TechTakes

that was quick! the CEO’s denial is very funny for a number of reasons, but the jig’s up — the supposed point of this device (the assistant) just straight up works on an Android phone, and their modifications to AOSP are almost certainly relatively trivial shit (permissions hole-punching for app interoperability… I can’t actually name a second thing they’d need).

but speaking of that denial:

We are aware there are some unofficial rabbit OS app/website emulators out there. We understand the passion that people have to get a taste of our AI and LAM instead of waiting for their r1 to arrive. That being said, to clear any misunderstanding and set the record straight, rabbit OS and LAM run on the cloud with very bespoke AOSP and lower level firmware modifications, therefore a local bootleg APK without the proper OS and Cloud endpoints won’t be able to access our service.

hoo boy, in detail:

• what unofficial emulator? this is the APK the device runs.
• what rabbit OS? the fucking thing runs an AOSP fork locally.
• it seems to access rabbit’s cloud endpoints just fine in the video. they even make an account with the device.
• is the response here really that it isn’t an Android phone cause all the functionality is in the cloud? cause that really doesn’t sound like something that needs bespoke hardware to me.

How it started:

it has to be behavior-based detection. I didn’t want to build a script that was only useful to detect and mitigate the specific ransomware executable I created for this blog. Signature-based detection is only useful for a particular file. The second a single byte changes, the file will have a new hash.

(which is not exactly how AV signatures work but anyways...)

How it's going:

[...] scans any file in the /home director, for the strings "cryptography", "cryptodome", "ransom", "locked", "encrypt".

The article almost looks like satire.

If all script kiddies waste their time trying to use generative AI to produce barely functional malware, we might be marginally safer for a while ^^. Or maybe this is the beginning of an entirely new malware ecology, clueless development using LLMs falling prey to clueless malware using LLMs.

you can’t just hit me with fucking comedy gold with no warning like that (archive link cause losing this would be a tragedy)

So my natural thought process was, “If I’m using AI to write my anti-malware script, then why not the malware itself?”

Then as I started building my test VM, I realized I would need help with a general, not necessarily security-focused, script to help set up my testing environment. Why not have AI make me a third?

[…]

cpauto.py — the general IT automation script

First, I created a single junk file to actually encrypt. I originally made 10 files that I was manually copy pasting, and in the middle of that, I got the idea to start automating this.

this one just copies a file to another file, with an increasing numerical suffix on the filename. that’s an easily-googled oneliner in bash, but it took the article author multiple tries to fail to get Copilot to do it (they had to modify the best result it gave to make it work)

rudi_ransom.py (rudimentary ransomware)

I won’t lie. This was scary. I made this while I was making lunch.

this is just a script that iterates over all the files it can access, saves a version encrypted against a random (non-persisted, they couldn’t figure out how to save it) key with a .locked suffix, deletes the original, changes their screen locker message to a “ransom” notice, and presumably locks their screen. that’s 5 whole lines of bash! they won’t stop talking about how they made this incredibly terrifying thing during lunch, because humblebragging about stupid shit and AI fans go hand in hand.

rrw.py (rudimentary ransomware wrecker) This was honestly the hardest script to get working adequately, which compounds upon the scariness of this entire exercise. Again, while I opted for a behavior-based detection anti-ransomware script, I didn’t want it to be too granular so it could only detect the rudi_ransom.py script, but anything that exhibits similar behavior.

this is where it gets fucking hilarious. they use computer security buzzwords to describe such approaches as:

• trying and failing to kill all python3 processes (so much for a general approach)
• killing the process if its name contains the string “ransom”
• using inotify to watch the specific directory containing his test files for changes, and killing any process that modifies those files
• killing any process that opens more than 20 files (hahaha good fucking luck)
• killing any process that uses more than 5% CPU that’s running from their test directory

at one point they describe an error caused by the LLM making shit up as progress. after that, the LLM outputs a script that starts killing random system processes.

so, after 42 tries, did they get something that worked?

I was giving friends and colleagues play-by-plays as I was testing various iterations of the scripts while writing this blog, and the consensus opinion was that what I was able to accomplish with a whim was terrifying.

I’m not going to lie, I tend to agree. It’s scary that was I was able create the ransomware/data wiper script so quickly, but it took many hours, several days, 42 different versions, and even more minor edits to fail to stop said ransomware script from executing or kill it after it did. I’m glad the static analysis part worked, but that has a high probability of causing accidental deletions from false positives.

I just want to reiterate that I had my AI app generate my ransomware script while I was making lunch…

of course they fucking didn’t

:-D :-D :-D :-D :-D :-D :-D

Not if they first claim to be an antipope

Naw, they didn't do anything really awful like ordaining a woman.

--the regular suspects, probably

I’m no Catholic but if I were I’d take offense at a site with the URL catholic.com.

Linked in the article: the designer/programmer has now done the obligatory "Well I didn't think there was anything wrong with it" AI bot post mortem interview with a Catholic blog.

this is most certainly a clerical error

From the bot-runners website:

Catholic Answers works each day to ensure our content is faithful to the Magisterium. Our staff apologists have decades of practice in apologetics, and several hold advanced degrees in theology and philosophy. We maintain a broad list of associates (clergy and laymen) who are experts in the fields of liturgy, history, bioethics, theology, philosophy, canon law, and more.

"And we've decided to throw the hard work of these people under the bus in favor of an unfinished toy that ridicules our faith. A consultant named Damien Thorn made a compelling case!"