Sujet : Re: Think You're A Programmer? Think Again.
De : candycanearter07 (at) *nospam* candycanearter07.nomail.afraid (candycanearter07)
Groupes : comp.os.linux.advocacyDate : 15. Apr 2024, 17:10:11
Autres entêtes
Organisation : the-candyden-of-code
Message-ID : <uvjg0j$biae$1@dont-email.me>
References : 1
User-Agent : slrn/pre1.0.4-9 (Linux)
Farley Flud <
ff@linux.rocks> wrote at 15:21 this Saturday (GMT):
Any TRUE programmer can also program in reverse, i.e. de-program.
>
Let's see if you can assist the global effort in documenting the
xz-backdoor.
>
GNU/Linux has the absolute best tool for the job: Ghidra.
>
https://ghidra-sre.org/
>
I have posted an image of the xv-backdoor loaded into ghidra
and analyzed:
>
https://i.postimg.cc/NsrmMvDv/xz-backdoor.png
>
The left panel shows the dissassembled code and the right shows
the corresponding de-compile.
>
Notice the match:
>
xor edi, edi
mov esi, 0x12
mov edx, 0x46
mov ecx, 0x02
CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);
>
TEST EAX, EAX
JZ LAB_00100606 <==> if (iVar4 == 0) {
>
Ghidra is fucking fantastic!
>
Unfortunately, I will not be attempting to document the backdoor.
To do so would entail first learning thoroughly the functions of
sshd and I am not at all interested in network programming.
>
Yes, sshd. Did you think that the xz-backoor was about compression/
decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!
>
Think again.
I'm not a security expert, nor do I claim to be. The only time I've
touched ghidra was to mod a GBA game, but I never deleted it from my
desktop.
-- user <candycane> is generated from /dev/urandom