Note: Having spent years analyzing anti-virus solutions, I can say one thing - it is a cybernetic tumor that a person acquires due to unscrupulous interaction with technologies. Anti-virus companies, as well as pharmaceutical companies - do not trust them!
Original project name is ZEROKIT.
Somewhere in sources you can find sig ZPAG. It's mean: Zerokit Powerful As Gog. What is in little-endian mean: GAPZ.
The purpose of the project is not to stimulate malicious projects, but only laid out for the community concerned for academic purposes.
I am not responsible for the malicious use of this code, neither before nor now nor in the future.
It's my own research and development during 2010-2012 years. But some parts, like PowerLoader is not mine.
- https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
- https://recon.cx/2013/slides/Recon2013-Aleksandr%20Matrosov%20and%20Eugene%20Rodionov-Reconstructing-Gapz%20Position-Independent%20Code%20Analysis%20Problem.pdf
- https://www.welivesecurity.com/wp-content/uploads/2013/05/CARO_2013.pdf
- https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-RodionovMatrosov.pdf
- https://www.sba-research.org/wp-content/uploads/publications/Bootkit_EuroSec_2014.pdf
- https://habr.com/ru/company/eset/blog/169131/
- https://habr.com/ru/company/eset/blog/174169/
- https://habr.com/ru/company/eset/blog/175911/
- https://xakep.ru/2013/11/05/full-bootkit-history/
- https://github.com/Darkabode/0ctrl
- https://github.com/Darkabode/possessor
- https://github.com/Darkabode/android-possessor
- https://github.com/Darkabode/0lib
- https://github.com/Darkabode/amte
Warning: This ancient shit not suitable for studying. Everything here is already outdated in 2010.
It is always amusing how analysts from anti-virus companies and some independent researchers build their arguments about something, based on general categories about light and dark, about how everything seems to be functioning. What can I say? - Нou are self-confident and displaced guys who consider themselves to be archangels.
The whole essence of this useless shit-bootkit was to figure out how the authorities work and how the interests of large anti-virus companies are lobbied, how they conquer the demand market, etc.
It is known that large companies, like organisms, live by the same principles as their biological counterparts, fighting for existence and using politics as a tool of concealment. Everywhere there are hierarchies, where each level corresponds to a certain level of access to knowledge and operations, which lie at the heart of each such organism. And the developers, there occupy far from the most advantageous position, I would even say - too depressed.
I never wanted to work in one of these institutions, because it’s like being in slavery, and everyone is somehow built into these corporate hierarchies - you sell yourself too cheaply.
When you get involved in some sphere, you begin to live on a certain frequency, which is peculiar to it. And as a result, all the shit that you have to deal with is attracted to you, whether you want it or not. Malware industry is one of those areas where hierarchies also exist, but it functions a little according to different laws. But these are not the details that deserve attention.
So, in 2010 I started developing my own solution, because I had a sports interest to do it, not because I received an order or belonged to one of the criminal hierarchies. All that nonsense and judgments that can be found on the public internet, regarding the shadow schemes of the entire backstage industry, is like the fantasy of a seriously ill and suffering drug addict. I realized this already during the first 6 months, when I became less inculcated into the malware writer communities. Antivirus companies are playing a dishonest game - pure politics, which is disgusting to deal with, while the true state of things suggests that real Zen is present in the creative process itself, which has nothing to do with the desires of businessmen - to make money.
The paradox of Zerokit is that not a single dollar was paid for it, except that I had to live and eat something while I got involved in all this trash. The source of income for me has always been exploits and reverse engineering. So, this is the first misjudgment of those that this ancient shit was financed by someone. You clever men, judging from your sagging bell towers, have suffered the first fiasco.
The second paradox is that this shit was not compelled to sell due to its unpleasantness and the lack of resources for proper supporting (because I always worked alone). And all those briefings on well-known forums are just briefings with unreal price tags (what kind of fool would buy all this for $30k-$50k???). All this was done solely for the purpose of igniting interest, gather more data and get access to underground forums. I just did not know at that time how it was possible to create a stir. But in any case, it was amusing to watch how all this is gnawing and building some delusional arguments.
And the third paradox is that by the end of 2012, I personally began to develop a rom-kit, which could infect some variants of legacy bios, rom-chip of ethernet cards, etc., including uefi. By the way, this explains why at the end of 2012 I completely stopped developing Zerokit, in which several funny guys from ESET made a career for themselves later.
The second reason why I stopped working on zerokit, and this was my only miscalculation - I shared the code with not very decent people who started using it in illegitimate spreads.
I think it makes sense to adhere to common sense that the goal of a Zerokit was not some kind of commercial or criminal activity, and this can be confirmed by a lot of analysts from different anti-virus companies that this bootkit was never seen in any APT attacks. or epidemics. With this, I think, no one will argue. Yes, the source code already in 2012 fell into the hands of not very decent people, for which I am still responsible. But the good thing is that without my personal participation, this product never became supported by anyone due to its specific and non-standard nature.
And the last thing I want to say to all those who consider themselves WhiteHat-knights and pour shit on real technological revolutionaries:
- You will always be behind by 10 steps, because this is how the Universe is arranged - everything is born from primary chaos and is transformed into code by those who work away from the public eye and not surrendering themselves to the slavery of large, worthless companies.
- You feed yourself and your families thanks to the genius of the BlackHat community. With them, and without them, the antivirus industry will remain as shit as it was.
- There is Gödel's incompleteness theorem, which postulates that closed systems are doomed to degeneration. So, no matter how comprehensible it is for mathematically prepared people, this does not change the situation and everything falls into place.
The refutation of any of these three points is a trap. Be smarter;)
Sorry for my dumb english...
And what about donations??? Hmmm... Yes this is sarcasm, I just do not know how else to laugh )) Do not even think to send money under any circumstances.
(c) 2019 Thank you!