release woody 1.0 #6
|
@ -22,6 +22,7 @@ typedef struct s_map {
|
|||
typedef struct s_payload64 {
|
||||
int (*encrypt)(t_map, void *, Elf64_Phdr);
|
||||
int (*gen_key)(void **);
|
||||
char *algo_name;
|
||||
size_t jump_offset;
|
||||
size_t woody_offset;
|
||||
size_t load_ptr_offset;
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
t_payload64 get_debug_payload64(void) {
|
||||
t_payload64 payload;
|
||||
|
||||
payload.algo_name = ft_strdup("debug");
|
||||
payload.len = 55;
|
||||
payload.jump_offset = 37;
|
||||
payload.encrypt = NULL;
|
||||
|
|
|
@ -49,19 +49,13 @@ int get_load_segment64(
|
|||
return RET_ERR;
|
||||
}
|
||||
|
||||
// TODO refacto
|
||||
t_map get_code_cave(t_map file, Elf64_Phdr load_segment) {
|
||||
int get_code_cave64(t_map file, Elf64_Phdr load_segment, t_map *code_cave) {
|
||||
size_t page_size = load_segment.p_align;
|
||||
size_t len = page_size - load_segment.p_filesz % page_size;
|
||||
size_t offset = load_segment.p_offset + load_segment.p_filesz;
|
||||
unsigned char *seg = fetch(file, offset, len);
|
||||
if (!seg) {
|
||||
printf("fallback to weird code cave finder\n");
|
||||
seg = fetch(file, offset, file.size - offset);
|
||||
len = file.size - offset;
|
||||
if (!seg) {
|
||||
ft_printf("unreachable !!!\n");
|
||||
}
|
||||
return RET_ERR;
|
||||
}
|
||||
|
||||
size_t longest = 0;
|
||||
|
@ -72,23 +66,17 @@ t_map get_code_cave(t_map file, Elf64_Phdr load_segment) {
|
|||
while (i + j < len && seg[i + j] == 0) {
|
||||
j++;
|
||||
}
|
||||
|
||||
if (j > longest) {
|
||||
longest_i = i;
|
||||
longest = j;
|
||||
}
|
||||
i += j;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
t_map code_cave;
|
||||
code_cave.data = fetch(file, longest_i + offset, longest);
|
||||
code_cave.size = longest;
|
||||
if (!code_cave.data) {
|
||||
ft_printf("unreachable !!!\n");
|
||||
}
|
||||
return code_cave;
|
||||
code_cave->data = fetch(file, longest_i + offset, longest);
|
||||
code_cave->size = longest;
|
||||
return RET_OK;
|
||||
}
|
||||
|
||||
int pack_elf64(t_map file) {
|
||||
|
@ -121,9 +109,13 @@ int pack_elf64(t_map file) {
|
|||
to_encrypt.size = load_segment.p_filesz + encryption_block_size - load_segment.p_filesz % encryption_block_size;
|
||||
*/
|
||||
|
||||
t_map code_cave = get_code_cave(file, *load_segment);
|
||||
t_map code_cave;
|
||||
if (get_code_cave64(file, *load_segment, &code_cave) == RET_ERR) {
|
||||
return wdy_error("can't get code cave");
|
||||
}
|
||||
|
||||
t_payload64 payload = get_xor_payload64();
|
||||
ft_printf("info: using %s algorithm\n", payload.algo_name);
|
||||
// This should fallback to compression algorithm, or smaller payload (eg rsa->xor)
|
||||
if (payload.len > (size_t)code_cave.size) {
|
||||
printf("code cave size: %ld (0x%lx) bytes\n", code_cave.size, code_cave.size);
|
||||
|
|
|
@ -54,6 +54,7 @@ int encrypt_xor(t_map file, void *key_ptr, Elf64_Phdr load_segment) {
|
|||
t_payload64 get_xor_payload64(void) {
|
||||
t_payload64 payload;
|
||||
|
||||
payload.algo_name = ft_strdup("xor");
|
||||
payload.len = 155;
|
||||
payload.jump_offset = 113;
|
||||
payload.load_ptr_offset = 131;
|
||||
|
|
Loading…
Reference in New Issue