Thursday, May 13, 2004


Because you just can't get enough self-reproducing code...

Logic, Sets, and Recursion by Robert L. CauseyTobias from PHPwizard wrote me regarding an earlier blog entry on self-reproducing code. He uses a printf to achieve the necessary recursion for self-reproduction. Way, way more elegant than the clunky approach I wrote over lunch one day. Anyhow, here 'tis:

I used these as signatures back in 1999 or 2000:

<?$p = '<?$p = %c%s%c; printf($p,39,$p,39);?>'; printf($p,39,$p,39);?>

Another self-printing signature:

<?printf("<?".$a='printf("<?".$a=%c%s%c,39,$a,39);?>',39,$a,39);?>

This is unrelated, but cool: :)
Mandelbrot, takes less than a second with PHP 5.0, took 3.5 seconds to execute with PHP 4.0.1 and 13.5 seconds with 3.0:

<?$c=$s=0;$a=$t=$x=$y=$b=-2;for(;$b-=$a>2?0.1/($a=-2):0,$b<2;
$s.=chr(30+$c),$a+=0.0503)for($x= /* Tobias Ratschiller */
$y=$c=0;++$c<90&$x*$x+$y*$y<4;$y= /* http://phpWizard.net */
2*$x*$y+$b,$x=$t)$t=$x*$x-$y*$y+$a;print(chunk_split($s,80));?>

1 comment:

Anonymous said...

Interesting stuff. I see a potential for PHP based havoc, specially if you have lazy server admins.

Goes like this: self replicating code (with filesystem stuff) that has some sort of aggressive search behaviour (for more PHP files), a timed malicious payload and a data gathering system (for infected files locations) that can hold info in a centralized or distributed (inside replicated code?) way.

Properly configured servers would spoil this, but given that in lots of systems you can use PHPshell to access any user's files with server UID (mostly read/write, I believe)... one would only have to compromise a single file in a fairly successful PHP app and wait. Zombies, I say :/