zaiats_2k (zaiats_2k) wrote,
zaiats_2k
zaiats_2k

Intel® Active Management Technology

The part where the call to strncmp() occurs seems most interesting here:

if (strncmp(computed_response, user_response, response_length))
    exit(0x99);

The value of the computed response, which is the first argument, is being tested against the one that is provided by user, which is the second argument, while the third argument is the length of the response. It seems quite obvious that the third argument of strncmp() should be the length of computed_response, but the address of the stack variable response_length, from where the length is to be loaded, actually points to the length of the user_response!
Given an empty string the strncmp() evaluates to zero thus accepting and invalid response as a valid one.

https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
Tags: backdoor
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments