Wikileaks 释出了第三批 CIA 机密文件，曝光了情报机构的代码混淆框架 Marble。代码混淆工具被设计用于隐藏代码的真正来源，将 CIA 开发的恶意程序伪装成来自其它国家。该框架对于开发者和安全研究人员具有参考价值。
如图所示，源代码文件披露了 Marble 中名叫“ adding foreign language ”的功能，在程序中混入其它国家的语言，包括阿拉伯语、中文、俄语、韩语和波斯语。通过混入外国语言，一个 CIA 开发的恶意程序可能会被视为是另一个国家开发的，比如混入中文可能会被认为是中国开发的，但实际上背后是山姆大叔。现在源代码曝光之后，CIA 看起来需要更新一下它的混淆工具了。
from hackernews.cc.thanks for it.
WikiLeaks dumped another part of its Vault 7 data trove on CIA’s espionage tools and this time it’s a tool called Marble, which is a code obfuscating framework.
“Marble is used to hampering forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA,” WikiLeaks writes in its release. Experts, however, don’t really agree with this description.
For instance, Jake Williams, Rendition Infosec founder, took to Twitter to say that after 30 minutes spent on reviewing the available code, he “emphatically disagree[s] with [WikiLeaks] assertion that Marble is used for false flag ops.”
What does he believe it is? Well, just a string obfuscation library. Williams believes it is an interesting piece of code, but not in the sense that it would allow for cyber false flag. “The Chinese and Russian examples noted by WL only show that the tool was tested for Unicode support, nothing more,” he says.
The expert refers to WikiLeaks’ assessment that the source code indicates Marble has test examples not just in English, but also Chinese, Russian, Korean, Arabic and Farsi, which would allow agents to pretend that the spoken language of the malware creator was not American English, but Chinese, which would lead them to believe it was created by a completely different team.
|本文标题：||Wikileaks 公布 CIA 的代码混淆工具 Marble|