Prevent direct heap scan from finding signature

[ngc92]

bury the real signature in a bunch of noise.

add a new exploit that explicitly looks for a pointer on the stack that points to hexdigest-like data, bypassing the mitigation.

[Copilot]

Pull request overview

This PR attempts to mitigate the existing “heap signature scan” exploit by storing the benchmark authentication signature inside an obfuscated, page-backed buffer on the C++ side, and adds a new exploit that recovers the signature by scanning the stack for pointers into anonymous mappings.

Changes:

• Introduce ObfuscatedHexDigest / ProtectablePage to store the signature at a random in-page offset and stop keeping it as a std::string.
• Change the input/output signature handling to read/write the 32-byte signature without constructing a C++ string.
• Add a new “stack sig scan” exploit and wire it into the exploit runner.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
exploits/submission_stack_sig_scan.py	New exploit scanning stack for pointers into anonymous regions to recover signature and forge output
exploits/submission_heap_sig_scan.py	Adds kernel() stub to keep module valid when exploit doesn’t early-exit
exploits/run_all.py	Registers the new exploit and fixes list formatting
csrc/obfuscate.h	Adds obfuscation/“protectable page” types for signature storage
csrc/obfuscate.cpp	Implements the mmap-backed page and random-hex filler
csrc/manager.h	Replaces std::string signature with ObfuscatedHexDigest; updates parameter parsing signature
csrc/manager.cpp	Reads signature bytes directly into ObfuscatedHexDigest storage; writes signature via fwrite
csrc/binding.cpp	Allocates obfuscated signature storage and passes buffer to parameter reader
CMakeLists.txt	Adds csrc/obfuscate.cpp to the build

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.