Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

The program isn't debugged until the last user is dead.

computers / comp.os.linux.advocacy / Re: Think You're A Programmer? Think Again.

SubjectAuthor
* Think You're A Programmer? Think Again.Farley Flud
+- Re: Think You're A Programmer? Think Again.DFS
+- Re: Think You're A Programmer? Think Again.DFS
+- Re: Think You're A Programmer? Think Again.Chris Ahlstrom
`- Re: Think You're A Programmer? Think Again.candycanearter07

1
Think You're A Programmer? Think Again.

<17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=13614&group=comp.os.linux.advocacy#13614

  copy link   Newsgroups: comp.os.linux.advocacy
From: ff@linux.rocks (Farley Flud)
Subject: Think You're A Programmer? Think Again.
Newsgroups: comp.os.linux.advocacy
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 39
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Sat, 13 Apr 2024 15:21:53 +0000
Nntp-Posting-Date: Sat, 13 Apr 2024 15:21:53 +0000
X-Received-Bytes: 1418
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
 by: Farley Flud - Sat, 13 Apr 2024 15:21 UTC

Any TRUE programmer can also program in reverse, i.e. de-program.

Let's see if you can assist the global effort in documenting the
xz-backdoor.

GNU/Linux has the absolute best tool for the job: Ghidra.

https://ghidra-sre.org/

I have posted an image of the xv-backdoor loaded into ghidra
and analyzed:

https://i.postimg.cc/NsrmMvDv/xz-backdoor.png

The left panel shows the dissassembled code and the right shows
the corresponding de-compile.

Notice the match:

xor edi, edi
mov esi, 0x12
mov edx, 0x46
mov ecx, 0x02
CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);

TEST EAX, EAX
JZ LAB_00100606 <==> if (iVar4 == 0) {

Ghidra is fucking fantastic!

Unfortunately, I will not be attempting to document the backdoor.
To do so would entail first learning thoroughly the functions of
sshd and I am not at all interested in network programming.

Yes, sshd. Did you think that the xz-backoor was about compression/
decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!

Think again.

Re: Think You're A Programmer? Think Again.

<uvec6m$33f4n$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=13616&group=comp.os.linux.advocacy#13616

  copy link   Newsgroups: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@dfs.com (DFS)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Think You're A Programmer? Think Again.
Date: Sat, 13 Apr 2024 12:34:28 -0400
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <uvec6m$33f4n$1@dont-email.me>
References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 13 Apr 2024 18:34:30 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="af413ceb16f1118d87adefdbf9352c6d";
logging-data="3259543"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX191jSwOGwM+67V3ihBt9iOo"
User-Agent: Betterbird (Windows)
Cancel-Lock: sha1:CUpajstaE84vN5ex8K0Uroee0Bg=
Content-Language: en-US
In-Reply-To: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
 by: DFS - Sat, 13 Apr 2024 16:34 UTC

On 4/13/2024 11:21 AM, Lyin' Larry lied:

> Any TRUE programmer can also program in reverse, i.e. de-program.

YOU didn't de-program anything. The "REAL MAN" programmers behind
ghidra did it for you.

And why are you showing code anyway? You said programming was about
problem solving, not coding. Whoops. Break out the Whitman quote.

Bottom line: you're a fraud, and NOT a programmer.

Re: Think You're A Programmer? Think Again.

<uveedk$33td2$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=13617&group=comp.os.linux.advocacy#13617

  copy link   Newsgroups: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@dfs.com (DFS)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Think You're A Programmer? Think Again.
Date: Sat, 13 Apr 2024 13:12:18 -0400
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <uveedk$33td2$1@dont-email.me>
References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 13 Apr 2024 19:12:21 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="af413ceb16f1118d87adefdbf9352c6d";
logging-data="3274146"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18g6EKc76iZZ/u70eiu+G0T"
User-Agent: Betterbird (Windows)
Cancel-Lock: sha1:coD6DFsUjk9IEafbkMAUOVDT9Ro=
In-Reply-To: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
Content-Language: en-US
 by: DFS - Sat, 13 Apr 2024 17:12 UTC

On 4/13/2024 11:21 AM, Lameass Larry wrote:

> GNU/Linux has the absolute best tool for the job: Ghidra.

So does Windows and MacOS.

ghidra is written in Java, and about Java you said:

"Only a fucking idiot asshole would favor those heaps of junk (Java,
Python, etc)"

babble babble

Re: Think You're A Programmer? Think Again.

<uveest$33up8$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=13618&group=comp.os.linux.advocacy#13618

  copy link   Newsgroups: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: OFeem1987@teleworm.us (Chris Ahlstrom)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Think You're A Programmer? Think Again.
Date: Sat, 13 Apr 2024 13:20:29 -0400
Organization: None
Lines: 9
Message-ID: <uveest$33up8$1@dont-email.me>
References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
Reply-To: OFeem1987@teleworm.us
Injection-Date: Sat, 13 Apr 2024 19:20:29 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="6d65c5800a683851d97a4d16e4320571";
logging-data="3275560"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+c90okXRmJS43y8MMtnGLY"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:+BX13+eTpanFtMKl9Zsz1f6PfOw=
X-User-Agent: Microsoft Outl00k, Usenet K00k Editions
X-Slrn: Why use anything else?
X-Mutt: The most widely-used MUA
 by: Chris Ahlstrom - Sat, 13 Apr 2024 17:20 UTC

Farley Flud wrote this copyrighted missive and expects royalties:

> Ha, ha, ha, ha, ha, ha, ha, ha, ha!

I'll bet the key-label on this joker's macro key for
"Ha, ha, ha, ha, ha, ha, ha, ha, ha!" is worn out.

--
Living your life is a task so difficult, it has never been attempted before.

Re: Think You're A Programmer? Think Again.

<uvjg0j$biae$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=13711&group=comp.os.linux.advocacy#13711

  copy link   Newsgroups: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: candycanearter07@candycanearter07.nomail.afraid (candycanearter07)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Think You're A Programmer? Think Again.
Date: Mon, 15 Apr 2024 15:10:11 -0000 (UTC)
Organization: the-candyden-of-code
Lines: 46
Message-ID: <uvjg0j$biae$1@dont-email.me>
References: <17c5e02c1c64d208$662$181469$802601b3@news.usenetexpress.com>
Injection-Date: Mon, 15 Apr 2024 17:10:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="530423eb34796840436199cb4ae9fd46";
logging-data="379214"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX192XVo2siELy/7UGc18c+CgnVCczuIc8In0JgqtMqxQ+g=="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:maxWioiktwi3e5M5xwtXa03wLmU=
X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]%
b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx
`~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e
ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D
 by: candycanearter07 - Mon, 15 Apr 2024 15:10 UTC

Farley Flud <ff@linux.rocks> wrote at 15:21 this Saturday (GMT):
> Any TRUE programmer can also program in reverse, i.e. de-program.
>
> Let's see if you can assist the global effort in documenting the
> xz-backdoor.
>
> GNU/Linux has the absolute best tool for the job: Ghidra.
>
> https://ghidra-sre.org/
>
> I have posted an image of the xv-backdoor loaded into ghidra
> and analyzed:
>
> https://i.postimg.cc/NsrmMvDv/xz-backdoor.png
>
> The left panel shows the dissassembled code and the right shows
> the corresponding de-compile.
>
> Notice the match:
>
> xor edi, edi
> mov esi, 0x12
> mov edx, 0x46
> mov ecx, 0x02
> CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);
>
> TEST EAX, EAX
> JZ LAB_00100606 <==> if (iVar4 == 0) {
>
> Ghidra is fucking fantastic!
>
> Unfortunately, I will not be attempting to document the backdoor.
> To do so would entail first learning thoroughly the functions of
> sshd and I am not at all interested in network programming.
>
> Yes, sshd. Did you think that the xz-backoor was about compression/
> decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!
>
> Think again.

I'm not a security expert, nor do I claim to be. The only time I've
touched ghidra was to mod a GBA game, but I never deleted it from my
desktop.
--
user <candycane> is generated from /dev/urandom

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor