> The first difference is that the script makes sure (very sure!) to exit if not being run on Linux.
The repeated check is indeed mysterious. My only hypothesis is that the attacker may have thought that it should look plausible as a test input to a compression library, hence repetition.
I also thought it was odd. There's also different random bytes (not random text, actual random bytes) prefixed to the start the scripts, but the bytes are prefixed by a hash symbol, which comments them out, so they don't affect the script. It seems intentional, but I can't think of why they would be there. I thought maybe xz would skip compression if the input was short/not complex enough or something, so they were added to pad the size, but removing them and re-compressing with xz seems to properly compress it, none of the original plaintext is in the compressed archive bytes.
One thing I noticed while trying to reproduce the exact bytes included in the .xz file committed to git is that the script's xz stream doesn't seem to be compressed by any of the default xz presets, I was only able to reproduce it by using `xz --lzma2=dict=65536 -c stream_2`. All the default numbered presents chose a different dictionary size. Another odd seemingly intentional choice, but again I don't understand the reasoning.
Ah, I think I understand the random bytes at the start of the script now. They're prepended to make the partial output of the "corrupted" (pre-tr'd) test stream look like random data. Without those random bytes, you will see part of the start of the script if you observe the partially decompressed output before xz throws an error. They really thought quite carefully about hiding this well.
Still not sure about the repeated lines, though now I'm convinced there must be some reason for it.
Can it be to enlarge/or obfuscate parts of the compressed test file? Perhaps without the repetitions the compressed file has some strange binary triggering some security or antivirus software?
Perhaps expected a very fast machine that might blast straight through the first few checks. Like how you needed two STOP statements in a Cray Fortran program in case it blew through the first one at 80MIPS.
Maybe but only once in a while, I wonder how much legitimate software relies on the kernel name at runtime (vs compile time)?
Also consider it may only trigger if five syscalls to uname come in sequence from the same process. I suspect without evidence this pattern is less common.
Maybe a machine designed specifically to produce "enticing" and "very plausible"-seeming ideas with no basis in reality is a bad idea. [1]
The mention to other "malware" is spurious. This was a highly engineered/targeted attack. Mentioning "malware" just sounds plausible because your brain files the word in the same region as "RCE".
Running `strace` shows `/usr/bin/uname` just calls `uname()`, which just reads out some string literals in the kernel. It is unlikely to be randomized accidentally.
And deliberately signalling the presence of other hacks by making the `uname` syscall non-deterministic would be highly inefficient (Return 8 strings just for one bit of data?), highly unreliable (Check how many times to be sure?), highly visible (Human-readable, and human-targeted.), and unnecessarily difficult (Kernel-level hack?).
…And now you see how much effort it takes, to even start to examine/debunk an implausible and unfounded idea that cost you seconds to prompt and OpenAI fractions of pennies to generate, which took root and seemed "plausible" and "enticing" specifically because GPT was trained in an adversarial way to exploit how us humans can fall for bullshit if it's packaged in the right way…
---
1: The word for that is "Lying". ChatGPT is a Lying Machine. Sometimes the lies line up with parts of reality, but that's more luck than intent. And it's usually still lying even in those cases, just in smaller, subtler, or less blatant ways.
You can call it what you like but I’ve had plenty of hypothetical conversations with people and we never accused each other of lying. I think you are assuming that I treat GPT like an oracle rather than as a sci-fi author tripping on acid.
I’m not going to submit a paper to a scientific journal treating the information as a fact but this is a public discussion forum on the Internet, so I’m happy to speculate in the open using the hallucinations of an algorithm if they seem interesting.
People have the neurological, sensory, and social hardware to be able to conceive of such concepts as external reality, internal biases, internal intentions, and sufficient theory of mind to be able to predict and understand your mental state and try to shape their words to honestly convey those external and internal realities— Including when the mutual internal intention itself is hypothetical or fantastical.
I'm not calling LLMs lying machines just because they sometimes hallucinate and get things wrong. I'm calling them Lying Machines because they literally don't have either the hardware or progeny to be able to care about any concept of the truth, whether regarding explicit simple physical facts or about the intentions of a reciprocal conversation. They are, literally, designed, trained, and selected to fool humans so Sam Altman (and many others) can get his bag.
I find LLMs to be useful tools like any other piece of software. Prompting to get creative ideas is just like using any other software and coding it to respond with various options by say, pruning a large set of options based on a heuristic. In this case it’s a black box and the software is a bunch of words strung together. Also, I don’t pay for ChatGPT and often do this on local LLMs because it’s fun to use new technology.
You seem to have an axe to grind, good for you, I think we need lots of variety of opinion and passion as a society.
I think it's poor form to bring the unvetted outputs of a pseudorandom algorithm to a discussion with real people who are investing their own mental effort and emotional energy. If you couldn't be bothered to have the thought, why would you expect other people to listen to you?
That's the opposite of having "lots of variety of opinion and passion as a society". It's outsourcing cognition to a machine designed to emulate the most banal, superficial, and mediocre aspects of human expression.
That’s your opinion, but I was clear about the origin of the information which is accessible to anyone, it’s up to others to vet and validate information they find online, and furthermore, what you think is poor form is strictly your personal opinion and has little to do with the implied social etiquette of this forum, and nothing to do with its actual rules.
You continue to grind your axe without considering or responding to my opinion about LLMs utility as a tool. Like any tool, it can be used for good and bad things.
No matter what you feel about LLMs and other generative “AI,” they’re here to stay. If you choose to be ignorant of how to use such tools to your benefit, nobody is going to stop you.
> That’s your opinion, but I was clear about the origin of the information which is accessible to anyone, it’s up to others to vet and validate information they find online, and furthermore, what you think is poor form is strictly your personal opinion and has little to do with the implied social etiquette of this forum, and nothing to do with its actual rules.
Evidently not.
> codezero 1 day ago
> [flagged]
Do you always get this upset, argumentative, and perceive personal attack when people disagree with you?
I've been very civil, being flagged doesn't mean I broke the rules, flags are crowdsourced and it's more likely related to your axe grinding and the four downvotes which I'm fine with. If you are implying I broke the rules, please cite the rule I broke.
The comment I responded to literally said:
> My only hypothesis is that the attacker may have thought that it should look plausible as a test
The entire premise of this thread is speculation, which I did. Furthermore, the GPT response prompted me to come up with my own speculation (I won't call it a hypothesis, as this is not science):
I never said anything about a personal attack. You didn't disagree with me (There wasn't anything to agree to, I was speculating), you went on a tirade about how much you dislike people using ChatGPT. I don't have a problem with you, or your opinions about ChatGPT, in fact, I respect them.
You also haven't considered one thing: Posting trash responses by various LLMs on public forms will help weaken future LLMs by poisoning their inputs. If you hate LLMs so much, you should consider doing your part to poison their inputs so they become irrelevant, case in point, this thread is the third result for "uname used in malware" on Kagi, and first on Google. Stop being a passive participant and fight LLMs at the front if you care so much.
The repeated check is indeed mysterious. My only hypothesis is that the attacker may have thought that it should look plausible as a test input to a compression library, hence repetition.