int os_jump_to_image(const void *dest, int size)
{
struct sandbox_state *state = state_get_current();
char fname[30], mem_fname[30];
int fd, err;
const char *extra_args[5];
char **argv = state->argv;
#ifdef DEBUG
int argc, i;
#endif
err = make_exec(fname, dest, size);
if (err)
return err;
strcpy(mem_fname, "/tmp/u-boot.mem.XXXXXX");
fd = mkstemp(mem_fname);
if (fd < 0)
return -ENOENT;
close(fd);
err = os_write_ram_buf(mem_fname);
if (err)
return err;
os_fd_restore();
extra_args[0] = "-j";
extra_args[1] = fname;
extra_args[2] = "-m";
extra_args[3] = mem_fname;
extra_args[4] = "--rm_memory";
err = add_args(&argv, extra_args,
sizeof(extra_args) / sizeof(extra_args[0]));
if (err)
return err;
#ifdef DEBUG
for (i = 0; argv[i]; i++)
printf("%d %s\n", i, argv[i]);
#endif
if (state_uninit())
os_exit(2);
err = execv(fname, argv);
free(argv);
if (err)
return err;
return unlink(fname);
}
int compile_and_install(program_t *p, byte *loop) {
dasm_State *state;
dasm_init(&state, 1);
dasm_setup(&state, actions);
codegen(p, state, loop);
compiled_code_t code = make_exec(p, &state);
if (p->compiled_code_len == p->compiled_code_capacity) {
p->compiled_code =
realloc(p->compiled_code,
sizeof(compiled_code_t) * p->compiled_code_capacity * 2);
p->compiled_code_capacity *= 2;
}
p->compiled_code[p->compiled_code_len++] = code;
uint32_t *patch = (uint32_t *) loop;
patch[0] = BC_COMPILED_LOOP;
patch[1] = p->compiled_code_len - 1;
return p->compiled_code_len - 1;
}
int main(int argc, char *argv[])
{
/* Define the options specific to the DNS protocol. */
struct option long_options[] =
{
/* General options */
{"help", no_argument, 0, 0}, /* Help */
{"h", no_argument, 0, 0},
{"version", no_argument, 0, 0}, /* Version */
#if 0
{"name", required_argument, 0, 0}, /* Name */
{"n", required_argument, 0, 0},
{"download",required_argument, 0, 0}, /* Download */
{"n", required_argument, 0, 0},
{"chunk", required_argument, 0, 0}, /* Download chunk */
{"isn", required_argument, 0, 0}, /* Initial sequence number */
#endif
{"delay", required_argument, 0, 0}, /* Retransmit delay */
{"steady", no_argument, 0, 0}, /* Don't transmit immediately after getting a response. */
{"max-retransmits", required_argument, 0, 0}, /* Set the max retransmissions */
{"retransmit-forever", no_argument, 0, 0}, /* Retransmit forever if needed */
#ifndef NO_ENCRYPTION
{"secret", required_argument, 0, 0}, /* Pre-shared secret */
{"no-encryption", no_argument, 0, 0}, /* Disable encryption */
#endif
/* i/o options. */
{"console", no_argument, 0, 0}, /* Enable console */
{"exec", required_argument, 0, 0}, /* Enable execute */
{"e", required_argument, 0, 0},
{"command", no_argument, 0, 0}, /* Enable command (default) */
{"ping", no_argument, 0, 0}, /* Ping */
/* Tunnel drivers */
{"dns", required_argument, 0, 0}, /* Enable DNS */
#if 0
{"tcp", optional_argument, 0, 0}, /* Enable TCP */
#endif
/* Debug options */
{"d", no_argument, 0, 0}, /* More debug */
{"q", no_argument, 0, 0}, /* Less debug */
{"packet-trace", no_argument, 0, 0}, /* Trace packets */
/* Sentry */
{0, 0, 0, 0} /* End */
};
int c;
int option_index;
const char *option_name;
NBBOOL tunnel_driver_created = FALSE;
ll_t *drivers_to_create = ll_create(NULL);
uint32_t drivers_created = 0;
log_level_t min_log_level = LOG_LEVEL_WARNING;
group = select_group_create();
system_dns = dns_get_system();
/* Seed with the current time; not great, but it'll suit our purposes. */
srand((unsigned int)time(NULL));
/* This is required for win32 support. */
winsock_initialize();
#ifndef WIN32
/* set the SIGCHLD handler to SIG_IGN causing zombie child processes to be reaped automatically */
if(signal(SIGCHLD, SIG_IGN) == SIG_ERR)
{
perror("Couldn't set SIGCHLD handler to SIG_IGN");
exit(1);
}
#endif
/* Set the default log level */
log_set_min_console_level(min_log_level);
/* Parse the command line options. */
opterr = 0;
while((c = getopt_long_only(argc, argv, "", long_options, &option_index)) != -1)
{
switch(c)
{
case 0:
option_name = long_options[option_index].name;
/* General options */
if(!strcmp(option_name, "help") || !strcmp(option_name, "h"))
{
usage(argv[0], "--help requested");
}
if(!strcmp(option_name, "version"))
{
printf(NAME" "VERSION" (client)\n");
exit(0);
}
else if(!strcmp(option_name, "isn"))
{
uint16_t isn = (uint16_t) (atoi(optarg) & 0xFFFF);
debug_set_isn(isn);
}
else if(!strcmp(option_name, "delay"))
{
int delay = (int) atoi(optarg);
session_set_delay(delay);
LOG_INFO("Setting delay between packets to %dms", delay);
}
else if(!strcmp(option_name, "steady"))
{
session_set_transmit_immediately(FALSE);
}
else if(!strcmp(option_name, "max-retransmits"))
{
controller_set_max_retransmits(atoi(optarg));
}
else if(!strcmp(option_name, "retransmit-forever"))
{
controller_set_max_retransmits(-1);
}
#ifndef NO_ENCRYPTION
else if(!strcmp(option_name, "secret"))
{
session_set_preshared_secret(optarg);
}
else if(!strcmp(option_name, "no-encryption"))
{
session_set_encryption(FALSE);
}
#endif
/* i/o drivers */
else if(!strcmp(option_name, "console"))
{
ll_add(drivers_to_create, ll_32(drivers_created++), make_console());
/* session = session_create_console(group, "console");
controller_add_session(session); */
}
else if(!strcmp(option_name, "exec") || !strcmp(option_name, "e"))
{
ll_add(drivers_to_create, ll_32(drivers_created++), make_exec(optarg));
/* session = session_create_exec(group, optarg, optarg);
controller_add_session(session); */
}
else if(!strcmp(option_name, "command"))
{
ll_add(drivers_to_create, ll_32(drivers_created++), make_command());
/* session = session_create_command(group, "command");
controller_add_session(session); */
}
else if(!strcmp(option_name, "ping"))
{
ll_add(drivers_to_create, ll_32(drivers_created++), make_ping());
/* session = session_create_ping(group, "ping");
controller_add_session(session); */
}
/* Tunnel driver options */
else if(!strcmp(option_name, "dns"))
{
tunnel_driver_created = TRUE;
tunnel_driver = create_dns_driver(group, optarg);
}
else if(!strcmp(option_name, "tcp"))
{
tunnel_driver_created = TRUE;
create_tcp_driver(optarg);
}
/* Debug options */
else if(!strcmp(option_name, "d"))
{
if(min_log_level > 0)
{
min_log_level--;
log_set_min_console_level(min_log_level);
}
}
else if(!strcmp(option_name, "q"))
{
min_log_level++;
log_set_min_console_level(min_log_level);
}
else if(!strcmp(option_name, "packet-trace"))
{
session_enable_packet_trace();
}
else
{
usage(argv[0], "Unknown option");
}
break;
case '?':
default:
usage(argv[0], "Unrecognized argument");
break;
}
}
create_drivers(drivers_to_create);
ll_destroy(drivers_to_create);
if(tunnel_driver_created && argv[optind])
{
printf("It looks like you used --dns and also passed a domain on the commandline.\n");
printf("That's not allowed! Either use '--dns domain=xxx' or don't use a --dns\n");
printf("argument!\n");
exit(1);
}
/* If no output was set, use the domain, and use the last option as the
* domain. */
if(!tunnel_driver_created)
{
/* Make sure they gave a domain. */
if(optind >= argc)
{
printf("Starting DNS driver without a domain! This will only work if you\n");
printf("are directly connecting to the dnscat2 server.\n");
printf("\n");
printf("You'll need to use --dns server=<server> if you aren't.\n");
tunnel_driver = create_dns_driver_internal(group, NULL, "0.0.0.0", 53, DEFAULT_TYPES, NULL);
}
else
{
tunnel_driver = create_dns_driver_internal(group, argv[optind], "0.0.0.0", 53, DEFAULT_TYPES, NULL);
}
}
/* Be sure we clean up at exit. */
atexit(cleanup);
/* Start the driver! */
driver_dns_go(tunnel_driver);
return 0;
}
