# Backdoored Source

{% hint style="info" %}
So find the bug in the zeek source version release/2.0. They provide a tampered zip file of the source.
{% endhint %}

Zeek repo lives here <https://github.com/zeek/zeek>

The original source tag here <https://github.com/zeek/zeek/releases/tag/v2.0>

![](https://3690043025-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MJeilQajqHV4lFhF_rI%2F-MJg_zpVmxyGezGpr6_6%2F-MJgbVW7TLdxx6V_lc8r%2Fimage.png?alt=media\&token=5b1c5c31-574e-4f0c-8f40-e0dd76aefede)

Clone that tag down. I used [beyond compare](http://scootersoftware.com/) to do a folder diff on the sourcetree. Uh oh whats up with that file I wonder.

![](https://3690043025-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MJeilQajqHV4lFhF_rI%2F-MJg_zpVmxyGezGpr6_6%2F-MJgbmv6phrLG5riJwh2%2Fimage.png?alt=media\&token=62868c3f-c69b-4072-8156-c437144c2cb5)

![](https://3690043025-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MJeilQajqHV4lFhF_rI%2F-MJg_zpVmxyGezGpr6_6%2F-MJgc5KUaqeTn1SqnMI-%2Fimage.png?alt=media\&token=2cc642dc-63d9-4f84-8e25-c45cc70ac7a5)

{% hint style="success" %}
The Solution

```
scripts/base/protocols/conn/main.bro
```

{% endhint %}