Reborn Ace Hack

The network data samples given by Lu Bin were stored in text format. From a system perspective, data stored in plain text format would not be executed by the operating system. Therefore, although Xiao Yuan had made some protections, he was only trying to prevent Lu Bin from being exposed.

Bin's floppy disk contains other viruses. As for the text of the network data, I don't have much to worry about.

This text occupies almost a full floppy disk, as much as 1.2 mbytes. Xiao Yuan used a text editor that can convert between various base systems (decimal, binary, octal, hexadecimal) to edit this text.

text opens because the file is very long, e.g.

If he wanted to print it out, it would probably take one or two hundred pages. It would be impossible to analyze it manually without using special tools, so he just flipped through the first few pages and understood.

Check the general situation of this text file and close it.

Looking at the windows desktop in front of him, Xiao Yuan felt like he was at a loss, because for a long time, the computer systems he had been exposed to were all non-windows series. For example, at home, he used thinkpad600, the system installed on that computer.

It is feonix system, an experiment in school

In his room, he uses the FreeBSD system. Although the kernels of the two systems are different, because their external interfaces are developed in accordance with POSIX standards, and the shells used are customized by him on top of Bash, so in

If you don't touch the bottom layer of the system in use, it will be difficult to feel any difference.

But Windows is different. Both the operation methods and tools are completely different. The most important thing is that after getting the Compaq laptop in front of me from Kamana, Xia Jiuying usually used it occasionally when she was working, but Xiao Yuan did not.

There are too many tools installed on it, and no programming environment is installed.

But now to analyze this network data, it requires a lot of tools, and even some special tools need to be written according to the situation. These are not available on Compaq laptops. This is the fundamental reason why Xiao Yuan is at a loss.

Therefore, he decided to migrate his work to ThinkPad600. As for the Windows environment required for the worm to run, on ThinkPad600, he could use a software to set up a win32 API virtual environment on the Feonix system and let the worm go to that virtual environment.

environment, if that virtual environment still cannot meet the requirements

, he can also use a big killer like a virtual machine, but it is limited to the level of hardware like thinkpad, and a virtual machine, a large software that consumes a lot of computing resources, is not going to be used unless it is a last resort. If he really wants to use it,

, he will also wait until tomorrow to return to the school laboratory, where his computer is a freebsd workstation, and he will definitely be able to run a virtual machine on it.

However, before Xiao Yuan formally conducted the analysis, he decided to first see what the worm virus embedded in this network data looked like and what its specific manifestations were. Only by knowing yourself and the enemy can you win every battle.

In order to release the worm, Xiao Yuan needs to make some preparations in the early stage. First, he needs to prepare a virtual environment.

The first function of this virtual environment is to serve as an isolation layer, allowing worms to run in it to prevent damage to the real computer system. Secondly, this virtual environment also has a monitoring function. Every move of the worm in it will be monitored.

Record it for easy observation. Thirdly, the virtual system can also open appropriate network ports as needed, or reserve certain system vulnerabilities to observe the reaction of worms, etc.

Xiao Yuan has already collected the software needed to build a virtual environment, and now it is stored in his private space in the Xuan Nie community. He only needs to download it to his local computer from there.

Although the virtual environment is not a real virtual machine, it still consumes a lot of resources. After Xiao Yuan configured it, he clearly felt that the system was slowing down, but it was still within a tolerable range and did not affect his work.

.

After setting up the virtual environment, Xiao Yuan used a tool to convert the network data samples that had been transferred into text files by Rubin into binary form, and then imported them into another tool. This tool will be used in Xiao Yuan's current environment.

The computer simulates a network host and uses the simulated host to send network data to the virtual environment, achieving exactly the same effect as receiving data packets from the network.

Before sending the network data to the virtual environment, Xiao Yuanxian imported the data into another network data analysis software. This software will conduct a preliminary analysis of the network data flow, determine the network protocol used by the data flow, and make statistics.

Some other data for Xiao Yuan to observe and analyze.

After the analysis results came out, Xiao Yuan looked at them first. The first thing that can be determined is that these data Rubin were intercepted from the network layer of the tcpip network stack. Secondly, these data are composed of many network layer protocol data packets with normal functions, among which tcp

Protocol data packets account for the majority, and there are also

A small number of icmp protocol data packets are interspersed in tcpip data packets, and the insertion positions are random. The data packets of these two protocols account for 97% of the entire data flow. In addition, there are other network

Layer protocol data packets, such as data broadcast protocol igmp, etc.

Judging from the analysis report, all network layer data packets are normal data packets without any abnormalities. If you want to query whether there is any problem with the data carried in the data packets, you need to decode all these data packets.

package, and then decompose the underlying data flow for further analysis.

Xiao Yuan plans to leave further unpacking and analysis until he arrives at the lab tomorrow. Now he just wants to understand the basic situation of this data flow, and then sends them to the virtual environment through software to see how the network worm behaves in the virtual environment.

What exactly will be done in the environment?

After the data was sent, Xiao Yuan saw in the monitoring window of the virtual environment that these data packets were accepted and unpacked by the virtual environment, and then because the program to receive these data packets could not be found, he began to discard these data packets...

"Wow, what kind of place is this?"

And when less than one-third of the data packets were received by the virtual environment, a dialog box suddenly popped up in the virtual environment, which surprised Xiao Yuan, because he also knew that the appearance of this dialog box signified that

The worm had already entered the virtual environment, but he had not discovered how the virus entered. Everything was so sudden, and the words in the dialog box were even more worthy of his consideration.

"Has this virus discovered that the environment it is in is not a normal system environment? How did it find out?" Xiao Yuan carefully understood the words in the dialog box.

"This place is very abnormal. Why is it so empty and there are surveillance cameras everywhere? No, I don't like it. I want to leave."

Just when Xiao Yuan was trying to grasp the words in the first dialog box, the dialog box closed by itself, and then the second dialog box popped up. The words in it surprised Xiao Yuan and at the same time confirmed his previous speculation.

, that is, this worm recognized so quickly that the environment he was in was abnormal, and also expressed his intention to leave.

At this time, in the monitoring window of the virtual environment, the information scrolled quickly, showing that there was a process in the virtual environment scanning the virtual environment, and the name of this process was imthin.

"Imthin, what does this mean?" Xiao Yuan thought this name was strange.

At this moment, the computer suddenly beeped, interrupting Xiao Yuan's train of thought.

"Haha, I finally came out and you actually wanted to lock me in a small house. It's so abominable, you bad guy!"

"Holy shit, this guy actually ran out!" Xiao Yuan no longer cared about the childish words in the conversation. At this time, he was more concerned about how the worm escaped from the virtual environment.

Xiao Yuan closed the dialog box on the screen, clicked "Loss of Weight", and sent a series of commands through the monitoring window of the virtual environment. He wanted to investigate the detailed logs of the monitoring program to see how the worm escaped.

, and then just after he issued the command and waited for the detailed log to come out, another dialog box popped up on the computer screen, but the words inside made him feel like he was struck by lightning. He froze there for a while, and tears quickly blurred his vision.

.

"Hey, bad guy, let me ask you a question, am I fat?"