[revelation]

If you look at the disassembly in the link, the backdoor was inserted smack in the middle of the authentication function, which caused jump labels further down to change.

This is all trivial for a compiler to adjust, but it's not what someone manually tampering with the binary would do.

[Deregibus]

In addition, AFAIK this affects both the ARM and x86 firmware, so a patched binary would imply two separate modifications. Though that would still leave open the possibility that the toolchain was exploited before compilation occurred.

[emillon]

This is correct, I missed this!