Last active
August 19, 2016 21:17
-
-
Save laanwj/96841340cecb5ada220af39551df2896 to your computer and use it in GitHub Desktop.
Some functions and data structures from SECONDDATE implant control module (extracted using https://github.com/laanwj/dwarf_to_c)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Basetype: unsigned int */ | |
| typedef unsigned int size_t; | |
| /* Basetype: unsigned char */ | |
| /* Basetype: short unsigned int */ | |
| /* Basetype: long unsigned int */ | |
| /* Basetype: signed char */ | |
| /* Basetype: short int */ | |
| /* Basetype: int */ | |
| /* Basetype: long long int */ | |
| /* Basetype: long long unsigned int */ | |
| typedef long long int __quad_t; | |
| /* Basetype: long int */ | |
| typedef long int __off_t; | |
| typedef __quad_t __off64_t; | |
| typedef long int __time_t; | |
| typedef long int __suseconds_t; | |
| /* Basetype: char */ | |
| typedef unsigned int __socklen_t; | |
| typedef struct _IO_FILE FILE; | |
| typedef void _IO_lock_t; | |
| struct _IO_FILE | |
| { | |
| int _flags; /* +0x0 */ | |
| char *_IO_read_ptr; /* +0x4 */ | |
| char *_IO_read_end; /* +0x8 */ | |
| char *_IO_read_base; /* +0xc */ | |
| char *_IO_write_base; /* +0x10 */ | |
| char *_IO_write_ptr; /* +0x14 */ | |
| char *_IO_write_end; /* +0x18 */ | |
| char *_IO_buf_base; /* +0x1c */ | |
| char *_IO_buf_end; /* +0x20 */ | |
| char *_IO_save_base; /* +0x24 */ | |
| char *_IO_backup_base; /* +0x28 */ | |
| char *_IO_save_end; /* +0x2c */ | |
| struct _IO_marker *_markers; /* +0x30 */ | |
| struct _IO_FILE *_chain; /* +0x34 */ | |
| int _fileno; /* +0x38 */ | |
| int _flags2; /* +0x3c */ | |
| __off_t _old_offset; /* +0x40 */ | |
| short unsigned int _cur_column; /* +0x44 */ | |
| signed char _vtable_offset; /* +0x46 */ | |
| char _shortbuf[1]; /* +0x47 */ | |
| _IO_lock_t *_lock; /* +0x48 */ | |
| __off64_t _offset; /* +0x4c */ | |
| void *__pad1; /* +0x54 */ | |
| void *__pad2; /* +0x58 */ | |
| int _mode; /* +0x5c */ | |
| char _unused2[52]; /* +0x60 */ | |
| }; | |
| struct _IO_marker | |
| { | |
| struct _IO_marker *_next; /* +0x0 */ | |
| struct _IO_FILE *_sbuf; /* +0x4 */ | |
| int _pos; /* +0x8 */ | |
| }; | |
| typedef __time_t time_t; | |
| typedef struct | |
| { | |
| long unsigned int __val[32]; /* +0x0 */ | |
| } __sigset_t; | |
| struct timeval | |
| { | |
| __time_t tv_sec; /* +0x0 */ | |
| __suseconds_t tv_usec; /* +0x4 */ | |
| }; | |
| typedef long int __fd_mask; | |
| typedef struct | |
| { | |
| __fd_mask __fds_bits[32]; /* +0x0 */ | |
| } fd_set; | |
| struct option | |
| { | |
| char *name; /* +0x0 */ | |
| int has_arg; /* +0x4 */ | |
| int *flag; /* +0x8 */ | |
| int val; /* +0xc */ | |
| }; | |
| typedef int __jmp_buf[6]; | |
| struct __jmp_buf_tag | |
| { | |
| __jmp_buf __jmpbuf; /* +0x0 */ | |
| int __mask_was_saved; /* +0x18 */ | |
| __sigset_t __saved_mask; /* +0x1c */ | |
| }; | |
| typedef struct __jmp_buf_tag jmp_buf[1]; | |
| typedef char *rl_compentry_func_t(char *, int); | |
| typedef __socklen_t socklen_t; | |
| typedef short unsigned int sa_family_t; | |
| typedef short unsigned int uint16_t; | |
| typedef unsigned int uint32_t; | |
| typedef uint16_t in_port_t; | |
| typedef uint32_t in_addr_t; | |
| struct in_addr | |
| { | |
| in_addr_t s_addr; /* +0x0 */ | |
| }; | |
| struct sockaddr_in | |
| { | |
| sa_family_t sin_family; /* +0x0 */ | |
| in_port_t sin_port; /* +0x2 */ | |
| struct in_addr sin_addr; /* +0x4 */ | |
| unsigned char sin_zero[8]; /* +0x8 */ | |
| }; | |
| struct tm | |
| { | |
| int tm_sec; /* +0x0 */ | |
| int tm_min; /* +0x4 */ | |
| int tm_hour; /* +0x8 */ | |
| int tm_mday; /* +0xc */ | |
| int tm_mon; /* +0x10 */ | |
| int tm_year; /* +0x14 */ | |
| int tm_wday; /* +0x18 */ | |
| int tm_yday; /* +0x1c */ | |
| int tm_isdst; /* +0x20 */ | |
| long int tm_gmtoff; /* +0x24 */ | |
| char *tm_zone; /* +0x28 */ | |
| }; | |
| typedef struct | |
| { | |
| unsigned char enabled; /* +0x0 */ | |
| unsigned char checkHTTPGET; /* +0x1 */ | |
| unsigned char checkPattern; /* +0x2 */ | |
| unsigned char tcpFlags; /* +0x3 */ | |
| unsigned char injectflag; /* +0x4 */ | |
| unsigned int index; /* +0x8 */ | |
| unsigned int start_index; /* +0xc */ | |
| unsigned int stop_index; /* +0x10 */ | |
| unsigned int tagOffset; /* +0x14 */ | |
| unsigned int u_timestamp; /* +0x18 */ | |
| unsigned int e_timestamp; /* +0x1c */ | |
| unsigned int srcAddrFilter; /* +0x20 */ | |
| unsigned int srcAddrFilterMask; /* +0x24 */ | |
| unsigned int dstAddrFilter; /* +0x28 */ | |
| unsigned int dstAddrFilterMask; /* +0x2c */ | |
| unsigned int protocolFilter; /* +0x30 */ | |
| short unsigned int srcPortFilter; /* +0x34 */ | |
| short unsigned int dstPortFilter; /* +0x36 */ | |
| unsigned int minInterval; /* +0x38 */ | |
| unsigned int maxInjections; /* +0x3c */ | |
| unsigned int injectWindow; /* +0x40 */ | |
| unsigned int injectLen; /* +0x44 */ | |
| unsigned int currentInjections; /* +0x48 */ | |
| unsigned int totalInjections; /* +0x4c */ | |
| unsigned int totalMisses; /* +0x50 */ | |
| unsigned int nextInjectTime; /* +0x54 */ | |
| unsigned int injectWindowEnd; /* +0x58 */ | |
| unsigned char pattern[256]; /* +0x5c */ | |
| unsigned char inject[512]; /* +0x15c */ | |
| } RULE_TYPE; | |
| struct LOG_ENTRY_ | |
| { | |
| unsigned int index; /* +0x0 */ | |
| unsigned int srcAddr; /* +0x4 */ | |
| unsigned int dstAddr; /* +0x8 */ | |
| short unsigned int srcPort; /* +0xc */ | |
| short unsigned int dstPort; /* +0xe */ | |
| unsigned int timeStamp; /* +0x10 */ | |
| unsigned int rule; /* +0x14 */ | |
| char protocol; /* +0x18 */ | |
| char dataBuffer[40]; /* +0x19 */ | |
| }; | |
| typedef struct LOG_ENTRY_ LOG_ENTRY; | |
| typedef struct | |
| { | |
| unsigned int version; /* +0x0 */ | |
| unsigned int logEntries; /* +0x4 */ | |
| unsigned int ruleCount; /* +0x8 */ | |
| unsigned int timeStamp; /* +0xc */ | |
| } SD_INFO; | |
| typedef struct | |
| { | |
| int munge; /* +0x0 */ | |
| int magic; /* +0x4 */ | |
| int checkSum; /* +0x8 */ | |
| unsigned char encCounter[8]; /* +0xc */ | |
| int encMagic; /* +0x14 */ | |
| int sequenceNum; /* +0x18 */ | |
| unsigned int type; /* +0x1c */ | |
| int errCode; /* +0x20 */ | |
| unsigned int logTime; /* +0x24 */ | |
| union | |
| { | |
| RULE_TYPE rule; | |
| SD_INFO info; | |
| LOG_ENTRY log[15]; | |
| }; /* +0x28 */ | |
| } SD_PDUTYPE; | |
| typedef unsigned char uchar; | |
| char *completerFunc(char *keyword, int state); | |
| int sendCommand(int sd, SD_PDUTYPE *sdPdu, SD_PDUTYPE *sdPduResp); | |
| int main(int argc, char **argv); | |
| /* inline int atoi(char *__nptr) */ | |
| /* inline long int strtol(char *__nptr, char **__endptr, int __base) */ | |
| void sighandler(int sig); | |
| typedef long unsigned int ulong; | |
| typedef short unsigned int ushort; | |
| typedef unsigned char uint8; | |
| struct Control_nodeHeader | |
| { | |
| long unsigned int nodeNum; /* +0x0 */ | |
| }; | |
| typedef struct Control_nodeHeader Control_nodeHeader; | |
| typedef struct | |
| { | |
| uint8 counter[8]; /* +0x0 */ | |
| uint8 padding[8]; /* +0x8 */ | |
| } Encryption_PaddedCounter; | |
| int Encryption_incrementCounter(uchar *counter); | |
| int Encryption_expandKey(uchar *cv, uchar *keySchedule); | |
| int Encryption_compareCounters(uchar *counter, uchar *counter2); | |
| int Encryption_isValidCounter(uchar *counter, uchar *lastUsedCounter); | |
| int Encryption_encryptCounter(uchar *counter, uchar *data); | |
| void Encryption_decryptCounter(uchar *counter, uchar *data); | |
| int ecbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, uchar *keySchedule); | |
| int counterModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, Encryption_PaddedCounter *counter, uchar *keySchedule); | |
| int Encryption_counterModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule); | |
| int Encryption_counterModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *counter, uchar *keySchedule); | |
| int ofbModeEncryptBlock(uchar *plaintext, uchar *ciphertext, ushort plaintextLength, uchar *iv, uchar *keySchedule); | |
| int Encryption_ofbModeEncrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule); | |
| int Encryption_ofbModeDecrypt(uchar *plaintext, uchar *ciphertext, long int length, uchar *iv, long int *remainder, uchar *keySchedule); | |
| void Encryption_mungeControlHeader(Control_nodeHeader *nh); | |
| void Encryption_randSeed(); | |
| /* inline void Encryption_addSeed(uchar *seed, long int numSeedBytes) */ | |
| void Encryption_randRekey(); | |
| void Encryption_randBytes(uchar *bytes, long int size); | |
| /* inline void Encryption_randInit() */ | |
| long unsigned int Encryption_randGen(); | |
| typedef long unsigned int uint32; | |
| void Rc6_encrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule); | |
| /* inline long unsigned int be32_to_le32_inline(long unsigned int x) */ | |
| void Rc6_decrypt(uint8 *inBlock, uint8 *outBlock, uint32 *keySchedule); | |
| void Rc6_expandKey(uint8 *cv, uint32 *keySchedule); | |
| int Encryption_Sha1(uint8 *data, int data_len, uint8 *digest); | |
| int Encryption_Sha1d(uint8 *data, int data_len, uint8 *digest); | |
| int Encryption_Sha1dVerify(uint8 *data, int data_len, uint8 *digest); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment