Announcement

Collapse
No announcement yet.

osTestBackdoorATI symbol in the blob

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • osTestBackdoorATI symbol in the blob

    https://twitter.com/hashcat/status/422665130002747392

    Just found in current AMD drivers (libs are not stripped): "nm /usr/lib/libamdocl64.so | grep -i backdoor" -> ... osTestBackdoorATI

  • #2
    Caution!!!!

    The following files are affected :

    fglrx-install.XXX/install/usr/lib/libamdocl32.so
    fglrx-install.XXX/arch/x86_64/usr/lib64/hsa/libamdocl64.so
    fglrx-install.XXX/arch/x86_64/usr/lib64/libamdocl64.so
    fglrx-install.XXX/arch/x86/usr/lib/hsa/libamdocl32.so
    fglrx-install.XXX/arch/x86/usr/lib/libamdocl32.so

    Comment


    • #3
      md5sum

      Verifying archive integrity... All good.
      Uncompressing AMD Catalyst(TM) Proprietary Driver-13.251 ...

      md5sum
      20e876f7e2c7a96f7bb0aa04cd7c5f42 libamdocl64.so
      b85f6cd21f67d4bacab80d36d417ff41 libamdocl32.so

      Comment


      • #4
        You do realize this is a back door to access GPU memory statistics right?

        Comment


        • #5
          there's a full article + thread on it on this very site.
          With ASM decompilation of the functions.
          And surprise, the function named "backdoor" is not a super secret backdoor to control your PC and spy you. Who could have guessed?

          Comment

          Working...
          X