The HLASM code with the WTO messages was test code. The sploit is all in the C code. It’s recursive and takes a while to grok. Very clever.
> On 31 Jan 2022, at 22:56, Tom Brennan <t...@tombrennansoftware.com> wrote: > > On 1/30/2022 11:11 PM, David Crayford wrote: > >> See my other post for details and links to the exploit source code which >> sets the ACEE bits. > > Thanks, I did see your post and then mentioned the source code below which I > believe is what you are talking about. That's when talk of SVC 242 came up > (and how it got there), and Itschak replied, "No user SVC was involved, not > needed." so I left that out of my hacking procedure. Not that I'm trying to > create a "how-to" document :) but unless we know what happened it's a little > difficult to defend. > > https://github.com/mainframed/logica/blob/master/Tfy.source.backdoor > > My feeling is the ASM program was never used for a few reasons: > #1 The web site indicates they probably ran it on Hercules for testing. > #2 The program contains some joke WTO's that any hacker would have removed > before running in production. > #3 It would need the magic SVC already in place and as you mentioned, those > should all be long gone by now. > > Ok, I've probably asked enough about this, so I'll stop now. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
