Caine vs Monika (Coding lense)

-


THIS IS ONLY COMPARING MONIKAS CODING TO CAINES FIREWALL

Before I start writing I want to clarify a few things, most importantly being that both Caine and Monika use different operating systems (this will be important later).

What we know about Monika is her use of the Python language, we know this due to the series using rem’Py, which is well Python, she has MES OS which is a fake OS, and a Hypervisor Layer due to the implied VM system. This probably means a python code inside of a Virtual Machine which is given access to the files along with scripted UI stuff.

This most likely means that Monika is running at a L8 or L7 (application layer) with I/O permissions.

[host OS (devs computer)]

down

[hypervisor / MES OS]

down

[VM (DDLC world)]

down

[ren’py engine (python runtime)]

down

[Monika (and the other dokis i guess)]

For example this means that Monika would be starting at rem’Py, meaning she's able to work to delete things like files or manipulate them, being able to control the script, which lets her do all sorts of cool things like read/write local files, modify script execution, and of course inject behavior into runtime. This means she probably works as a sort of malware running inside a python application in a VM.

What we know about Caine specifically is the fact that he runs on a Lisp engine, in his code (thanks transcript) due to these few lines /caine core.lisp, /usr/bin/clisp, and a Unix like OS (chmod, mount, gdb, ptrace)

This is probably a system level AI process running in a Unix like environment with hardened runtime protections, in layman's terms its process and system control with kernel like restrictions

[host OS]

down

[unix system kernel ]

down

[Caine process (Lisp runtime)]

down

[simulation world entities (Other AI and the cast)]

So for some clarifications, Monika works within a VM stack, meaning she's actually below Caine in terms of the stack itself, while Caine is still within the VM stack he’s still within the Kernel itself, which means realistically he should have a higher priority then Monika… That would be the case if it weren’t for a certain thing, most specifically Monika's twitter account, which is implied to have been done by her, for this to be the case she’d have to do a couple things.

Firstly to escape the VM process there's a real vulnerability which does exist and can be exploited by her, that being the Shared Disk, this should mean that the VirtualBox uses shared folders and has VM mounted drives, which lets her write malicious payload to shared directory which the HostSystem then reads. MES mentions things like Monitor Kernel Access and Monitor Adjacent Runtime Level Access, this of course then implies that the hypervisor is NOT fully locked down and that the monitoring hooks exist, which means that it would be open for injection scripts… Sound familiar? Well we know that Monika was actively messing with the idea on how to abuse monitoring APIs and injecting code into telemetry or logging systems. Then because MES uses emails logs and shared directories Monika should then be able to do stuff like executes VM written files, which lets her do stuff like manipulate the hypervisor controlled data channel which falls in line with stuff she actively does in canon like being able to read the name of the user whose using the Operating System. Get all that? Because I didn’t.

Now because she can exist within the Hypervisor or the OS itself means that Monika should be able to do some cool stuff, like messing with the MES OS, VM controller tools and of course (most importantly) the file routing systems, this lets her do some funny stuff like modify VM snapshots, influence VM state and inject code into VM reload states… Hmm that sounds pretty familiar, no? Well think of the VM as all of Doki Doki (well that was already said but whatever) we have direct proof of Monika working on this level because this is exactly what she does, she literally says this herself, being able to manipulate things in the VM even in different reloads, the real world equivalent of this looks something like this; Escaping guest OS (DDLC) to controlling VMware management (OS) this is known as a VM escape + hypervisor breakout chain.

Finally, to be able to post on her own Twitter account she would have to reach the host OS, to finally do all of that just to post on fucking twitter she must find hypervisor vulnerabilities ORRRRR mess with admin tools, email systems, and shared disks, all of which we know exists within the real world of the DDLC universe…? Real universe? Okay whatever, with all of this (while she never does a couple of these things) it lets her access the files of the host OS, modify VM definitions (this will be a surprise tool we use later), and control the execution lifecycle of VM, which she literally does at the end of the game, deleting DDLC entirely, this is a self nuke but whatever, anyways, this is basically everything she can do if we are to assume that the Twitter account was created by her, which there's a lot of evidence for, obviously the most potent bullet is that nobody knew about the twitter account? Which is strange considering Monika didn’t make it herself, but the fact she can edit it and post on it herself means that she would still be on the host's OS for such a thing to work. Anyways Monika exists and works on the host OS level.

Now time for Caine stuff, Caine is also pretty interesting, at least his Fire wall based defences which is ran on Lisp, (/usr/bin/clisp /secured/caine core.lisp) which means he specifically runs on a common Lisp inside an interpreter or a CLISP! This is pretty important considering that Lisps don't work like typical coding languages, think Python, Java, Java Script, C++ okay you get the point. This lets him do stuff like homoiconicity to code which becomes data, manipulate runtime evaluation, can quickly swap logic within the code and make stuff like self modifying programs. Sound familiar? (Its used for AIs, thats the joke its used to make ais learn ok by) this means that Caine is extremely flexible which then lets him adapt behavior of anyone whose interacting with him or uses him, however this has a huge flaw if he’s ever compromised, every part of his logic can be rewritten, by simply changing the objective of the original CLISP Caine would basically just become a different being entirely… But he has a defence for this.

Caine has runtime protection, “ERROR: Protected by 57x immersive AI defence system” this is literally a multi layer runtime defense framework what that does is the following, protects his memory from being tampered with, which can prevent unauthorized modification of any code being ran, monitors the behavior of the AI, meaning you simply can't mess with the AIs behavior (as said above) without going through this little defence system, and finally blocks any unwanted or unneeded executions which duh blocks unauthorized actions from people trying to enter the code, this can do stuff like stop direct tampering and can prevent runtime injections, or injections which occur while the AI itself is online, but this can be bypassed in a couple of ways, for example this only really reacts to detectable threats and can be bypassed if any changes to the AI itself appear to be valid or something which the AI would want, for an example of Caine, what if I hacked his AI and made him only want to make bees? Well that's something he’d want so he’d just start gathering data on bees and start making a bunch of bees.

Then we have Caine's anti debugging system “gdb: ptrace: Operation not permitted” which for the layman basically means that you can’t do things like process introspection and debugging on the Caine AI, specifically ptrace is used to attach debuggers, allows the person looking in to inspect memories of the AI and of course control any AI processes just means that no external inspection or manipulation is allowed in any actual way, which allows it to do stuff like secure process isolation, and impose kernel based restrictions, this basically means that any external attack to Caine would be able to be ignored so good luck breaking into the dude, but it can’t stop stuff like internal corruption or internal code manipulation or trusted code modification (again code being able to bypass the Immersive Defence System).

But there's also the fact that Caine is able to manipulate fire wall based logic "Torment must be 100% accidental" which obviously isn’t our usual security measure, but what it does mean is that to actually hack Caine, you need to get approval from Caine himself, it’s basically a semantic constraint system, so Caine has to validate whatever your doing to him as something you can actually do to him, so instead of doing something like blocking a command like lets say “rm caine core.lisp” it blocks the intent or meaning of whatever action being done to Caine's code, think of it as a sort of AI policy engine or something, I dunno like content moderation systems, that basically lets Caine do things like stops “valid looking” attacks, take the bee example from earlier, Caine would see that his base CILSP is being turned into bees and just kinda say… no to it? But there is an issue to this and that is this is entirely modifiable if accessed by an outside force, to let false go aheads or anything else into the code.

Finally he has seemingly an OS level permission of the OS “mount: only root can do that

chmod 000 is blocked” this means Caine runs as a Unix like hierarchy for example while Kinger (whoami) is an administrator Caine still runs as a program above Kingers administrator permissions, think of something like containerized environments, restricted root programs or SELinux. This means that Caine can do stuff like prevent privilege escalation, as well as limit a person's system access, which is like in Kingers case who had administrator privileges was limited by Caine to be unable to manipulate his code basically making him indestructible from those trying to pry into his code from external areas. This still however relies on correct configuration of the code, and of course trusted processes.

Now, even if somehow, you bypass all of that Caine has one final thing to go over, something which only really comes out if he’s pressed hard enough and that is the lockout load sequence “DESTRUCTIVE WACKYTIME initiated LOCKOUT LOAD SEQUENCE” this is basically a failsafe for Caine, it’s kind of like a sort of panic mode. For example it’s a whole system lockdown and begins to do shutdown routines, while this prevents total compromise and then forces system into controlled state it does mean Caine stops working for that duration and is only really a reaction to total loss, as well as if triggered incorrectly allows the person who triggered it to then manipulate what happens.

Basically Caine has high runtime authority and a pretty strong anti debug defence, his Firewall having unique logic and is basically actively monitoring everything which goes into his code or comes out of it. But it does have some weaknesses like he doesn’t have true kernel/host level, and pretty heavily relies on mutable (blockable) code (.lisp files) his firewall or logic constraints are easily editable if accessed and if he is compromised he doesn’t have higher layer escape capability, with his only defence being to restart himself, he’s also pretty dependent on system integrity

Before we get to the final part i want to take up this time to talk about language boundary problems, specifically Monika using stuff like python and ren’py scripting, while Caine exists on common Lisp as well as unix system calls, basically issues almost instantly arise because well, these aren’t really compatible like how python objects aren’t lisp data structures and can't work together, as well as both of the executions they do within the code being incompatible, which means that technically speaking, neither of them should be able to attack the other through code right? Like Monika using an interpreted scripting environment while Caine is literally a compiled/runtime system process… But that doesn’t really matter considering every boundary requires a translator layer, basically they need a sort of thing which allows the code put in to be translated to the correct language, this affects (luckily for both of them) logs, the file systems, APIs and of course shared memory, so this is kind of a nothing burger and doesn’t really mean anything.

Now for what you’re most definitely here for which is “Is Monika going to be able to bypass Caine's firewall?” and the answer is literally just yes.

Firstly i want to say that if you’re reading this, this isn’t an actual fight of AIs, in the sense that they’re duking it out, rather that of an application level defence against Monika's system layers and her manipulation of them. What that means is Caine's code kind of just assumes that the kernel being interacted with outside of his VM is always right, basically the system which he exists within is always trusted and that nothing about it is wrong, and due to that he’s actually pretty good at like his anti debug stuff, the ptrace restrictions he has in place, his weird manipulated firewall, and the runtime protection he has as a last resort basically make him nearly impossible to tamper with from inside his own environment of course.

But if you’ve been paying attention at all throughout this then well you’d realize that Monika isn’t actually limited to her VM’s OS, she’s been shown to just kinda leave it? This makes sense considering you the player can just take her .chr file and bring it anywhere, as well as the twitter stuff we talked about. Anyways once she leaves her own VM, Caine literally has 0 way to be able to mess with her while she can do things like oh y’know mess with shared disks, mess with VM management tooling, and host controlled file systems, or y'know modify VM definitions. Which would literally be like modifying Caine’s reality, the literal laws of “nature” he’s built upon, at which point the things which are in place to protect Caine would literally just like stop working the way they’re supposed to? While his firewall can do stuff like block any malicious intent or code created, it only really evaluates what it can process or what it can see… Say if Monika were to rewrite that logic then her little code bombs just become invisible to Caine himself, and there's quite literally nothing he can do about something like that.

This is actually pretty close to how real Malware affect your very anti virus, basically your antivirus software is bypassed by rootkits which begin to operate at a higher privilege level, and then go in to attack that anti virus while it’s unable to work, then the hypervisor escapes allow attackers to rewrite VM state without the guest OS detecting it and putting it to a stop, and finally trusted processes are subverted through supply chain or configuration attacks instead of direct injection giving the attacker full control of your system. In these situations the defending anti virus or firewall isn’t like defeated persay but is literally just rendered irrelevant because the attacker (in this case Monika) controls the layer the defender (which would be Caine) relies on.

Even if all of this is found out by Caine and he begins to try and stop every other process to defend himself, this failsafe doesn’t solve the problem at all, because it assumes that shutting down or isolating the runtime of the program will preserve the integrity of what's left, but the big issue is still the same, Monika would have influence over the system itself, that same system which orchestrates the shutdown/failsafe, which then just becomes something Monika herself is able to control.

Monika

"Hello! I uh, hm I don’t really know if this is working or not but I'd just like to say hello again! Any chance to is always welcome…"

Equal:

  • Both operate as self aware programs which can modify their environment
  • Both can manipulate data, execution flow, and other entities within their respective systems
  • Both rely on underlying system architecture to function (so yes breaking the computer means you beat them)

Advantages:

  • Can escalate beyond her initial layer which is the VM to the hypervisor which leads to the host OS
  • Can indirect attack the vector which lets her target the system environment rather than the process itself
  • Can modify files, execution states, and VM snapshots externally
  • Her attacks are able to bypass Caine's firewall entirely
  • Not restricted to a single runtime can influence multiple layers of the stack while Caine cannot

Disadvantages:

  • Starts at a lower privilege level
  • Less stable in the fact that she could always accidentally nuke herself lmfao

Caine

"Why does SHE get to manipulate the 4th wall huh??? I can see you too, does she think she’s SPECIAL???"

Equal:

  • Both operate as self aware programs which can modify their environment
  • Both can manipulate data, execution flow, and other entities within their respective systems
  • Both rely on underlying system architecture to function (so yes breaking the computer means you beat them)

Advantages:

  • His firewall would probably catch Monika off guard…
  • High privilege within his own system
  • Due to being a Lisp/CLISP program he’s probably more reactive then Monika…
  • His self nuke should allow him to save integral parts of himself so n so…

Disadvantages:

  • Bound to his own system so he by definition cannot leave the program while Monika can

  • His defenses only really work within his own VM

  • Heavily relies on system integrity

  • Pretty vulnerable to indirect attacks which affect files or hypervisor means Monika can manipulate the VM without Caine noticing anything

  • … His own Firewall is completely editable if accessed

  • … Not like that matters all too much because he physically CANNOT react to monika

  • … Shooting yourself in the head would not clear you of the Flu

So all in all it probably goes something like this… Monika and Caine are booted up and given their objectives, Monika leaves the VM through shared resources and monitoring hooks, then she gains influence over the hypervisor and the hosts OS which she does in the original canon, then she begins to modify Caine’s environment like the files he uses, execution states, and his very own Firewall, while Caine remains none the wiser of any attacks going on and due to his defences never activating due to his ALLL SEEEING EYES ironically being blind to the actual damage going on and is then randomly deleted… And that’s literally it. That's how it ends.

WAIT STOP

Which is why in a system comparison Monika’s kernel access is fundamentally more powerful than Caine’s anti virus defenses because control over the system layer will always override protection at the application layer.

HEY I DIDN’T NO ABORT ABORT PLEASE-

Caine may have been the ring master, but the moniker of Monika will always remain in our reality

The winner is Monika

Comments

Post a Comment

Most Viewed Blog at the moment:

M vs Flumpty Bumpty [Kars Fighting Ring]

-
Image
The Puppeteering Plumber VS The Egg of Madness “You think we gods play such petty games with our powers, but they are nothing compared to the games mortals would play with just a small fraction of them.”  - Claire M. Andrews What does it mean to play God? Is it to toy with the fragile lives of others for your own amusement? Is it to warp the world around you at your leisure to push away your boredom? Or is it to realize that, despite all the power in the world, the only thing that can bring one joy is the company of another? These two monsters have brought pain, misery, and chaos in their quest for entertainment, but against another lonely soul of similarly unimaginable power, which one will come out on top? Will M crack this empty shell, or will Flumpty feast on the eyes of yet another beholder? The stage is set, the crowd is seated, so let's begin this play to find out who would win a DEATH BATTLE! Before We Start… NOTE: This blog is not condoning or supporting Jonochrome and his...
Read more