Create an Account
username: password:
 
  MemeStreams Logo

IOS Rookit: the sky isn't falling (yet)
search
Home Agent Weblogs Social Network Post Help About

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
IOS Rookit: the sky isn't falling (yet)
Topic: High Tech Developments 7:13 pm EDT, May 29, 2008

I finally got to see Topo's presentation this week-end at PH-Neutral and discuss it with him and FX.

Given that the slides aren't online yet [1], that Core hasn't published Topo's technical paper on their website [2] yet either, and that I'm done replying to direct inquiries about it [3], here's a summary of the IOS rootkit saga and its impact on the Service Provider community (from my point of view :)

Topo spent a lot of time (and if you ever loaded an IOS image in IDA you know what I'm talking about) analyzing strings and functions in IOS. In his proof of concept he located the code doing the password check and adds a trampoline to his backdoor code (by saving paramaters, glueing the two codes together, doing the "new" password check and returning properly to the main code path). Nice lesson on 101 hooking on IOS.

IOS Rookit: the sky isn't falling (yet)

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0