About 8.1, a lot has come up, like the trojan, needs a fixing! Devices seem to lock themselves with the message "Demo Purpose Only" sometimes. If this seems too much work, I might release a in between version, but knowing this trojan is active, makes it not very interesting releasing this before it's killed.
因為 Uberoid 裡面有防木馬的機制,所以中了木馬的徵狀就是機器會鎖住,而且畫面會顯示「Demo Purpose Only」,不過還沒看到有人貼圖就是。
HcH 在另一個回文裡面寫到:
well since the very first WonderMedia these firmwares have trojans in it, the oldest one I've killed in just 2 days, but this one seems to be more a bitch than the first one. Chinese developers btw also rig their phones, on the sql server I've hacked into I've seen SMS from number to number with the contents of the messages (the ones I've seen where in German). Nice act of the chinese, make us buy their craplets/phoneys making profit from us AND spy on us, win win.
他已經砍了一個舊的木馬,不過新的更GY,他也駭進去資料庫看過了,還婊了一下中國人說是「搞了一堆鳥東西跟山寨貨來賺我們的錢,還順便監視我們,真是雙贏啊」。
HcH 最後是說:
I'm now going for another method in order to try and get this trojan gone, I'm sure they've updated the trojan because their botnetcontroller is also updated and is now not vulnerable anymore against my old sql injections trick, I'll teach some new ones. I'll be working around the clock to get this done.
Taking down the botnet server will result in people all over the world having "Demo Purpose Only" activated on the tablet and they can not use it, now only a few are affected by this message due Uberoid's patch against the traffic this trojan sents. It feels a bit random that this message appears.
Anyone interested in hunting for the trojan's triggers:
1. Get yourself IDA, if you don't have her already she will be your best new GF
2. Load a lib, at first the trojan was in libui.so, good start, the libs are ELF Shared Objects [ELF.LDW]
3. Seek for something like "int __fastcall _wmtcpro_phone_home()" which was the proc in the first trojan, I've already checked for this string, no matches yet.
最後,目前只看到 HcH 說採用 1.5.3 版號的 Uberoid 8.1 版有這個問題(難怪他把檔案連結砍了),1.5.0、1.5.1、1.5.2 會不會也有問題?其他人做出來的韌體會不會也有問題?官方市場可以下載的防毒軟體能有效阻止嗎?木馬到底是威信電科放出來的版本就有,還是製造商修改後放出的韌體才有?
目前通通不清楚。 喔!e04!
沒有留言:
張貼留言