Quote from: kmfkewm on September 09, 2012, 05:28 amYou are completely misunderstanding what I did. I didn't include encrypted code with the program, I included a line of code in the program that executes a decrypted ciphertext as another script if it has a special signal string in it. The only difference between a completely legitimate version of my simple script (that merely takes a file with a GPG ciphertext in it and prints the plaintext to the screen after the user has entered their password) and a malicious version that allows an attacker to craft a ciphertext that decrypts into additional code that is executed, is this line of code in the original program: | #{[105, 114, 98].pack("c*")That really is quite fascinating. One question:Does the trigger string need to be part of the code or does it just tell the existing code to activate? I'm assuming you mean the former, but I just want to clarify (since I don't know Ruby and don't know what your code snippet actually does).Quote from: kmfkewm on September 09, 2012, 05:28 amAnd you can claim all you want here about how your code functions, but nobody will ever know unless they look at it and the full point we are trying to make is that the people who are going to buy it inherently are people who will not notice that | #{[105, 114, 98].pack("c*") is the difference between a safe program and a backdoored version.Well, if pack in Ruby is what I think it is, then to do the same in Python I'd have to import struct (and probably array too). I've already said several times what modules are imported, so there goes that.Hell, there are only two files with integers in them (to read data in each row of the CSVs). Well, alright, 5 files if you count the one with a number in the name and the two files that invoke it. Obviously in the case of those three files the number is part of a string and not an integer.Plus if a vendor is using an air gap all the networking code in the world won't do shit. Yes, I know buyers are lazy and probably don't, but the paranoia of dealing makes an air gap a greater possibility.