gbrochar
/
woody-woodpacker
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

update encrypt

This commit is contained in:
pbonilla 2024-06-19 17:12:30 +02:00
parent 1c9ce75873
commit 8756c0a8fa
4 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/woody.h
View File

@ -33,6 +33,7 @@ typedef struct elf32
Elf32_Ehdr *Ehdr; Elf32_Ehdr *Ehdr;
Elf32_Phdr *Phdr; Elf32_Phdr *Phdr;
Elf32_Shdr *Shdr; Elf32_Shdr *Shdr;
Elf32_Shdr *text_section;
} t_elf32; } t_elf32;
typedef struct elf64 typedef struct elf64
@ -40,6 +41,7 @@ typedef struct elf64
Elf64_Ehdr *Ehdr; Elf64_Ehdr *Ehdr;
Elf64_Phdr *Phdr; Elf64_Phdr *Phdr;
Elf64_Shdr *Shdr; Elf64_Shdr *Shdr;
Elf64_Shdr *text_section;
} t_elf64; } t_elf64;
typedef struct elf_content typedef struct elf_content

6
srcs/main.c
View File

@ -109,9 +109,15 @@ int main(int ac, char **av)
return elf_error; return elf_error;
int inject_error = -1; int inject_error = -1;
if (elfclass == ELFCLASS32) if (elfclass == ELFCLASS32)
{
encrypt(woody.file, woody.elf32->text_section->sh_offset, woody.elf32->text_section->sh_size);
inject_error = inject32(&woody); inject_error = inject32(&woody);
}
else if (elfclass == ELFCLASS64) else if (elfclass == ELFCLASS64)
{
encrypt(woody.file, woody.elf64->text_section->sh_offset, woody.elf64->text_section->sh_size);
inject_error = inject64(&woody); inject_error = inject64(&woody);
}
if (inject_error) if (inject_error)
{ {
free_elf_content(&woody); free_elf_content(&woody);

2
srcs/woody32.c
View File

@ -48,6 +48,7 @@ int inject32(t_elf_content *woody)
elf->Phdr[i].p_filesz += payload->len; elf->Phdr[i].p_filesz += payload->len;
elf->Phdr[i].p_memsz += payload->len; elf->Phdr[i].p_memsz += payload->len;
elf->Ehdr->e_entry = payload_position;
if (insert_payload(woody, payload, payload_position, elf->Ehdr->e_entry, elf->Phdr[i].p_offset, elf->Phdr[i].p_memsz)) if (insert_payload(woody, payload, payload_position, elf->Ehdr->e_entry, elf->Phdr[i].p_offset, elf->Phdr[i].p_memsz))
{ {
@ -56,7 +57,6 @@ int inject32(t_elf_content *woody)
return ft_put_error("Unable to insert payload, please regenerate it"); return ft_put_error("Unable to insert payload, please regenerate it");
} }
elf->Ehdr->e_entry = payload_position;
elf->Phdr[i].p_flags = PF_X | PF_W | PF_R; elf->Phdr[i].p_flags = PF_X | PF_W | PF_R;
free(payload->payload); free(payload->payload);
free(payload); free(payload);

38
srcs/woody64.c
View File

@ -46,8 +46,6 @@ int inject64(t_elf_content *woody)
return ft_put_error("Unable to insert payload, not enough space for code cave"); return ft_put_error("Unable to insert payload, not enough space for code cave");
} }
elf->Phdr[i].p_filesz += payload->len;
elf->Phdr[i].p_memsz += payload->len;
if (insert_payload(woody, payload, payload_position, elf->Ehdr->e_entry, elf->Phdr[i].p_offset, elf->Phdr[i].p_memsz)) if (insert_payload(woody, payload, payload_position, elf->Ehdr->e_entry, elf->Phdr[i].p_offset, elf->Phdr[i].p_memsz))
{ {
@ -57,7 +55,10 @@ int inject64(t_elf_content *woody)
} }
elf->Ehdr->e_entry = payload_position; elf->Ehdr->e_entry = payload_position;
elf->Phdr[i].p_filesz += payload->len;
elf->Phdr[i].p_memsz += payload->len;
elf->Phdr[i].p_flags = PF_X | PF_W | PF_R; elf->Phdr[i].p_flags = PF_X | PF_W | PF_R;
elf->text_section->sh_size += payload->len;
free(payload->payload); free(payload->payload);
free(payload); free(payload);
return EXIT_SUCCESS; return EXIT_SUCCESS;
@ -65,16 +66,37 @@ int inject64(t_elf_content *woody)
int get_elf_sections64(t_elf_content *woody) int get_elf_sections64(t_elf_content *woody)
{ {
woody->elf64->Ehdr = (Elf64_Ehdr *)fetch(woody->file, woody->file_size, 0, sizeof(Elf64_Ehdr)); t_elf64 *elf = woody->elf64;
if (!woody->elf64->Ehdr)
elf->Ehdr = (Elf64_Ehdr *)fetch(woody->file, woody->file_size, 0, sizeof(Elf64_Ehdr));
if (!elf->Ehdr)
return EXIT_FAILURE; return EXIT_FAILURE;
woody->elf64->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->elf64->Ehdr->e_phoff, sizeof(Elf64_Phdr)); elf->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, elf->Ehdr->e_phoff, sizeof(Elf64_Phdr));
if (!woody->elf64->Phdr) if (!elf->Phdr)
return EXIT_FAILURE; return EXIT_FAILURE;
woody->elf64->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->elf64->Ehdr->e_shoff, sizeof(Elf64_Shdr)); elf->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, elf->Ehdr->e_shoff, sizeof(Elf64_Shdr));
if (!woody->elf64->Shdr || !fetch(woody->file, woody->file_size, woody->elf64->Ehdr->e_shoff, woody->elf64->Ehdr->e_shnum * sizeof(Elf64_Shdr))) if (!elf->Shdr || !fetch(woody->file, woody->file_size, elf->Ehdr->e_shoff, elf->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
return EXIT_FAILURE; return EXIT_FAILURE;
if (!fetch(woody->file, woody->file_size, elf->Ehdr->e_shoff + (elf->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr)))
return EXIT_FAILURE;
char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, elf->Shdr[elf->Ehdr->e_shstrndx].sh_offset, 0);
if (Sshstrtab == NULL)
return EXIT_FAILURE;
for (int i = 0; i < elf->Ehdr->e_shnum;i++)
{
if (elf->Shdr[i].sh_type == SHT_PROGBITS && elf->Shdr[i].sh_flags & SHF_EXECINSTR && elf->Shdr[i].sh_flags & SHF_ALLOC && elf->Shdr[i].sh_flags & SHF_EXECINSTR)
{
if (Sshstrtab + elf->Shdr[i].sh_name < (char *)woody->file + woody->file_size && !ft_strncmp(".text\0", Sshstrtab + elf->Shdr[i].sh_name, 6))
{
elf->text_section = &elf->Shdr[i];
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
}
}
return EXIT_FAILURE;
}