<p dir="ltr">On Jan 2, 2014 11:09 AM, "Martin Sustrik" <<a href="mailto:sustrik@250bpm.com">sustrik@250bpm.com</a>> wrote:<br>
> In short, the program would be fully encrypted (including the private<br>
> key is uses for Bitcoin transactions) and evaluated in its encrypted<br>
> form. It would never be decrypted.</p>
<p dir="ltr">Then how does it get run? At some point, in some layer of the memory space, it needs to be decrypted in order to execute. Now, granted, the files on disk might be encrypted, but you can not encrypt the machine code - the assembly instructions actually run by the CPU.</p>
<p dir="ltr">More importantly, the code can be emulated, with the contents of memory interrogated at each level of decryption. This won't necessarily even be hard: there is some program, at some bottom level, that loads up the encryption environment to run this in, so have a version that writes to a file instead of executing the program once it knows what instructions to execute.</p>
<p dir="ltr">For example, let us take a program that opens a socket to port 80 on another machine. At some point, the program will actually have in memory the values for 80 and the other machine's address - either IP or DNS. The emulator can recognize this and write what those to a file, then play memory values back in time until the keys are found.</p>