Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Polyglot (computing)
open-in-new
<h2 id="history">History</h2> <p class="note">See also: <a href="/facts/Steganography/RGLdKYcE">History of steganography</a></p> <p>Polyglot programs have been crafted as challenges and curios in <a href="/facts/Hacker_culture/8ww6P79y">hacker culture</a> since at least the early 1990s. A notable early example, named simply polyglot was published on the <a href="/facts/Usenet/lYJWFBR6">Usenet</a> group rec.puzzles in 1991, supporting eight languages, though this was inspired by even earlier programs.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> In 2000, a polyglot program was named a winner in the <a href="/facts/International_Obfuscated_C_Code_Contest/R4zdjcXV">International Obfuscated C Code Contest</a>.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> </p><p>In the 21st century, polyglot programs and files gained attention as a <a href="/facts/Covert_channel/Hoxzd5oM">covert channel</a> mechanism for propagation of <a href="/facts/Malware/5ee7TLFR">malware</a>.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> <a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> Polyglot files have practical applications in <a href="/facts/Computer_compatibility/PNAF7EAB">compatibility</a>.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> </p> <h2 id="construction">Construction</h2> <p>A polyglot is composed by combining syntax from two or more different formats, leveraging various syntactic constructs that are either common between the formats, or constructs that are language specific but carrying different meaning in each language. A file is a valid polyglot if it can be successfully interpreted by multiple interpreting programs. For example, a PDF-Zip polyglot might be opened as both a valid PDF document and decompressed as a valid <a href="/facts/ZIP_(file_format)/qDrrYIB9">zip</a> archive. To maintain validity across interpreting programs, one must ensure that constructs specific to one interpreter are not interpreted by another, and vice versa. This is often accomplished by hiding language-specific constructs in segments interpreted as comments or plain text of the other format.<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> </p> <h2 id="examples">Examples</h2> <h3>C, PHP, and Bash</h3> <p>Two commonly used techniques for constructing a polyglot program are to make use of languages that use different <a href="/facts/Character_(computing)/X2zKLFFB">characters</a> for <a href="/facts/Comment_(computer_programming)/Q8hHFq8h">comments</a>, and to redefine various tokens as others in different languages. These are demonstrated in this <a href="/facts/Public_domain/YWKMDKw4">public domain</a> polyglot written in <a href="/facts/ANSI_C/rPKeEuPm">ANSI C</a>, <a href="/facts/PHP/vU6YRJX0">PHP</a> and <a href="/facts/Bash_(Unix_shell)/RrYLtEJT">bash</a>: </p> <p>Highlighted for Bash </p> #define a /* #<?php echo "\010Hello, world!\n";// 2> /dev/null > /dev/null \ ; // 2> /dev/null; x=a; $x=5; // 2> /dev/null \ ; if (($x)) // 2> /dev/null; then return 0; // 2> /dev/null; fi #define e ?> #define b */ #include <stdio.h> #define main() int main(void) #define printf printf( #define true ) #define function function main() { printf "Hello, world!\n"true/* 2> /dev/null | grep -v true*/; return 0; } #define c /* main #*/ <p>Highlighted for PHP </p> #define a /* #<?php echo "\010Hello, world!\n";// 2> /dev/null > /dev/null \ ; // 2> /dev/null; x=a; $x=5; // 2> /dev/null \ ; if (($x)) // 2> /dev/null; then return 0; // 2> /dev/null; fi #define e ?> #define b */ #include <stdio.h> #define main() int main(void) #define printf printf( #define true ) #define function function main() { printf "Hello, world!\n"true/* 2> /dev/null | grep -v true*/; return 0; } #define c /* main #*/ <p>Highlighted for C </p> #define a /* #<?php echo "\010Hello, world!\n";// 2> /dev/null > /dev/null \ ; // 2> /dev/null; x=a; $x=5; // 2> /dev/null \ ; if (($x)) // 2> /dev/null; then return 0; // 2> /dev/null; fi #define e ?> #define b */ #include <stdio.h> #define main() int main(void) #define printf printf( #define true ) #define function function main() { printf "Hello, world!\n"true/* 2> /dev/null | grep -v true*/; return 0; } #define c /* main #*/ <p>Note the following: </p> <ul><li>A hash sign marks a <a href="/facts/Preprocessor/arTRL5RG">preprocessor</a> statement in C, but is a comment in both bash and PHP.</li> <li>"//" is a comment in both PHP and C and the <a href="/facts/Root_directory/oJN5waeT">root directory</a> in bash.</li> <li>Shell <a href="/facts/Redirection_(computing)/0qhx445L">redirection</a> is used to eliminate undesirable outputs.</li> <li>Even on commented out lines, the "<?php" and "?>" PHP indicators still have effect.</li> <li>The statement "function main()" is valid in both PHP and bash; C #defines are used to convert it into "int main(void)" at compile time.</li> <li>Comment indicators can be combined to perform various operations.</li> <li>"if (($x))" is a valid statement in both bash and PHP.</li> <li><a href="/facts/Printf_(Unix)/uToyvMpD">printf</a> is a bash <a href="/facts/Shell_builtin/9o8PrWpa">shell builtin</a> which is identical to the <a href="/facts/Printf_format_string/Sc6Czbp2">C printf</a> except for its omission of brackets (which the <a href="/facts/C_preprocessor/KuhuxKYP">C preprocessor</a> adds if this is compiled with a <a href="/facts/C_compiler/cPL7x9ld">C compiler</a>).</li> <li>The final three lines are only used by bash, to call the main function. In PHP the main function is defined but not called and in C there is no need to explicitly call the main function.</li></ul> <h3>SNOBOL4, Win32Forth, PureBasicv4.x, and REBOL</h3> <p>The following is written simultaneously in <a href="/facts/SNOBOL/cdF7ezMJ">SNOBOL</a>4, <a href="/facts/Forth_(programming_language)/mYtWVNhF">Win32Forth</a>, <a href="/facts/PureBasic/kqqHK16W">PureBasicv</a>4.x, and <a href="/facts/REBOL/9ooWy78f">REBOL</a>: </p> <p>Highlighted for SNOBOL </p> *BUFFER : A.A ; .( Hello, world !) @ To Including? Macro SkipThis; OUTPUT = Char(10) "Hello, World !" ;OneKeyInput Input('Char', 1, '[-f2-q1]') ; Char End; SNOBOL4 + PureBASIC + Win32Forth + REBOL = <3 EndMacro: OpenConsole() : PrintN("Hello, world !") Repeat : Until Inkey() : Macro SomeDummyMacroHere REBOL [ Title: "'Hello, World !' in 4 languages" CopyLeft: "Developed in 2010 by Society" ] Print "Hello, world !" EndMacro: func [][] set-modes system/ports/input [binary: true] Input set-modes system/ports/input [binary: false] NOP:: EndMacro ; Wishing to refine it with new language ? Go on ! <p>Highlighted for Forth </p> *BUFFER : A.A ; .( Hello, world !) @ To Including? Macro SkipThis; OUTPUT = Char(10) "Hello, World !" ;OneKeyInput Input('Char', 1, '[-f2-q1]') ; Char End; SNOBOL4 + PureBASIC + Win32Forth + REBOL = <3 EndMacro: OpenConsole() : PrintN("Hello, world !") Repeat : Until Inkey() : Macro SomeDummyMacroHere REBOL [ Title: "'Hello, World !' in 4 languages" CopyLeft: "Developed in 2010 by Society" ] Print "Hello, world !" EndMacro: func [][] set-modes system/ports/input [binary: true] Input set-modes system/ports/input [binary: false] NOP:: EndMacro ; Wishing to refine it with new language ? Go on ! <p>Highlighted for BASIC </p> *BUFFER : A.A ; .( Hello, world !) @ To Including? Macro SkipThis; OUTPUT = Char(10) "Hello, World !" ;OneKeyInput Input('Char', 1, '[-f2-q1]') ; Char End; SNOBOL4 + PureBASIC + Win32Forth + REBOL = <3 EndMacro: OpenConsole() : PrintN("Hello, world !") Repeat : Until Inkey() : Macro SomeDummyMacroHere REBOL [ Title: "'Hello, World !' in 4 languages" CopyLeft: "Developed in 2010 by Society" ] Print "Hello, world !" EndMacro: func [][] set-modes system/ports/input [binary: true] Input set-modes system/ports/input [binary: false] NOP:: EndMacro ; Wishing to refine it with new language ? Go on ! <p>Highlighted for REBOL </p> *BUFFER : A.A ; .( Hello, world !) @ To Including? Macro SkipThis; OUTPUT = Char(10) "Hello, World !" ;OneKeyInput Input('Char', 1, '[-f2-q1]') ; Char End; SNOBOL4 + PureBASIC + Win32Forth + REBOL = <3 EndMacro: OpenConsole() : PrintN("Hello, world !") Repeat : Until Inkey() : Macro SomeDummyMacroHere REBOL [ Title: "'Hello, World !' in 4 languages" CopyLeft: "Developed in 2010 by Society" ] Print "Hello, world !" EndMacro: func [][] set-modes system/ports/input [binary: true] Input set-modes system/ports/input [binary: false] NOP:: EndMacro ; Wishing to refine it with new language ? Go on ! <h3>DOS batch file and Perl</h3> <p>The following file runs as a <a href="/facts/DOS/sWwDXNmX">DOS</a> batch file, then re-runs itself in <a href="/facts/Perl/fx31kjlT">Perl</a>: </p> <p>Highlighted for DOS batch </p> @rem = ' --PERL-- @echo off perl "%~dpnx0" %* goto endofperl @rem '; #!perl print "Hello, world!\n"; __END__ :endofperl <p>Highlighted for Perl </p> @rem = ' --PERL-- @echo off perl "%~dpnx0" %* goto endofperl @rem '; #!perl print "Hello, world!\n"; __END__ :endofperl <p>This allows creating Perl scripts that can be run on DOS systems with minimal effort. Note that there is no requirement for a file to perform exactly the same function in the different interpreters. </p> <h2 id="types">Types</h2> <p>Polyglot types include:<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> </p> <ul><li><i>stacks</i>, where multiple files are concatenated with each other</li> <li><i>parasites</i> where a secondary file format is hidden within comment fields in a primary file format</li> <li><i>zippers</i> where two files are mutually arranged within each others' comments</li> <li><i>cavities</i>, where a secondary file format is hidden within null-padded areas of the primary file.</li></ul> <h2 id="benefits">Benefits</h2> <h3>Polyglot markup</h3> <p>Polyglot markup has been proposed as a useful combination of the benefits of <a href="/facts/HTML5/HBAxEAr6">HTML5</a> and <a href="/facts/XHTML/6qHnmJSg">XHTML</a>.<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> Such documents can be parsed as either HTML (which is <a href="/facts/SGML/euIKXwHV">SGML</a>-compatible) or <a href="/facts/XML/clNgUfWk">XML</a>, and will produce the same <a href="/facts/Document_Object_Model/GglE6jGx">DOM</a> structure either way. For example, in order for an <a href="/facts/HTML5/HBAxEAr6">HTML5</a> document to meet these criteria, the two requirements are that it must have an HTML5 <a href="/facts/Document_Type_Declaration/C24PSxEX">doctype</a>, and be written in well-formed XHTML. The same document can then be served as either HTML or XHTML, depending on browser support and MIME type. </p><p>As expressed by the <i>html-polyglot recommendation</i>,<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> to write a polyglot HTML5 document, the following key points should be observed: </p> <ol><li>Processing instructions and the XML declaration are both forbidden in polyglot markup</li> <li>Specifying a document’s character encoding</li> <li>The DOCTYPE</li> <li>Namespaces</li> <li>Element syntax (i.e. End tags are not optional. Use self-closing tags for void elements.)</li> <li>Element content</li> <li>Text (i.e. pre and textarea should not start with newline character)</li> <li>Attributes (i.e. Values must be quoted)</li> <li>Named entity references (i.e. Only amp, lt, gt, apos, quot)</li> <li>Comments (i.e. Use <!-- syntax -->)</li> <li>Scripting and styling polyglot markup</li></ol> <p>The most basic possible polyglot markup document would therefore look like this:<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> </p> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang=""> <head> <title>The title element must not be empty.</title> </head> <body> </body> </html> <p>In a polyglot markup document non-void elements (such as script, p, div) cannot be self-closing even if they are empty, as this is not valid HTML.<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a> For example, to add an empty textarea to a page, one cannot use <textarea/>, but has to use <textarea></textarea> instead. </p> <h3>Composing formats</h3> <p>The <a href="/facts/DICOM/BsEVLh79">DICOM</a> medical imaging format was designed to allow polyglotting with <a href="/facts/TIFF/TjBJcLeT">TIFF</a> files, allowing efficient storage of the same image data in a file that can be interpreted by either DICOM or TIFF viewers.<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a> </p> <h3>Compatibility</h3> <p>The <a href="/facts/History_of_Python/BJsrzTle">Python 2</a> and <a href="/facts/History_of_Python/BJsrzTle">Python 3</a> programming languages were not designed to be compatible with each other, but there is sufficient commonality of syntax that a polyglot Python program can be written than runs in both versions.<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a> </p> <h2 id="security-implications">Security implications</h2> <p>A polyglot of two formats may <a href="/facts/Steganography/RGLdKYcE">steganographically</a> compose a malicious payload within an ostensibly benign and widely accepted wrapper format, such as a JPEG file that allows arbitrary data in its comment field. A vulnerable JPEG renderer could then be coerced into executing the payload, handing control to the attacker. The mismatch between what the interpreting program expects, and what the file actually contains, is the root cause of the vulnerability.<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a> </p><p><a href="/facts/SQL_Injection/QD0cwbk5">SQL Injection</a> is a trivial form of polyglot, where a server naively expects user-controlled input to conform to a certain constraint, but the user supplies syntax which is interpreted as SQL code. </p><p>Note that in a security context, there is no requirement for a polyglot file to be strictly valid in multiple formats; it is sufficient for the file to trigger unintended behaviour when being interpreted by its primary interpreter. </p><p>Highly flexible or extensible file formats have greater scope for polyglotting, and therefore more tightly constrained interpretation offers some mitigation against attacks using polyglot techniques. For example, the PDF file format requires that the <a href="/facts/Magic_number_(programming)/Xg7mVI7V">magic number</a> %PDF appears at byte offset zero, but many PDF interpreters waive this constraint and accept the file as valid PDF as long as the string appears within the first 1024 bytes. This creates a window of opportunity for polyglot PDF files to smuggle non-PDF content in the header of the file.<a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a> The PDF format has been described as "diverse and vague", and due to significantly varying behaviour between different PDF parsing engines, it is possible to create a PDF-PDF polyglot that renders as two entirely different documents in two different PDF readers.<a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> </p><p>Detecting malware concealed within polyglot files requires more sophisticated analysis than relying on file-type identification utilities such as <a href="/facts/File_(command)/P5Nvve4C">file</a>. In 2019, an evaluation of commercial anti-malware software determined that several such packages were unable to detect any of the polyglot malware under test.<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a><a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a> </p><p>In 2019, the DICOM medical imaging file format was found to be vulnerable to malware injection using a <a href="/facts/Portable_Executable/pJy7AkuY">PE</a>-DICOM polyglot technique.<a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a> The polyglot nature of the attack, combined with regulatory considerations, led to disinfection complications: because "the malware is essentially fused to legitimate imaging files", "incident response teams and A/V software cannot delete the malware file as it contains protected patient health information".<a class="footnote-ref" id="fnref:24" href="#fn:24"><sup>24</sup></a> </p> <h3>GIFAR attack</h3> <p>A Graphics Interchange Format Java Archives (GIFAR) is a polyglot file that is simultaneously in the <a href="/facts/GIF/HfIBWrIC">GIF</a> and <a href="/facts/JAR_(file_format)/LcIBCWXT">JAR</a> file format.<a class="footnote-ref" id="fnref:25" href="#fn:25"><sup>25</sup></a> This technique can be used to exploit security vulnerabilities, for example through uploading a GIFAR to a website that allows image uploading (as it is a valid GIF file), and then causing the Java portion of the GIFAR to be executed as though it were part of the website's intended code, being delivered to the browser from the <a href="/facts/Same-origin_policy/GmJMRbzf">same origin</a>.<a class="footnote-ref" id="fnref:26" href="#fn:26"><sup>26</sup></a> Java was patched in JRE 6 Update 11, with a CVE published in December 2008.<a class="footnote-ref" id="fnref:27" href="#fn:27"><sup>27</sup></a><a class="footnote-ref" id="fnref:28" href="#fn:28"><sup>28</sup></a> </p><p>GIFARs are possible because GIF images store their header in the beginning of the file, and JAR files (as with any ZIP archive-based format) store their data at the end.<a class="footnote-ref" id="fnref:29" href="#fn:29"><sup>29</sup></a> </p> <h2 id="related-terminology">Related terminology</h2> Look up <i>polyglot</i> in Wiktionary, the free dictionary. <ul><li>Polyglot programming, referring to the practise of building systems using multiple programming languages, but not necessarily in the same file.<a class="footnote-ref" id="fnref:30" href="#fn:30"><sup>30</sup></a><a class="footnote-ref" id="fnref:31" href="#fn:31"><sup>31</sup></a></li> <li><a href="/facts/Polyglot_persistence/5mA4byup">Polyglot persistence</a> is similar, but about <a href="/facts/Database/VYcpkevb">databases</a>.</li></ul> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Quine_(computing)/noybHw3h">Quine (computing)</a></li></ul> <h2 id="external-links">External links</h2> Wikibooks has a book on the topic of: <i>Polyglot markup, how to</i> <ul><li><a href="https://www.htmlvalidator.com/">CSE HTML Validator for Windows with polyglot markup support</a> <a href="https://web.archive.org/web/20220918175914/https://www.htmlvalidator.com/">Archived</a> 18 September 2022 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li> <li><a href="http://www.xmlplease.com/xhtml/xhtml5polyglot/">Benefits of polyglot XHTML5</a> <a href="https://web.archive.org/web/20111012190748/http://xmlplease.com/xhtml/xhtml5polyglot/">Archived</a> 12 October 2011 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li> <li><a href="https://codegolf.stackexchange.com/a/266144">A polyglot in 451 different languages</a></li> <li><a href="https://raw.github.com/mauke/poly.poly/master/poly.poly">A polyglot in 16 different languages</a> <a href="https://web.archive.org/web/20130514081956/https://raw.github.com/mauke/poly.poly/master/poly.poly">Archived</a> 14 May 2013 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li> <li><a href="http://ideology.com.au/polyglot/">A polyglot in 8 different languages</a> <a href="https://web.archive.org/web/20030803045539/http://ideology.com.au/polyglot/">Archived</a> 3 August 2003 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a> (written in <a href="/facts/COBOL/wVnhqs0k">COBOL</a>, <a href="/facts/Pascal_(programming_language)/b3yvp8bF">Pascal</a>, <a href="/facts/Fortran/m1KqjcMU">Fortran</a>, <a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/PostScript/h2XwbcmC">PostScript</a>, <a href="/facts/Unix_shell/2G4T2Fb9">Unix shell</a>, <a href="/facts/Intel_x86/Kypq5fgu">Intel x86</a> <a href="/facts/Machine_language/bgdQ1Fxf">machine language</a> and <a href="/facts/Perl/fx31kjlT">Perl</a> 5)</li> <li><a href="http://people.ksp.sk/~misof/programy/polyglot7.html">A polyglot in 7 different languages</a> <a href="https://web.archive.org/web/20120426052312/http://people.ksp.sk/~misof/programy/polyglot7.html">Archived</a> 26 April 2012 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a> (written in <a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Pascal_(programming_language)/b3yvp8bF">Pascal</a>, <a href="/facts/PostScript/h2XwbcmC">PostScript</a>, <a href="/facts/TeX/HDrl3Yvd">TeX</a>, <a href="/facts/Bash_(Unix_shell)/RrYLtEJT">Bash</a>, <a href="/facts/Perl/fx31kjlT">Perl</a> and <a href="/facts/Befunge/zRtCXF0f"> Befunge98</a>)</li> <li><a href="http://www.retas.de/thomas/computer/programs/useless/misc/polyglot/index.html">A polyglot in 6 different languages</a> <a href="https://web.archive.org/web/20081102050008/http://www.retas.de/thomas/computer/programs/useless/misc/polyglot/index.html">Archived</a> 2 November 2008 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a> (written in <a href="/facts/Perl/fx31kjlT">Perl</a>, <a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Unix_shell/2G4T2Fb9">Unix shell</a>, <a href="/facts/Brainfuck/tgomHQ3q">Brainfuck</a>, <a href="/facts/Whitespace_(programming_language)/RNpnfyvQ">Whitespace</a> and <a href="/facts/Befunge/zRtCXF0f">Befunge</a>)</li> <li><a href="http://www.nyx.net/~gthompso/poly/polyglot.htm">List of generic polyglots</a> <a href="https://web.archive.org/web/20030813004538/http://www.nyx.net/~gthompso/poly/polyglot.htm">Archived</a> 13 August 2003 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li> <li><a href="https://www.lab6.com/1">A PDF-MP3 polyglot, being a PDF document which is also an MP3 audio version of its content</a> <a href="https://web.archive.org/web/20220630232936/https://lab6.com/1">Archived</a> 30 June 2022 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li> <li><a href="https://www.alchemistowl.org/pocorgtfo/">PoC||GTFO, a security publication published as polyglot PDF documents</a> <a href="https://web.archive.org/web/20180624003851/https://www.alchemistowl.org/pocorgtfo/">Archived</a> 24 June 2018 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Jonas Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013). "Polyglots". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 753–764. doi:10.1145/2508859.2516685. ISBN 9781450324779. S2CID 16516484. Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="9781450324779" target="_blank">9781450324779</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Bridges, Robert A.; Oesch, Sean; Verma, Miki E.; Iannacone, Michael D.; Huffer, Kelly M. T.; Jewell, Brian; Nichols, Jeff A.; Weber, Brian; Beaver, Justin M.; Smith, Jared M.; Scofield, Daniel; Miles, Craig; Plummer, Thomas; Daniell, Mark; Tall, Anne M. (2023). "Beyond the Hype: An Evaluation of Commercially Available Machine-Learning-Based Malware Detectors". Digital Threats: Research and Practice. 4 (2): 1–22. arXiv:2012.09214. doi:10.1145/3567432. S2CID 247218744. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Benefits of polyglot XHTML5". Archived from the original on 12 October 2011. Retrieved 4 September 2022. <a href="https://web.archive.org/web/20111012190748/http://xmlplease.com/xhtml/xhtml5polyglot/" target="_blank">https://web.archive.org/web/20111012190748/http://xmlplease.com/xhtml/xhtml5polyglot/</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"Polyglot: A program in eight languages". Archived from the original on 6 September 2022. Retrieved 6 September 2022. <a href="https://ideology.com.au/polyglot/" target="_blank">https://ideology.com.au/polyglot/</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"15th International Obfuscated C Code Contest (2000)". Archived from the original on 6 September 2022. Retrieved 6 September 2022. <a href="https://www.ioccc.org/years.html#2000_tomx" target="_blank">https://www.ioccc.org/years.html#2000_tomx</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Koch, Luke; Oesch, Sean; Chaulagain, Amul; Dixon, Jared; Dixon, Matthew; Huettal, Mike; Sadovnik, Amir; Watson, Cory; Weber, Brian; Hartman, Jacob; Patulski, Richard (2024). "On the Abuse and Detection of Polyglot Files". arXiv:2407.01529 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"Benefits of polyglot XHTML5". Archived from the original on 12 October 2011. Retrieved 4 September 2022. <a href="https://web.archive.org/web/20111012190748/http://xmlplease.com/xhtml/xhtml5polyglot/" target="_blank">https://web.archive.org/web/20111012190748/http://xmlplease.com/xhtml/xhtml5polyglot/</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Jonas Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013). "Polyglots". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 753–764. doi:10.1145/2508859.2516685. ISBN 9781450324779. S2CID 16516484. Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="9781450324779" target="_blank">9781450324779</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>"Polyglot Markup: A robust profile of the HTML5 vocabulary". Archived from the original on 9 August 2022. Retrieved 4 September 2022. <a href="https://www.w3.org/TR/html-polyglot/" target="_blank">https://www.w3.org/TR/html-polyglot/</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>"Polyglot Markup: A robust profile of the HTML5 vocabulary". Archived from the original on 9 August 2022. Retrieved 4 September 2022. <a href="https://www.w3.org/TR/html-polyglot/" target="_blank">https://www.w3.org/TR/html-polyglot/</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>"Polyglot Markup: A robust profile of the HTML5 vocabulary". Archived from the original on 9 August 2022. Retrieved 4 September 2022. <a href="https://www.w3.org/TR/html-polyglot/" target="_blank">https://www.w3.org/TR/html-polyglot/</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>Polyglot Markup: HTML-Compatible XHTML Documents: 6.4 Void Elements Archived 2 October 2012 at the Wayback Machine. W3C Editor's Draft 9 July 2012. <a href="http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html#empty-elements" target="_blank">http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html#empty-elements</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"DICOM-TIFF dual personality files". Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="https://learn.canceridc.dev/dicom/dicom-tiff-dual-personality-files" target="_blank">https://learn.canceridc.dev/dicom/dicom-tiff-dual-personality-files</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>Schofield, Ed. "Cheat Sheet: Writing Python 2-3 compatible code". Archived from the original on 6 September 2022. Retrieved 6 September 2022. <a href="https://python-future.org/compatible_idioms.html" target="_blank">https://python-future.org/compatible_idioms.html</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>Jonas Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013). "Polyglots". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 753–764. doi:10.1145/2508859.2516685. ISBN 9781450324779. S2CID 16516484. Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="9781450324779" target="_blank">9781450324779</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>Wolf, Julia (9 February 2011). "OMG WTF PDF". 27th Chaos Communication Congress. Archived from the original on 9 October 2022. Retrieved 6 September 2022. <a href="https://fahrplan.events.ccc.de/congress/2010/Fahrplan/events/4221.en.html" target="_blank">https://fahrplan.events.ccc.de/congress/2010/Fahrplan/events/4221.en.html</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR]. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>Bridges, Robert A.; Oesch, Sean; Verma, Miki E.; Iannacone, Michael D.; Huffer, Kelly M. T.; Jewell, Brian; Nichols, Jeff A.; Weber, Brian; Beaver, Justin M.; Smith, Jared M.; Scofield, Daniel; Miles, Craig; Plummer, Thomas; Daniell, Mark; Tall, Anne M. (2023). "Beyond the Hype: An Evaluation of Commercially Available Machine-Learning-Based Malware Detectors". Digital Threats: Research and Practice. 4 (2): 1–22. arXiv:2012.09214. doi:10.1145/3567432. S2CID 247218744. <a href="/wiki/ArXiv_(identifier)" target="_blank">/wiki/ArXiv_(identifier)</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>Desjardins, Benoit; Mirsky, Yisroel; Ortiz, Markel Picado; Glozman, Zeev; Tarbox, Lawrence; Horn, Robert; Horii, Steven C. (April 2020). "DICOM Images Have Been Hacked! Now What?". American Journal of Roentgenology. 214 (4): 727–735. doi:10.2214/AJR.19.21958. PMID 31770023. S2CID 208318324. Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="https://www.ajronline.org/doi/10.2214/AJR.19.21958" target="_blank">https://www.ajronline.org/doi/10.2214/AJR.19.21958</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> <li id="fn:24"><p>"Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images". 17 April 2019. Archived from the original on 5 September 2022. Retrieved 5 September 2022. <a href="https://threatpost.com/hipaa-protected-malware-medical-images/143890/" target="_blank">https://threatpost.com/hipaa-protected-malware-medical-images/143890/</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></p></li> <li id="fn:25"><p>Byrd, Christopher. "How to Create a GIFAR". Archived from the original on 6 March 2023. Retrieved 6 March 2023. <a href="https://www.riosec.com/articles/how-to-create-a-gifar" target="_blank">https://www.riosec.com/articles/how-to-create-a-gifar</a> <a href="#fnref:25" class="footnote-back-ref">↩</a></p></li> <li id="fn:26"><p>Eckel, Benjamin (5 August 2008). "The GIFAR Image Vulnerability". Hackaday. Archived from the original on 6 March 2023. Retrieved 6 March 2023. <a href="http://hackaday.com/2008/08/04/the-gifar-image-vulnerability" target="_blank">http://hackaday.com/2008/08/04/the-gifar-image-vulnerability</a> <a href="#fnref:26" class="footnote-back-ref">↩</a></p></li> <li id="fn:27"><p>"CVE-2008-5343". cve.mitre.org. 4 December 2008. Archived from the original on 20 April 2021. Retrieved 20 April 2021. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343</a> <a href="#fnref:27" class="footnote-back-ref">↩</a></p></li> <li id="fn:28"><p>McMillan, Robert (1 August 2008). "A photo that can steal your online credentials". Infoworld.com. Archived from the original on 18 September 2020. <a href="https://web.archive.org/web/20200918084425/https://www.infoworld.com/article/2653025/a-photo-that-can-steal-your-online-credentials.html" target="_blank">https://web.archive.org/web/20200918084425/https://www.infoworld.com/article/2653025/a-photo-that-can-steal-your-online-credentials.html</a> <a href="#fnref:28" class="footnote-back-ref">↩</a></p></li> <li id="fn:29"><p>Rios, Billy (17 December 2008). "Billy (BK) Rios » SUN Fixes GIFARs". Archived from the original on 14 March 2016. Retrieved 20 April 2021. <a href="https://web.archive.org/web/20160314083259/http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/" target="_blank">https://web.archive.org/web/20160314083259/http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/</a> <a href="#fnref:29" class="footnote-back-ref">↩</a></p></li> <li id="fn:30"><p>Fjeldberg, Hans (2008). Polyglot Programming - A Business Perspective (PDF) (M.Sc). Norwegian University of Science and Technology. Archived (PDF) from the original on 4 March 2016. Retrieved 28 May 2015. <a href="http://theuntitledblog.com/wp-content/uploads/2008/08/polyglot_programming-a_business_perspective.pdf" target="_blank">http://theuntitledblog.com/wp-content/uploads/2008/08/polyglot_programming-a_business_perspective.pdf</a> <a href="#fnref:30" class="footnote-back-ref">↩</a></p></li> <li id="fn:31"><p>Gupta, Tripta (19 December 2018). "Analyzing Polyglot Microservices". Medium. Archived from the original on 5 August 2019. Retrieved 5 August 2019. <a href="https://medium.com/capital-one-tech/analyzing-polyglot-microservices-f6f159a1a3e7" target="_blank">https://medium.com/capital-one-tech/analyzing-polyglot-microservices-f6f159a1a3e7</a> <a href="#fnref:31" class="footnote-back-ref">↩</a></p></li> </ol>