On Wed, 31 Dec 1969, Bill Frantz wrote: > I have been asked to audit some source code to see if the programmer > inserted a backdoor. (The code processes input from general users, and has > access to the bits that control the privilege levels of those users, so > backdoors are quite possible.) The question I have is what obscure > techniques should I be on the lookout for. Besides the obvious /* Begin > backdoor code */ of course. :-) The code is in ANSI C.
Look for "exception processing". Anywhere the code looks for a particular value, something like "== 0x3456352e". That usually is a passcode into a backdoor. It only takes one line :-) Patience, persistence, truth, Dr. mike
