Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/smx-smx/xzre

XZ backdoor reverse engineering
https://github.com/smx-smx/xzre

backdoor malware-analysis reverse-engineering sshd xz

Last synced: 4 days ago
JSON representation

XZ backdoor reverse engineering

Host: GitHub
URL: https://github.com/smx-smx/xzre
Owner: smx-smx
License: gpl-3.0
Created: 2024-04-02T21:32:02.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-08-04T17:25:47.000Z (6 months ago)
Last Synced: 2025-01-22T05:12:28.699Z (11 days ago)
Topics: backdoor, malware-analysis, reverse-engineering, sshd, xz
Language: C
Homepage: https://smx-smx.github.io/xzre/
Size: 2.67 MB
Stars: 91
Watchers: 9
Forks: 7
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# xzre
Reverse engineering of the XZ backdoor

The goal of this project is to document the functions, data structures and inner working of the XZ backdoor malware, with the goal of understanding how it works, the tricks used, and serve as a reference for other analyses.

**NOTE**: this repository includes a copy of the original `liblzma_la-crc64-fast.o` found in liblzma 5.6.1

This project builds a binary, `xzre`, that is linked against the malicious object file in order to instrument and call into the malware code, particularly the x64 disassembler.

Although no side effects have been observed, it's recommended to run this code only in a sandbox/virtual machine until the full code has been understood.