potetisensei/penser.c

## penser.c
int recv_fd(int fd, void *buf, int size) {
    if (buf == NULL) return -1;
    else if (size == 0) return 0;

    return recv(fd, buf, size, 0);
}

int send_fd(int fd, void *buf, int size) {
    int i = 0;

    if (buf == NULL) return -1;
    else if (size == 0) return 0;

    while (i < size) {
        i += send(fd, buf+i, size-i,0);
        if (i < 0) return -1;
    }

    return i;
}

int process(char *input_shellcode, int shellcode_size, char *processed_shellcode, int len) {
    int i = 0;
    int j = 0;

    if (input_shellcode == NULL) return -1;
    if (shellcode_size == 0) return -1;
    if (processed_shellcode == 0) return -1;
    if (len == 0) return -1;
    if (len/2 < shellcode_size) reutrn -1;

    memset(processed_shellcode, 0, len);
    for (i=0,j=0;i<shellcode_size;i++,(j++)++) {
        if (input_shellcode[i] == '\0') return 0;
        if (input_shellcode[i] <= 0x1F && input_shellcode[i] != 0x0A) return -1;
        processed_shellcode[j] = input_shellcode[i];
    }

    return i;
}

int sub_4010A8(int fd) {
    int shellcode_size;
    int len;
    char *input_shellcode;
    char *processed_shellcode;

    alarm(SIGTERM);
    if (recv_fd(fd, &shellcode_size, 4) == -1) {
        close(fd);
        return -1;
    }

    if (shellcode_size > 0x1000) {
        send_fd(fd, "Invalid length.\n", 0x10);
        close(fd);
        return -1;
    }

    input_shellcode = malloc(shellcode_size);
    if (input_shellcode == NULL) {
        close(fd);
        return -1;
    }

    recv_fd(fd, input_shellcode, shellcode_size);

    len = shellcode_size * 2;
    processed_shellcode = mmap(0, len, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PREVATE | MAP_ANON | MAP_CONTIG, 0, 0);

    memcpy(processed_shellcode, input_shellcode, shellcode_size);

    if (process(input_shellcode, shellcode_size, processed_shellcode, len) == -1) return -1;

    free(input_shellcode);

    ((void (*)(void))processed_shellcode)();

    munmap(processed_shellcode, len);
    close(fd);

    return 0;
}
	int recv_fd(int fd, void *buf, int size) {
	if (buf == NULL) return -1;
	else if (size == 0) return 0;

	return recv(fd, buf, size, 0);
	}

	int send_fd(int fd, void *buf, int size) {
	int i = 0;

	if (buf == NULL) return -1;
	else if (size == 0) return 0;

	while (i < size) {
	i += send(fd, buf+i, size-i,0);
	if (i < 0) return -1;
	}

	return i;
	}

	int process(char input_shellcode, int shellcode_size, char processed_shellcode, int len) {
	int i = 0;
	int j = 0;

	if (input_shellcode == NULL) return -1;
	if (shellcode_size == 0) return -1;
	if (processed_shellcode == 0) return -1;
	if (len == 0) return -1;
	if (len/2 < shellcode_size) reutrn -1;

	memset(processed_shellcode, 0, len);
	for (i=0,j=0;i<shellcode_size;i++,(j++)++) {
	if (input_shellcode[i] == '\0') return 0;
	if (input_shellcode[i] <= 0x1F && input_shellcode[i] != 0x0A) return -1;
	processed_shellcode[j] = input_shellcode[i];
	}

	return i;
	}

	int sub_4010A8(int fd) {
	int shellcode_size;
	int len;
	char *input_shellcode;
	char *processed_shellcode;

	alarm(SIGTERM);
	if (recv_fd(fd, &shellcode_size, 4) == -1) {
	close(fd);
	return -1;
	}

	if (shellcode_size > 0x1000) {
	send_fd(fd, "Invalid length.\n", 0x10);
	close(fd);
	return -1;
	}

	input_shellcode = malloc(shellcode_size);
	if (input_shellcode == NULL) {
	close(fd);
	return -1;
	}

	recv_fd(fd, input_shellcode, shellcode_size);

	len = shellcode_size * 2;
	processed_shellcode = mmap(0, len, PROT_READ \| PROT_WRITE \| PROT_EXEC, MAP_PREVATE \| MAP_ANON \| MAP_CONTIG, 0, 0);

	memcpy(processed_shellcode, input_shellcode, shellcode_size);

	if (process(input_shellcode, shellcode_size, processed_shellcode, len) == -1) return -1;

	free(input_shellcode);

	((void (*)(void))processed_shellcode)();

	munmap(processed_shellcode, len);
	close(fd);

	return 0;
	}