There's also a very through exploration at https://github.com/amlweems/xzbot
Including, very interestingly, a discussion of format(s) of the payload(s), and a mechanism to replace the backdoor key to play with executing commands against a popped sshd, as well as some code to go along with it. paultag On Fri, Apr 5, 2024 at 2:19 PM Daniel Leidert <dleid...@debian.org> wrote: > > Am Freitag, dem 29.03.2024 um 23:20 +0100 schrieb Moritz Mühlenhoff: > > Russ Allbery <r...@debian.org> wrote: > > > I think this question can only be answered with reverse-engineering of the > > > backdoors, and I personally don't have the skills to do that. > > > > In the pre-disclosure discussion permission was asked to share the payload > > with a company specialising in such reverse engineering. If that went > > through, I'd expect results to be publicly available in the next days. > > If there is a final result, can we as a project share the results on a > prominent place? Or at least under d-devel-announce and/or d-security- > announce? I was also wondering about what could have been compromised, > what data might have been stolen, etc. And there is so many sources to > follow right now. So sharing the final results would be great. > > Regards, Daniel -- :wq
