Results 1 to 5 of 5

Thread: osTestBackdoorATI symbol in the blob

  1. #1
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,988

    Default osTestBackdoorATI symbol in the blob

    https://twitter.com/hashcat/status/422665130002747392

    Just found in current AMD drivers (libs are not stripped): "nm /usr/lib/libamdocl64.so | grep -i backdoor" -> ... osTestBackdoorATI

  2. #2
    Join Date
    Jan 2014
    Posts
    2

    Angry Caution!!!!

    The following files are affected :

    fglrx-install.XXX/install/usr/lib/libamdocl32.so
    fglrx-install.XXX/arch/x86_64/usr/lib64/hsa/libamdocl64.so
    fglrx-install.XXX/arch/x86_64/usr/lib64/libamdocl64.so
    fglrx-install.XXX/arch/x86/usr/lib/hsa/libamdocl32.so
    fglrx-install.XXX/arch/x86/usr/lib/libamdocl32.so

  3. #3
    Join Date
    Jan 2014
    Posts
    2

    Angry md5sum

    Verifying archive integrity... All good.
    Uncompressing AMD Catalyst(TM) Proprietary Driver-13.251 ...

    md5sum
    20e876f7e2c7a96f7bb0aa04cd7c5f42 libamdocl64.so
    b85f6cd21f67d4bacab80d36d417ff41 libamdocl32.so

  4. #4
    Join Date
    Sep 2013
    Posts
    148

    Default

    You do realize this is a back door to access GPU memory statistics right?

  5. #5
    Join Date
    Sep 2012
    Posts
    650

    Default

    there's a full article + thread on it on this very site.
    With ASM decompilation of the functions.
    And surprise, the function named "backdoor" is not a super secret backdoor to control your PC and spy you. Who could have guessed?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •