I'm trying to understand what does "sep_racer" do in PongoO. It shows that:
send "boot sepos message" and try to get the encrypted "trampoline" shellcode. put this in "replay"
copy "replay" back to tz0 when "left_to_sepos"
why does shellcode in "replay" executed?
It seem that "replay" buffer is copied from tz0 memory just after "tz0_boot", and i don't think there are any code there to be executed,but "sep_racer" just copy the shellcode back and it lead seprom into blackbird backdoor.What's happend ? waitting for reply,thanks a lot ~
I'm trying to understand what does "sep_racer" do in PongoO. It shows that:
It seem that "replay" buffer is copied from tz0 memory just after "tz0_boot", and i don't think there are any code there to be executed,but "sep_racer" just copy the shellcode back and it lead seprom into blackbird backdoor.What's happend ? waitting for reply,thanks a lot ~