Create a gist now

Instantly share code, notes, and snippets.

@laanwj /SecondDate-3.1.1.0.c
Last active Aug 19, 2016

What would you like to do?
Download ZIP
Some functions and data structures from SECONDDATE implant control module (extracted using https://github.com/laanwj/dwarf_to_c)
Raw
SecondDate-3.1.1.0.c
/* Basetype: unsigned int */
typedef unsigned int size_t;
/* Basetype: unsigned char */
/* Basetype: short unsigned int */
/* Basetype: long unsigned int */
/* Basetype: signed char */
/* Basetype: short int */
/* Basetype: int */
/* Basetype: long long int */
/* Basetype: long long unsigned int */
typedef long long int __quad_t;
/* Basetype: long int */
typedef long int __off_t;
typedef __quad_t __off64_t;
typedef long int __time_t;
typedef long int __suseconds_t;
/* Basetype: char */
typedef unsigned int __socklen_t;
typedef struct _IO_FILE FILE;
typedef void _IO_lock_t;
struct _IO_FILE
{
int _flags; /* +0x0 */
char *_IO_read_ptr; /* +0x4 */
char *_IO_read_end; /* +0x8 */
char *_IO_read_base; /* +0xc */
char *_IO_write_base; /* +0x10 */
char *_IO_write_ptr; /* +0x14 */
char *_IO_write_end; /* +0x18 */
char *_IO_buf_base; /* +0x1c */
char *_IO_buf_end; /* +0x20 */
char *_IO_save_base; /* +0x24 */
char *_IO_backup_base; /* +0x28 */
char *_IO_save_end; /* +0x2c */
struct _IO_marker *_markers; /* +0x30 */
struct _IO_FILE *_chain; /* +0x34 */
int _fileno; /* +0x38 */
int _flags2; /* +0x3c */
__off_t _old_offset; /* +0x40 */
short unsigned int _cur_column; /* +0x44 */
signed char _vtable_offset; /* +0x46 */
char _shortbuf[1]; /* +0x47 */
_IO_lock_t *_lock; /* +0x48 */
__off64_t _offset; /* +0x4c */
void *__pad1; /* +0x54 */
void *__pad2; /* +0x58 */
int _mode; /* +0x5c */
char _unused2[52]; /* +0x60 */
};
struct _IO_marker
{
struct _IO_marker *_next; /* +0x0 */
struct _IO_FILE *_sbuf; /* +0x4 */
int _pos; /* +0x8 */
};
typedef __time_t time_t;
typedef struct
{
long unsigned int __val[32]; /* +0x0 */
} __sigset_t;
struct timeval
{
__time_t tv_sec; /* +0x0 */
__suseconds_t tv_usec; /* +0x4 */
};
typedef long int __fd_mask;
typedef struct
{
__fd_mask __fds_bits[32]; /* +0x0 */
} fd_set;
struct option
{
char *name; /* +0x0 */
int has_arg; /* +0x4 */
int *flag; /* +0x8 */
int val; /* +0xc */
};
typedef int __jmp_buf[6];
struct __jmp_buf_tag
{
__jmp_buf __jmpbuf; /* +0x0 */
int __mask_was_saved; /* +0x18 */
__sigset_t __saved_mask; /* +0x1c */
};
typedef struct __jmp_buf_tag jmp_buf[1];
typedef char *rl_compentry_func_t(char *, int);
typedef __socklen_t socklen_t;
typedef short unsigned int sa_family_t;
typedef short unsigned int uint16_t;
typedef unsigned int uint32_t;
typedef uint16_t in_port_t;
typedef uint32_t in_addr_t;
struct in_addr
{
in_addr_t s_addr; /* +0x0 */
};
struct sockaddr_in
{
sa_family_t sin_family; /* +0x0 */
in_port_t sin_port; /* +0x2 */
struct in_addr sin_addr; /* +0x4 */
unsigned char sin_zero[8]; /* +0x8 */
};
struct tm
{
int tm_sec; /* +0x0 */
int tm_min; /* +0x4 */
int tm_hour; /* +0x8 */
int tm_mday; /* +0xc */
int tm_mon; /* +0x10 */
int tm_year; /* +0x14 */
int tm_wday; /* +0x18 */
int tm_yday; /* +0x1c */
int tm_isdst; /* +0x20 */
long int tm_gmtoff; /* +0x24 */
char *tm_zone; /* +0x28 */
};
typedef struct
{
unsigned char enabled; /* +0x0 */
unsigned char checkHTTPGET; /* +0x1 */
unsigned char checkPattern; /* +0x2 */
unsigned char tcpFlags; /* +0x3 */
unsigned char injectflag; /* +0x4 */
unsigned int index; /* +0x8 */
unsigned int start_index; /* +0xc */
unsigned int stop_index; /* +0x10 */
unsigned int tagOffset; /* +0x14 */
unsigned int u_timestamp; /* +0x18 */
unsigned int e_timestamp; /* +0x1c */
unsigned int srcAddrFilter; /* +0x20 */
unsigned int srcAddrFilterMask; /* +0x24 */
unsigned int dstAddrFilter; /* +0x28 */
unsigned int dstAddrFilterMask; /* +0x2c */
unsigned int protocolFilter; /* +0x30 */
short unsigned int srcPortFilter; /* +0x34 */
short unsigned int dstPortFilter; /* +0x36 */
unsigned int minInterval; /* +0x38 */
unsigned int maxInjections; /* +0x3c */
unsigned int injectWindow; /* +0x40 */
unsigned int injectLen; /* +0x44 */
unsigned int currentInjections; /* +0x48 */
unsigned int totalInjections; /* +0x4c */
unsigned int totalMisses; /* +0x50 */
unsigned int nextInjectTime; /* +0x54 */
unsigned int injectWindowEnd; /* +0x58 */
unsigned char pattern[256]; /* +0x5c */
unsigned char inject[512]; /* +0x15c */
} RULE_TYPE;
struct LOG_ENTRY_
{
unsigned int index; /* +0x0 */
unsigned int srcAddr; /* +0x4 */
unsigned int dstAddr; /* +0x8 */
short unsigned int srcPort; /* +0xc */
short unsigned int dstPort; /* +0xe */
unsigned int timeStamp; /* +0x10 */
unsigned int rule; /* +0x14 */
char protocol; /* +0x18 */
char dataBuffer[40]; /* +0x19 */
};
typedef struct LOG_ENTRY_ LOG_ENTRY;
typedef struct
{
unsigned int version; /* +0x0 */
unsigned int logEntries; /* +0x4 */
unsigned int ruleCount; /* +0x8 */
unsigned int timeStamp; /* +0xc */
} SD_INFO;
typedef struct
{
int munge; /* +0x0 */
int magic; /* +0x4 */
int checkSum; /* +0x8 */
unsigned char encCounter[8]; /* +0xc */
int encMagic; /* +0x14 */
int sequenceNum; /* +0x18 */
unsigned int type; /* +0x1c */
int errCode; /* +0x20 */
unsigned int logTime; /* +0x24 */
union
{
RULE_TYPE rule;
SD_INFO info;
LOG_ENTRY log[15];
}; /* +0x28 */
} SD_PDUTYPE;
typedef unsigned char uchar;
char *completerFunc(char *keyword, int state);
int sendCommand(int sd, SD_PDUTYPE *sdPdu, SD_PDUTYPE *sdPduResp);
int main(int argc, char **argv);
/* inline int atoi(char *__nptr) */
/* inline long int strtol(char *__nptr, char **__endptr, int __base) */
void sighandler(int sig);
typedef long unsigned int ulong;
typedef short unsigned int ushort;
typedef unsigned char uint8;
struct Control_nodeHeader
{
long unsigned int nodeNum; /* +0x0 */
};
typedef struct Control_nodeHeader Control_nodeHeader;
typedef struct
{
uint8 counter[8]; /* +0x0 */
uint8 padding[8]; /* +0x8 */
} Encryption_PaddedCounter;
int Encryption_incrementCounter(uchar *counter);
int Encryption_expandKey(uchar *cv, uchar *keySchedule);
int Encryption_compareCounters(uchar *counter, uchar *counter2);
int Encryption_isValidCounter(uchar *counter, uchar *lastUsedCounter);
int Encryption_encryptCounter(uchar *counter, uchar *data);
void Encryption_decryptCounter(uchar *counter, uchar *data);
int ecbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, uchar *keySchedule);
int counterModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, Encryption_PaddedCounter *counter, uchar *keySchedule);
int Encryption_counterModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule);
int Encryption_counterModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule);
int ofbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, uchar *iv, uchar *keySchedule);
int Encryption_ofbModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule);
int Encryption_ofbModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule);
void Encryption_mungeControlHeader(Control_nodeHeader *nh);
void Encryption_randSeed();
/* inline void Encryption_addSeed(uchar *seed, long int numSeedBytes) */
void Encryption_randRekey();
void Encryption_randBytes(uchar *bytes, long int size);
/* inline void Encryption_randInit() */
long unsigned int Encryption_randGen();
typedef long unsigned int uint32;
void Rc6_encrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule);
/* inline long unsigned int be32_to_le32_inline(long unsigned int x) */
void Rc6_decrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule);
void Rc6_expandKey(uint8 *cv, uint32 *keySchedule);
int Encryption_Sha1(uint8 *data, int data_len, uint8 *digest);
int Encryption_Sha1d(uint8 *data, int data_len, uint8 *digest);
int Encryption_Sha1dVerify(uint8 *data, int data_len, uint8 *digest);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment