oh neat, the documentation of the backdoor packet format on the xzbot github has been updated a bit, so apparently there are three request types
- Type 1: unknown, expects zero bytes
- Type 2: executes null-terminated payload with system()
- Type 3: unknown, expects 48 bytes (signed)
and apparently type2 still has some unknown parameters too. this just makes me more curious 😄