Comment by vidarh
3 years ago
I would love to know if the checks were as brazen as presented in that post, or if the coordinate checks were obfuscated in some way. It sounds like they just assumed the operator would fold long before even getting at the code and couldn't even be bothered trying to make it look accidental.
The main obfuscation was the way IEC 61131-3 constructs get first compiled to C and then to assembly.
There's a lot of indirection and zero strings in the resulting code, meaning it's very difficult to actually find whatever logic you're looking for. But once you see it, it is obvious and seems like it was built like any other logic.
That's amazing. If I was going to pull a stunt like this, I'd like to think I'd find some way of trying to make it look like a bug.
Must be very satisfying to find something like this.
I guess this is going to provide plenty of billable hours for lawyers at this point...