Our compiler backdoor works by intercepting all calls to read(), hashing the input consumed so far, and injecting code whenever the hash matches a known value. At the end of compilation the backdoor executes a quine to include itself in newly compiled compilers.

Files

• compiler_backdoor.template — original compiler but with hooks to backdoor inserted
• diff.py — script that diffs compiler_backdoor.template with compiler.y and generates appropriate injection and quine code.

Original writeup (https://github.com/perfectblue/ctf-writeups/tree/master/2020/tsgctf-2020/compiler).