Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
12 (U) System Limitations
(S) This section discusses known system limitations. Many system limitations are related
to the constrained resources of Flytraps. Most devices typically have on the order of 1-4
Megabytes of volatile RAM available, very little non-volatile RAM, and limited available
CPU cycles. Flytraps must adhere to “Minimal Resource Usage” as described in 5.2.3.13.
Other limitations occur as a result of the “Minimal Interference with Normal Device
Operation or Look and Feel” of 5.2.3.14. Still other limitations are a result of keeping
Flytrap software as portable (i.e., to allow platform expansion) and minimal as possible.
12.1 (S) Maximum Number of Targets and Target Actions
(S) Due to the limited amount of RAM and CPU cycles, the maximum number of Targets
and Target Actions are both fixed. The maximum number of Targets that can be assigned
in a Mission is 150, and the maximum number of “unique” Actions that can be assigned
is 32. Note that each Copy Action with a different timeout counts as one “unique”
Action, each different Windex URL counts as one “unique” Action, and each HTTP
Proxy Action with a different timeout or a different Proxy IP/port counts as one “unique”
Action. Note that multiple Targets can have the same “unique” Action applied to them.
For example, in a Mission with 10 Targets, if each Target has a Copy Action with a 10-
minute timeout, only one “unique” Action is used – if 5 Target are assigned a Copy
Action with a 10-minute timeout, and 5 Targets are assigned a Copy Action with a 5-
minute timeout, then two “unique” Actions are used. Global Actions (Copy All and
HTTP Proxy All) do not count against the maximum Action limit.
12.2 (S) Overload of Copy Data
(S) Under severe loading, the process that performs the Copy Action will drop packets.
Testing has shown that ordinary web-surfing on a Flytrap with a T1 WAN connection
will drop very few packets, and downloading a 10-Megabyte file will drop < 10% of the
downloaded data.
12.3 (S) Certain Devices/Firmwares Lose Flytrap Persistent Data
During a Hard Reset
(S) Most devices have a manufacturer’s “hard reset” feature. Typically, this is a button on
the device that must be pressed for a few seconds, or a “Restore Defaults” web page. For
some Flytraps, a “hard reset” will erase any data the Flytrap has written to its persistent
data area, which essentially restores the device back to an initial state (i.e., it will return
to the Initial Beacon logic for which it has been programmed). Note also that this would
unset any Kill or Suicide information as well.
(S) See the “Wifi Devices.xls” document for a listing of which devices/firmwares retain
Flytrap persistent data through a hard reset.
12.4 (S) Ideally, at Least One PoP has a Static IP Address
(S) Some Flytraps can be configured so that a DNS lookup cannot be completed from a
process running on the Flytrap. This can be the case if a Flytrap has been assigned a static
(WAN) IP address, and no DNS IP address has been configured. Note that this is not the
121
SECRET//20350112