找回密码
 注册

QQ登录

只需一步,快速开始

搜索
楼主: haies49

[其它] 有条件的自己也可以定制ROS 5.20插件版

  [复制链接]
发表于 2012-8-17 16:00:51 | 显示全部楼层
5.20的也出了?这速度也太快了吧
routeros
回复

使用道具 举报

发表于 2012-8-17 16:17:02 | 显示全部楼层
好东西,支持你~
routeros
回复

使用道具 举报

发表于 2012-8-17 21:12:42 | 显示全部楼层
这个得留下脚印
routeros
回复

使用道具 举报

发表于 2012-8-18 15:19:39 | 显示全部楼层
我试了好象不行,导入key不对
routeros
回复

使用道具 举报

发表于 2012-8-19 22:17:35 | 显示全部楼层
谢谢分享,好人一生平安!
routeros
回复

使用道具 举报

发表于 2012-8-23 20:02:21 | 显示全部楼层
好东西。下来研究一下。谢谢分享。楼主好人。
routeros
回复

使用道具 举报

发表于 2012-8-31 15:14:33 | 显示全部楼层
不错,,明天试试看
routeros
回复

使用道具 举报

发表于 2012-8-31 17:44:43 | 显示全部楼层
看看怎么样。
routeros
回复

使用道具 举报

发表于 2012-11-5 19:59:28 | 显示全部楼层
你这个           S09plugin 大小 415 字节 (415 字节)
我以前下载的  S09plugin 大小 77 字节 (77 字节)  
是不是存在后门啊!
routeros
回复

使用道具 举报

发表于 2012-11-5 20:20:58 | 显示全部楼层

能发一个77K的S09plugin给我,我研究一下不同之处,谢谢
1456106335@qq.com
routeros
回复

使用道具 举报

发表于 2013-4-22 22:58:23 | 显示全部楼层
谢谢分享啊。。。
routeros
回复

使用道具 举报

发表于 2013-7-18 00:18:08 | 显示全部楼层
虽然用不到,但还是非常感谢。
routeros
回复

使用道具 举报

发表于 2013-7-20 20:25:56 | 显示全部楼层
感谢楼主分享,看看先
routeros
回复

使用道具 举报

发表于 2013-9-22 10:05:51 | 显示全部楼层
cyso 发表于 2012-11-5 19:59
你这个           S09plugin 大小 415 字节 (415 字节)
我以前下载的  S09plugin 大小 77 字节 (77 字节)  ...

h ttps://ispforum.cz/viewtopic.php?f=4&t=9813&start=45
honzam  16 pro 2012 18:47
Hi all
Since I do decompiling as a hobby, I grabbed the "cracked" 5.18 ISO and did a quick analysis on what the crack changed.

Two files were added to the system package:
/etc/rc.d/run.d/S09plugin - this is an init script that runs on startup and starts the "clone" binary
/nova/bin/clone - this file is interesting for many reasons:
- there are multiple layers of obfuscation/encryption present in the file; I only managed to remove the first layer of obfuscation so far
- it is filled with many anti-debugging and anti-VM techniques (designed to make analysis harder)
- it seems to make hashes of the routing table, cpu/memory information and partition list; dunno what it does with the info
- seems to hijack /dev/tty, shows its own password prompt; dunno what it does with the password after that
- contains 6 binaries which are extracted and executed/loaded on startup

Binary 1: this one is a file/copy rename utility; no malicious code here
Binary 2: Like the "clone" app, this one is filled with anti-debug code; it extracts/loads the kernel modules.
Binary 3/4: These are the uniprocessor/SMP versions of the malware code. This one does multiple things:
- adds a kernel workqueue that periodically looks up the DNS address of "dns.vpn2vpn.info", "vvvvva.com" (?), "ssl.vpn2vpn.info"
- depending on the dns replies, downloads and inserts a new kernel module from the returned addresses; this can be used to execute arbitrary code on the router
- adds a hook to the netfilter firewall layer that modifies packets coming from port 53 (DNS)
Binary 5/6: These are the uniprocessor/SMP versions of the crack itself.
It hooks generic_ide_ioctl and ata_sas_scsi_ioctl and modifies the information returned about the MBR and the disks, so the kernel always sees the same driver serial number and accepts the same ROS software key.

I didn't check the other packages, so it is possible that those are infected in some way too.
Conclusion: DON'T USE !

一老外的帖子,貌似里面有猫腻。
routeros
回复

使用道具 举报

发表于 2013-9-22 10:19:35 | 显示全部楼层
可惜只支持到5.20,高一点的版本就不支持了~~这点很无语中~~
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-12-26 11:40 , Processed in 0.126488 second(s), 15 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表