First I would need to learn Python but I am not going to bother to because I already showed it in Ruby, and the two languages are very similar. Object oriented (usually) interpreted scripting languages. Yes it would need to be run on a system with network access, no it does not need to ship the code with encrypted data it gets the malicious code after a vendor decrypts it with their own key. It doesn't need to check for code, it can check for anything. It can run messages that are 101 bytes as ruby code and puts all the others. And actually it doesn't even need that because you can directly issue commands to the terminal with Ruby at least and I would highly bet that you can with python. having `ping t.cc` in a script will ping t.cc, just need to encode it in some funky way to try to hide that it is happening. Now there is no need to load networking modules at all or to run any decrypted messages as code. But it gets encrypted data input from random customers There is no reason for there to be a copy of your GPG key, in the example I gave the exploit is encrypted to the vendors key and they load it into the program, they have no ability to tell encrypted ruby code apart from encrypted addresses because ciphertext looks random in either case. Possibly not. Probably not even! But nobody really knows unless we can look at it. That is the entire point of this thread. We should not have a culture here where peoples claims are taken at face value, especially when vendors are at risk. The purpose of my posting code was simply to show that even a tiny bit of code can make the difference between a secure program and a backdoored one. Honestly I was surprised at how well the backdoor was hidden, certainly better than in my first attempt where I simply unpacked all the calls to arrays of numbers. I have never tried hiding backdoors in code before, and if I tried harder I could probably even make it more subtle than the last example I gave. Indeed by anyone who know the language well enough to A. Know what back ticks do B. Know what pack and unpack do C. Know what | does on a terminal D. Know what irb is E. Knows the language, since they wouldn't just look at that part of the code but would need to audit the entire thing Such an exploit would be possible to spot if the program went through auditing, someone who doesn't know ruby is not going to look at my code and realize what is going on, they are going to see it doesn't have networking code included with it has no IP addresses or ports listed has no encrypted data included and then assume that they are safe. It would be even less likely to be spotted if I encoded the | as well, or maybe even the entire shell command. [quote[* My code does not require or use a network connection in any way (vendors an make their own decisions on whether or not to utilise an air gap).[/quote] Neither does the example code I showed, it gets the networking require from the decrypted ciphertext. You would still have intelligence that someone who needs software to manage printing a lot of addresses for them is using a certain IP address. I am just saying that we have no fucking clue what you are doing and I demonstrated that not all backdoors are as obvious as one would assume, even in a language like Ruby, which is similar enough to Python that the example works for demonstration purposes. Stop reading into shit. I never said your code must contain an exploit. I countered your claim that your code MUST NOT contain an exploit because it has NO NETWORKING CODE by showing how a single array of three numbers and a call to pack (which has nothing to do with networking) is all it takes for it to have networking code remotely injected into it (with user interaction....but the user interaction that the entire system is designed to handle anyway) via a ciphertext created from a specially crafted plaintext.