int main(int argc, char** argv)
{
if(argc < 3)
usage();
long rsaptr = getRSAPointer(argv[1]);
long hostptr = getHostPointer(argv[1]);
printf("%lo %lo", rsaptr, hostptr);
int childpid = fork();
if(childpid == -1)
fatal("Unable to fork.");
if(childpid == 0)
{
printf("I'm the child");
//chdir(TIBIA_ENV);
execl(TIBIA_PATH, (const char*) NULL, (char*) NULL);
exit(0);
}
sleep(2);
pid_t pid = findPid("Tibia");
//write RSA key
char data[310] = "";
strcpy(data, RSA_KEY);
writeMemory(pid, rsaptr, data, RSALEN);
//DEBUG
readMemory(pid, rsaptr, data, RSALEN);
printf("rsa: %s\n", data);
//DEBUG
//read pointer to Hostname struct
unsigned char ptrdata[4] = "";
readMemory(pid, hostptr, ptrdata, 4);
//read offset+4 on Hostname struct
readMemory(pid, chartohex(ptrdata)+4, ptrdata, 4);
char loc[26] = "";
strcpy(loc,argv[2]);
int len = 26;
writeMemory(pid, chartohex(ptrdata), loc, len);
readMemory(pid,chartohex(ptrdata), data, 30);
printf("IP changed to: %s\n", data);
return 1;
}
unsigned char *
string2hex(const char *hex, int *cnt)
{
unsigned char *res;
int i, len, k, tmp1, tmp2;
if (!hex || !cnt)
return NULL;
len = strlen(hex);
if (len%2) {
/*
* Old versions of anoubis used to return the data with
* a trailing slash. Accept this.
*/
if (hex[len-1] == '/')
len--;
else
return NULL;
}
res = calloc(len/2, sizeof(unsigned char));
if (!res)
return NULL;
for (i = 0, k = 0; i < len-1; i+=2, k++) {
tmp1 = chartohex(hex[i]) * 16;
if (tmp1 < 0)
goto err;
tmp2 = chartohex(hex[i+1]);
if (tmp2 < 0)
goto err;
res[k] = tmp1 + tmp2;
}
*cnt = len / 2;
return res;
err:
free(res);
return NULL;
}
/* Result is malloc'd*/
unsigned char*
makebytestring(char* s, size_t* lenp)
{
unsigned char* bytes;
unsigned char* b;
size_t slen = strlen(s);
size_t blen = slen/2;
int i;
ASSERT((slen%2) == 0);
ASSERT(blen > 0);
bytes = (unsigned char*)emalloc(blen);
b = bytes;
for(i=0;i<slen;i+=2) {
unsigned int digit1 = chartohex(*s++);
unsigned int digit2 = chartohex(*s++);
unsigned int byte = (digit1 << 4) | digit2;
*b++ = byte;
}
if(lenp) *lenp = blen;
return bytes;
}
// Método que lee el ID de la base.
int CNTronBase::readBaseID() {
std::string cmd = READNODEID;
int result, size;
char c;
//Transformamos el objeto string 'cmd' en una cadena de caracteres char.
result = sendCommand(cmd.c_str(), cmd.size());
if (result < 0)
return -1;
// std::cout << "[DEBUG] Reading base MAC ..." << std::endl;
// Read result
c = 0;
size = 0;
while (c != '\n') {
result = read(m_portHandler, &c, 1);
if (result < 0) {
usleep(10000);
return -5;
}
if (result == 1) {
m_readBuff[size++] = c;
}
}
m_readBuff[size] = '\0';
//std::cout << "[DEBUG] Base MAC: " << m_readBuff;
//Nos quedamos con los primeros 2 bytes de la dirección MAC.
//En este punto limitamos el rango de valor de ID a 0-255.
char dirMAC[12];
strncpy(dirMAC,m_readBuff,12);
m_baseId=chartohex(dirMAC);
return 0;
/* Posibles valores de return:
return= -1; Error al enviar el comando. [ SendCommand() devuelve -6 ].
return= -5; Error al encontrarse el buffer vacío. [ read() devuelve 0 ].
return= 0; Lectura del ID de la base realizada con éxito.
*/
}
/**
* This function initializes the tcp context global instance to 0 except for
* file descriptor descriptor for stdin, stdout and stderr.
*
* @author Mohd Naushad Ahmed
* @version 1.0
* @param none
* @return none
*/
char *http_encode_pap_password (char *password,
char *uam_secret,
char *challenge)
{
int n,m;
unsigned char user_password[RADIUS_PWSIZE + 1];
unsigned char p[RADIUS_PWSIZE + 1];
int plen = -1;
char *buffer;
MD5_CTX context;
/* challenge */
buffer = (char*) malloc(512);
memset (buffer, 0, sizeof(buffer));
strncpy ((char *)buffer, (const char *)challenge, strlen(challenge));
/* converting from hex to character string */
hextochar (buffer, challenge, MD5LEN);
/* uamsecret */
MD5Init(&context);
MD5Update(&context, challenge, MD5LEN);
MD5Update(&context, (unsigned char*)uam_secret, strlen(uam_secret));
MD5Final(challenge, &context);
/* password */
memset(p, 0, sizeof(p));
strncpy((char *)p, (const char *)password, (size_t)strlen(password));
plen = strlen(password);
for (m=0; m < plen;)
{
for (n=0; n < REDIR_MD5LEN; m++, n++)
{
user_password[m] = p[m] ^ challenge[n];
}
}
chartohex(user_password, buffer, plen);
return (buffer);
}/* http_encode_pap_password */
int mresponse_main(int argc, char **argv) {
uint8_t chap_ident = 0;
uint8_t challenge[32];
char buffer[512];
MD5_CTX context;
int idx = 0;
int usent = 0;
int usepap = 0;
if (argc < 2)
return usage(argv[0]);
if (!strcmp(argv[1],"-nt")) {
usent = 1;
argc--;
idx++;
}
if (!strcmp(argv[1],"-pap")) {
usepap = 1;
argc--;
idx++;
}
if (usent && usepap)
return usage(argv[0]);
if (argc < 4)
return usage(argv[0]);
if (argc == 5)
chap_ident = atoi(argv[idx+4]);
/* challenge - argv 1 */
memset(buffer, 0, sizeof(buffer));
strcpy(buffer, argv[idx+1]);
hextochar(buffer, challenge, MD5LEN);
/* uamsecret - argv 2 */
MD5Init(&context);
MD5Update(&context, challenge, MD5LEN);
MD5Update(&context, (uint8_t*)argv[idx+2], strlen(argv[idx+2]));
MD5Final(challenge, &context);
if (usepap) {
uint8_t user_password[RADIUS_PWSIZE + 1];
uint8_t p[RADIUS_PWSIZE + 1];
int m, n, plen = strlen(argv[idx+3]);
memset(p, 0, sizeof(p));
safe_strncpy((char *)p, argv[idx+3], RADIUS_PWSIZE);
for (m=0; m < plen;) {
for (n=0; n < REDIR_MD5LEN; m++, n++) {
user_password[m] = p[m] ^ challenge[n];
}
}
chartohex(user_password, buffer, plen);
printf("%s\n", buffer);
} else if (usent) {
#ifdef HAVE_OPENSSL
uint8_t ntresponse[24];
if (argc < 5)
return usage(argv[0]);
GenerateNTResponse(challenge, challenge,
(uint8_t*)argv[idx+3], strlen(argv[idx+3]),
(uint8_t*)argv[idx+4], strlen(argv[idx+4]),
ntresponse);
chartohex(ntresponse, buffer, 24);
printf("%s\n", buffer);
#else
printf("Requires OpenSSL Support\n");
#endif
} else {
uint8_t response[32];
/* password - argv 3 */
MD5Init(&context);
MD5Update(&context, (uint8_t*)&chap_ident, 1);
MD5Update(&context, (uint8_t*)argv[idx+3], strlen(argv[idx+3]));
MD5Update(&context, challenge, MD5LEN);
MD5Final(response, &context);
chartohex(response, buffer, MD5LEN);
printf("%s\n", buffer);
}
return 0;
}
char *
hex2mem(char *buf, char *mem, int count) {
int i;
unsigned char ch;
char *out;
int special;
union {
uint8_t u8;
uint16_t u16;
uint32_t u32;
} temp;
// Handle 1/2/4 bytes writes specially - they might be "out8/16/32"
// requests, or we might be talking to a mem mapped register that
// doesn't like taking information one byte at a time.
special = 0;
out = mem;
if(cpu_handle_alignment(mem, count)) {
switch(count) {
case 1:
case 2:
case 4:
special = 1;
out = (void *)&temp;
break;
default:
break;
}
}
for(i=0;i<count;i++) {
ch = chartohex(*buf++) << 4;
ch = ch + chartohex(*buf++);
*out++ = ch;
}
if(special) {
switch(count) {
case 1:
if(MAP_IN_RANGE(inout, mem)) {
out8(MAP_OFFSET(inout, mem), temp.u8);
} else {
*(uint8_t *)mem = temp.u8;
}
break;
case 2:
if(MAP_IN_RANGE(inout, mem)) {
out16(MAP_OFFSET(inout, mem), temp.u16);
} else {
*(uint16_t *)mem = temp.u16;
}
break;
case 4:
if(MAP_IN_RANGE(inout, mem)) {
out32(MAP_OFFSET(inout, mem), temp.u32);
} else {
*(uint32_t *)mem = temp.u32;
}
break;
default:
break;
}
}
return(mem + count);
}
/*
* scan for the sequence $<data>#<checksum>
*/
boolean
getpacket() {
unsigned char checksum;
unsigned char xmitcsum;
int i;
int count;
int ch;
int cs1;
int cs2;
int (*init_getc)(void);
init_getc = connected ? dbg_getc : dbg_getc_connect_check;
for( ;; ) {
try_again:
/* wait around for the start character, ignore all other characters */
do {
ch = init_getc();
if(ch == -1) return(FALSE);
} while(ch != '$');
try_again2:
checksum = 0;
count = 0;
cs1 = cs2 = 0;
/* now, read until a # or end of buffer is found */
for( ;; ) {
if(count >= BUFMAX) goto try_again;
ch = dbg_getc();
if(ch == -1) return(FALSE);
if(ch == '#') break;
if(ch == '$') goto try_again2;
checksum = checksum + ch;
scratch[count++] = ch;
}
/* collect the checksum */
cs1 = dbg_getc();
if(cs1 == -1) return(FALSE);
cs2 = dbg_getc();
if(cs2 == -1) return(FALSE);
scratch[count] = 0;
gdb_expand(scratch, inbuf);
xmitcsum = (chartohex(cs1) << 4) + chartohex(cs2);
if(checksum == xmitcsum) break;
if(gdb_debug) {
gdb_printf("bad checksum. My count = 0x%x, sent=0x%x. buf=%s\n",
checksum,xmitcsum,inbuf);
}
dbg_putc('-'); /* failed checksum */
}
dbg_putc('+'); /* successful transfer */
/* if a sequence char is present, reply the sequence ID */
if(inbuf[2] == ':') {
dbg_putc(inbuf[0]);
dbg_putc(inbuf[1]);
/* remove sequence chars from buffer */
i = 3;
for( ;; ) {
inbuf[i-3] = inbuf[i];
if(inbuf[i] == '\0') break;
++i;
}
}
return(TRUE);
}
// Updates the list of available beacons
int CNTronBase::detectBeacons() {
int result, size, lines, line = 0, age;
char c;
std::string cmd = GETBEACONS(255);
char id[12]; // MAC of a beacon (contains the ID of the beacon).
CNTronNode node;
result = sendCommand(cmd.c_str(), cmd.size());
if (result < 0)
return -1;
// Find the beginning of the stream
c = 0;
while (c != '#') {
result = read(m_portHandler, &c, 1);
if (result < 0) {
usleep(10000);
return -5;
}
}
// Read first line (number of remaining lines)
c = 0;
size = 0;
while (c != '\n') {
result = read(m_portHandler, &c, 1);
if (result < 0) {
usleep(10000);
return -5;
}
if (result == 1) {
m_readBuff[size++] = c;
}
}
m_readBuff[size] = '\0';
sscanf(m_readBuff, "%d", &lines);
// Read list of nodes detected
for (line = 1; line <= lines; line++) {
// Read new line
c = 0;
size = 0;
while (c != '\n') {
result = read(m_portHandler, &c, 1);
if (result < 0) {
usleep(10000);
return -5;
}
if (result == 1) {
m_readBuff[size++] = c;
}
}
// IDs start at line 3
if (line >= 3) {
m_readBuff[size] = '\0';
sscanf(m_readBuff, "%d:%s", &age, id);
if (age <= MAX_AGE) {
int nodeID = chartohex(id);
if (m_nodes.count(nodeID) == 0) { // Add a new beacon
node.failures = 0;
node.penalization = 0;
node.id = nodeID;
strncpy(node.mac, id, 12);
node.mac[12] = '\0';
m_nodes[nodeID] = node;
m_nodeIDs.push_back(nodeID);
} else { // Check penalization
if (checkPenalization(m_nodes[nodeID]) > 0) {
m_nodes[nodeID].penalization--;
}
}
}
}
}
#if DEBUG
printBeacons();
#endif
return 0;
}
