Article <uvjg0j$biae$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <uvjg0j$biae$1@dont-email.me>

Deutsch English Français Italiano

<uvjg0j$biae$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: candycanearter07 <candycanearter07@candycanearter07.nomail.afraid>
Newsgroups: comp.os.linux.advocacy
Subject: Re: Think You're A Programmer?  Think Again.
Date: Mon, 15 Apr 2024 15:10:11 -0000 (UTC)
Organization: the-candyden-of-code
Lines: 46
Message-ID: <uvjg0j$biae$1@dont-email.me>
References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
Injection-Date: Mon, 15 Apr 2024 17:10:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="530423eb34796840436199cb4ae9fd46";
	logging-data="379214"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX192XVo2siELy/7UGc18c+CgnVCczuIc8In0JgqtMqxQ+g=="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:maxWioiktwi3e5M5xwtXa03wLmU=
X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]%
 b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx
 `~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e
 ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D
Bytes: 2579

Farley Flud <ff@linux.rocks> wrote at 15:21 this Saturday (GMT):
> Any TRUE programmer can also program in reverse, i.e. de-program.
>
> Let's see if you can assist the global effort in documenting the
> xz-backdoor.
>
> GNU/Linux has the absolute best tool for the job: Ghidra.
>
> https://ghidra-sre.org/
>
> I have posted an image of the xv-backdoor loaded into ghidra
> and analyzed:
>
> https://i.postimg.cc/NsrmMvDv/xz-backdoor.png
>
> The left panel shows the dissassembled code and the right shows
> the corresponding de-compile.
>
> Notice the match:
>
> xor edi, edi
> mov esi, 0x12
> mov edx, 0x46
> mov ecx, 0x02
> CALL .Llzma_decoder_end.1  <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);
>
> TEST EAX, EAX
> JZ LAB_00100606  <==> if (iVar4 == 0) {
>
> Ghidra is fucking fantastic!
>
> Unfortunately, I will not be attempting to document the backdoor.
> To do so would entail first learning thoroughly the functions of
> sshd and I am not at all interested in network programming.
>
> Yes, sshd.  Did you think that the xz-backoor was about compression/
> decompression?  Ha, ha, ha, ha, ha, ha, ha, ha, ha!
>
> Think again.


I'm not a security expert, nor do I claim to be. The only time I've
touched ghidra was to mod a GBA game, but I never deleted it from my
desktop.
-- 
user <candycane> is generated from /dev/urandom