## https://sploitus.com/exploit?id=AB79DE52-4D2F-559E-8900-708C6C59E19A
Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094).
Rapidly scans files and reports back with any files found to contain the signature used in the backdoor.
WARNING: Do not trust this program to be correct or alert you about the presence of a backdoor. This is a proof of concept only. Do not rely on it for any security.
This program was not written by [juul](http://github.com/juul). It was written by `stderr`. See authorship section at the bottom.
# Usage
```
Usage:
./xz-backdoor-scan [options] <filenames> [...]
Where [options] are:
-h / --help
This text
-f / --file <filename>
Search for content of "filename" instead of the xz-backdoor signature
-n / --needle <needle>
Search for "needle" instead of the xz-backdoor signature
This is mostly useful for searching for text strings.
For binary data, see -f / --file
```
To scan files in a directory non-recursively:
```
~# ./xz-backdoor-scan *
```
Note that the above assumes that there are _only_ files in the currenty directory.
If files containing the signature are found, the output will look something like this:
```
BAD_liblzma.so.5.6.0_from_liblzma5-udeb_5.6.0-0.1_amd64.udeb: CONTAINS THE SIGNATURE
BAD_liblzma.so.5.6.0_from_liblzma5-udeb_5.6.0-0.2_amd64.udeb: CONTAINS THE SIGNATURE
```
To rapidly scan your entire local filesystem recursively:
```
find $(df -P | awk '/^\/dev\// { print $6 }') -mount -type f -exec ./xz-backdoor-scan {} +
```
# Signature
The signature being searched for is in `signature.c`.
# Copyright and license
Copyright 2024 stderr
License: AGPLv3
# Authorship
This program was written by `stderr` who can be found here:
* [Twitch](https://twitch.tv/stderr_dk)
* [Twitter](https://twitter.com/stderrdk)
* [Bluesky](https://bsky.app/profile/stderr.bsky.social)
* [Mastodon](https://mastodon.social/@stderr)
* [Discord](https://discord.com/invite/6tTFY6KfB8)