backstealth reverse-engineered

From: Stephen J. Friedl (steve@unixwiz.net)
Date: 05/03/02


Date: Thu, 02 May 2002 19:51:52 -0700
To: vuln-dev@securityfocus.com
From: "Stephen J. Friedl" <steve@unixwiz.net>

I've reverse engineered the backstealth program that's been going around,
with the original info found at http://piorio.supereva.it/backstealth.htm?p

My program is in documented C++ and it uses the same (not yet reversed)
backdll.dll that can be found on the above web site. Those who care to play
with this technology in the context of personal firewalls are encouraged to
do so. It's not a byte-for-byte reversal - I tuned it up a lot - but the
algorithm is the same. This was done from disassembly. IDA Pro rocks!

Steve
Stephen J. Friedl / Software Consultant / Tustin, CA / 714-544-6561