Subject: Comper-2a From: ajpierce@med.unc.edu (Andrew Pierce) Organization: UNC-CH School of Medicine Date: 8 Mar 92 13:56:30 GMT Message-ID: <1992Mar8.135630.15245@samba.oit.unc.edu> Here is the code to Comper-2a. At the moment Comper and Comper-2 are on KotH floating at around 5th or so. Basically Comper is similar in philosophy to Sargent (Kevin Whyte -- kwhyte@zaphod.uchicago.edu) in that it searches the core looking for a target. When it finds one, it bombs it with a jmp to a useless spl routine. The bottom line on this type of strategy is: can you scan the core faster than you can bomb the core? If the answer to this is no, then you might as well just bomb directly. Comper searches memory using the cmp instruction, which after all is really what the whole point of having a cmp instruction is. This was first mentioned to the net by Stefan Strack (stst@vuse.vanderbilt.edu). The virtue of using cmp rather than jmn is that jmn requires two cycles to scan 1 memory location, whereas cmp, properly implemented, can in three cycles scan 2 memory locations, a 50% improvement. The other plus is that other programs cannot make themselves look smaller than they really are through use of zero valued B-fields. It really is amazing how much you can do with zero valued B-fields so this is pretty important. Technically, Comper uses an off-axis cmp scan, i.e. the locations examined are not exactly half the core size apart. In the first Comper the searches are 4000 unit apart (it is designed for coresize = 8000) which simplifies the math but which leaves it vulnerable to programs which make duplicates of themselves half the core away. This method of hiding doesn't work against versions 2 or 2a. Once it finds differing memory locations, it ensures that it won't bomb itself and then bombs with a "sliding trap door", a jmp prefaced by slt #-1,0 instructions. A program which executes any of the slt's will slide down memory until it hits the jmp to the spl routine. In this way the jmp values don't have to be recalculated and also targets for anti-vampire programs are reduced. Comper finishes completely scanning the core in 4000 iterations of the search routine and then zeros the core, zeroing the spl trap last. Vulnerabilities: as any scanner, it gets confused by bombs dropped around the core. A small, rapid pattern bomber can have a scanner program trapping the bombs rather than the program which may slow the scanner down sufficiently to make the difference. A scanner is in general also vulnerable to other scanners. Enjoy! -Andy ajpierce@med.unc.edu ;redcode verbose ;name Comper-2a ;author Andy Pierce (ajpierce@med.unc.edu) ;strategy as all the others which bomb with jmp's to a spl routine ;strategy except scans using cmp instead of jmz ;strategy scans 50% faster (2 in 3 vs 1 in 2), not fooled by "stealth" ;strategy v2: off-axis compare -- cannot "hide in own reflection" ;strategy v2: unroll killing loop ;strategy v2a: marginally more robust ;strategy March 8th, 1992 find cmp 299,4250 jmp kill,0 back add offset,find djn find,#4001 ;iterations dest cmp 0,0 shuff slt #-1,0 blitz mov -7,<0 djn -1,#7997 jmp 0,0 grind spl 0,0 index jmp -1,0 hit1 dat #0,#0 hit2 dat #0,#0 kill mov #2,index ;find is x,y mov mod1,hit1 mov mod2,hit2 rekill sub find,@index sub dest,dest sub @index,dest slt #40,dest jmp back,0 sub #5,dest mov @index,