Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
In the case of a Flytrap without the Firmware Upgrade Inhibit option, an “upgrade
attempt” Upgrade Alert would likely signal the loss of the implant.
(S) Certain Flytrap device types also support a “FW Replacement String” feature wherein
the FW version displayed on the device’s web interface can be replaced with an arbitrary
string (see 9.11.14).
5.2.3.19 (S) Obfuscation of Implant Binaries
(S) As of svn 7648 of the 22 January 2010 release (including Roundhouse version 2
devices), when a “release” Flytrap implant is built, the binaries are obfuscated in the
following ways:
All Flytrap implant symbols are obfuscated as “a*”, where * is a unique number.
For example, a symbol for a function named “SendAlert” would be obfuscated as
(say) a123, and in the binary’s symbol table, the string “a123” will appear instead
of “SendAlert”.
Debug print strings are removed from the binaries using C macros at compile
time.
Initial Beacon addresses are scrambled using a keyed xor algorithm.
(S) The Flytrap implant build process runs a case-insensitive string check on each of the
implant binaries to ensure that the following strings are not present:
Sponsor organization
US Govt intelligence organizations
Contractor and names of Contractor personnel
Cherry Blossom, Alert, Target, Beacon, Harvest, Windex, Proxy, VPN, Email,
Chat, Maktoob, AIM, YMSG, VoIP
5.2.3.20 (U) Application Execution
(S) As of svn 8222 (CB v4.0), Flytraps support an application execution feature, wherein
an operator can push an application and/or command to a Flytrap for execution. This
feature is not supported on VxWorks devices.
(S) NOTE: this is an advanced feature insomuch as the operator must build the
application for a particular device using the correct toolchain. An improperly built
application could result in device reset. As such, operators should test each application
on the device of interest before attempting a field operation.
5.2.3.21 (S) Roundhouse Geolocation
(S) The Roundhouse devices support geolocation estimation. Consult the Roundhouse
team for details in geolocation technique. See 9.11.9 for setting configuration geolocation
in a Mission.
20
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh