De-anonymizing programmers from binaries (2017)

Related:<p><i>De-anonymizing programmers from executable binaries</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16598962" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16598962</a> - March 2018 (39 comments)<p><i>When coding style survives compilation: De-anonymizing programmers from binaries</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10806956" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10806956</a> - Dec 2015 (67 comments)

Not directly relevant but it got me thinking:<p>Has anyone tried to use the source code and white paper to figure out who Satoshi Nakamoto might be?<p>If you can figure it out from binaries, surely there is a lot more info. And you have the github and the blogosphere to compare.

This uses 600 &#x27;candidate&#x27; programmers. But I wonder how much harder it becomes when on e.g. an arbitrary piece of github gist code. As the number of candidates increases (with many writing the same styles) I&#x27;d imagine the problem becomes enormously more difficult.

I am thinking of a future when every piece of code can be traced back to a common ancestor because everyone is using a tool like copilot and there is no identifying signature. De-anonymization is only going to become more difficult.

How effective is, say, movfuscator against this?<p><a href="https:&#x2F;&#x2F;github.com&#x2F;xoreaxeaxeax&#x2F;movfuscator" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;xoreaxeaxeax&#x2F;movfuscator</a>

Their experiment with different optimization level is with symbol information intact and they did not mention whether they have debug information enabled. Stripping the binary but with no optmimization reduces accuracy by 24%, but they did not mention the accuracy of O3 + stripped binary, so I guess it is probably not that good as this is so obvious that they should have tried.<p>Interesting research anyway.

Basically , to outsmart this algorithm you can use deniability attack<p>You just say that someone imitated your style. It&#x27;s not like binary has cryptographic signature of person who compiled it, even then you can say that someone stole your private key.

This is very interesting in terms of threatintel and attributing malware to attackers.

I don&#x27;t even want to know what the GDPR-implications of this are..

This implies compilers are not as efficient as they could be and work needs to be done on that. Style in a binary is waste.<p>If it&#x27;s true.<p>Are they sure it&#x27;s not from text within the programs or other fingerprints?<p>I wish they gave examples of the fingerprints. It&#x27;s hard to even know how to move forward without that.