I hate it. I just use a Makefile and I have never had to spend time thinking about the build system.
Just learn zig it’s basically C without all that garbage. Plus you have to pass allocators whenever you allocate memory. So you actual learn how the allocation works instead of just messing with C’s malloc and potentially creating a bug.
yea I hate cmake too ngl 😂
thankfully tho if u wanna make malware in cpp the most basic libs u need are included in the std lib:
Rust being used for evil*.
The rust community: Yay it works!
Knives are used for evil too :D
unsafe {
// screw the borrow checker
}
Man.... Meth users do all the cool stuff. They use rust, and tik-tok. They do it all on their elite Microsoft Surface tablets.
Okay. Enough motivation to learn rust today
You don't have to learn Rust. You have to learn computer science and then use what you have learned. ;-)
@lepidoptera9337 I already studying lol, will do masters too
@@zer0day463 Good for you! Happy learning!
Can you make an assembly tutorial
I think another important aspect is that cargo makes it trivial to statically link dependencies (such as the crypto you're gonna use to take hospital data hostage), which is useful if you want to produce a single binary without dependencies for your attack.
I see other aspects where Rust makes it really easy to raise the barrier to entry on reverse engineering, but sharing too much on these subject is against my ethics, as I wouldn't want to inspire practices that the black hats may not have started using yet.
"Why Rust is Being Used for Evil ?"
Because malware written in C can itself be easily hacked ? :-)
Parents/Coders who keep a "Play Area Asylum" (Rust) it is their children who upon seeing a clean hallway will immediately run down it with scissors bared and having none of the usual restraints will marvel at your spilled blood like its just another toy. Then chastise you for not using tooth and nail like a proper feral pisshead. Most people have teeth and fingers so why do you need T000lz!? It is a feature of C that you are able to think badly and must be done if you are ever to think at all, mastery over that which is wrong to fully encompass and absolve it.
Once the Rust Cult reinvents 'Fortran but with extra steps' they will then 'drink the koolaid' Such disgusting humanist values that will never touch metal always gets yeeted and deleted without a cohesive base. That is Rusts purpose it was coded as a trash collector for these virgin tinkerers.
Me being here thinking this was about the game..
your audio speech and video image are off by a quarter of a second
the issue is that kids are writing this stuff to make money.
you liveoverflow and john hammond literally look identical
Gotta learn rust!
And I prefer D over Rust.
Rust has a lot of problems: 1. The compiler is too slow (large projects take twice as long to compile as C++); 2. The complex syntax of the language; 3. Backward compatibility of the code is broken; 4. Rust is too heavily promoted.
You are not supposed to speak the truth.
Nobody is making you use it! But don't call us when your code breaks.
“the complex syntax of the language”
bro have you USED C++?? just PARSING it is literally undecidable
@@tylerfusco7495 to be fair the syntax is quite weird
@@rallokkcaz 😂
Hey Low level, I know this might be out your domain. I'm currently learning C and am trying to choose between C++ or Rust. I want to be a machine learning engineer. What would you recommend I learn? I'm going to learn python later
Going to chime in here check out Pyo3 and Maturin it's so easy to interop Python and Rust.
Every lang is ultimately used in practice and a lot of times even multiple ones in the same project so the more you know the better.
Stop asking what language to learn. Think about what project you are looking to do. Then learn the language for it
Learn C++ Rust is still a borderline meme lang which despite what stackoverflow might tell you still has pretty much no jobs in.
Though frankly speaking if you want to get into ML you should learn Python and Tensorflow.
@@bencroacademy I’m looking to get a job, like I said in the original post
So basically they use it because it's a good language to use overall.
Yeah, and also because its novelty means that reverse engineering tools are less available and advanced.
There's also another related factor: detection software hasn't catalogued a lot of Rust-made malware yet, so the novelty factor also helps them here.
Rust is just fantastic in general. Makes better code in general compared to most languages.
If Rust can be used to make nearly uncrackable malware for evil purposes. Then it can also be used to make nearly uncrackable malware for good purposes.
Rust Is very powerful 🔥💯
yea rust could be dope for off sec, the std lib has good potential. rly happy we have languages like rust and go 👍
In other words, Rust is so good it should be illegal
I'm sorry but putting java below JavaScript is a crime against humanity
Rust has always been used for garbage. First it was cryptocurrency junk, now malware. Something to do with the target audience /shrug
Nah I'll wait for the next evolution of it, *Rotten*
i thought you mean Rust game which made sense anyway
Guess I'll Uninstaller that game from my pc. Not hacking me china.
one of the best language in the earth? cargo cult spotted
How is cobol dog water?
title and first 10 seconds totally convinced me to learn rust
I LOVE THAT T SHIRT!
Can I get it in long sleeve?
Rust is coming? I don't think so. lol
Which ide is best for programming
Python
Html css js
Kali Linux unable to boot in dual boot setup .please guide us
Hm, this was not a very funny Aprils fools joke
I thought Rust was a game 😐
so the solution is to use.... RUST?
April fools ?