This Should Not Be Possible
10 months ago
- #AI
- #LLM
- #eBPF
- The author is cynical about AI but keeps an open mind, discovering things that 'should not be possible'.
- During a late-night pub conversation, they explored combining LLMs with eBPF and strace for DFIR tools.
- They tested if an LLM could convert an eBPF trace into a functional Rust application, starting with a toy example (strace ls).
- After modifying the strace file to remove hints, the LLM successfully reimplemented the program, shocking the author.
- The author suggests this capability could solve problems like proprietary firmware blobs in the Linux kernel.
- A cautionary note is included: 'use this knowledge wisely and with care.'