thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

Vogtinator

Guide updated to use the official installation .iso from Microsoft, which finally became available in Dec. 2024! For the VHDX disk image based guide check an earlier version of this gist.

When following this guide on a host not capable of aarch64 virtualization, replace -cpu host -accel kvm with -cpu max.

1. Download the installation .iso from https://www.microsoft.com/en-us/software-download/windows11arm64. Win11_24H2_EnglishInternational_Arm64.iso is known to work.
2. Download the the latest virtio-win.iso from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/.
3. Create a disk image for the Windows installation: qemu-img create -f qcow2 win11.qcow2 25G
4. Start the installation with generic (ramfb for display, usb-storage for .isos) as well as virtio (virtio-gpu-pci, virtio-block) devices: `qemu-system-aarch64 -M virt -cpu host -accel kvm -m 4G -smp 4 -device ramfb -device virtio-gpu-pci -bios /usr/share/qemu/qemu-uefi-aarch64.bin -device qemu-xhci -device usb-kbd -dev

phlinhng

利用 NGINX 的 Stream 模塊 sni_preread 功能，可以做到讓 Trojan 和其他網站在同一台機器上共享 443 端口。