The purpose of this repo is to simplify the dynamic analysis of the liblzma backdoor. It imitates the environment that the backdoor is expecting during compilation and linking. The backdoor successfully executes (GOT entry for _cpuid gets overwritten and stage 1 runs). However, ssh-specific stubs are missing, meaning that the backdoor will fail to hook SSH functions.
- Download the backdoor file and extract it. It can be found here (
$ wget https://www.openwall.com/lists/oss-security/2024/03/29/4/2 -O backdoor.gz && gzip -d backdoor.o.gz
) - Build it with the build.sh file. (
$ bash build.sh
) - Analyze run the resulting file in a debugger. (
$ gdb backdoored_file
)
I have not verified that this works. I don't recommend running this on your machine (although it is believed that the backdoor only targets openssh). I provide no guarantees or warranty. I am not responsible if this breaks something!