/* Digests the standard input and prints the result.
*/
static void MDFilter ()
{
MD_CTX context;
size_t len = 0;
unsigned char buffer[128] = {0}, digest[16] = {0};
printf("Input a word(string) (length < 128): \n");
MDInit(&context);
if (fgets(buffer, 128, stdin) != NULL) {
len = strlen(buffer);
// erase '\n' at the end of the buffer
buffer[len - 1] = '\0';
len --;
printf("Length: %d\n", len);
} else
return;
MDUpdate(&context, buffer, len);
MDFinal(digest, &context);
printf("MD5 (\"%s\") = ", buffer);
MDPrint(digest);
printf("\n");
}
static void MDCrypt(unsigned char md5_target[32])
{
struct timeval endTime, startTime;
double timedif;
unsigned int i;
unsigned char word[WORD_LENGTH];
MD32ToChar16(md5_target, md5_target16);
printf("Target MD5:\n");
MDPrint(md5_target16);
printf("\n");
/* Start timer */
gettimeofday(&startTime, NULL);
for (i = 1; i <= WORD_LENGTH; i++)
CrackWord(word, i, i);
/* Stop timer */
gettimeofday(&endTime, NULL);
if (found)
printf("\n\n the original word: %s\n", original_word);
printf(" word_count: %d\n", word_count);
printf(" done\n");
timedif = (endTime.tv_sec - startTime.tv_sec) + (endTime.tv_usec - startTime.tv_usec) / 1000000.0;
printf("\nTime = %f seconds\n", timedif);
return;
}
static void CrackWord(unsigned char word[WORD_LENGTH], int index, int len)
{
MD_CTX context;
unsigned char digest[16];
unsigned int i;
if (index == 0) {
// MD5 calculate
MDInit (&context);
MDUpdate(&context, word, len);
MDFinal(digest, &context);
// MD5 finished
for (i = 0; i < len; i++)
printf("%c", word[i]);
printf(":");
MDPrint(digest);
printf("\n");
if (strncmp(digest, md5_target16, 16) == 0) {
printf("\nFind!!!\n\n");
found = 1;
strncpy(original_word, word, len);
}
word_count++;
} else {
for (i = 0; i < 62; i++) {
word[index - 1] = char_set[i];
CrackWord(word, index - 1, len);
}
}
}
static void MDTimeTrial (void)
{
MD5_CONTEXT context;
time_t endTime, startTime;
unsigned char block [TEST_BLOCK_LEN], digest [16];
unsigned i;
printf ("MD5 time trial. Digesting %d %d-byte blocks ...",
TEST_BLOCK_COUNT, TEST_BLOCK_LEN);
/* Initialize block */
for (i = 0; i < TEST_BLOCK_LEN; i++)
block [i] = (unsigned char)(i & 0xff);
/* Start timer */
time (&startTime);
/* Digest blocks */
md5_init (&context);
for (i = 0; i < TEST_BLOCK_COUNT; i++)
md5_update (&context, block, TEST_BLOCK_LEN);
md5_final (digest, &context);
/* Stop timer */
time (&endTime);
printf (" done\n");
printf ("Digest = ");
MDPrint (digest);
printf ("\nTime = %ld seconds\n", (long) (endTime - startTime));
printf ("Speed = %ld bytes/second\n",
(long) TEST_BLOCK_LEN * (long) TEST_BLOCK_COUNT / (endTime - startTime));
}
/* Digests a file and prints the result.
*/
static void MDFile(char *filename)
{
apr_file_t *file;
apr_md4_ctx_t context;
apr_size_t len = 1024;
unsigned char buffer[1024], digest[APR_MD4_DIGESTSIZE];
if (apr_file_open(&file, filename, APR_READ, APR_OS_DEFAULT, local_pool)
!= APR_SUCCESS)
apr_file_printf(err, "%s can't be opened\n", filename);
else {
apr_md4_init(&context);
while (apr_file_read(file, buffer, &len) != APR_SUCCESS)
{
apr_md4_update(&context, buffer, len);
len = 1024;
}
apr_md4_final(digest, &context);
apr_file_close(file);
apr_file_printf(out, "MD4 (%s) = ", filename);
MDPrint(digest);
apr_file_printf(out, "\n");
}
}
/* Digests a file and prints the result.
*/
static void MDFile(char *filename)
{
FILE *file;
MD_CTX context;
int len;
unsigned char buffer[1024], digest[16];
if ((file = fopen(filename, "rb")) == NULL)
{
printf("%s can't be opened\n", filename);
}
else
{
MDInit(&context);
while (len = fread(buffer, 1, 1024, file))
{
MDUpdate(&context, buffer, len);
}
MDFinal(digest, &context);
fclose(file);
printf("MD%d (%s) = ", MD, filename);
MDPrint(digest);
printf("\n");
}
}
/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
blocks.
*/
static void MDTimeTrial ()
{
MD_CTX context;
struct timeval endTime, startTime;
double timedif;
unsigned char block[TEST_BLOCK_LEN], digest[16];
unsigned int i;
printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD, TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
/* Initialize block */
for (i = 0; i < TEST_BLOCK_LEN; i++)
block[i] = (unsigned char)(i & 0xff);
/* Start timer */
gettimeofday(&startTime, NULL);
/* Digest blocks */
MDInit (&context);
for (i = 0; i < TEST_BLOCK_COUNT; i++)
MDUpdate(&context, block, TEST_BLOCK_LEN);
MDFinal(digest, &context);
/* Stop timer */
gettimeofday(&endTime, NULL);
printf(" done\n");
printf("Digest = ");
MDPrint(digest);
timedif = (endTime.tv_sec - startTime.tv_sec) + (endTime.tv_usec - startTime.tv_usec) / 1000000.0;
printf("\nTime = %f seconds\n", timedif);
printf("Speed = %f bytes/second\n", (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT / timedif);
}
//generate md5 and print virtual address and md5
void genMd5(void * startAdress, int pageSize, unsigned vaddr) {
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
// printf("%x ", vaddr); //print vaddr
MDPrint(md5digest);
printf(" %x ", vaddr); //print vaddr
printf("\n");
}
//generate md5 and print virtual address and md5
void genMd5WithOffset(void * startAdress, int pageSize, unsigned vaddr, unsigned offset) {
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
//print md5 and vaddr
MDPrint(md5digest);
printf(" %x %u", vaddr, offset / 4096);
printf("\n");
}
//signatures match
void sigMatch(range range, Mem *mem, int pageSize, int dsmPages[], int *match_time) {
int i;
struct timeval earlier;
struct timeval later;
//begin match
int osNumber = initDb();
extern fingerprint fingerprints[FINGERPRINT_NO];
if (gettimeofday(&earlier, NULL)) {
perror("gettimeofday() error");
exit(1);
}
int availableOs[FINGERPRINT_NO], matchCounts[FINGERPRINT_NO];
for (i = 0; i < FINGERPRINT_NO; i++) {
availableOs[i] = 1;
matchCounts[i] = 0;
}
unsigned startVirtualAddr = range.start;
for (; startVirtualAddr <= range.end; startVirtualAddr += 0x1000) {
unsigned pAddr = vtop(mem->mem, mem->mem_size, mem->pgd, startVirtualAddr);
if (pAddr == -1 || pAddr > mem->mem_size)
continue;
int pageIndex = pAddr / pageSize;
if (dsmPages[pageIndex] == 1) {
int offset = (startVirtualAddr - range.start) / 4096;
void *startAdress = (void*) ((unsigned) mem->mem + pageIndex * pageSize);
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
// printf("%x ", vaddr); //print vaddr
MDPrint(md5digest);
printf("\n");
int ret = matchByIndex(osNumber, md5digest, offset, availableOs, matchCounts);
// if(ret ==1)
}
}
int maxIndex = -1;
int maxMatch = 0;
for (i = 0; i < FINGERPRINT_NO; i++) {
if (matchCounts[i] > maxMatch) {
maxIndex = i;
maxMatch = matchCounts[i];
}
}
if (maxMatch > 0)
printf("Os is %s, match count is %d\n", fingerprints[maxIndex].osVersion, maxMatch);
else
puts("Unknown OS!");
if (gettimeofday(&later, NULL)) {
perror("gettimeofday() error");
exit(1);
}
*match_time = timeval_diff(NULL, &later, &earlier) / 1000;
printf("match time cost is %d milliseconds\n", *match_time);
}
static void MDFilter () {
MD5_CTX context;
int len;
unsigned char buffer[16], digest[16];
MD5Init (&context);
while ((len = fread (buffer, 1, 16, stdin)) != 0)
MD5Update (&context, buffer, len);
MD5Final (digest, &context);
MDPrint (digest);
printf ("\n");
}
static void
MDString(char *string)
{
MD5_CTX context;
unsigned char digest[16];
unsigned int len = strlen(string);
xMD5Init(&context);
xMD5Update(&context, string, len);
xMD5Final(digest, &context);
printf("MD5 (\"%s\") = ", string);
MDPrint(digest);
printf("\n");
}
static void MDFilter (void)
{
MD5_CONTEXT context;
int len;
unsigned char buffer [16], digest [16];
md5_init (&context);
while (len = fread (buffer, 1, 16, stdin))
md5_update (&context, buffer, len);
md5_final (digest, &context);
MDPrint (digest);
printf ("\n");
}
static void MDString (const char *string)
{
MD5_CONTEXT context;
unsigned char digest [16];
unsigned len = strlen (string);
md5_init (&context);
md5_update (&context, string, len);
md5_final (digest, &context);
printf ("MD5 (\"%s\") = ", string);
MDPrint (digest);
printf ("\n");
}
/* Digests a string and prints the result.
*/
static void MDString(char *string)
{
apr_md4_ctx_t context;
unsigned char digest[APR_MD4_DIGESTSIZE];
unsigned int len = strlen(string);
apr_md4_init(&context);
apr_md4_update(&context, (unsigned char *)string, len);
apr_md4_final(digest, &context);
apr_file_printf (out, "MD4 (\"%s\") = ", string);
MDPrint(digest);
apr_file_printf (out, "\n");
}
int main (int argc, char *argv[]) {
int i;
unsigned char digest[16];
if (argc > 1)
{
for (i = 1; i < argc; i++)
{
if (argv[i][0] == '-' && argv[i][1] == 's')
{
MDString (&digest, argv[i] + 2);
/*
printf ("\nMD%d (\"%s\") = ", MD, argv[i] + 2);
MDPrint (digest);
printf ("\n");
*/
}
else if (strcmp (argv[i], "-t") == 0)
MDTimeTrial ();
else
{
MDFile (&digest, argv[i]);
//MDPartOfFile (&digest, argv[i], 1000, 1003);
//printf ("\nMD%d (%s) = ", MD, argv[i]);
//fprintf (stderr, "xxxx %02x\n", digest[0]);
unsigned int lol;
char ans[32];
fprintf(stderr, "Wrote : ");
for (lol = 0; lol < 16; lol++)
{
fprintf (stderr, "%02x", digest[lol]);
sprintf (ans+2*lol, "%02x", digest[lol]);
}
#if 1
fprintf (stderr, "\n===================\n");
fprintf (stderr, "ANS : %s\n", ans);
fprintf (stderr, "\n====================\n");
MDPrint (digest);
printf ("\n");
#endif
}
}
}
else
MDFilter ();
return (0);
}
/* Digests the standard input and prints the result.
*/
static void MDFilter(void)
{
apr_md4_ctx_t context;
apr_size_t len = 16;
unsigned char buffer[16], digest[16];
apr_md4_init(&context);
while (apr_file_read(in, buffer, &len) != APR_SUCCESS)
{
apr_md4_update(&context, buffer, len);
len = 16;
}
apr_md4_update(&context, buffer, len);
apr_md4_final(digest, &context);
MDPrint(digest);
apr_file_printf(out, "\n");
}
//generate md5 and print virtual address and md5
void genMd5WithOffset(void *startAdress, int pageSize, unsigned vaddr,
unsigned offset)
{
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
//print md5 and vaddr
MDPrint(md5digest);
printf(" %x %u", vaddr, offset / 4096);
printf("\n");
/*
int i;
for (i = 0; i < 16; i++)
fprintf(kernel_code_sig, "%02x", md5digest[i]);
fprintf(kernel_code_sig, " %x %u", vaddr, offset / 4096);
fprintf(kernel_code_sig, "\n");
*/
}
static void MDFile (const char *filename)
{
FILE *file;
MD5_CONTEXT context;
int len;
unsigned char buffer [1024], digest [16];
if ((file = fopen (filename, "rb")) == NULL)
printf ("%s can't be opened\n", filename);
else {
md5_init (&context);
while (len = fread (buffer, 1, 1024, file))
md5_update (&context, buffer, len);
md5_final (digest, &context);
fclose (file);
printf ("MD5 (%s) = ", filename);
MDPrint (digest);
printf ("\n");
}
}
/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
blocks.
*/
static void MDTimeTrial(void)
{
apr_md4_ctx_t context;
apr_time_t endTime, startTime;
apr_interval_time_t timeTaken;
unsigned char block[TEST_BLOCK_LEN], digest[APR_MD4_DIGESTSIZE];
unsigned int i;
apr_file_printf(out, "MD4 time trial. Digesting %d %d-byte blocks ...",
TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
/* Initialize block */
for (i = 0; i < TEST_BLOCK_LEN; i++)
block[i] = (unsigned char)(i & 0xff);
/* Start timer */
startTime = apr_time_now();
/* Digest blocks */
apr_md4_init(&context);
for (i = 0; i < TEST_BLOCK_COUNT; i++)
apr_md4_update(&context, block, TEST_BLOCK_LEN);
apr_md4_final(digest, &context);
/* Stop timer */
endTime = apr_time_now();
timeTaken = endTime - startTime;
apr_file_printf(out, " done\n");
apr_file_printf(out, "Digest = ");
MDPrint(digest);
apr_file_printf(out, "\nTime = %" APR_TIME_T_FMT " seconds\n", timeTaken);
apr_file_printf(out, "Speed = % " APR_TIME_T_FMT " bytes/second\n",
TEST_BLOCK_LEN * TEST_BLOCK_COUNT/timeTaken);
}
/* determine version of OS by mem
* 1.To get signature of multiply versions of os, which is the md5 of kernel code
* 2.Compared by a decision tree.
* 3.Done!*/
void determineOsVersion(Mem * mem)
{
int i;
int pageSize = 4 * 1024; //4k
int totalPageNumber = mem->mem_size / (4 * 1024); //assume that every page has 4k
unsigned codePageNo = 0;
//record when two page have different page index and the same sharp
int calledPages[totalPageNumber];
int dsmPages[totalPageNumber];
//record virtual address
unsigned virtualAddrs[totalPageNumber];
for (i = 0; i < totalPageNumber; i++) {
calledPages[i] = 0;
dsmPages[i] = 0;
virtualAddrs[i] = 0;
}
//start address
unsigned startVirtualAddr = KERNEL_START_ADDRESS;
//with dissemble or not
int withDissemble = 1;
int cr3PageIndex = 0;
unsigned cr3Pages[20];
for (i = 0; i < 20; i++) {
cr3Pages[i] = 0;
}
struct timeval earlier;
struct timeval later;
if (gettimeofday(&earlier, NULL)) {
perror("gettimeofday() error");
exit(1);
}
//generate step 1 clusters
clusters[0].end = 0;
int pre_rw = -1; //read or write
int pre_us = -1; //use or system
int pre_g = -1; //global, no move out of TLB
int pre_ps = -1; //page size
unsigned cluster_index = 0;
newstart = 1;
unsigned vAddr = startVirtualAddr;
for (; vAddr > KERNEL_START_ADDRESS - 1; vAddr += 0x1000) {
//printf("startvirtual %x:\n",startVirtualAddr);
int rw = 0; //read or write
int us = 0; //use or system
int g = 0; //global, no move out of TLB
int ps = 0; //page size 4M or 4k
unsigned pAddr =
vtopPageProperty(mem->mem, mem->mem_size, mem->pgd, vAddr, &rw,
&us, &g, &ps);
//if PHYSICAL ADDRESS is not VALID, then start a new cluster
if (pAddr < 0 || pAddr > mem->mem_size || us != 0 || g != 256) {
if (newstart == 0) {
clusters[cluster_index].end = vAddr - 1;
//printf("err address end is %x %x\n", vAddr, ranges[range_index].end);
newstart = 1;
}
continue;
}
//if any property changes, then start a new cluster
if (rw != pre_rw || us != pre_us || g != pre_g || ps != pre_ps) {
if (newstart == 0) {
clusters[cluster_index].end = vAddr - 1;
//printf("property change end is %x %x\n", vAddr, ranges[range_index].end);
newstart = 1;
}
}
//update pre properties
pre_rw = rw;
pre_us = us;
pre_g = g;
pre_ps = ps;
//collect pages with continuous properties;
if (newstart) {
clusters[++cluster_index].start = vAddr;
clusters[cluster_index].end = vAddr + pageSize - 1;
newstart = 0;
} else
clusters[cluster_index].end = vAddr + pageSize - 1;
}
if (gettimeofday(&later, NULL)) {
perror("gettimeofday() error");
exit(1);
}
printf("step1, cluster: %d,time cost is %d milliseconds\n",
cluster_index, timeval_diff(NULL, &later, &earlier) / 1000);
//step2. kernel code page clusters with cr3
if (gettimeofday(&earlier, NULL)) {
perror("gettimeofday() error");
exit(1);
}
unsigned startVirtual = startVirtualAddr;
for (; startVirtual > startVirtualAddr - 1; startVirtual += 0x1000) {
// for (; startVirtual < 0x818f0000; startVirtual += 0x1000) {
unsigned vAddr = startVirtual;
int rw = 0; //read or write
int us = 0; //use or system
int g = 0; //global(no move out of TLB) or not global
int ps = 0; //page size
unsigned pAddr =
vtopPageProperty(mem->mem, mem->mem_size, mem->pgd, vAddr, &rw,
&us, &g, &ps);
// IS PHYSICAL ADDRESS VALID?
if (pAddr == -1 || pAddr > mem->mem_size)
continue;
//collect pages which are system access, and global pages
if (us == 0 && g == 256) {
// printf("r only page %x\n", vAddr);
if (find_kernel(mem, vAddr, pageSize) == 0) {
//record kernel address
cr3Pages[cr3PageIndex++] = vAddr;
printf("kernel start at %x\n", vAddr);
}
}
}
if (gettimeofday(&later, NULL)) {
perror("gettimeofday() error");
exit(1);
}
printf("step2 time cost is %d milliseconds\n",
timeval_diff(NULL, &later, &earlier) / 1000);
//step 3. clusters
if (gettimeofday(&earlier, NULL)) {
perror("gettimeofday() error");
exit(1);
}
int cr3PagesNo = 0;
ranges[0].end = 0;
newstart = 1;
for (i = 1; i <= cluster_index; i++) {
//:w printf("%x %x\n", clusters[i].start, clusters[i].end);
if (containKernelAddres(clusters[i], cr3Pages) == -1) {
continue;
}
cr3PagesNo++;
unsigned vAddr = clusters[i].start;
// printf("%x %x\n", clusters[i].start, clusters[i].end);
newstart = 1;
for (; vAddr < clusters[i].end; vAddr += 0x1000) {
unsigned pAddr =
vtop(mem->mem, mem->mem_size, mem->pgd, vAddr);
if (vAddr == out_pc)
code_init(mem, vAddr, pageSize, dsmPages, virtualAddrs, 1,
calledPages, &codePageNo);
else
code_init(mem, vAddr, pageSize, dsmPages, virtualAddrs, 0,
calledPages, &codePageNo);
}
ranges[range_index].end = clusters[i].end;
}
if (gettimeofday(&later, NULL)) {
perror("gettimeofday() error");
exit(1);
}
printf("step2, cluster: %d\n", cr3PagesNo);
printf("step3, cluster: %d,time cost is %d milliseconds\n",
range_index, timeval_diff(NULL, &later, &earlier) / 1000);
//3.find the kernel core code page cluster, and print it
int osNumber = initDb();
if (gettimeofday(&earlier, NULL)) {
perror("gettimeofday() error");
exit(1);
}
int max_len = 0, max_index = 0;
for (i = 1; i <= range_index; i++) {
// printf("start:%x, end:%x: len:%x kernel\n", ranges[i].start, ranges[i].end, ranges[i].len);
if (ranges[i].len > max_len) {
max_index = i;
max_len = ranges[i].len;
}
}
//4.print md5 of pages that can be disassembled
int availableOs[FINGERPRINT_NO], matchCounts[FINGERPRINT_NO];
for (i = 0; i < FINGERPRINT_NO; i++) {
availableOs[i] = 1;
matchCounts[i] = 0;
}
startVirtualAddr = ranges[max_index].start;
unsigned disasPageNo = 0;
unsigned totalPageNo = 0;
for (; startVirtualAddr <= ranges[max_index].end;
startVirtualAddr += 0x1000) {
totalPageNo++;
unsigned pAddr =
vtop(mem->mem, mem->mem_size, mem->pgd, startVirtualAddr);
if (pAddr == -1 || pAddr > mem->mem_size)
continue;
int pageIndex = pAddr / pageSize;
if (dsmPages[pageIndex] == 1) {
int offset =
(startVirtualAddr - ranges[max_index].start) / 4096;
void *startAdress =
(void *) ((unsigned) mem->mem + pageIndex * pageSize);
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
// printf("%x ", vaddr); //print vaddr
MDPrint(md5digest);
printf("\n");
//search hash table
int ret =
matchByIndex(osNumber, md5digest, offset, availableOs,
matchCounts);
// genMd5WithOffset(startAdress, pageSize, startVirtualAddr, offset);
disasPageNo++;
}
}
if (gettimeofday(&later, NULL)) {
perror("gettimeofday() error");
exit(1);
}
printf("step4.time cost is %d milliseconds\n",
timeval_diff(NULL, &later, &earlier) / 1000);
int maxIndex = -1;
int maxMatch = 0;
for (i = 0; i < FINGERPRINT_NO; i++) {
if (matchCounts[i] > maxMatch) {
maxIndex = i;
maxMatch = matchCounts[i];
}
}
if (maxMatch > 0)
printf("Os is %s, match count is %d\n",
fingerprints[maxIndex].osVersion, maxMatch);
else
puts("Unknown OS!");
return;
}
int main(int argc, char **argv) {
int sockfd, n;
struct sockaddr_in servaddr;
struct stat fileInfo;
FILE *filepath;
int blockSize = 100;
char line[MAXLINE], path[MAXLINE];
char buffer[blockSize];
MD5_CTX mdContext;
FILE * fdin;
FILE * fdout;
/* Check of arg usage */
if (argc != 3) {
error("usage: ingest original-file file-receipe\n");
}
/*--------------------------------------------------------
Establishing socket connection
--------------------------------------------------------*/
/* Send out error message if error on socket */
if ( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
error("Socket error\n");
}
/* Write zero-valued bytes to servaddr */
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET; /* Defines protocol*/
servaddr.sin_port = htons(5624); /* Choosing port number */
int i = inet_pton(AF_INET, "127.0.0.1", &servaddr.sin_addr);
printf("%d\n", i);
if ( i <= 0) {
error("Inet_pton error\n");
}
/* Sends out error message if can't make connection on socket */
int c = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr));
printf("%d\n", c);
if ( c < 0) {
error("Connect error\n");
}
/*--------------------------------------------------------
Ingest stuff
--------------------------------------------------------*/
/* Read in the orginal file */
fdin = fopen(argv[1], "r");
if (fdin == NULL) {
error("Error on original-file\n");
}
/* Output file for recipe */
fdout = fopen(argv[2], "w+");
if (fdout == NULL) {
error("Error on file-receipe\n");
}
/* Obtaining the stats about the file */
stat(argv[1], &fileInfo);
/* Obtaining the path of the file */
filepath = popen("/bin/pwd", "r");
if (filepath == NULL) {
error("Error detecting filepath\n");
}
/* Obtaining the permission bits of the file */
int fileChmod = fileInfo.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
while(fgets(line, sizeof(line-1), filepath)) {
strcat(path, line);
}
/* File permission, file length, filepath */
fprintf(fdout,"%o,%d,%s", fileChmod, (int)fileInfo.st_size, path);
char b[blockSize+100];
while((n = fread(buffer, blockSize, 1, fdin)) >= 0) {
/* Converting buffer into md5 key */
MD5Init (&mdContext);
MD5Update (&mdContext, buffer, strlen(buffer));
MD5Final (&mdContext);
MDPrint (&mdContext);
//printf ("%s\n", buffer);
/* Information being sent to the server */
// printf("n=%d\n", n);
sprintf(b, "INSERT %s~%s~%d", keydigest, buffer, strlen(buffer));
write(sockfd, b, sizeof(b));
//printf("%s\n\n", keydigest);
/* Sending md5 keys out for the recipe */
fprintf(fdout, "%s\n", keydigest);
/* Response from the server */
bzero(b, sizeof(b));
read(sockfd, b, sizeof(b));
printf("%s\n", b);
/* Clears out the buffers */
bzero(keydigest, 16);
bzero(buffer, blockSize);
/* Breaks out of loop when nothing to read */
if(n == 0) break;
}
printf("\n");
fclose(fdin);
fclose(fdout);
return 0;
}
/* determine version of OS by mem
* 1.To get signature of multiply versions of os, which is the md5 of kernel code
* 2.scan all pages of input memory, generate the md5 checksum of one page, compare to all the signature,
* if they are match, output the version of the os.
* 3.Done!
* 4.abandoned*/
void determineOsVersion2(Mem * mem)
{
//get signature
int osNumber = initDb();
int pageSize = 4 * 1024; //4k
int totalPageNumber = mem->mem_size / (4 * 1024); //assume that every page has 4k
//record when two page have different page index and the same sharp
int calledPages[totalPageNumber];
int dsmPages[totalPageNumber];
//record virtual address
int i;
unsigned virtualAddrs[totalPageNumber];
for (i = 0; i < totalPageNumber; i++) {
calledPages[i] = 0;
dsmPages[i] = 0;
virtualAddrs[i] = 0;
}
//start address
unsigned start_vaddr = KERNEL_START_ADDRESS;
unsigned vaddr = start_vaddr;
int matchCount = 0;
int matchPageIndex = 0;
int availableOs[FINGERPRINT_NO];
for (i = 0; i < FINGERPRINT_NO; i++)
availableOs[i] = 1;
for (; vaddr > start_vaddr - 1; vaddr += 0x1000) {
int rw = 0, us = 0, g = 0, ps = 0; //page size 4M or 4k
unsigned pAddr =
vtopPageProperty(mem->mem, mem->mem_size, mem->pgd, vaddr, &rw,
&us, &g, &ps);
if (pAddr == -1 || pAddr > mem->mem_size)
continue;
int pageIndex = pAddr / pageSize;
if (us == 0 && g == 256
&& is_code_page(mem, vaddr, pageSize, virtualAddrs) == 0) {
page_init(mem, pageIndex, pageSize, dsmPages, 0, vaddr,
calledPages);
if (dsmPages[pageIndex] != 1)
continue;
void *startAdress =
(void *) ((unsigned) mem->mem + pageIndex * pageSize);
unsigned char md5digest[16];
MDMem(startAdress, pageSize, md5digest);
MDPrint(md5digest);
printf("\n");
//search hash table
int ret =
match(osNumber, md5digest, &matchPageIndex, availableOs);
while (ret == 2) {
matchPageIndex++;
ret =
match(osNumber, md5digest, &matchPageIndex,
availableOs);
}
if (ret >= 0) {
matchPageIndex++;
matchCount++;
if (ret == 1)
break;
}
}
}
if (matchCount == 0)
puts("Unknown OS!");
printf("match Count:%d\n", matchCount);
}
