Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Trivia Night unicode obfuscation #9

Open
Bluenix2 opened this issue Feb 22, 2022 · 0 comments
Open

Improve Trivia Night unicode obfuscation #9

Bluenix2 opened this issue Feb 22, 2022 · 0 comments
Labels
Stalled Feature is stalled due to external reasons

Comments

@Bluenix2
Copy link
Member

Summary

The random insertion of empty unicode characters was a very simple (in a good way) implementation of obfuscation but had a few downsides. Most importantly was that it broke syntax highlighting in Discord, this can be very useful to properly understand the code sent. Another downside was that some outright reported that it didn't work, most likely because their operating system didn't copy the unicode characters.

This is on hold until #5 (and potentially #8) has been completed.

Description

According to the recently (I say recently, although it was months ago) acknowledged unicode-related CVE report there are a number of confusing unicode behaviour we can take advantage of. In response to the CVE report there was a PEP released for Python-specific knowledge surrounding it, available as PEP 672. It brings up the following:

  • Control characters: Using NUL and BS (Backspace) to cause Python to stop reading input or the editor to remove particular characters.
  • Confusable characters: Mixing Cyrillic, Greek and Latin characters that look the same, but is read differently by Python.
  • Bidirectional text and marks: Using Arabic or Hebrew characters to cause text to be rendered right-to-left or simply using the control characters directly.
  • Unicode codepoints vs. characters: Python strings use unicode codepoints, but different codepoints may produce/render the same character.

These are all things we can look into and consider. A first step could be figuring out how to restrict the hidden zero-space unicode characters from being placed next to keywords.

Additional resources

  • Similiar unicode technical reports (tr36 and tr39)
@Bluenix2 Bluenix2 added the Stalled Feature is stalled due to external reasons label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Stalled Feature is stalled due to external reasons
Projects
None yet
Development

No branches or pull requests

1 participant