Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Gyrfalcon 2.0 SECRET//NOFORN
9 (U) Receipt.xml File Format
(S//NF) The genconfig.py Python script generates an XML receipt file recording the current
configuration of Gyrfalcon on the target platform. The format of the file is defined below.
<config date=YYYY-MM-DD_HH:MM:SS.SSSSSS>
<application name=”Gyrfalcon”>
<version>2.0</version>
<guid length=”16”>...</guid>
<settings>
<collect_size min=”4096” max=”4194304”>...</collect_size>
<processor>intel</processor>
<architecture>LITTLE_ENDIAN</architecture>
<padding_1 length=”12”>...</padding_1>
<padding_2 length=”12”>...</padding_2>
<padding_3 length=”12”>...</padding_3>
</settings>
</application>
<crypto>
<symmetric name=”AES-256 CBC”>
<aes_key length=”32”>...</aes_key>
<aes_iv length=”16”>...</aes_iv>
</symmetric>
<asymmetric name=”RSA-2048”>
<rsa_pubkey length=”451”>...</rsa_pubkey>
</asymmetric>
</crypto>
<filesystem>
<working_directory>...</working_directory>
<configuration_file>...</configuration_file>
<collection_file>...</collection_file>
<client_file>...</client_file>
<openssh_library>libgssapi.so.2.0.1</openssh_library>
<private_key>private.pem</private_key>
<public_key>public.pem</public.key>
</filesystem>
<white list count=”...”>
<rule extra=”...” command=”...” address=”...”>1</rule>
<rule extra=”...” command=”...” address=”...”>2</rule>
November 2013 SECRET//NOFORN//20381126 21

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh