Yes, thats part of the idea. Those tools have been built with a compiler that might be tainted. It's not a practical attack, but theoretically it's very hard to defend against. Hexdumps, editors etc are all made with compilers, or made with tools that have been made with compilers.

How do you dump it? With a program?

Analysed by a human, how? By reading the hard drive platter with a looking glass? 😄 Any software you use can never have interacted with any other software, otherwise it itself might be contaminated.

Your text editor can not show the malicious bits, and of course the compiler you use to compile TCC in the first place can insert the malicious code itself.

The idea in the paper is that every tool you're using to inspect TCC source might've been compiled through a compromised compiler, which can hide the malicious parts of the TCC source. For example `ls`, `cat`, `hexdump`, `objdump` etc might have been built with a compromised compiler.

Do you like yours with jam or almond?