Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

Related tags

Miscellaneous programming-language interpreter compiler virtual-machine polyglot interpreted-programming-language malware-research c-programming security-research flex-bison
Overview

Jaws Logo

Jaws is an invisible interpreted programming language that was created for antivirus research. Since Jaws code is composed entirely of whitespace characters, it can easily coexist with other programming languages to create polyglot code.

The research behind Jaws aims to build awareness that unknown interpreters can be dangerous. Behavior based detection is becoming the gold standard -- even AI-based static models can only detect the types of threats they've been trained on. You could add signatures for Jaws, but nothing is stopping an advanced attacker from reproducing their own version of this in a different way. When the "code" of the malware is completely unreadable but can execute anyways, it exploits a fundamental flaw in the foundation of static analysis tools. To read more about Jaws and why it was created, please refer to my blog post or my undergrad honors thesis.

Tools for developing Jaws programs can be found in the various directories of this repository.

Install

You can install all the programs by running the following command in the top level directory:

$ make && make install <-- (you will be prompted for your sudo password)

Tools

jaws

Jaws virtual machine

Jaws is an interpreted language, so a virtual machine has been created to run Jaws programs. The virtual machine source code and language specification for Jaws can be found in the jawsVM directory.

finc

Fin-to-Jaws compiler

Because Jaws instructions are entirely composed of invisible characters, a visible version of Jaws, called Fin, has been created. Fin allows you to write Jaws programs in a visible, human-debuggable fashion. Once you have written a Fin program, you can compile it to Jaws using the 'finc' compiler. The compiler source code and language specification for Fin can be found in the finCompiler directory.

Roadmap

LLVM Target

Jaws backend

Eventually, I'd like to get Jaws to the point where it can be used as an LLVM backend target with the intention of being able to compile C to Jaws. That would make Jaws development a breeze.

Code Injection

Jaws injector

I want to create a tool that can take Jaws code and inject it into many different file types including:

  • non-whitespace controlled file formats
    • C, Java, etc.
    • markup files
    • text files
  • whitespace controlled file formats
    • Python, etc.
  • image files
    • JPG, PNG, GIF, etc.
Comments
  • is the premise true?

    is the premise true?

    First off thank you, this seems like very interesting research!

    Hope these questions doesn't come off as rude:

    The research behind Jaws aims to build awareness that unknown interpreters can be dangerous.

    but that would require said VM to be actually installed on the target machine in the first place?

    Since Jaws code is composed entirely of whitespace characters, it can easily coexist with other programming languages to create polyglot code.

    Since most languages have code formatters and linters, some even auto format on save can it really survive?

    then you have whitespace sensitive languages such as Python that casts doubt on this premise?

    also note: under emacs one can use the M-x fixup-whitespace

    question 
    opened by AnharMiah 9
  • Add an extractor to the VM

    Add an extractor to the VM

    Add the capability to dump interpreted instructions back into their own file, effectively making an extractor that can pull raw Jaws code out of any type of file.

    enhancement 
    opened by lawndoc 0
  • Create LLVM backend for Jaws

    Create LLVM backend for Jaws

    This is probably going to require the creation of a separate git repo, but I'm just putting in here for remembering later.

    The end goal is to be able to translate C code to Jaws.

    enhancement 
    opened by lawndoc 0
  • Add a debugger

    Add a debugger

    Add a debugger to Jaws to step through interpretation or enter the debugger when an error occurs. The debugger should be able to see what instruction the interpreter is on, the data on the stack, and the data on the heap.

    enhancement 
    opened by lawndoc 0
  • Header not complex enough

    Header not complex enough

    I was trying to concatenate jaws code to the end of an elf binary for a CTF, but I ran into an issue where a false header was being picked up in the binary before it got to the actual jaws code.

    To decrease the likelihood of this happening when injecting jaws into various files, I might need to consider making the header more complex/unique. The easiest way would just be to make it reasonably longer with additional spaces and tabs.

    Definitely a breaking change, but jaws isn't that popular so it's not a huge deal... I'll be thinking about it.

    enhancement breaking change 
    opened by lawndoc 0
  • Windows network instructions not working

    Windows network instructions not working

    The test program netcon.jaws works when the Jaws vm is built for Linux, but doesn't work on Windows. The Windows implementation uses winsocks2 rather than unix sockets, so the first place to look would be the Windows netcon implementation in runtime.c

    bug help wanted 
    opened by lawndoc 1
Owner
C.J. May
Information security professional and passionate programmer. I love to learn by doing personal projects. Check out my pinned repos!
C.J. May
GitHub https://www.palehat.net/jaws-research/
code for the Proxy DLL example blog post

ProxyDLLExample A simple DLL for Windows that can be used to demonstrate a DLL Proxy Attack. This project uses GCC through MinGW was tested on Ubuntu

Cobalt Strike 50 Dec 26, 2022
A demo of the relevant blog post: Hook Heaps and Live Free

LockdExeDemo A demo of the relevant blog post: Hook Heaps and Live Free DEMO Explanation There are 2 compile types. The first is an EXE. The EXE requi

null 158 Nov 28, 2022
Notepad++ is a free source code editor and Notepad replacement that supports several programming languages and natural languages

Npp / Notepad++ is my customized text editor highly enhanced for coding such as insta-run, much more file extensions made self-recognizable, logically colored syntax highlighting for nearly every programming language and designed for very easy customizability -- from the toolbar, context menu, syntax coloring, plug-ins for optional increased capabilities and much more

SkyN9ne 1 Jan 23, 2022
PLP Project Programming Language | Programming for projects and computer science and research on computer and programming.

PLPv2b PLP Project Programming Language Programming Language for projects and computer science and research on computer and programming. What is PLP L

PLP Language 5 Aug 20, 2022
Inject code into remote python process.

python-inject Inject code into remote python process. Table of Contents About The Project Built With Getting Started Prerequisites Installation Usage

Sarnax 6 Jan 10, 2022
Mix C with other programming languages

extern "C" This project demonstrates how to mix C with other programming languages. It aims to create a Rosetta Stone of the procedure shown in the fo

Ralph 12 Mar 25, 2022
Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Chris Humphries 34 Sep 7, 2022
Little Computer 3, or LC-3, is a type of computer educational programming language, an assembly language, which is a type of low-level programming language. It features a relatively simple instruction set, but can be used to write moderately complex assembly programs, and is a viable target for a C compiler. It has a simplified instruction set compared to 'x86', but contains all the main ideas used in modern CPUs.

Little-Computer-3-LC-3 What is LC-3? Little Computer 3, or LC-3, is a type of computer educational programming language, an assembly language, which i

Shreyas Srivastava 1 Oct 25, 2021
Automatically inject a DLL into the selected process with VAC3 bypass.

FTP LOADER Automatically inject a DLL into the selected process with VAC3 bypass. This will only, most likely, work only with source engine games in s

null 18 Aug 26, 2021
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

Cobalt Strike BOF - Inject ETW Bypass Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate) Running InjectEtwBypass BOF from Cobalt

Bobby Cooke 238 Dec 9, 2022
Inject a DLL into any program using this C++ program

DLL-Injection-Cpp Inject a DLL into any process using this C++ program Installation Go into a folder and open up Command Prompt. In command prompt run

n0 5 Sep 12, 2022
(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)

Marathon-Fortnite-Cheat-Fix-Leak Fortnite Marathon Cheat v18.20 FIXED [Leak] Getting started Open .sln with Visual Studio 2019 Compile batch build to

LUCIFER ® 2 Dec 13, 2021
Inject .NET assemblies into an existing process

inject-assembly - Execute .NET in an Existing Process This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader

Kyle Avery 385 Dec 30, 2022
Supporting code for coroutines blog.

coroutines-blog Demonstration code for the Feabhas coroutines blog. Build the demos using make. Remove generated executables with make clean. Generate

Feabhas Ltd. 12 Dec 2, 2022
This Repository is created to help fellow coders learn open source contributions. This Repository is created for Hacktoberfest 2021

Hacktoberfest 2021 Follow the README below to get started! This Repository is created to help fellow coders learn open source contributions This Repos

Somesh Debnath 6 Oct 24, 2022
SPIRV-Cross is a tool designed for parsing and converting SPIR-V to other shader languages.

SPIRV-Cross SPIRV-Cross is a tool designed for parsing and converting SPIR-V to other shader languages. Features Convert SPIR-V to readable, usable an

The Khronos Group 1.6k Jan 2, 2023
ShaderConductor is a tool designed for cross-compiling HLSL to other shading languages

ShaderConductor ShaderConductor is a tool designed for cross-compiling HLSL to other shading languages. Features Converts HLSL to readable, usable and

Microsoft 1.5k Dec 29, 2022
WIP / DIN-rail compatible WiFi security camera with additional features (doorbell detection, magnetic / reed switch door & PIR sensor...) that sends you alerts on Telegram if someone unauthorised breaks into your house.

WIP / DIN-rail compatible WiFi security camera with additional features (doorbell detection, magnetic / reed switch door & PIR sensor...) that sends you alerts on Telegram if someone unauthorised breaks into your house.

François Leparoux 2 Dec 18, 2021
StarkScript - or the Stark programming language - is a compiled C-based programming language that aims to offer the same usability as that of JavaScript's and TypeScript's

StarkScript StarkScript - or the Stark programming language - is a compiled C-based programming language that aims to offer the same usability as that

EnderCommunity 5 May 10, 2022