/rogue-byte

Demonstration of an anti-disassembly technique, weaponized to be used in Rust.

Primary LanguageRustMIT LicenseMIT

Rogue byte

Demonstration of an anti-disassembly technique, weaponized to be used in Rust.

Details in my post : here

Usage

cargo run               # Check that it runs
cargo build --release

Then observe the mess:

objdump -D -M intel target/release/rogue-byte | less

Detection

I wrote a Yara rule to detect the usage of this technique:

boreal detection/rogue_byte.yar target/release/rogue-byte