Deutsch English Français Italiano |
<uvjg0j$biae$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: candycanearter07 <candycanearter07@candycanearter07.nomail.afraid> Newsgroups: comp.os.linux.advocacy Subject: Re: Think You're A Programmer? Think Again. Date: Mon, 15 Apr 2024 15:10:11 -0000 (UTC) Organization: the-candyden-of-code Lines: 46 Message-ID: <uvjg0j$biae$1@dont-email.me> References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com> Injection-Date: Mon, 15 Apr 2024 17:10:11 +0200 (CEST) Injection-Info: dont-email.me; posting-host="530423eb34796840436199cb4ae9fd46"; logging-data="379214"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX192XVo2siELy/7UGc18c+CgnVCczuIc8In0JgqtMqxQ+g==" User-Agent: slrn/pre1.0.4-9 (Linux) Cancel-Lock: sha1:maxWioiktwi3e5M5xwtXa03wLmU= X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]% b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx `~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D Bytes: 2579 Farley Flud <ff@linux.rocks> wrote at 15:21 this Saturday (GMT): > Any TRUE programmer can also program in reverse, i.e. de-program. > > Let's see if you can assist the global effort in documenting the > xz-backdoor. > > GNU/Linux has the absolute best tool for the job: Ghidra. > > https://ghidra-sre.org/ > > I have posted an image of the xv-backdoor loaded into ghidra > and analyzed: > > https://i.postimg.cc/NsrmMvDv/xz-backdoor.png > > The left panel shows the dissassembled code and the right shows > the corresponding de-compile. > > Notice the match: > > xor edi, edi > mov esi, 0x12 > mov edx, 0x46 > mov ecx, 0x02 > CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2); > > TEST EAX, EAX > JZ LAB_00100606 <==> if (iVar4 == 0) { > > Ghidra is fucking fantastic! > > Unfortunately, I will not be attempting to document the backdoor. > To do so would entail first learning thoroughly the functions of > sshd and I am not at all interested in network programming. > > Yes, sshd. Did you think that the xz-backoor was about compression/ > decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha! > > Think again. I'm not a security expert, nor do I claim to be. The only time I've touched ghidra was to mod a GBA game, but I never deleted it from my desktop. -- user <candycane> is generated from /dev/urandom