|
xzre
|
Public Member Functions | |
| PADDING (4) | |
| PADDING (4) | |
| PADDING (4) | |
| PADDING (4) | |
Data Fields | |
| BOOL | uses_endbr64 |
| imported_funcs_t * | imported_funcs |
| pointer to the structure containing resolved OpenSSL functions | |
| libc_imports_t * | libc_imports |
| pointer to the structure containing resolved libc functions | |
| BOOL | disable_backdoor |
| This flag gets set to TRUE by run_backdoor_commands if any of the validity checks fail, making future invocations return immediately. More... | |
| sshd_ctx_t * | sshd_ctx |
| struct sensitive_data * | sshd_sensitive_data |
| sshd_log_ctx_t * | sshd_log_ctx |
| char * | STR_ssh_rsa_cert_v01_openssh_com |
| location of sshd .rodata string "ssh-rsa-cert-v01@openssh.com" | |
| char * | STR_rsa_sha2_256 |
| location of sshd .rodata string "rsa-sha2-256" | |
| struct monitor ** | struct_monitor_ptr_address |
| u32 | exit_flag |
| sshd_offsets_t | sshd_offsets |
| void * | sshd_code_start |
| sshd code segment start | |
| void * | sshd_code_end |
| sshd code segment end | |
| void * | sshd_data_start |
| sshd data segment end | |
| void * | sshd_data_end |
| sshd data segment start | |
| void * | sshd_main |
| void * | lzma_code_start |
| liblzma code segment start More... | |
| void * | lzma_code_end |
| liblzma code segment end More... | |
| u32 | uid |
| u64 | sock_read_buf_size |
| u8 | sock_read_buf [64] |
| u64 | payload_data_size |
| u64 | current_data_size |
| number of body bytes copied to payload_data. will point to the digest at the end | |
| u8 * | payload_data |
| sshd_payload_ctx_t * | sshd_payload_ctx |
| u32 | sshd_host_pubkey_idx |
| u32 | payload_state |
| u8 | secret_data [ED448_KEY_SIZE] |
| the secret data used for the chacha key generation | |
| u8 | shift_operations [31] |
| the shift operation states More... | |
| u32 | num_shifted_bits |
| number of bits copied | |
| BOOL global_context::disable_backdoor |
This flag gets set to TRUE by run_backdoor_commands if any of the validity checks fail, making future invocations return immediately.
It's likely both a safety check and an anti tampering mechanism.
It's also used to avoid running the payload more than once, if the hooks gets called multiple times
| void* global_context::lzma_code_end |
liblzma code segment end
the shifter will use this address as the maximum search address any instruction beyond this address will be rejected
| void* global_context::lzma_code_start |
liblzma code segment start
the shifter will use this address as the minimum search address any instruction below this address will be rejected
| u8 global_context::shift_operations[31] |
the shift operation states
written by secret_data_append_singleton
1.9.1