Thanks.

Question for the C folks. The author seems to have reimplemented functions such as strlen, memcpy, and atoi in 'bot/util.h' instead of using the stdlib. Anyone know why?

https://github.com/0x27/linux.mirai/blob/master/mirai/bot/ut...

Because you cannot rely on some chintzy IoT device to have dynamically loadable libraries. In all likelihood, they don't. But let's assume they do have loadable stdlib, would would you trust the integrity of your botnet to dozens of poorly designed IoT devices?

You can statically link the binary you build, doesnt mean you need to reimplement.

But it is easier to copy/paste those few functions rather than play with static libc and then making sure all the other functions don't get linked into the final binary.

Don't most of these IoT devices usually run Linux though?

Sure, but many of them only contains a static busybox binary and no libc.

Remember that this target IoT devices, where diversity is much higher than it would be for desktops or servers. the build scripts shows the targeted architectures:

i586 mips mipsel armv4l armv5l armv6l powerpc sparc m68k sh4

I believe not all embedded systems have the c stdlib.

Not the reason. Especially when the author includes headers like: #include <stdlib.h> #include <unistd.h> #include <sys/socket.h> #include <arpa/inet.h> #include <linux/ip.h> #include <linux/udp.h> #include <errno.h> #include <fcntl.h>