static bool update(RCrypto *cry, const ut8 *buf, int len) {
ut8 *obuf = calloc (1, len);
if (!obuf) {
return false;
}
xor_crypt (&st, buf, obuf, len);
r_crypto_append (cry, obuf, len);
free (obuf);
return true;
}
int main(int argc, char **argv) {
char new_path[BUFSIZ];
int arg0_fd, new_fd, exec_fd;
struct stat arg0_statbuf;
uint8_t *mmap_exec, *marker;
MyExecHeader *my_ehdr;
const uint8_t nullbuf[XOR_KEYLEN] = {0};
char temp[BUFSIZ] = {0};
char exec_path[BUFSIZ];
off_t exec_off;
if (argc < 1)
return 1;
printf("\n[example]\n"
"Start: %p\n"
"End..: %p\n"
"Size.: %u\n",
_exec_payload_start, _exec_payload_end,
_exec_payload_size);
snprintf(new_path, sizeof new_path, "./.%s", basename(argv[0]));
arg0_fd = open(argv[0], O_RDONLY | OPEN_FLAGS, 0);
new_fd = open(new_path, O_RDWR | O_CREAT | O_EXCL | OPEN_FLAGS,
S_IRWXU | S_IRWXG | S_IRWXO);
printf("\n[fd]\n"
"arg0.: %d '%s'\n"
"new..: %d '%s'\n",
arg0_fd, argv[0],
new_fd, new_path);
if (arg0_fd < 0 || new_fd < 0) {
perror("open");
return 1;
}
if (fstat(arg0_fd, &arg0_statbuf)) {
perror("fstat");
return 1;
}
if (sendfile(new_fd, arg0_fd, NULL,
arg0_statbuf.st_size) != arg0_statbuf.st_size)
{
perror("sendfile");
return 1;
}
close(arg0_fd);
mmap_exec = (uint8_t *) mmap(NULL, arg0_statbuf.st_size, PROT_READ | PROT_WRITE,
MAP_SHARED, new_fd, 0);
if (!mmap_exec)
return 1;
printf("\n[exec]\n"
"mmap.: %p\n"
"size.: %lu\n",
mmap_exec, arg0_statbuf.st_size);
marker = findMarker(mmap_exec, arg0_statbuf.st_size);
if (!marker)
return 1;
printf("mark.: %p\n", marker);
my_ehdr = (MyExecHeader *) marker;
if (!memcmp(my_ehdr->xorkey, nullbuf, XOR_KEYLEN)) {
xor_genkey(my_ehdr);
printf("\nEmpty XOR Key .. Generated: %s\n",
shexbuf((uint8_t *) my_ehdr->xorkey,
sizeof my_ehdr->xorkey,
temp, sizeof temp));
} else {
printf("\nXOR Key: %s\nDecrypt payload ..\n",
shexbuf((uint8_t *) my_ehdr->xorkey,
sizeof my_ehdr->xorkey,
temp, sizeof temp));
xor_crypt(my_ehdr);
memset(my_ehdr->xorkey, 0, sizeof my_ehdr->xorkey);
printf("\nExtracting payload size %u\n",
_exec_payload_size);
snprintf(exec_path, sizeof exec_path, "%.*s_",
(int) sizeof exec_path - 2, new_path);
exec_fd = open(exec_path, O_RDWR | O_CREAT | OPEN_FLAGS,
S_IRWXU | S_IRWXG | S_IRWXO);
if (exec_fd < 0)
return 1;
exec_off = my_ehdr->payload - mmap_exec;
printf("Extracted " SSIZET_FMT "\n",
sendfile(exec_fd, new_fd, &exec_off, _exec_payload_size));
close(exec_fd);
printf("Exec and Remove %s\n", exec_path);
printf("Returned: 0x%X\n", system(exec_path));
unlink(exec_path);
}
xor_crypt(my_ehdr);
munmap(mmap_exec, arg0_statbuf.st_size);
close(new_fd);
if (rename(new_path, argv[0])) {
perror("rename");
return 1;
}
return 0;
}
