Some functions and data structures from SECONDDATE implant control module (extracted using https://github.com/laanwj/dwarf_to_c)
/* Basetype: unsigned int */ | |
typedef unsigned int size_t; | |
/* Basetype: unsigned char */ | |
/* Basetype: short unsigned int */ | |
/* Basetype: long unsigned int */ | |
/* Basetype: signed char */ | |
/* Basetype: short int */ | |
/* Basetype: int */ | |
/* Basetype: long long int */ | |
/* Basetype: long long unsigned int */ | |
typedef long long int __quad_t; | |
/* Basetype: long int */ | |
typedef long int __off_t; | |
typedef __quad_t __off64_t; | |
typedef long int __time_t; | |
typedef long int __suseconds_t; | |
/* Basetype: char */ | |
typedef unsigned int __socklen_t; | |
typedef struct _IO_FILE FILE; | |
typedef void _IO_lock_t; | |
struct _IO_FILE | |
{ | |
int _flags; /* +0x0 */ | |
char *_IO_read_ptr; /* +0x4 */ | |
char *_IO_read_end; /* +0x8 */ | |
char *_IO_read_base; /* +0xc */ | |
char *_IO_write_base; /* +0x10 */ | |
char *_IO_write_ptr; /* +0x14 */ | |
char *_IO_write_end; /* +0x18 */ | |
char *_IO_buf_base; /* +0x1c */ | |
char *_IO_buf_end; /* +0x20 */ | |
char *_IO_save_base; /* +0x24 */ | |
char *_IO_backup_base; /* +0x28 */ | |
char *_IO_save_end; /* +0x2c */ | |
struct _IO_marker *_markers; /* +0x30 */ | |
struct _IO_FILE *_chain; /* +0x34 */ | |
int _fileno; /* +0x38 */ | |
int _flags2; /* +0x3c */ | |
__off_t _old_offset; /* +0x40 */ | |
short unsigned int _cur_column; /* +0x44 */ | |
signed char _vtable_offset; /* +0x46 */ | |
char _shortbuf[1]; /* +0x47 */ | |
_IO_lock_t *_lock; /* +0x48 */ | |
__off64_t _offset; /* +0x4c */ | |
void *__pad1; /* +0x54 */ | |
void *__pad2; /* +0x58 */ | |
int _mode; /* +0x5c */ | |
char _unused2[52]; /* +0x60 */ | |
}; | |
struct _IO_marker | |
{ | |
struct _IO_marker *_next; /* +0x0 */ | |
struct _IO_FILE *_sbuf; /* +0x4 */ | |
int _pos; /* +0x8 */ | |
}; | |
typedef __time_t time_t; | |
typedef struct | |
{ | |
long unsigned int __val[32]; /* +0x0 */ | |
} __sigset_t; | |
struct timeval | |
{ | |
__time_t tv_sec; /* +0x0 */ | |
__suseconds_t tv_usec; /* +0x4 */ | |
}; | |
typedef long int __fd_mask; | |
typedef struct | |
{ | |
__fd_mask __fds_bits[32]; /* +0x0 */ | |
} fd_set; | |
struct option | |
{ | |
char *name; /* +0x0 */ | |
int has_arg; /* +0x4 */ | |
int *flag; /* +0x8 */ | |
int val; /* +0xc */ | |
}; | |
typedef int __jmp_buf[6]; | |
struct __jmp_buf_tag | |
{ | |
__jmp_buf __jmpbuf; /* +0x0 */ | |
int __mask_was_saved; /* +0x18 */ | |
__sigset_t __saved_mask; /* +0x1c */ | |
}; | |
typedef struct __jmp_buf_tag jmp_buf[1]; | |
typedef char *rl_compentry_func_t(char *, int); | |
typedef __socklen_t socklen_t; | |
typedef short unsigned int sa_family_t; | |
typedef short unsigned int uint16_t; | |
typedef unsigned int uint32_t; | |
typedef uint16_t in_port_t; | |
typedef uint32_t in_addr_t; | |
struct in_addr | |
{ | |
in_addr_t s_addr; /* +0x0 */ | |
}; | |
struct sockaddr_in | |
{ | |
sa_family_t sin_family; /* +0x0 */ | |
in_port_t sin_port; /* +0x2 */ | |
struct in_addr sin_addr; /* +0x4 */ | |
unsigned char sin_zero[8]; /* +0x8 */ | |
}; | |
struct tm | |
{ | |
int tm_sec; /* +0x0 */ | |
int tm_min; /* +0x4 */ | |
int tm_hour; /* +0x8 */ | |
int tm_mday; /* +0xc */ | |
int tm_mon; /* +0x10 */ | |
int tm_year; /* +0x14 */ | |
int tm_wday; /* +0x18 */ | |
int tm_yday; /* +0x1c */ | |
int tm_isdst; /* +0x20 */ | |
long int tm_gmtoff; /* +0x24 */ | |
char *tm_zone; /* +0x28 */ | |
}; | |
typedef struct | |
{ | |
unsigned char enabled; /* +0x0 */ | |
unsigned char checkHTTPGET; /* +0x1 */ | |
unsigned char checkPattern; /* +0x2 */ | |
unsigned char tcpFlags; /* +0x3 */ | |
unsigned char injectflag; /* +0x4 */ | |
unsigned int index; /* +0x8 */ | |
unsigned int start_index; /* +0xc */ | |
unsigned int stop_index; /* +0x10 */ | |
unsigned int tagOffset; /* +0x14 */ | |
unsigned int u_timestamp; /* +0x18 */ | |
unsigned int e_timestamp; /* +0x1c */ | |
unsigned int srcAddrFilter; /* +0x20 */ | |
unsigned int srcAddrFilterMask; /* +0x24 */ | |
unsigned int dstAddrFilter; /* +0x28 */ | |
unsigned int dstAddrFilterMask; /* +0x2c */ | |
unsigned int protocolFilter; /* +0x30 */ | |
short unsigned int srcPortFilter; /* +0x34 */ | |
short unsigned int dstPortFilter; /* +0x36 */ | |
unsigned int minInterval; /* +0x38 */ | |
unsigned int maxInjections; /* +0x3c */ | |
unsigned int injectWindow; /* +0x40 */ | |
unsigned int injectLen; /* +0x44 */ | |
unsigned int currentInjections; /* +0x48 */ | |
unsigned int totalInjections; /* +0x4c */ | |
unsigned int totalMisses; /* +0x50 */ | |
unsigned int nextInjectTime; /* +0x54 */ | |
unsigned int injectWindowEnd; /* +0x58 */ | |
unsigned char pattern[256]; /* +0x5c */ | |
unsigned char inject[512]; /* +0x15c */ | |
} RULE_TYPE; | |
struct LOG_ENTRY_ | |
{ | |
unsigned int index; /* +0x0 */ | |
unsigned int srcAddr; /* +0x4 */ | |
unsigned int dstAddr; /* +0x8 */ | |
short unsigned int srcPort; /* +0xc */ | |
short unsigned int dstPort; /* +0xe */ | |
unsigned int timeStamp; /* +0x10 */ | |
unsigned int rule; /* +0x14 */ | |
char protocol; /* +0x18 */ | |
char dataBuffer[40]; /* +0x19 */ | |
}; | |
typedef struct LOG_ENTRY_ LOG_ENTRY; | |
typedef struct | |
{ | |
unsigned int version; /* +0x0 */ | |
unsigned int logEntries; /* +0x4 */ | |
unsigned int ruleCount; /* +0x8 */ | |
unsigned int timeStamp; /* +0xc */ | |
} SD_INFO; | |
typedef struct | |
{ | |
int munge; /* +0x0 */ | |
int magic; /* +0x4 */ | |
int checkSum; /* +0x8 */ | |
unsigned char encCounter[8]; /* +0xc */ | |
int encMagic; /* +0x14 */ | |
int sequenceNum; /* +0x18 */ | |
unsigned int type; /* +0x1c */ | |
int errCode; /* +0x20 */ | |
unsigned int logTime; /* +0x24 */ | |
union | |
{ | |
RULE_TYPE rule; | |
SD_INFO info; | |
LOG_ENTRY log[15]; | |
}; /* +0x28 */ | |
} SD_PDUTYPE; | |
typedef unsigned char uchar; | |
char *completerFunc(char *keyword, int state); | |
int sendCommand(int sd, SD_PDUTYPE *sdPdu, SD_PDUTYPE *sdPduResp); | |
int main(int argc, char **argv); | |
/* inline int atoi(char *__nptr) */ | |
/* inline long int strtol(char *__nptr, char **__endptr, int __base) */ | |
void sighandler(int sig); | |
typedef long unsigned int ulong; | |
typedef short unsigned int ushort; | |
typedef unsigned char uint8; | |
struct Control_nodeHeader | |
{ | |
long unsigned int nodeNum; /* +0x0 */ | |
}; | |
typedef struct Control_nodeHeader Control_nodeHeader; | |
typedef struct | |
{ | |
uint8 counter[8]; /* +0x0 */ | |
uint8 padding[8]; /* +0x8 */ | |
} Encryption_PaddedCounter; | |
int Encryption_incrementCounter(uchar *counter); | |
int Encryption_expandKey(uchar *cv, uchar *keySchedule); | |
int Encryption_compareCounters(uchar *counter, uchar *counter2); | |
int Encryption_isValidCounter(uchar *counter, uchar *lastUsedCounter); | |
int Encryption_encryptCounter(uchar *counter, uchar *data); | |
void Encryption_decryptCounter(uchar *counter, uchar *data); | |
int ecbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, uchar *keySchedule); | |
int counterModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, Encryption_PaddedCounter *counter, uchar *keySchedule); | |
int Encryption_counterModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule); | |
int Encryption_counterModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule); | |
int ofbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, uchar *iv, uchar *keySchedule); | |
int Encryption_ofbModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule); | |
int Encryption_ofbModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule); | |
void Encryption_mungeControlHeader(Control_nodeHeader *nh); | |
void Encryption_randSeed(); | |
/* inline void Encryption_addSeed(uchar *seed, long int numSeedBytes) */ | |
void Encryption_randRekey(); | |
void Encryption_randBytes(uchar *bytes, long int size); | |
/* inline void Encryption_randInit() */ | |
long unsigned int Encryption_randGen(); | |
typedef long unsigned int uint32; | |
void Rc6_encrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule); | |
/* inline long unsigned int be32_to_le32_inline(long unsigned int x) */ | |
void Rc6_decrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule); | |
void Rc6_expandKey(uint8 *cv, uint32 *keySchedule); | |
int Encryption_Sha1(uint8 *data, int data_len, uint8 *digest); | |
int Encryption_Sha1d(uint8 *data, int data_len, uint8 *digest); | |
int Encryption_Sha1dVerify(uint8 *data, int data_len, uint8 *digest); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment