gbrochar
/
woody-woodpacker
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: gbrochar:c9d07e22a9ad6c18fd3891e2b30ac6cb7371aaf0
Branches Tags
gbrochar:master
gbrochar:refacto
gbrochar:rsa-asm
gbrochar:rot1
gbrochar:rsa
..
compare: gbrochar:2c14d6f0c52b3ec72e0359d6622dec0c50cab9cf
Branches Tags
gbrochar:refacto
gbrochar:rsa-asm
gbrochar:master
gbrochar:rot1
gbrochar:rsa

No commits in common. "c9d07e22a9ad6c18fd3891e2b30ac6cb7371aaf0" and "2c14d6f0c52b3ec72e0359d6622dec0c50cab9cf" have entirely different histories.
c9d07e22a9 ... 2c14d6f0c5

17 changed files with 41 additions and 3852 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,6 +1,3 @@
rsa/rsa
rsa64/rsa
*.swp
*.o *.o
*.a *.a
woody_woodpacker woody_woodpacker

10
Makefile
View File

@ -5,9 +5,7 @@ SRCS_PATH = srcs/
SRCS = $(SRCS_PATH)main.c \ SRCS = $(SRCS_PATH)main.c \
$(SRCS_PATH)utils.c \ $(SRCS_PATH)utils.c \
$(SRCS_PATH)woody.c \ $(SRCS_PATH)woody.c \
$(SRCS_PATH)encrypt.c \ $(SRCS_PATH)encrypt.c
$(SRCS_PATH)rsa.c \
$(SRCS_PATH)primes.c
OBJS = ${SRCS:.c=.o} OBJS = ${SRCS:.c=.o}
@ -25,7 +23,7 @@ all: ${NAME}
.c.o: .c.o:
${CC} ${INCLUDES} ${DEFINES} ${CFLAGS} -c $< -o $@ ${CC} ${INCLUDES} ${DEFINES} ${CFLAGS} -c $< -o $@
$(NAME): ${OBJS} includes/woody.h $(NAME): ${OBJS}
make -C ft_printf make -C ft_printf
${CC} ${OBJS} ${LIBFT_FLAGS} -o ${NAME} ${CC} ${OBJS} ${LIBFT_FLAGS} -o ${NAME}
@ -33,11 +31,11 @@ clean:
make -C ft_printf clean make -C ft_printf clean
${RM} ${OBJS} ${RM} ${OBJS}
fclean: clean fclean:
make -C ft_printf fclean make -C ft_printf fclean
${RM} ${NAME} ${RM} ${NAME}
re: fclean re: fclean
make all make all
.PHONY : all clean fclean re .PHONY : all clean fclean re

29
includes/rsa.h
View File

@ -1,29 +0,0 @@
#ifndef _RSA_H
#define _RSA_H 1
#include <stdint.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <stdbool.h>
#define RSA_BLOCK_SIZE 128
typedef struct rsa_s {
uint64_t n;
uint64_t d;
} rsa_t;
void *protected_malloc(size_t size);
rsa_t rsa_generate_keys();
uint16_t generate_prime();
uint64_t pow_mod(uint64_t nn, uint64_t e, uint64_t mm);
uint16_t get_random_bytes(int fd);
#endif

7
includes/woody.h
View File

@ -1,8 +1,6 @@
#ifndef WOODY_H #ifndef WOODY_H
#define WOODY_H #define WOODY_H
#include "rsa.h"
#include "../ft_printf/includes/ft_printf.h" #include "../ft_printf/includes/ft_printf.h"
#include <stdbool.h> #include <stdbool.h>
#include <unistd.h> #include <unistd.h>
@ -19,11 +17,10 @@
#define JUMP "\xe9" #define JUMP "\xe9"
#define WOODY "....WOODY...." #define WOODY "....WOODY...."
#define JUMP_VALUE "\xda\xda" #define JUMP_VALUE "\xda\xda\xda"
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba" #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca" #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
#define PRIVATE_KEY "\xcd\xab\xef\xcd\xab\xef\xcd\xab"
typedef struct payload typedef struct payload
{ {
@ -52,7 +49,7 @@ int get_symbols_count(int sh_size, int sh_entsize);
int prepare_injection(t_elf_content *woody); int prepare_injection(t_elf_content *woody);
// encrypt.c // encrypt.c
unsigned long encrypt(char *file, unsigned long int offset, unsigned long int size, rsa_t rsa); void encrypt(char *file, unsigned long int offset, unsigned long int size);
#endif #endif

118
print.s
View File

@ -2,108 +2,36 @@ bits 64
global _start global _start
_start: _start:
push rbp push rax
push rsp push rdi
push rbx push rsi
push r12 push rdx
push r13
push r14
push r15
mov rdi, 1 mov rdi, 1
lea rsi, [rel msg] lea rsi, [rel msg]
mov rbx, rsi mov rax, rsi
sub rbx, qword [rel text_section] ;text_section address because of this and that sub rax, qword [rel text_section] ;text_section address
mov r8, qword [rel section_size] ;text_section size mov r8, qword [rel section_sisze] ;text_section size
mov r9, 0 ;increment register mov r9, 0 ;increment register
mov r10, 0 ;increment register
xor r10, r10 xor r10, r10
xor r13, r13 encrypt:
mov r13d, dword [rel private_key] cmp r8, r9
xor r12, r12 je end_encrypt
mov r12d, dword [rel private_key + 4] movzx r10, byte[rax + r9]
;shr r12, 32 inc r10b ;rot + 1
push r13 ; push rsa.d mov byte[rax + r9], r10b
push r12 ; push rsa.n inc r9
jmp decrypt_loop jmp encrypt
end_encrypt:
; rbx is adress of text(encrypted) section
; r8 is section size
; r9 is index
; rax is cypher that needs to be converted to message
; dword [rsp + 16] is rsa.d
; dword [rsp + 8] is rsa.n
; qword [rsp] is cypher backup
decrypt_once:
mov r11, 0x100000000
sq_mul_bit_index:
shr r11, 1
mov r12, r11
and r12, qword [rsp + 16]
jz sq_mul_bit_index
sq_mul_loop:
shr r11, 1
cmp r11, 0
je decrypt_loop2
mul rax,
; modulo n ...
mov r13, qword [rsp + 8]
xor rdx, rdx
div r13
mov rax, rdx
; modulo n ...
mov r12, r11
and r12, qword [rsp + 16]
cmp r12, 0
je sq_mul_loop
mov r13, qword [rsp]
mul r13
; modulo n ...
mov r13, qword [rsp + 8]
xor rdx, rdx
div r13
mov rax, rdx
; modulo n ...
jmp sq_mul_loop
decrypt_loop:
cmp r8, r10
je end_decrypt
xor rax, rax
mov eax, dword [rbx + r9]
push rax
;push r10
jmp decrypt_once
decrypt_loop2:
sub rax, 42 ; remove 42 of result (avoid 0 values)
sub rax, r10 ; remove index of result (caesar like cypher so 0/42 values are differents)
; unpadding and write back here
;mov [rbx + r9], rax
; unpadding and write back here
pop rax
add r9, 4
inc r10
jmp decrypt_loop
end_decrypt:
mov rdx, 14 mov rdx, 14
mov rax, 1 mov rax, 1
syscall syscall
pop rdx
pop rsi
pop rdi
pop rax
pop r12 ; pop rsa.n jmp 0xdadadada
pop r12 ; pop rsa.d msg db "....WOODY....",10
pop r15
pop r14
pop r13
pop r12
pop rbx
pop rsp
pop rbp
jmp 0xdadadada ; this needs to be just before that
msg db "....WOODY....",10 ; that needs to be just after this
text_section dq 0xbabababababababa text_section dq 0xbabababababababa
section_size dq 0xcacacacacacacaca section_sisze dq 0xcacacacacacacaca
private_key dq 0xabcdefabcdefabcd

43
rsa64/Makefile
View File

@ -1,43 +0,0 @@
NAME = rsa
SRC = \
main.c \
rsa.c \
utils.c \
primes.c \
all: $(NAME)
$(NAME):
gcc -Wall -Wextra -Werror -Wunused-function $(SRC) -o $(NAME)
fast:
gcc -Wall -Wextra -Werror -Wunused-function -O3 $(SRC) -o $(NAME)
fast-info:
gcc -Wall -Wextra -Werror -Wunused-function -O3 -fopt-info $(SRC) -o $(NAME)
really-fast:
gcc -Wall -Wextra -Werror -Wunused-function -O3 -march=native $(SRC) -o $(NAME)
really-fast-info:
gcc -Wall -Wextra -Werror -Wunused-function -O3 -march=native -fopt-info $(SRC) -o $(NAME)
profile:
gcc -Wall -Wextra -Werror -Wunused-function -pg $(SRC) -o $(NAME)
profile-clang:
clang -Wall -Wextra -Werror -Wunused-function -pg $(SRC) -o $(NAME)
profile-fast:
gcc -Wall -Wextra -Werror -Wunused-function -O3 -pg $(SRC) -o $(NAME)
profile-fast-clang:
clang -Wall -Wextra -Werror -Wunused-function -O3 -pg $(SRC) -o $(NAME)
fclean:
rm -rf $(NAME)
re: fclean all
.PHONY: all fast profile profile-fast fclean re

14
rsa64/main.c
View File

@ -1,14 +0,0 @@
#include "rsa.h"
int main(int ac, char **av) {
if (ac == 2) {
(void)av;
rsa_t rsa = rsa_generate_keys();
(void)rsa;
}
else {
printf("usage: ./rsa message\n");
}
return 0;
}

3245
rsa64/primes.0000
View File

File diff suppressed because it is too large Load Diff

74
rsa64/primes.c
View File

@ -1,74 +0,0 @@
#include "rsa.h"
uint16_t get_random_bytes(int fd) {
uint16_t ret;
if (read(fd, &ret, sizeof(uint16_t)) == -1) {
exit(1);
}
return ret;
}
// n pow e mod m
uint64_t pow_mod(uint64_t n, uint64_t e, uint64_t m) {
uint64_t y = 1;
while (e > 1) {
if (e & 1) {
y = (y * n) % m;
}
n = (n * n) % m;
e = e >> 1;
}
return (n * y) % m;
}
bool is_prime(uint16_t n, size_t k_max, int fd) {
uint16_t a = get_random_bytes(fd);
uint16_t d = n - 1;
uint16_t s = 0;
while ((d & 1) == 0) {
s++;
d = d >> 1;
}
for (size_t k = 0; k < k_max; k++) {
a = 0;
while (a < 2 || a > (n - 2)) {
a = get_random_bytes(fd);
}
uint16_t x = pow_mod(a, d, n);
uint16_t y;
for (uint16_t i = 0; i < s; i++) {
y = pow_mod(x, 2, n);
if (y == 1 && x != 1 && x != n - 1)
return false;
x = y;
}
if (y != 1) {
return false;
}
}
return true;
}
uint16_t generate_prime_fd(int fd) {
uint16_t n = get_random_bytes(fd);
n |= 1 << 15;
n |= 1;
while (!is_prime(n, 16, fd)) {
n = get_random_bytes(fd);
n |= 1 << 15;
n |= 1;
}
return n;
}
uint16_t generate_prime() {
int fd = open("/dev/urandom", O_RDONLY);
uint16_t n = generate_prime_fd(fd);
close(fd);
return n;
}

111
rsa64/rsa.c
View File

@ -1,111 +0,0 @@
#include "rsa.h"
int64_t euler(int64_t r0, int64_t r1) {
int64_t s0 = 1;
int64_t s1 = 0;
int64_t t0 = 0;
int64_t t1 = 1;
int64_t q0 = 0;
while (r1 != 0) {
q0 = r0 / r1;
int64_t tmp = r0 % r1;
r0 = r1;
r1 = tmp;
tmp = s0 - q0 * s1;
s0 = s1;
s1 = tmp;
tmp = t0 - q0 * t1;
t0 = t1;
t1 = tmp;
}
return s0;
}
rsa_t rsa_generate_keys(void) {
for (int try = 0; try < 1000; try++) {
if (try % 100 == 0)
printf("try: %d\n", try);
int64_t p = (uint64_t)generate_prime();
int64_t q = (uint64_t)generate_prime();
int64_t ln = (p - 1) * (q - 1);
int64_t e = 11317;
while (ln % e == 0 || p == q) {
p = generate_prime();
q = generate_prime();
ln = (p - 1) * (q - 1);
}
if (q > p) {
uint64_t tmp = p;
p = q;
q = tmp;
}
int64_t n = p * q;
int64_t r0 = e;
int64_t r1 = ln;
int64_t s0 = 1;
int64_t s1 = 0;
int64_t t0 = 0;
int64_t t1 = 1;
int64_t q0 = 0;
while (r1 != 0) {
q0 = r0 / r1;
int64_t tmp = r0 % r1;
r0 = r1;
r1 = tmp;
tmp = s0 - q0 * s1;
s0 = s1;
s1 = tmp;
tmp = t0 - q0 * t1;
t0 = t1;
t1 = tmp;
}
int64_t d = euler(e, ln) + ln;
if (d > n) {
d -= ln;
}
/* printf("p: %ld\n", p);
printf("q: %ld\n", q);
printf("ln: %ld\n", ln);
printf("n: %ld\n", n);
printf("d: %ld\n", d);
printf("e: %ld\n", e);
printf("d * e %% ln = %ld\n", (d*e)%ln);*/
for (uint64_t m = 0; m < 16384; m++) {
//uint64_t m = get_random_bytes(fd2);
uint64_t c = pow_mod(m, e, n);
uint64_t m2 = pow_mod(c, d, n);
if (m != m2) {
printf("ERROR try: %d\nround: n/a\nmsg: %ld\ncypher: %ld\ndecrypted: %ld\nd: %ld\ne: %ld\np: %lu\nq: %lu\nn: %lu\n", try, m, c, m2, d, e, p, q, n);
break;
}
}
//int64_t m = 42;
/*
for (int64_t m = 41; m < 43; m++) {
int64_t c = pow_mod(m, e, n);
int64_t m2 = pow_mod(c, d, n);
if (d < 0) {
int64_t c2 = euler(c, n);
printf("c2: %ld\n", c2);
printf("c2 * c %% n = %ld\n", ((c2 + n)*c)%n);
printf("c2 * c %% n = %ld\n", ((c2)*c)%n);
m2 = pow_mod(c2 + n, -d, n);
}
printf("message: %ld\n", m);
printf("cypher: %ld\n", c);
printf("decrypted: %ld\n", m2);
}*/
}
rsa_t rsa;
rsa.p.len = 42;
return rsa;
}

34
rsa64/rsa.h
View File

@ -1,34 +0,0 @@
#ifndef _RSA_H
#define _RSA_H 1
#include <stdint.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <stdbool.h>
#define RSA_BLOCK_SIZE 128
typedef struct bigint_s {
uint32_t *data;
size_t len;
} bigint_t;
typedef struct rsa_s {
bigint_t p;
bigint_t q;
} rsa_t;
void *protected_malloc(size_t size);
rsa_t rsa_generate_keys();
uint16_t generate_prime();
uint64_t pow_mod(uint64_t nn, uint64_t e, uint64_t mm);
uint16_t get_random_bytes(int fd);
#endif

9
rsa64/utils.c
View File

@ -1,9 +0,0 @@
#include "rsa.h"
void *protected_malloc(size_t size) {
void *ptr = malloc(size);
if (!ptr) {
printf("malloc returned NULL");
}
return ptr;
}

33
srcs/encrypt.c
View File

@ -1,38 +1,15 @@
#include "../includes/woody.h" #include "../includes/woody.h"
#include "../includes/rsa.h"
unsigned long encrypt(char *file, unsigned long int offset, unsigned long int size, rsa_t rsa) void encrypt(char *file, unsigned long int offset, unsigned long int size)
{ {
size_t padded_len = size * sizeof(char) * 33 / sizeof(uint32_t) / 32 + 1; // every 32 octet one padding octet, plus one for the remainder (uses too much memory for size % 128 == 0 but fuck you)
uint32_t *padded = (uint32_t *)malloc(sizeof(uint32_t) * padded_len);
for (size_t i = 0; i < padded_len; i++) {
padded[padded_len] = 0;
}
(void)rsa;
size_t i = 0; size_t i = 0;
while (i < size) { while (i < size)
size_t j = 0; {
while (j < 8) { file[offset + i] = file[offset + i] - 1;
size_t bit_index = i * 8 * sizeof(char) + j;
//printf("bit_index : %ld\n", bit_index);
padded[bit_index / 31] += (1 & (file[bit_index / 8] >> j)) << (bit_index % 31);
j++;
}
//file[offset + i] = file[offset + i] - 1;
++i; ++i;
} }
for (size_t i = 0; i < padded_len; i++) {
printf("block : %x\n", padded[i]);//, padded[i]);
padded[i] = pow_mod(padded[i] + 42 + i, 11317, rsa.n);
printf("encrypted block : %x\n\n", padded[i]);//, padded[i]);
//printf("decipher block : %lu (%lx)\n", pow_mod(padded[i], rsa.d, rsa.n) - 42 - i, pow_mod(padded[i], rsa.d, rsa.n) - 42 - i);
}
memcpy(&file[offset], padded, padded_len * sizeof(uint32_t));
printf("\nENCRYPTION : \n"); printf("\nENCRYPTION : \n");
printf(" File encrypted from %ld (%lx) to %ld (%lx)\n", offset, offset, offset + size, offset + size); printf(" File encrypted from %ld (%lx) to %ld (%lx)\n", offset, offset, offset + size, offset + size);
printf(" Size of encryption = %ld (%lx)\n", size, size); printf(" Size of encryption = %ld (%lx)\n", size, size);
printf(" Size of padded encryption = %ld (%lx)\n", padded_len * sizeof(uint32_t), padded_len * sizeof(uint32_t));
printf("\n"); printf("\n");
return offset + padded_len * sizeof(uint32_t); }
}

74
srcs/primes.c
View File

@ -1,74 +0,0 @@
#include "../includes/rsa.h"
uint16_t get_random_bytes(int fd) {
uint16_t ret;
if (read(fd, &ret, sizeof(uint16_t)) == -1) {
exit(1);
}
return ret;
}
// n pow e mod m
uint64_t pow_mod(uint64_t n, uint64_t e, uint64_t m) {
uint64_t y = 1;
while (e > 1) {
if (e & 1) {
y = (y * n) % m;
}
n = (n * n) % m;
e = e >> 1;
}
return (n * y) % m;
}
bool is_prime(uint16_t n, size_t k_max, int fd) {
uint16_t a = get_random_bytes(fd);
uint16_t d = n - 1;
uint16_t s = 0;
while ((d & 1) == 0) {
s++;
d = d >> 1;
}
for (size_t k = 0; k < k_max; k++) {
a = 0;
while (a < 2 || a > (n - 2)) {
a = get_random_bytes(fd);
}
uint16_t x = pow_mod(a, d, n);
uint16_t y;
for (uint16_t i = 0; i < s; i++) {
y = pow_mod(x, 2, n);
if (y == 1 && x != 1 && x != n - 1)
return false;
x = y;
}
if (y != 1) {
return false;
}
}
return true;
}
uint16_t generate_prime_fd(int fd) {
uint16_t n = get_random_bytes(fd);
n |= 1 << 15;
n |= 1;
while (!is_prime(n, 16, fd)) {
n = get_random_bytes(fd);
n |= 1 << 15;
n |= 1;
}
return n;
}
uint16_t generate_prime() {
int fd = open("/dev/urandom", O_RDONLY);
uint16_t n = generate_prime_fd(fd);
close(fd);
return n;
}

53
srcs/rsa.c
View File

@ -1,53 +0,0 @@
#include "../includes/rsa.h"
int64_t euler(int64_t r0, int64_t r1) {
int64_t s0 = 1;
int64_t s1 = 0;
int64_t t0 = 0;
int64_t t1 = 1;
int64_t q0 = 0;
while (r1 != 0) {
q0 = r0 / r1;
int64_t tmp = r0 % r1;
r0 = r1;
r1 = tmp;
tmp = s0 - q0 * s1;
s0 = s1;
s1 = tmp;
tmp = t0 - q0 * t1;
t0 = t1;
t1 = tmp;
}
return s0;
}
rsa_t rsa_generate_keys(void) {
int64_t p = (uint64_t)generate_prime();
int64_t q = (uint64_t)generate_prime();
int64_t ln = (p - 1) * (q - 1);
int64_t e = 11317;
while (ln % e == 0 || p == q) {
p = generate_prime();
q = generate_prime();
ln = (p - 1) * (q - 1);
}
if (q > p) {
uint64_t tmp = p;
p = q;
q = tmp;
}
int64_t n = p * q;
int64_t d = euler(e, ln) + ln;
if (d > n) {
d -= ln;
}
rsa_t rsa;
rsa.d = d;
rsa.n = n;
return rsa;
}

35
srcs/woody.c
View File

@ -1,5 +1,4 @@
#include "../includes/woody.h" #include "../includes/woody.h"
#include "../includes/rsa.h"
int elf_magic_numbers(char *str) int elf_magic_numbers(char *str)
{ {
@ -93,25 +92,18 @@ t_payload *get_payload()
exit(1); exit(1);
} }
payload->len = read(fd, buffer, 1024); payload->len = read(fd, buffer, 1024);
printf("payload len%ld\n", payload->len);
payload->payload = malloc(sizeof(char) * payload->len); payload->payload = malloc(sizeof(char) * payload->len);
ft_memcpy(payload->payload, buffer, payload->len); ft_memcpy(payload->payload, buffer, payload->len);
return payload; return payload;
} }
int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position, int load_segment_index, rsa_t rsa) int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position, int load_segment_index)
{ {
(void)rsa;
//printf("salut %s\n", JUMP_VALUE);
for (size_t i = 0; i < payload->len; i++) {
printf("%c", *(payload->payload + i));
}
char *ptr_jmp_value = ft_strnstr_nullterminated(payload->payload, JUMP_VALUE, payload->len); char *ptr_jmp_value = ft_strnstr_nullterminated(payload->payload, JUMP_VALUE, payload->len);
char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len); char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len);
char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len); char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
char *ptr_private_key = ft_strnstr_nullterminated(payload->payload, PRIVATE_KEY, payload->len);
char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len); char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
if (ptr_jmp_value && ptr_woody && ptr_text_section && ptr_section_size && ptr_private_key) if (ptr_jmp_value && ptr_woody && ptr_text_section && ptr_section_size)
{ {
int32_t woody_index = ptr_woody - payload->payload; int32_t woody_index = ptr_woody - payload->payload;
int32_t jmp_index = ptr_jmp_value - sizeof(JUMP) - payload->payload; int32_t jmp_index = ptr_jmp_value - sizeof(JUMP) - payload->payload;
@ -126,24 +118,14 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
int64_t section_value = woody->Phdr[load_segment_index].p_memsz; //woody->text_section->sh_size; int64_t section_value = woody->Phdr[load_segment_index].p_memsz; //woody->text_section->sh_size;
ft_memcpy(&payload->payload[section_index], &section_value, sizeof(section_value)); ft_memcpy(&payload->payload[section_index], &section_value, sizeof(section_value));
int64_t private_key_index = ptr_private_key - payload->payload;
int64_t private_key_value = (rsa.n << 32) + rsa.d;
ft_memcpy(&payload->payload[private_key_index], &private_key_value, sizeof(uint64_t));
ft_memcpy(woody->file + payload_position, payload->payload, payload->len); ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
printf("Code cave start = %ld (%lx)\n", payload_position, payload_position); printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
printf("Payload size = %ld (%lx)\n", payload->len, payload->len); printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
printf("Backward offset = %d (%x)(%x)\n", jump_value, jump_value, -jump_value); printf("Backward offset = %d (%x)(%x)\n", jump_value, jump_value, -jump_value);
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
printf("c'est la merde\n");
printf("ptr_woody : %p\n", ptr_woody);
printf("ptr_section_size: %p\n", ptr_section_size);
printf("ptr_text_section : %p\n", ptr_text_section);
printf("ptr_jmp_value : %p\n", ptr_jmp_value);
printf("ptr_private_key: %p\n", ptr_private_key);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@ -166,15 +148,12 @@ void inject(t_elf_content *woody)
{ {
payload_position = create_codecave(woody, &woody->Phdr[i], payload); payload_position = create_codecave(woody, &woody->Phdr[i], payload);
} }
rsa_t rsa = rsa_generate_keys(); encrypt(woody->file, woody->Phdr[i].p_offset, woody->Phdr[i].p_memsz);
printf("key n : %ld (%lx) key d %ld (%lx), key total : %ld (%lx)\n", rsa.n, rsa.n, rsa.d, rsa.d, (rsa.n << 32) + rsa.d, (rsa.n << 32) + rsa.d); insert_payload(woody, payload, payload_position, i);
payload_position = encrypt(woody->file, woody->Phdr[i].p_offset, woody->Phdr[i].p_memsz, rsa);
printf("Payload position : %ld (%lx)\n", payload_position, payload_position);
insert_payload(woody, payload, payload_position, i, rsa);
woody->Ehdr->e_entry = payload_position; woody->Ehdr->e_entry = payload_position;
woody->Phdr[i].p_filesz += payload->len + 15; woody->Phdr[i].p_filesz += payload->len;
woody->Phdr[i].p_memsz += payload->len + 15; woody->Phdr[i].p_memsz += payload->len;
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
} }

1
zreset_woody.sh
View File

@ -1 +0,0 @@
./gen_payload.sh && rm -f woody && ./woody_woodpacker resources/sample64 | less