• carpelbridgesyndrome
    link
    fedilink
    arrow-up
    91
    ·
    1 year ago

    I feel personally attacked. Yes I’ve actually done this (minus sending them money). I had a server (that I am pretty sure sent headers to the effect that it ran x86) which had some logs indicating someone had tried to download an arm IOT botnet onto it. So I downloaded it and tried running it through a decompiler. I found a UPX stub. The rest was compressed. So I tried the UPX unpacker. This didn’t work because it was built with a modified copy of UPX. So I hauled out a raspberry pi, reflashed the OS and tried running it in GDB in hopes of just dumping the unpacked bit from memory. Nothing. So I downloaded qemu and set up an aarch 64 arm 9 image still nothing. So I tried 32 bit arm again in qemu. At this point I gave up