aboutsummaryrefslogtreecommitdiff
path: root/source/tools/host/old
diff options
context:
space:
mode:
Diffstat (limited to 'source/tools/host/old')
-rw-r--r--source/tools/host/old/file_crypt.c802
-rw-r--r--source/tools/host/old/pyhttp.c188
2 files changed, 990 insertions, 0 deletions
diff --git a/source/tools/host/old/file_crypt.c b/source/tools/host/old/file_crypt.c
new file mode 100644
index 0000000..8548cfa
--- /dev/null
+++ b/source/tools/host/old/file_crypt.c
@@ -0,0 +1,802 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+#include <time.h>
+#include <getopt.h>
+#include <errno.h>
+
+#include <sys/mman.h>
+#include <ctype.h>
+
+#include "crypt.h"
+#include "helper.h"
+#include "loader.h"
+
+
+static const char base64table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const unsigned char loader_endmarker[] = { _LOADER_ENDMARKER };
+
+
+static void base64_block_encode(const char plain[3], char encoded[4])
+{
+ unsigned char b0 = 0, b1 = 0, b2 = 0, b3 = 0;
+
+ b0 = ((plain[0] & 0xFC) >> 2);
+ b1 = ((plain[1] & 0xF0) >> 4) | ((plain[0] & 0x03) << 4);
+ b2 = ((plain[1] & 0x0F) << 2) | ((plain[2] & 0xC0) >> 6);
+ b3 = ( plain[2] & 0x3F);
+ encoded[0] = base64table[b0];
+ encoded[1] = base64table[b1];
+ encoded[2] = base64table[b2];
+ encoded[3] = base64table[b3];
+}
+
+static char* base64_encode(const char* plain, size_t siz, size_t* newsizptr)
+{
+ size_t padded = (siz % 3 == 0 ? 0 : 3 - (siz % 3));
+ size_t newsiz = ( (siz + padded)/3 ) * 4;
+ char* tmp = calloc(newsiz, sizeof(char));
+
+ size_t i, j = 0;
+ for (i = 0; i < siz-(siz%3); i+=3) {
+ base64_block_encode(&plain[i], &tmp[j]);
+ j += 4;
+ }
+
+ if (padded > 0) {
+ char pad[3] = { 0x00, 0x00, 0x00 };
+ for (i = 0; i < 3-padded; ++i) {
+ pad[i] = plain[siz-(siz%3)+i];
+ }
+
+ base64_block_encode(&pad[0], &tmp[j]);
+
+ for (i = 0; i < padded; ++i) {
+ tmp[j+3-i] = '=';
+ }
+ }
+
+ if (newsizptr)
+ *newsizptr = newsiz;
+ return tmp;
+}
+
+static inline int xor32_crypt(uint32_t u32, uint32_t key)
+{
+ return u32 ^ key;
+}
+
+static uint32_t xor32_crypt_buf(uint32_t* buf, uint32_t siz, uint32_t key)
+{
+ uint32_t pad = siz % sizeof(key);
+ if (pad) {
+ siz += sizeof(key) - pad;
+ }
+ uint32_t msiz = (uint32_t)(siz/sizeof(key));
+
+ for (register uint32_t i = 0; i < msiz; ++i) {
+ buf[i] = xor32_crypt(buf[i], key);
+ }
+ return siz;
+}
+
+static uint32_t xor32_pcbc_encrypt_buf(uint32_t* buf, uint32_t siz, uint32_t iv, uint32_t key)
+{
+ uint32_t pad = siz % sizeof(key);
+ if (pad) {
+ siz += sizeof(key) - pad;
+ }
+ uint32_t msiz = (uint32_t)(siz/sizeof(key));
+
+ register uint32_t prev = iv;
+ for (register uint32_t i = 0; i < msiz; ++i) {
+ register uint32_t plain = buf[i];
+ register uint32_t tmp = xor32_crypt(plain, prev);
+ register uint32_t crypt = xor32_crypt(tmp, key);
+ prev = xor32_crypt(crypt, plain);
+ buf[i] = crypt;
+ }
+ return siz;
+}
+
+static void xor32_pcbc_decrypt_buf(uint32_t* buf, uint32_t siz, uint32_t iv, uint32_t key)
+{
+ uint32_t msiz = (uint32_t)(siz/sizeof(key));
+
+ register uint32_t prev = iv;
+ for (register uint32_t i = 0; i < msiz; ++i) {
+ register uint32_t crypt = buf[i];
+ register uint32_t tmp = xor32_crypt(crypt, key);
+ register uint32_t plain = xor32_crypt(tmp, prev);
+ prev = xor32_crypt(crypt, plain);
+ buf[i] = plain;
+ }
+}
+
+static ssize_t search_endmarker(unsigned char* buf, size_t siz, size_t *found_ptr)
+{
+ size_t endmarker_siz = sizeof(loader_endmarker)/sizeof(loader_endmarker[0]);
+ size_t real_siz = (siz - (siz % endmarker_siz));
+ size_t marker_idx = 0, found = 0;
+ ssize_t offset = -1;
+
+ for (size_t i = 0; i < real_siz; ++i) {
+ if (buf[i] == loader_endmarker[marker_idx++]) {
+ if (marker_idx == endmarker_siz) {
+ offset = i - (endmarker_siz - 1);
+ marker_idx = 0;
+ found++;
+ }
+ } else marker_idx = 0;
+ }
+ if (found_ptr)
+ *found_ptr = found;
+ if (found != 1) {
+ return -1;
+ }
+ return offset;
+}
+
+static unsigned char* parse_hex_str(const char* hex_str, size_t* newsiz)
+{
+ const char* pos = hex_str;
+ size_t len = strlen(hex_str);
+
+ *newsiz = len/2;
+ unsigned char* bin = calloc(*newsiz, sizeof(char));
+ size_t i = 0;
+ bool skip_next = false;
+
+ while ( *pos != '\0' ) {
+ if (!skip_next) {
+ if (sscanf(pos, "%2hhx", &bin[i]) == 1) {
+ pos++;
+ if (tolower(*pos) != 'x') {
+ i++;
+ }
+ skip_next = true;
+ continue;
+ }
+ } else skip_next = false;
+ pos++;
+ }
+ *newsiz = i;
+ return bin;
+}
+
+static void bswap32_endianess(unsigned char* bytebuf, size_t siz)
+{
+ if (siz % 4 != 0) {
+ return;
+ }
+ for (size_t i = 0; i < siz; i+=4) {
+ unsigned char highest_byte = bytebuf[i];
+ unsigned char higher_byte = bytebuf[i+1];
+ bytebuf[i] = bytebuf[i+3];
+ bytebuf[i+1] = bytebuf[i+2];
+ bytebuf[i+2] = higher_byte;
+ bytebuf[i+3] = highest_byte;
+ }
+}
+
+
+enum emode { E_NONE = 0, E_BASE64, E_XOR32, E_XOR32PCBC, E_XOR32NPCBC };
+enum dmode { D_NONE = 0, D_CRYPT_SZVA, D_CRYPT_SZIB, D_CRYPT_SECTION };
+
+struct options {
+ bool verbose;
+ bool print_buffer;
+ enum emode encmode;
+ uint32_t ivkeysize;
+ char* outfile;
+ char* infile;
+ unsigned char* inkey;
+ size_t keysize;
+ unsigned char* iniv;
+ size_t ivsize;
+ bool ldrmod;
+ off_t ldroffset;
+ enum dmode crpmode;
+ char* ldr_dll;
+ off_t dlloffset;
+ size_t dllsize;
+ bool dryrun;
+} app_options;
+
+static const struct option long_options[] = {
+ {"verbose", no_argument, 0, 'v'},
+ {"print-buffer", no_argument, 0, 'p'},
+ {"outfile", required_argument, 0, 'o'},
+ {"xor32", no_argument, 0, 1 },
+ {"xor32pcbc", no_argument, 0, 2 },
+ {"xor32npcbc", no_argument, 0, 3 },
+ {"ivkeysize", required_argument, 0, 'k'},
+ {"base64", no_argument, 0, 4 },
+ {"key", required_argument, 0, 'e'},
+ {"iv", required_argument, 0, 'i'},
+ {"loader-offset", required_argument, 0, 'l'},
+ {"loader-va", no_argument, 0, 5 },
+ {"loader-ib", no_argument, 0, 6 },
+ {"dll-file", required_argument, 0, 'f'},
+ {"dll-hdr", required_argument, 0, 7 },
+ {"dll-section", required_argument, 0, 8 },
+ {"dry-run", no_argument, 0, 'd'},
+ {NULL, 0, 0, 0}
+};
+enum {
+ OPTDLL_OFFSET = 0, OPTDLL_SIZE,
+ OPTDLL_MAX
+};
+static char* dllsubopts[] = {
+ [OPTDLL_OFFSET] = "offset",
+ [OPTDLL_SIZE] = "size",
+ NULL
+};
+static const char const* options_help[] = {
+ "more output",
+ "print encrypted/decrypted binary buffers (hex format; massive output!)",
+ "output file",
+ "simple and unsecure 32-bit xor cipher",
+ "unsecure xor32-bit block cipher",
+ "secure xor(32*n)-bit block cipher",
+ "iv and key size for cipher",
+ "base64 (en|de)coder",
+ "set a key which should be 4*n bytes long",
+ "same behavior as key",
+ "binary offset to loader endmarker (see: include/loader.h)",
+ "encrypt loader string: strVirtualAlloc",
+ "encrypt loader string: strIsBadReadPtr",
+ "path to dll binary",
+ "encrypt dll header",
+ "encrypt dll section (requires argument offset and size)",
+ "dont write anything to disk"
+};
+static const char const opt_fmt[] = "vpo:k:e:i:l:f:dh";
+
+void
+print_usage(char* arg0)
+{
+ fprintf(stderr, "usage: %s [OPTIONS] [INPUTFILE]\n\twhere options can be:\n", arg0);
+ const size_t alen = (sizeof(long_options)-sizeof(long_options[0])) / sizeof(long_options[0]);
+ for (size_t i = 0; i < alen; ++i) {
+ int hlen = ((int)strlen(options_help[i]) + 15) - (int)strlen(long_options[i].name);
+ char shortopt = (char)long_options[i].val;
+ printf("\t\t");
+ if (isalpha(shortopt) != 0) {
+ printf("-%c,", shortopt);
+ } else {
+ hlen += 3;
+ }
+ printf("--%s", long_options[i].name);
+ if (long_options[i].has_arg == required_argument) {
+ printf(" [arg]");
+ } else {
+ hlen += 6;
+ }
+ printf("%*s\n", hlen, options_help[i]);
+ }
+}
+
+void
+check_loader_arg(char* arg0)
+{
+ if (app_options.crpmode != D_NONE) {
+ fprintf(stderr, "%s: loader crypt mode already set, only ONE allowed\n", arg0);
+ exit(1);
+ }
+}
+
+void
+parse_arguments(int argc, char** argv)
+{
+ int c;
+
+ if (argc <= 1) {
+ print_usage(argv[0]);
+ exit(1);
+ }
+
+ memset(&app_options, '\0', sizeof(app_options));
+ while (1) {
+ int optind = 0;
+ char* endptr = NULL;
+
+ c = getopt_long(argc, argv, opt_fmt, long_options, &optind);
+ if (c == -1)
+ break;
+
+ switch(c) {
+ case 'v':
+ app_options.verbose = true;
+ break;
+ case 'p':
+ app_options.print_buffer = true;
+ break;
+ case 'o':
+ app_options.outfile = strdup(optarg);
+ break;
+ case 1:
+ app_options.encmode = E_XOR32;
+ break;
+ case 2:
+ app_options.encmode = E_XOR32PCBC;
+ break;
+ case 3:
+ app_options.encmode = E_XOR32NPCBC;
+ break;
+ case 'k':
+ errno = 0;
+ app_options.ivkeysize = strtoul(optarg, &endptr, 10);
+ if (errno == ERANGE || errno == EINVAL || *endptr != '\0' || app_options.ivkeysize < 1) {
+ fprintf(stderr, "%s: ivkeysize not an unsigned decimal aka size_t\n", argv[0]);
+ exit(1);
+ }
+ break;
+ case 4:
+ app_options.encmode = E_BASE64;
+ break;
+ case 'e':
+ app_options.inkey = parse_hex_str(optarg, &app_options.keysize);
+ if (app_options.inkey == NULL) {
+ fprintf(stderr, "%s: not a valid byte-aligned hex string: %s\n", argv[0], optarg);
+ exit(1);
+ }
+ break;
+ case 'i':
+ app_options.iniv = parse_hex_str(optarg, &app_options.ivsize);
+ if (app_options.iniv == NULL) {
+ fprintf(stderr, "%s: not a valid byte-aligned hex string: %s\n", argv[0], optarg);
+ exit(1);
+ }
+ break;
+ case 'l':
+ errno = 0;
+ app_options.ldroffset = (size_t)strtoul(optarg, &endptr, 10);
+ if (errno == ERANGE || errno == EINVAL || *endptr != '\0') {
+ fprintf(stderr, "%s: ldroffset not an unsigned decimal aka size_t\n", argv[0]);
+ exit(1);
+ }
+ app_options.ldrmod = true;
+ break;
+ case 5:
+ check_loader_arg(argv[0]);
+ app_options.crpmode = D_CRYPT_SZVA;
+ break;
+ case 6:
+ check_loader_arg(argv[0]);
+ app_options.crpmode = D_CRYPT_SZIB;
+ break;
+ case 'f':
+ app_options.ldr_dll = strdup(optarg);
+ break;
+ case 7:
+ check_loader_arg(argv[0]);
+ app_options.crpmode = D_CRYPT_SECTION;
+ errno = 0;
+ app_options.dlloffset = 0;
+ app_options.dllsize = strtoul(optarg, &endptr, 10);
+ if (errno == ERANGE || errno == EINVAL || *endptr != '\0' || app_options.dllsize < 1) {
+ fprintf(stderr, "%s: dll header size is not an unsigned decimal aka size_t\n", argv[0]);
+ exit(1);
+ }
+ break;
+ case 8:
+ check_loader_arg(argv[0]);
+ app_options.crpmode = D_CRYPT_SECTION;
+ char* subopts = optarg;
+ char* value = NULL;
+ int errfnd = 0;
+ int opt;
+ while (*subopts != '\0' && !errfnd) {
+ errno = 0;
+ switch ( (opt = getsubopt(&subopts, dllsubopts, &value)) ) {
+ case OPTDLL_OFFSET:
+ if (value)
+ app_options.dlloffset = strtoul(value, &endptr, 10);
+ break;
+ case OPTDLL_SIZE:
+ if (value)
+ app_options.dllsize = strtoul(value, &endptr, 10);
+ break;
+ default:
+ fprintf(stderr, "%s: no match found for token: \"%s\"\n", argv[0], value);
+ errfnd = 1;
+ continue;
+ }
+ if (value == NULL) {
+ fprintf(stderr, "%s: missing value for subopt %s\n", argv[0], dllsubopts[opt]);
+ errfnd = 1;
+ }
+ if (errno == ERANGE || errno == EINVAL || *endptr != '\0') {
+ fprintf(stderr, "%s: dll subopt \"%s\" is not a valid unsigned decimal\n", argv[0], dllsubopts[opt]);
+ errfnd = 1;
+ }
+ }
+ if (app_options.dlloffset < 1 || app_options.dllsize < 1) {
+ fprintf(stderr, "%s: dll-section requires subopts %s and %s\n", argv[0], dllsubopts[OPTDLL_OFFSET], dllsubopts[OPTDLL_SIZE]);
+ errfnd = 1;
+ }
+ if (errfnd) {
+ exit(1);
+ }
+ break;
+ case 'd':
+ app_options.dryrun = true;
+ break;
+
+ case 'h':
+ default:
+ print_usage(argv[0]);
+ exit(1);
+ }
+ }
+
+ while (optind < argc) {
+ if (app_options.infile == NULL) {
+ app_options.infile = strdup(argv[optind++]);
+ } else {
+ fprintf(stderr, "%s: non argv elements\n", argv[optind++]);
+ exit(1);
+ }
+ }
+
+ if (app_options.infile == NULL) {
+ fprintf(stderr, "%s: no input file\n", argv[0]);
+ exit(1);
+ }
+ if (app_options.outfile) {
+ if (strcmp(app_options.infile, app_options.outfile) == 0) {
+ fprintf(stderr, "%s: input file and output file should be two different files\n", argv[0]);
+ exit(1);
+ }
+ }
+
+ switch (app_options.encmode) {
+ case E_NONE:
+ fprintf(stderr, "%s: no mode set\n", argv[0]);
+ exit(1);
+ case E_XOR32:
+ if (app_options.iniv != NULL) {
+ fprintf(stderr, "%s: iv is not allowed in this mode\n", argv[0]);
+ exit(1);
+ }
+ case E_XOR32PCBC:
+ if (app_options.ivkeysize != 0) {
+ fprintf(stderr, "%s: setting --ivkeysize not allowed in this mode (ivkeysize=1!)\n", argv[0]);
+ exit(1);
+ }
+ app_options.ivkeysize = 1;
+ if ((app_options.inkey != NULL && app_options.keysize != 4) ||
+ (app_options.iniv != NULL && app_options.ivsize != 4)) {
+ fprintf(stderr, "%s: --iv/--key size MUST be 4 bytes e.g. 0xdeadc0de\n", argv[0]);
+ exit(1);
+ }
+ break;
+ case E_XOR32NPCBC:
+ if (app_options.crpmode != D_NONE)
+ break;
+ if (!app_options.inkey && !app_options.iniv && app_options.ivkeysize == 0) {
+ fprintf(stderr, "%s: missing ivkeysize\n", argv[0]);
+ exit(1);
+ }
+ if ((app_options.inkey != NULL && app_options.keysize % 4 != 0) ||
+ (app_options.iniv != NULL && app_options.ivsize % 4 != 0)) {
+ fprintf(stderr, "%s: --iv/--key size MUST be 4*n bytes e.g. 0xdeadc0dedeadbeef\n", argv[0]);
+ exit(1);
+ }
+ if (app_options.inkey != NULL && app_options.iniv != NULL &&
+ app_options.keysize != app_options.ivsize) {
+ fprintf(stderr, "%s: --iv/--key size MUST be equal\n", argv[0]);
+ exit(1);
+ }
+ if (app_options.inkey != NULL) {
+ app_options.ivkeysize = app_options.keysize / 4;
+ } else if (app_options.iniv != NULL) {
+ app_options.ivkeysize = app_options.ivsize / 4;
+ }
+ break;
+ case E_BASE64:
+ if (app_options.inkey != NULL ||
+ app_options.iniv != NULL ||
+ app_options.ivkeysize != 0) {
+ fprintf(stderr, "%s: --iv/--key/--ivkeysize not allowed in base64 mode\n", argv[0]);
+ exit(1);
+ }
+ break;
+ }
+ if (app_options.crpmode != D_NONE) {
+ if (app_options.encmode != E_XOR32NPCBC) {
+ fprintf(stderr, "%s: loader modifications only work with xor32npcbc\n", argv[0]);
+ exit(1);
+ }
+ if (app_options.ivkeysize != 0) {
+ fprintf(stderr, "%s: setting key/iv size not allowed in this mode\n", argv[0]);
+ exit(1);
+ }
+ if (app_options.crpmode == D_CRYPT_SECTION) {
+ if (app_options.ldr_dll == NULL) {
+ fprintf(stderr, "%s: missing dll file\n", argv[0]);
+ exit(1);
+ }
+ app_options.ivkeysize = LOADER_IVKEYLEN;
+ } else {
+ app_options.ivkeysize = LOADER_STR_IVKEYLEN;
+ }
+ if (app_options.crpmode != D_CRYPT_SECTION && app_options.outfile) {
+ fprintf(stderr, "%s: loader modification is done directly at the input binary, --outfile superfluous\n", argv[0]);
+ exit(1);
+ }
+ }
+ if (app_options.inkey != NULL) {
+ if (app_options.ldrmod == true) {
+ if (app_options.keysize != 12) {
+ fprintf(stderr, "%s: keysize must be 12 byte for loader string encryption\n", argv[0]);
+ exit(1);
+ }
+ }
+ bswap32_endianess(app_options.inkey, app_options.keysize);
+ }
+ if (app_options.iniv != NULL) {
+ if (app_options.ldrmod == true) {
+ if (app_options.ivsize != 12) {
+ fprintf(stderr, "%s: ivsize must be 12 byte for loader string encryption\n", argv[0]);
+ exit(1);
+ }
+ }
+ bswap32_endianess(app_options.iniv, app_options.ivsize);
+ }
+}
+
+int main(int argc, char** argv)
+{
+ parse_arguments(argc, argv);
+ srandom(time(NULL));
+ errno = 0;
+
+ int ret = 0;
+ size_t siz = 0;
+ char* buf = mapfile(app_options.infile, &siz);
+ size_t orgsiz = siz;
+ char* orgbuf = buf;
+ bool print_crypted_str = false;
+ char* dllbuf = NULL;
+
+ if (buf) {
+ if (app_options.ldrmod == false) {
+ size_t found = 0;
+ ssize_t offset = search_endmarker((unsigned char*)buf, siz, &found);
+ if (found != 1) {
+ fprintf(stderr, "%s: loader marker search error (found: %lu, offset: %ld (0x%X))\n", argv[0], found, offset, (unsigned int)offset);
+ exit(1);
+ }
+ if (app_options.verbose) {
+ printf("%s: loader marker found at offset %ld (0x%X)\n", argv[0], offset, (unsigned int)offset);
+ }
+ app_options.ldroffset = offset;
+ app_options.ldrmod = true;
+ }
+
+ /* get loader struct */
+ struct loader_x86_data* ldr = NULL;
+ if (app_options.ldrmod == true) {
+ if (memcmp((void*)(orgbuf + app_options.ldroffset),
+ (void*)loader_endmarker,
+ sizeof(loader_endmarker)/sizeof(loader_endmarker[0])) == 0) {
+ ldr = (struct loader_x86_data*)(orgbuf +
+ app_options.ldroffset +
+ sizeof(uint32_t) - sizeof(struct loader_x86_data));
+
+ if (memcmp((void*)&ldr->endMarker,
+ (void*)loader_endmarker,
+ sizeof(loader_endmarker)/sizeof(loader_endmarker[0])) != 0) {
+ fprintf(stderr, "%s: loader marker found, but not present after typecast, check loader struct in include/loader.h\n", argv[0]);
+ exit(1);
+ }
+
+ char* chk = NULL;
+ if (app_options.crpmode == D_CRYPT_SZVA) {
+ buf = ldr->strVirtualAlloc;
+ siz = (sizeof(ldr->strVirtualAlloc)/sizeof(ldr->strVirtualAlloc[0])) -
+ (1 * sizeof(ldr->strVirtualAlloc[0]));
+ chk = buf;
+ } else if (app_options.crpmode == D_CRYPT_SZIB) {
+ buf = ldr->strIsBadReadPtr;
+ siz = (sizeof(ldr->strIsBadReadPtr)/sizeof(ldr->strIsBadReadPtr[0])) -
+ (1 * sizeof(ldr->strIsBadReadPtr[0]));
+ chk = buf;
+ } else if (app_options.crpmode == D_CRYPT_SECTION) {
+ dllbuf = buf = mapfile(app_options.ldr_dll, &siz);
+ buf += app_options.dlloffset;
+ siz = app_options.dllsize;
+ if (!buf) {
+ fprintf(stderr, "%s: could not map dll file into memory\n", argv[0]);
+ perror("mapfile");
+ exit(1);
+ }
+ }
+ if (chk)
+ for (size_t i = 0; i < siz; ++i)
+ if (isalpha(buf[i]) == 0) {
+ fprintf(stderr, "%s: non ascii character found in loader string, already encrypted?\n", argv[0]);
+ fprintf(stderr, "%s: forcing --dry-run\n", argv[0]);
+ app_options.dryrun = true;
+ print_crypted_str = true;
+ break;
+ }
+
+ uint32_t tmp[app_options.ivkeysize];
+ memset(&tmp[0], '\0', app_options.ivkeysize*sizeof(uint32_t));
+ if (memcmp(&tmp[0], &ldr->key[0], app_options.ivkeysize*sizeof(uint32_t)) != 0) {
+ if (app_options.inkey) {
+ fprintf(stderr, "%s: loader->key is not NULL, but --key set?\n", argv[0]);
+ exit(1);
+ } else {
+ app_options.inkey = calloc(app_options.ivkeysize, sizeof(uint32_t));
+ memcpy(app_options.inkey, &ldr->key[0], app_options.ivkeysize*sizeof(uint32_t));
+ }
+ }
+ if (memcmp(&tmp[0], &ldr->iv[0], app_options.ivkeysize*sizeof(uint32_t)) != 0) {
+ if (app_options.iniv) {
+ fprintf(stderr, "%s: loader->iv is not NULL, but --iv set?\n", argv[0]);
+ exit(1);
+ } else {
+ app_options.iniv = calloc(app_options.ivkeysize, sizeof(uint32_t));
+ memcpy(app_options.iniv, &ldr->iv[0], app_options.ivkeysize*sizeof(uint32_t));
+ }
+ }
+ } else {
+ fprintf(stderr, "%s: loader offset set, but no endmarker found\n", argv[0]);
+ exit(1);
+ }
+ }
+
+ if (app_options.print_buffer) {
+ printf("Buffer (Size: %lu):\n", siz);
+ printbytebuf(buf, siz, 78, app_options.verbose);
+ }
+
+ size_t newsiz = 0;
+ char* cryptd = NULL;
+ uint32_t key[app_options.ivkeysize];
+ uint32_t iv[app_options.ivkeysize];
+ memset(&key[0], '\0', app_options.ivkeysize*sizeof(uint32_t));
+ memset(&iv[0], '\0', app_options.ivkeysize*sizeof(uint32_t));
+
+ /* copy key/iv if there are any */
+ if (app_options.inkey != NULL) {
+ memcpy(&key[0], app_options.inkey, app_options.ivkeysize*sizeof(uint32_t));
+ }
+ if (app_options.iniv != NULL) {
+ memcpy(&iv[0], app_options.iniv, app_options.ivkeysize*sizeof(uint32_t));
+ }
+
+ /* otherwise generate random iv/key if neccessary */
+ for (uint32_t i = 0; i < app_options.ivkeysize; ++i) {
+ while (iv[i] == 0) { iv[i] = random(); }
+ while (key[i] == 0) { key[i] = random(); }
+ }
+
+ /* update loader header */
+ if (ldr && !app_options.dryrun) {
+ memcpy(&ldr->key[0], &key[0], app_options.ivkeysize*sizeof(uint32_t));
+ memcpy(&ldr->iv[0], &iv[0], app_options.ivkeysize*sizeof(uint32_t));
+ }
+
+ /* encrypt */
+ switch (app_options.encmode) {
+ case E_BASE64:
+ cryptd = base64_encode(buf, siz, &newsiz);
+ break;
+ case E_XOR32:
+ case E_XOR32PCBC:
+ cryptd = calloc(siz + 2*sizeof(uint32_t), sizeof(char));
+ memcpy(cryptd, buf, siz);
+ if (app_options.encmode == E_XOR32) {
+ if (app_options.verbose) {
+ printf("Xor32Key: %08X\n", key[0]);
+ }
+ newsiz = xor32_crypt_buf((uint32_t*)cryptd, siz, key[0]);
+ } else {
+ if (app_options.verbose) {
+ printf("Xor32pcbcKey: %08X\tIV: %08X\n", key[0], iv[0]);
+ }
+ newsiz = xor32_pcbc_encrypt_buf((uint32_t*)cryptd, siz, iv[0], key[0]);
+ }
+ break;
+ case E_XOR32NPCBC:
+ cryptd = calloc(siz + (app_options.ivkeysize)*sizeof(uint32_t), sizeof(char));
+ memcpy(cryptd, buf, siz);
+ if (app_options.verbose) {
+ printf("Xor32npcbcKey/IV:\n");
+ for (uint32_t i = 0; i < app_options.ivkeysize; ++i) {
+ printf("%08X / %08X\n", key[i], iv[i]);
+ }
+ }
+ newsiz = xor32n_pcbc_crypt_buf((uint32_t*)cryptd, siz, &iv[0], &key[0], app_options.ivkeysize);
+ break;
+ case E_NONE:
+ default:
+ break;
+ }
+
+ if (app_options.print_buffer) {
+ printf("Encoded (Size: %lu):\n", newsiz);
+ printbytebuf(cryptd, newsiz, 78, app_options.verbose);
+ }
+
+ /* decrypt (and check if algorithm works correctly) */
+ switch (app_options.encmode) {
+ case E_XOR32:
+ case E_XOR32PCBC:
+ case E_XOR32NPCBC: {
+ char* tmp = calloc(newsiz, sizeof(char));
+ memcpy(tmp, cryptd, newsiz);
+ if (app_options.encmode == E_XOR32) {
+ newsiz = xor32_crypt_buf((uint32_t*)tmp, newsiz, key[0]);
+ } else if (app_options.encmode == E_XOR32PCBC) {
+ xor32_pcbc_decrypt_buf((uint32_t*)tmp, newsiz, iv[0], key[0]);
+ } else {
+ xor32n_pcbc_crypt_buf((uint32_t*)tmp, newsiz, &iv[0], &key[0], app_options.ivkeysize);
+ }
+ if (app_options.print_buffer) {
+ printf("Decoded (Size: %lu):\n", siz);
+ printbytebuf(tmp, siz, 78, app_options.verbose);
+ }
+ if (memcmp(tmp, buf, siz) != 0) {
+ ret = 1;
+ fprintf(stderr, "%s: ERROR: original buffer and decrypted buffer differs!\n", argv[0]);
+ }
+ free(tmp);
+ }
+ case E_BASE64:
+ case E_NONE:
+ default:
+ break;
+ }
+
+ /* generate output file */
+ if (app_options.outfile) {
+ ssize_t written = 0;
+ errno = 0;
+ if ((written = writebuf(app_options.outfile, (unsigned char*)cryptd, newsiz)) != newsiz) {
+ fprintf(stderr, "%s could not write to output file (%lu/%lu bytes written)\n", argv[0], written, newsiz);
+ perror("write");
+ }
+ }
+
+ /* update loader strings/dll section */
+ if (!app_options.dryrun &&
+ (app_options.crpmode == D_CRYPT_SZVA ||
+ app_options.crpmode == D_CRYPT_SZIB ||
+ app_options.crpmode == D_CRYPT_SECTION)) {
+ memcpy(buf, (unsigned char*)cryptd, newsiz);
+ }
+ if (print_crypted_str) {
+ printf("String: %*s\n", (int)newsiz, cryptd);
+ }
+
+ /* unmap files and free memory */
+ free(cryptd);
+ errno = 0;
+ if (app_options.crpmode == D_CRYPT_SECTION && munmap(dllbuf, siz) != 0) {
+ fprintf(stderr, "%s: err while unmapping loder dll\n", argv[0]);
+ perror("munmap");
+ ret = 1;
+ }
+ errno = 0;
+ if (munmap(orgbuf, orgsiz) != 0) {
+ perror("munmap");
+ ret = 1;
+ }
+ } else {
+ ret = 1;
+ perror("mapfile");
+ }
+
+ if (ret == 0) {
+ printf("%s: succeeded\n", argv[0]);
+ }
+ return ret;
+}
diff --git a/source/tools/host/old/pyhttp.c b/source/tools/host/old/pyhttp.c
new file mode 100644
index 0000000..b66576f
--- /dev/null
+++ b/source/tools/host/old/pyhttp.c
@@ -0,0 +1,188 @@
+/*
+ * Module: pyhttp.c
+ * Author: Toni Uhlig <matzeton@googlemail.com>
+ * Purpose: Python loadable module for http codes/flags
+ */
+
+#include "helper.h" /* must be the first include if compiling a python module */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "compat.h"
+#include "http.h"
+#include "xor_strings.h" /* DLLSECTION */
+
+
+static const char pname[] = "pyhttp";
+
+
+static PyObject* info(PyObject* self, PyObject* args)
+{
+ printf("%s: http codes/flags\n", pname);
+ Py_RETURN_NONE;
+}
+
+#define PYDICT_SET_CMACRO(name, obj) PyDict_SetItemString( dict, name, obj );
+#define PYDICT_SETI_CMACRO(mname) { PyObject* pyval = Py_BuildValue("I", mname); if (pyval) { PYDICT_SET_CMACRO( #mname, pyval ); Py_DECREF(pyval); } }
+#define PYDICT_SETS_CMACRO(mname) { PyObject* pyval = Py_BuildValue("s", mname); if (pyval) { PYDICT_SET_CMACRO( #mname, pyval ); Py_DECREF(pyval); } }
+static PyObject* __http_getCodes(PyObject* self, PyObject* args)
+{
+ PyObject* dict = PyDict_New();
+ PYDICT_SETI_CMACRO(RC_INFO);
+ PYDICT_SETI_CMACRO(RC_REGISTER);
+ PYDICT_SETI_CMACRO(RC_PING);
+ return dict;
+}
+
+static PyObject* __http_getCodeSiz(PyObject* self, PyObject* args)
+{
+ return Py_BuildValue("I", sizeof(rrcode));
+}
+
+static PyObject* __http_getFlags(PyObject* self, PyObject* args)
+{
+ PyObject* dict = PyDict_New();
+ PYDICT_SETI_CMACRO(RF_AGAIN);
+ PYDICT_SETI_CMACRO(RF_ERROR);
+ PYDICT_SETI_CMACRO(RF_OK);
+
+ return dict;
+}
+
+static PyObject* __http_getFlagSiz(PyObject* self, PyObject* args)
+{
+ return Py_BuildValue("I", sizeof(rflags));
+}
+
+static PyObject* __http_getConsts(PyObject* self, PyObject* args)
+{
+ PyObject* dict = PyDict_New();
+ PYDICT_SETS_CMACRO(DLLSECTION);
+ PYDICT_SETI_CMACRO(SID_LEN);
+ PYDICT_SETI_CMACRO(SID_ZEROES0);
+ PYDICT_SETI_CMACRO(SID_ZEROES1);
+ PYDICT_SETI_CMACRO(MARKER_SIZ);
+ PYDICT_SETI_CMACRO(RND_LEN);
+ PYDICT_SETI_CMACRO(AESKEY_SIZ);
+
+ return dict;
+}
+
+static PyObject* __http_parseResponse(PyObject* self, PyObject* args)
+{
+ PyObject* ctxRecvBuffer = NULL;
+ PyObject* ctxStartMarker = NULL;
+ Py_buffer recvBuffer = {0}, startMarker = {0};
+ PyObject* rList = Py_BuildValue("[]");
+
+ if (! PyArg_ParseTuple(args, "O|O:parseResponse", &ctxRecvBuffer, &ctxStartMarker) ||
+ ! ctxRecvBuffer || ! ctxStartMarker) {
+ PyErr_SetString(PyExc_TypeError, "Invalid arguments");
+ PyErr_Print();
+ return NULL;
+ }
+
+ if (PyObject_GetBuffer(ctxRecvBuffer, &recvBuffer, PyBUF_SIMPLE) < 0 ||
+ PyObject_GetBuffer(ctxStartMarker, &startMarker, PyBUF_SIMPLE) < 0) {
+ PyErr_SetString(PyExc_TypeError, "Argument types are not buffer objects");
+ PyErr_Print();
+ goto finalize;
+ }
+ if (recvBuffer.len <= 0) {
+ PyErr_Format(PyExc_RuntimeError, "Invalid buffer length: %u", (unsigned)recvBuffer.len);
+ PyErr_Print();
+ goto finalize;
+ }
+ if (startMarker.len != MARKER_SIZ) {
+ PyErr_Format(PyExc_TypeError, "Marker size is not exactly %u bytes: %u bytes", MARKER_SIZ, (unsigned)startMarker.len);
+ PyErr_Print();
+ goto finalize;
+ }
+
+ off_t bufOff = 0;
+ http_resp* hResp = NULL;
+ while (parseResponse(recvBuffer.buf, recvBuffer.len, &hResp, &bufOff, startMarker.buf) == RSP_OK &&
+ hResp) {
+ PyObject* tuple = Py_BuildValue("(s#BHIs#)", hResp->startMarker, MARKER_SIZ,
+ hResp->respFlags, hResp->respCode, hResp->pkgsiz, &hResp->pkgbuf[0], hResp->pkgsiz);
+ PyList_Append(rList, tuple);
+ Py_DECREF(tuple);
+ }
+
+finalize:
+ if (recvBuffer.buf != NULL)
+ PyBuffer_Release(&recvBuffer);
+ if (startMarker.buf != NULL)
+ PyBuffer_Release(&startMarker);
+ return rList;
+}
+
+static PyObject* __http_addRequest(PyObject* self, PyObject* args)
+{
+ struct http_resp* hResp = NULL;
+ PyObject* ctxBuf;
+ PyObject* ctxResp;
+ Py_buffer pkgBuf = {0}, httpResp = {0};
+ PyObject* retBuf = NULL;
+
+ if (! PyArg_ParseTuple(args, "O|O:addRequest", &ctxBuf, &ctxResp) ||
+ ! ctxBuf || ! ctxResp) {
+ PyErr_SetString(PyExc_TypeError, "Invalid arguments");
+ return NULL;
+ }
+
+ if (PyObject_GetBuffer(ctxBuf, &pkgBuf, PyBUF_SIMPLE) < 0 ||
+ PyObject_GetBuffer(ctxResp, &httpResp, PyBUF_SIMPLE) < 0) {
+ PyErr_SetString(PyExc_TypeError, "Argument types are not buffer objects");
+ PyErr_Print();
+ goto finalize;
+ }
+
+ hResp = (struct http_resp*)httpResp.buf;
+ if (httpResp.len != sizeof(struct http_resp) + hResp->pkgsiz) {
+ PyErr_Format(PyExc_RuntimeError, "Invalid http_resp size: %lu (required: %lu + %u)", httpResp.len, sizeof(struct http_resp), hResp->pkgsiz);
+ PyErr_Print();
+ goto finalize;
+ }
+
+ rrsize send_siz = pkgBuf.len;
+ rrbuff send_buf = COMPAT(calloc)(send_siz, sizeof(*send_buf));
+ if (! send_buf)
+ goto finalize;
+ COMPAT(memcpy)(send_buf, pkgBuf.buf, send_siz);
+ if (addRequest(&send_buf, &send_siz, hResp) == RSP_OK)
+ retBuf = PyByteArray_FromStringAndSize((const char*)send_buf, send_siz);
+ COMPAT(free)(send_buf);
+finalize:
+ if (pkgBuf.buf != NULL)
+ PyBuffer_Release(&pkgBuf);
+ if (httpResp.buf != NULL)
+ PyBuffer_Release(&httpResp);
+ if (retBuf)
+ return retBuf;
+ else
+ Py_RETURN_NONE;
+}
+
+
+/* define module methods */
+static PyMethodDef pycryptMethods[] = {
+ {"info", info, METH_NOARGS, "print module info"},
+ {"getCodes", __http_getCodes, METH_NOARGS, "get http request/response codes"},
+ {"getCodeSiz", __http_getCodeSiz, METH_NOARGS, "get code size"},
+ {"getFlags", __http_getFlags, METH_NOARGS, "get http response flags"},
+ {"getFlagSiz", __http_getFlagSiz, METH_NOARGS, "get flag size"},
+ {"getConsts", __http_getConsts, METH_NOARGS, "get const data/macros"},
+ {"parseResponse", __http_parseResponse, METH_VARARGS, "buf,startMarker -> parse http request/response"},
+ {"addRequest", __http_addRequest, METH_VARARGS, "buf,struct http_resp -> add a http request to an pkgbuffer"},
+ {NULL, NULL, 0, NULL}
+};
+
+/* module initialization */
+PyMODINIT_FUNC
+initpyhttp(void)
+{
+ printf("ENABLED %s\n", pname);
+ (void) Py_InitModule(pname, pycryptMethods);
+}
Powered by cgit, Themed by Ted Yin.