[userbinator]

If you can do it, show me. But I know you can't

I've been out of the cracking scene for over a decade now, but I expect that to be none other than a challenge, having seen how far publicly available decompilers have progressed.

[37ef_ced3]

Here is the C code for a DenseNet-121 generated by NN-512:

https://nn-512.com/browse/DenseNet121

Even if you had the C code available to you, you would have a hard time producing the input graph.

Good luck reverse engineering it after GCC has compiled it!

NN-512 has an incredibly flexible code generator. It can easily be tweaked to produce completely different code for the same convolution, so everyone can apply their own twist to defeat the reverse engineers ("the intellectual property thieves").

[sudosysgen]

You're describing every single obfuscation scheme, they all get defeated. And you don't need to find the original graph either, they may be equivalent ones and that could work too.

[astrange]

I haven't seen anyone defeat white-box AES; have Widevine or FairPlay been decompiled?

[FreakLegion]

Widevine has been broken at least a few times, including by recovering the private key from its white-box implementation: https://github.com/tomer8007/widevine-l3-decryptor/wiki/Reve.... Note that the write-up says it was the "old" version, but that's relative to the date of the write-up. Google overhauled Widevine after he broke it.

I'm less familiar with shielding data like this, but historically things like VMProtect and Themida were the standard for shielding programs. These offer a degree of resistance to automation, but a determined human will eventually figure them out, and then automation usually follows anyway. Syntia did this for VMProtect and Themida: https://www.usenix.org/system/files/conference/usenixsecurit....

Edit: A quick search points to Widevine continuing to have issues. Two more recent write-ups:

1. https://i.blackhat.com/asia-21/Thursday-Handouts/as-21-Zhao-...

2. https://arxiv.org/pdf/2204.09298.pdf

[saurik]

It is a lot of work, but I wouldn't say it is exactly difficult... I never bothered to automate it, and so I didn't finish the one I was doing, but I was under the impression that Pod2G's team (which used a photo of me doing it a bit on a blackboard in their presentation) did, however?

https://blog.quarkslab.com/resources/2013-10-17_imessage-pri...

You just don't need to is the thing (if you are in a position to not care about copyright law; I did care, sadly): you can almost always just lift the code--with all its obfuscation intact--and run it in isolation on your input, which more directly undermines the entire premise of the technique.

[astrange]

That presentation seems confused since PRISM is not "a mass surveillance program" or "an alliance with American firms", it's a database the government puts the results of subpoenas in. Of course, the protocol is still weak to an evil key server.

Well, the obfustication is still pretty good if it's 9 years ahead of attacks.

[mlyle]

> That presentation seems confused since PRISM is not "a mass surveillance program" or "an alliance with American firms", it's a database the government puts the results of subpoenas in.

I feel like this is a terrible mischaracterization of PRISM, even if it is almost true. The NSA deployed hardware (following demand letters) to service providers and collected large swaths of traffic based on various types of keyword and attribute matches. This was then put in a big searchable database.

[kanetw]

There's no fundamental reason it can't be decompiled. Vivado uses white-box crypto for their IP keys, and they're all over the Chinese internet.

No one in the West will publicly mention touching them, for good reason. In China they're everywhere.

E: not just China, but it's easier to find them there

[WanderPanda]

Oh looks like something AMD might want to upstream :p