[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

RELEASE: CIA Vault 7 part 3 "Marble"

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. RELEASE: CIA Vault 7 part 3 "Marble"
Thread replies: 28
Thread images: 7

Anonymous
RELEASE: CIA Vault 7 part 3 "Marble" 2017-04-01 10:30:28 Post No. 59685265
[Report] Image search: [Google]
File: heartattack.jpg (287KB, 840x798px) Image search: [Google]
heartattack.jpg
287KB, 840x798px
RELEASE: CIA Vault 7 part 3 "Marble" Anonymous 2017-04-01 10:30:28 Post No. 59685265 [Report]
https://twitter.com/wikileaks/status/847749901010124800
>RELEASE: CIA Vault 7 part 3 "Marble"
https://wikileaks.org/vault7
https://youtu.be/uxmMt4EW3PQ

>today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

>Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

>Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

>The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
>>
Anonymous 2017-04-01 10:42:11 Post No.59685337
[Report]
Anonymous 2017-04-01 10:42:11 Post No.59685337 [Report]
>>59685265
Is there some point you wanted to make? Perhaps you are mistaken and simply think this is a news aggregate site.
>>
Anonymous 2017-04-01 10:48:35 Post No.59685389
[Report] Image search: [Google]
Anonymous 2017-04-01 10:48:35 Post No.59685389 [Report]
File: 1478396334769.jpg (26KB, 540x540px) Image search: [Google]
1478396334769.jpg
26KB, 540x540px
>>59685337
>>
Anonymous 2017-04-01 10:49:36 Post No.59685392
[Report]
Anonymous 2017-04-01 10:49:36 Post No.59685392 [Report]
>>59685389
Anyone who is gonna care already knows. Either make a point or fuck off.
>>
Anonymous 2017-04-01 10:54:15 Post No.59685421
[Report] Image search: [Google]
Anonymous 2017-04-01 10:54:15 Post No.59685421 [Report]
File: 1488528684519.png (261KB, 388x314px) Image search: [Google]
1488528684519.png
261KB, 388x314px
>>59685392
"Russian hackers" could be the CIA or anyone in America or the world that got access to these Vault 7 tools when they hit the black market
>>
Anonymous 2017-04-01 10:56:12 Post No.59685436
[Report]
Anonymous 2017-04-01 10:56:12 Post No.59685436 [Report]
>>59685421
Thank you.
>>
Anonymous 2017-04-01 11:54:19 Post No.59685848
[Report]
Anonymous 2017-04-01 11:54:19 Post No.59685848 [Report]
>>59685265
bump for justice
>>
Anonymous 2017-04-01 12:03:54 Post No.59685904
[Report]
Anonymous 2017-04-01 12:03:54 Post No.59685904 [Report]
>"lives" in a foreign embassy to avoid arrest and lawful extradition
>>
Anonymous 2017-04-01 12:05:54 Post No.59685915
[Report]
Anonymous 2017-04-01 12:05:54 Post No.59685915 [Report]
>>59685421
or they could be russian hackers.
>>
Anonymous 2017-04-01 12:07:53 Post No.59685925
[Report]
Anonymous 2017-04-01 12:07:53 Post No.59685925 [Report]
>>59685915
Jesus fuck let it die.
>>
Anonymous 2017-04-01 12:08:34 Post No.59685929
[Report]
Anonymous 2017-04-01 12:08:34 Post No.59685929 [Report]
>>59685925
>I can't be russian hackers, the_donald would never lie to me

about you just let yourself die
>>
Anonymous 2017-04-01 12:18:44 Post No.59686003
[Report]
Anonymous 2017-04-01 12:18:44 Post No.59686003 [Report]
>>59685915
Spoier: it's the CIA
>>
Anonymous 2017-04-01 12:19:21 Post No.59686011
[Report]
Anonymous 2017-04-01 12:19:21 Post No.59686011 [Report]
>>59685929
I meant the thread, numbnuts.
>>
Anonymous 2017-04-01 12:52:56 Post No.59686307
[Report]
Anonymous 2017-04-01 12:52:56 Post No.59686307 [Report]
>>59685904
any day now, the election in Ecuador is going to be finalized. the guy touted to win has vowed to kick Wizzy out of the embassy. so has the woman coming second.

i can not wait. this is going to be so funny.
>>
Anonymous 2017-04-01 01:07:07 Post No.59686454
[Report]
Anonymous 2017-04-01 01:07:07 Post No.59686454 [Report]
>>59685265
Alrighty /g/, I decided to take the time to check out what this marble really is.

What the algorithm does is it scans Marble.h for all of the listed possible XOR functions. If there is an uncommented one, it will use that one exclusively, otherwise it picks a random xor function.

A vast majority of the files are really basic xor functions. A random seed + xor in about 4 different flavors, then trying a _slightly_ different method of reversible "encryption." Marble picks from one of these.

Then the actual program works like this, it scans all files in a directory to find specific text strings, for example, the word "Marble."

When the text string is found, it reads back to the beginning of the string until a non-alnum + non-space character is found. It takes this position in the file, and indexes it. Then once it has found all of the strings, it takes the randomly selected xor function and encrypts all of the strings and generates a receipt file.

The receipt file can be used to reverse the string encryption (because it's xor). The validator project simply validates that the receipt matches the output file (so for example it scans for strings, and if it finds unencrypted strings with the text "marble" then the file does not validate; then it makes sure that all strings in the receipt are matching with the results it found).

Ultimately, you get something that is about 40% random algorithm selection code, and 50% random xor functions. The rest driver code is really simplistic and just drives the "find files in folder, and apply selected algorithm" concept.

Now honestly, this code is basically intro-to-compsci level projects. The author even uses goto randomly, and it bothers the hell out of me. In the end, this makes me less confident that our government is competent than anything else. Feel free to interpret that as you will (e.g. false flag, intentional release, hype train, etc).

Happy Hacking
>>
Anonymous 2017-04-01 01:31:42 Post No.59686662
[Report]
Anonymous 2017-04-01 01:31:42 Post No.59686662 [Report]
>>59686454
the Zeus bot did that some 10 years ago... and their authors prolly copied it from someone else
>>
Anonymous 2017-04-01 01:40:17 Post No.59686740
[Report]
Anonymous 2017-04-01 01:40:17 Post No.59686740 [Report]
quit compromising our national security

the CIA should be allowed to keep secrets from us because any one of us might be a terrorist and if terrorists know then the rest of us are fucked

as far as I'm concerned anyone who might be helping terrorists learn information that compromises us to them -- whether knowingly or not -- is basically also a terrorist, so I HOPE "Julian ASS-ange" gets a "heart attack," and I wish the same on the entire Wikileaks project
>>
Anonymous 2017-04-01 01:47:04 Post No.59686799
[Report]
Anonymous 2017-04-01 01:47:04 Post No.59686799 [Report]
>>59686740
Jesus Christ, this place is not for you. You must have an IQ of 90+ to post here.

>disregard this if you're an Indian developer that struggles with english and java (your primary programming lang)
We love you guys.
>>
Anonymous 2017-04-01 01:52:13 Post No.59686855
[Report] Image search: [Google]
Anonymous 2017-04-01 01:52:13 Post No.59686855 [Report]
File: Screenshot_20170327-081857.png (503KB, 1440x2560px) Image search: [Google]
Screenshot_20170327-081857.png
503KB, 1440x2560px
>>59686799
iq 140 but iq is for jews
>>
Anonymous 2017-04-01 01:58:15 Post No.59686916
[Report]
Anonymous 2017-04-01 01:58:15 Post No.59686916 [Report]
>>59686855
So that means you're a Jew?
>>
Anonymous 2017-04-01 01:59:27 Post No.59686924
[Report]
Anonymous 2017-04-01 01:59:27 Post No.59686924 [Report]
>>59686916
no, jews are ruin america, i am real american i work every day to make money not like poor people who are bad!! coca col
>>
Anonymous 2017-04-01 02:03:12 Post No.59686967
[Report] Image search: [Google]
Anonymous 2017-04-01 02:03:12 Post No.59686967 [Report]
File: 1489869540938.gif (58KB, 132x140px) Image search: [Google]
1489869540938.gif
58KB, 132x140px
>>59686855
>>
Anonymous 2017-04-01 02:08:04 Post No.59687004
[Report]
Anonymous 2017-04-01 02:08:04 Post No.59687004 [Report]
>>59686454
So like, worse than using something like vmprotect/themida?
>>
Anonymous 2017-04-01 02:08:42 Post No.59687012
[Report] Image search: [Google]
Anonymous 2017-04-01 02:08:42 Post No.59687012 [Report]
>>59686967
OAH IT ARE MAGIC?!?!?
>>
Anonymous 2017-04-01 02:24:52 Post No.59687183
[Report]
Anonymous 2017-04-01 02:24:52 Post No.59687183 [Report]
>>59685265
Computer security researcher here.

I looked over the release and it's nothing of significance.
>>
Anonymous 2017-04-01 03:23:09 Post No.59687867
[Report]
Anonymous 2017-04-01 03:23:09 Post No.59687867 [Report]
>>59686799
>>59686855

https://www.youtube.com/watch?v=JWzjn0N9g4g&t=98s
>>
surreal 2017-04-01 04:45:10 Post No.59688905
[Report]
surreal 2017-04-01 04:45:10 Post No.59688905 [Report]
>>59685265

wow no one knows what a polymorphic engine is

11/10 nice bait
>>
Anonymous 2017-04-01 05:31:52 Post No.59689497
[Report] Image search: [Google]
Anonymous 2017-04-01 05:31:52 Post No.59689497 [Report]
>>59686740
>>59687183
WEAK CIA niggers- 9/9/99 SOON
Thread posts: 28
Thread images: 7
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.