int random_int(void *pp)
{
ty_random *p;
p = (ty_random *)pp;
return (int)taus_get(p->tausmem);
}
static void
taus2_set (void *vstate, unsigned long int s)
{
taus_state_t *state = (taus_state_t *) vstate;
if (s == 0)
s = 1; /* default seed is 1 */
#define LCG(n) ((69069 * n) & 0xffffffffUL)
state->s1 = LCG (s);
if (state->s1 < 2) state->s1 += 2UL;
state->s2 = LCG (state->s1);
if (state->s2 < 8) state->s2 += 8UL;
state->s3 = LCG (state->s2);
if (state->s3 < 16) state->s3 += 16UL;
/* "warm it up" */
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
return;
}
static void
taus_set (taus_state_t * state, unsigned int s)
{
if (s == 0) {
s = 1; /* default seed is 1 */
}
// original for unsigned long int
//#define LCG(n) ((69069 * n) & 0xffffffffUL)
#define LCG(n) ((69069 * n))
state->s1 = LCG (s);
state->s2 = LCG (state->s1);
state->s3 = LCG (state->s2);
/* "warm it up" */
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
taus_get (state);
return;
}
int main (int argc, char * argv[])
{
/* the default password
*/
unsigned char TcpFlag[9] = { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7 };
unsigned char BadFlag[9] = { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF };
char * found_it;
int i;
int suc = 0;
int badcnt = 0;
char * newn;
size_t nlen;
int oldf;
int newf;
int ret;
unsigned long bytecount;
char in[9];
int j, k;
char ccd;
char * str;
char * buf = (char *) malloc(GRAB_SIZE);
size_t dat;
char * newpwd = (char *) malloc(5 * 8 + 2);
char * oldpwd = (char *) malloc(5 * 8 + 2);
memset (newpwd, '\0', 5 * 8 + 2);
memset (oldpwd, '\0', 5 * 8 + 2);
if (argc < 4)
{
fprintf (stderr, "%s", _("\nUsage: samhain_setpwd <filename> <suffix> "\
"<new_password>\n\n"));
fprintf (stderr, "%s", _(" This program is a utility that will:\n"));
fprintf (stderr, "%s", _(" - search in the binary executable "\
"<filename> for samhain's\n"));
fprintf (stderr, "%s", _(" compiled-in default password,\n"));
fprintf (stderr, "%s", _(" - change it to <new_password>,\n"));
fprintf (stderr, "%s", _(" - and output the modified binary to "\
"<filename>.<suffix>\n\n"));
fprintf (stderr, "%s", _(" To allow for non-printable chars, "\
"<new_password> must be\n"));
fprintf (stderr, "%s", _(" a 16-digit hexadecimal "\
"number (only 0-9,A-F allowed in input),\n"));
fprintf (stderr, "%s", _(" thus corresponding"\
" to an 8-byte password.\n\n"));
fprintf (stderr, "%s", _(" Example: 'samhain_setpwd samhain new "\
"4142434445464748'\n"));
fprintf (stderr, "%s", _(" takes the file 'samhain', sets the "\
"password to 'ABCDEFGH'\n"));
fprintf (stderr, "%s", _(" ('A' = 41 hex, 'B' = 42 hex, ...) "\
"and outputs the result\n"));
fprintf (stderr, "%s", _(" to 'samhain.new'.\n"));
return EXIT_FAILURE;
}
if (strlen(argv[3]) != 16)
{
fprintf (stdout,
_("ERROR <new_password> |%s| has not exactly 16 chars\n"),
argv[3]);
fflush(stdout);
return EXIT_FAILURE;
}
str = &argv[3][0];
i = 0;
while (i < 16)
{
k = i/2; j = 0;
if (2*k == i) in[k] = 0;
while (j < 16)
{
if (-1 != readhexchar(str[i]))
{
in[k] += readhexchar(str[i]) * (i == 2*k ? 16 : 1);
break;
}
++j;
if (j == 16)
{
fprintf(stdout, _("ERROR Invalid char %c\n"), str[i]);
fflush(stdout);
return EXIT_FAILURE;
}
}
++i;
}
in[8] = '\0';
/* ---- initialize -----
*/
(void) umask (0);
taus_seed();
bytecount = 0;
/* ---- open files -----
*/
oldf = open(argv[1], O_RDONLY);
nlen = strlen(argv[1])+strlen(argv[2])+2;
newn = (char *) malloc (nlen);
strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0';
strncat(newn, ".", nlen); newn[nlen-1] = '\0';
strncat(newn, argv[2], nlen); newn[nlen-1] = '\0';
newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU);
if (oldf < 0)
{
fprintf(stdout, _("ERROR Cannot open input file %s.\n"), argv[1]);
fflush(stdout);
return EXIT_FAILURE;
}
if (newf < 0)
{
fprintf(stdout, _("ERROR Cannot open output file %s.\n"), newn);
fflush(stdout);
return EXIT_FAILURE;
}
/* ---- scan file -----
*/
while (1)
{
dat = read (oldf, buf, GRAB_SIZE);
if (dat == 0)
break;
bytecount += dat;
while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL)
{
suc = 1;
fprintf (stdout, "%s", _("INFO old password found\n"));
fflush(stdout);
for (i = 0; i < 8; ++i)
{
sprintf(&oldpwd[i*2], _("%02x"),
(unsigned char) *found_it);
sprintf(&newpwd[i*2], _("%02x"),
(unsigned char) in[i]);
*found_it = in[i];
++found_it;
}
fprintf (stdout, _("INFO replaced: %s by: %s\n"),
oldpwd, newpwd);
fflush(stdout);
}
while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL)
{
badcnt++;
/* fprintf (stderr, _("INFO old filler found\n")); */
for (i = 0; i < 8; ++i)
{
sprintf(&oldpwd[i*2], _("%02x"),
(unsigned char) *found_it);
ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0)));
sprintf(&newpwd[i*2], _("%02x"),
(unsigned char) ccd);
*found_it = ccd;
++found_it;
}
/* fprintf (stderr, _("INFO replaced: %s by: %s\n"),
oldpwd, newpwd);
*/
}
ret = write (newf, buf, dat);
if (dat > 0 && ret < 0)
{
fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn);
fflush(stdout);
return EXIT_FAILURE;
}
}
if (suc == 1 && badcnt == 7)
{
fprintf (stdout, "%s", _("INFO finished\n"));
close (newf);
close (oldf);
fflush(stdout);
return (0);
}
lseek (oldf, 0, SEEK_SET);
lseek (newf, 0, SEEK_SET);
fprintf (stdout, "%s", _("INFO Not found in first pass.\n"));
fprintf (stdout, "%s", _("INFO Second pass ..\n"));
/* offset the start point
*/
dat = read (oldf, buf, (GRAB_SIZE / 2));
ret = write (newf, buf, dat);
if (dat > 0 && ret < 0)
{
fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn);
fflush(stdout);
return EXIT_FAILURE;
}
bytecount = 0;
suc = 0;
badcnt = 0;
while (1)
{
dat = read (oldf, buf, GRAB_SIZE);
if (dat == 0)
break;
bytecount += dat;
while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL)
{
suc = 1;
fprintf (stdout, "%s", _("INFO old password found\n"));
for (i = 0; i < 8; ++i)
{
sprintf(&oldpwd[i*2], _("%02x"),
(unsigned char) *found_it);
sprintf(&newpwd[i*2], _("%02x"),
(unsigned char) in[i]);
*found_it = in[i];
++found_it;
}
fprintf (stdout, _("INFO Replaced: %s by: %s\n"),
oldpwd, newpwd);
}
while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL)
{
badcnt++;
/* fprintf (stderr, _("INFO old filler found\n")); */
for (i = 0; i < 8; ++i)
{
sprintf(&oldpwd[i*2], _("%02x"),
(unsigned char) *found_it);
ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0));
sprintf(&newpwd[i*2], _("%02x"),
(unsigned char) ccd);
*found_it = ccd;
++found_it;
}
/* fprintf (stderr, _("INFO Replaced: %s by: %s\n"),
oldpwd, newpwd);*/
}
ret = write (newf, buf, dat);
if (dat > 0 && ret < 0)
{
fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn);
fflush(stdout);
return EXIT_FAILURE;
}
}
close (newf);
close (oldf);
if (suc == 1 && badcnt == 7)
{
fprintf (stdout, "%s", _("INFO finished\n"));
fflush(stdout);
return 0;
}
if (suc == 0 || badcnt < 7)
{
fprintf (stdout, "%s", _("ERROR incomplete replacement\n"));
}
else
{
fprintf (stdout, "%s", _("ERROR bad replacement\n"));
}
fflush(stdout);
return EXIT_FAILURE;
}
double
taus_get_double (void *vstate)
{
return taus_get (vstate) / 4294967296.0 ;
}
uint4 cl_random_get(uint4 state)
{
state.s0 = taus_get(&state.state);
return state;
}
