Пример #1
0
int main(int argc, char** argv)
{
	if(argc < 3)
		usage();

	long rsaptr = getRSAPointer(argv[1]);
	long hostptr = getHostPointer(argv[1]);

	printf("%lo   %lo", rsaptr, hostptr);

	int childpid = fork();
	if(childpid == -1)
		fatal("Unable to fork.");

	if(childpid == 0)
	{
		printf("I'm the child");
		//chdir(TIBIA_ENV);
		execl(TIBIA_PATH, (const char*) NULL, (char*) NULL);
		exit(0);
	}

	sleep(2);
	pid_t pid = findPid("Tibia");

	//write RSA key
	char data[310] = "";
	strcpy(data, RSA_KEY);
	writeMemory(pid, rsaptr, data, RSALEN);
	
	//DEBUG
	readMemory(pid, rsaptr, data, RSALEN);
	printf("rsa: %s\n", data);
	//DEBUG
	
	//read pointer to Hostname struct
	unsigned char ptrdata[4] = "";
	readMemory(pid, hostptr, ptrdata, 4);

	//read offset+4 on Hostname struct
	readMemory(pid, chartohex(ptrdata)+4, ptrdata, 4);
	char loc[26] = "";
   	strcpy(loc,argv[2]);
	int len = 26;
	writeMemory(pid, chartohex(ptrdata), loc, len); 

	readMemory(pid,chartohex(ptrdata), data, 30);
	printf("IP changed to: %s\n", data);

	return 1;
}
Пример #2
0
unsigned char *
string2hex(const char *hex, int *cnt)
{
	unsigned char *res;
	int i, len, k, tmp1, tmp2;

	if (!hex || !cnt)
		return NULL;

	len = strlen(hex);
	if (len%2) {
		/*
		 * Old versions of anoubis used to return the data with
		 * a trailing slash. Accept this.
		 */
		if (hex[len-1] == '/')
			len--;
		else
			return NULL;
	}

	res = calloc(len/2, sizeof(unsigned char));
	if (!res)
		return NULL;

	for (i = 0, k = 0; i < len-1; i+=2, k++) {
		tmp1 = chartohex(hex[i]) * 16;
		if (tmp1 < 0)
			goto err;

		tmp2 = chartohex(hex[i+1]);
		if (tmp2 < 0)
			goto err;
		res[k] = tmp1 + tmp2;
	}
	*cnt = len / 2;
	return res;
err:
	free(res);
	return NULL;
}
Пример #3
0
/* Result is malloc'd*/
unsigned char*
makebytestring(char* s, size_t* lenp)
{
    unsigned char* bytes;
    unsigned char* b;
    size_t slen = strlen(s);
    size_t blen = slen/2;
    int i;

    ASSERT((slen%2) == 0);
    ASSERT(blen > 0);
    bytes = (unsigned char*)emalloc(blen);
    b = bytes;
    for(i=0;i<slen;i+=2) {
	unsigned int digit1 = chartohex(*s++);
	unsigned int digit2 = chartohex(*s++);
	unsigned int byte = (digit1 << 4) | digit2;
	*b++ = byte;				
    }
    if(lenp) *lenp = blen;
    return bytes;
}
Пример #4
0
// Método que lee el ID de la base.
int CNTronBase::readBaseID() {
	std::string cmd = READNODEID;
	int result, size;
	char c;

	//Transformamos el objeto string 'cmd' en una cadena de caracteres char. 
	result = sendCommand(cmd.c_str(), cmd.size());
	if (result < 0)
		return -1;

	//	std::cout << "[DEBUG] Reading base MAC ..." << std::endl;

	// Read result
	c = 0;
	size = 0;
	while (c != '\n') {
		result = read(m_portHandler, &c, 1);
		if (result < 0) {
			usleep(10000);
			return -5;
		}

		if (result == 1) {
			m_readBuff[size++] = c;
		}
	}
	m_readBuff[size] = '\0';

	//std::cout << "[DEBUG] Base MAC: " << m_readBuff;

	//Nos quedamos con los primeros 2 bytes de la dirección MAC.
	//En este punto limitamos el rango de valor de ID a 0-255.

	char dirMAC[12];
	strncpy(dirMAC,m_readBuff,12);

	m_baseId=chartohex(dirMAC);

	return 0;
	/* Posibles valores de return:
	 return= -1; Error al enviar el comando.           [ SendCommand() devuelve -6 ].
	 return= -5; Error al encontrarse el buffer vacío. [ read() devuelve 0 ].
	 return= 0; Lectura del ID de la base realizada con éxito.
	 */
}
Пример #5
0
/**
 * This function initializes the tcp context global instance to 0 except for
 * file descriptor descriptor for stdin, stdout and stderr.
 *
 * @author    Mohd Naushad Ahmed
 * @version   1.0
 * @param     none
 * @return    none
 */
char *http_encode_pap_password (char *password,
                                char *uam_secret,
                                char *challenge)
{
  int            n,m;
  unsigned char  user_password[RADIUS_PWSIZE + 1];
  unsigned char  p[RADIUS_PWSIZE + 1];
  int            plen = -1; 
  char *buffer;
  MD5_CTX context;
  
  /* challenge  */
  buffer = (char*) malloc(512);
  memset (buffer, 0, sizeof(buffer));
  strncpy ((char *)buffer, (const char *)challenge, strlen(challenge));
  
  /* converting from hex to character string */
  hextochar (buffer, challenge, MD5LEN);
  
  /* uamsecret */
  MD5Init(&context);
  MD5Update(&context, challenge, MD5LEN);
  MD5Update(&context, (unsigned char*)uam_secret, strlen(uam_secret));
  MD5Final(challenge, &context);
  
  /* password */
  
  memset(p, 0, sizeof(p));
  
  strncpy((char *)p, (const char *)password, (size_t)strlen(password));
  plen = strlen(password);

  for (m=0; m < plen;)
  {
    for (n=0; n < REDIR_MD5LEN; m++, n++)
    {
      user_password[m] = p[m] ^ challenge[n];
    }
  }
  
  chartohex(user_password, buffer, plen);
  return (buffer);
}/* http_encode_pap_password */
Пример #6
0
int mresponse_main(int argc, char **argv) {
  uint8_t chap_ident = 0;
  uint8_t challenge[32];
  char buffer[512];
  MD5_CTX context;

  int idx = 0;
  int usent = 0;
  int usepap = 0;

  if (argc < 2)
    return usage(argv[0]);

  if (!strcmp(argv[1],"-nt")) {
    usent = 1;
    argc--;
    idx++;
  }

  if (!strcmp(argv[1],"-pap")) {
    usepap = 1;
    argc--;
    idx++;
  }

  if (usent && usepap)
    return usage(argv[0]);

  if (argc < 4)
    return usage(argv[0]);

  if (argc == 5) 
    chap_ident = atoi(argv[idx+4]);

  /* challenge - argv 1 */
  memset(buffer, 0, sizeof(buffer));
  strcpy(buffer, argv[idx+1]);
  hextochar(buffer, challenge, MD5LEN);

  /* uamsecret - argv 2 */
  MD5Init(&context);
  MD5Update(&context, challenge, MD5LEN);
  MD5Update(&context, (uint8_t*)argv[idx+2], strlen(argv[idx+2]));
  MD5Final(challenge, &context);

  if (usepap) {
    uint8_t user_password[RADIUS_PWSIZE + 1];
    uint8_t p[RADIUS_PWSIZE + 1];
    int m, n, plen = strlen(argv[idx+3]);
    
    memset(p, 0, sizeof(p));
    safe_strncpy((char *)p, argv[idx+3], RADIUS_PWSIZE);
    
    for (m=0; m < plen;) {
      for (n=0; n < REDIR_MD5LEN; m++, n++) {
	user_password[m] = p[m] ^ challenge[n];
      }
    }
    
    chartohex(user_password, buffer, plen);
    printf("%s\n", buffer);
    
  } else if (usent) {
    
#ifdef HAVE_OPENSSL
    uint8_t ntresponse[24];

    if (argc < 5)
      return usage(argv[0]);

    GenerateNTResponse(challenge, challenge,
		       (uint8_t*)argv[idx+3], strlen(argv[idx+3]),
		       (uint8_t*)argv[idx+4], strlen(argv[idx+4]),
		       ntresponse);
    chartohex(ntresponse, buffer, 24);
    printf("%s\n", buffer);

#else

    printf("Requires OpenSSL Support\n");

#endif

  } else {
    uint8_t response[32];

    /* password - argv 3 */
    MD5Init(&context);
    MD5Update(&context, (uint8_t*)&chap_ident, 1);	  
    MD5Update(&context, (uint8_t*)argv[idx+3], strlen(argv[idx+3]));
    MD5Update(&context, challenge, MD5LEN);
    MD5Final(response, &context);
    
    chartohex(response, buffer, MD5LEN);
    printf("%s\n", buffer);
  }

  return 0;
}
Пример #7
0
char *
hex2mem(char *buf, char *mem, int count) {
    int i;
    unsigned char ch;
	char		*out;
	int			special;
	union {
		uint8_t		u8;
		uint16_t	u16;
		uint32_t	u32;
	}	temp;

	// Handle 1/2/4 bytes writes specially - they might be "out8/16/32"
	// requests, or we might be talking to a mem mapped register that
	// doesn't like taking information one byte at a time.

	special = 0;
	out = mem;
	if(cpu_handle_alignment(mem, count)) {
		switch(count) {
		case 1:	
		case 2:	
		case 4:
			special = 1;
			out = (void *)&temp;
			break;
		default:
			break;
		}
	}

    for(i=0;i<count;i++) {
		ch = chartohex(*buf++) << 4;
		ch = ch + chartohex(*buf++);
		*out++ = ch;
    }

	if(special) {
		switch(count) {
		case 1:	
			if(MAP_IN_RANGE(inout, mem)) {
				out8(MAP_OFFSET(inout, mem), temp.u8);
			} else {
				*(uint8_t *)mem = temp.u8;
			}
			break;
		case 2:	
			if(MAP_IN_RANGE(inout, mem)) {
				out16(MAP_OFFSET(inout, mem), temp.u16);
			} else {
				*(uint16_t *)mem = temp.u16;
			}
			break;
		case 4:
			if(MAP_IN_RANGE(inout, mem)) {
				out32(MAP_OFFSET(inout, mem), temp.u32);
			} else {
				*(uint32_t *)mem = temp.u32;
			}
			break;
		default:
			break;
		}
	}
    return(mem + count);
}
Пример #8
0
/* 
 * scan for the sequence $<data>#<checksum>
 */
boolean
getpacket() {
    unsigned char checksum;
    unsigned char xmitcsum;
    int  i;
    int  count;
    int ch;
	int cs1;
	int cs2;
	int	(*init_getc)(void);
  
 	init_getc = connected ? dbg_getc : dbg_getc_connect_check;
    for( ;; ) {
try_again:
		/* wait around for the start character, ignore all other characters */
		do {
			ch = init_getc();
			if(ch == -1) return(FALSE);
		} while(ch != '$');

try_again2:		
		checksum = 0;
		count = 0;
		cs1 = cs2 = 0;
		
		/* now, read until a # or end of buffer is found */
		for( ;; ) {
			if(count >= BUFMAX) goto try_again;
			ch = dbg_getc();
			if(ch == -1) return(FALSE);
			if(ch == '#') break;
			if(ch == '$') goto try_again2;
			checksum = checksum + ch;
			scratch[count++] = ch;
		}
		/* collect the checksum */
		cs1 = dbg_getc();
		if(cs1 == -1) return(FALSE);
		cs2 = dbg_getc();
		if(cs2 == -1) return(FALSE);

		scratch[count] = 0;
		gdb_expand(scratch, inbuf);
		
		xmitcsum = (chartohex(cs1) << 4) + chartohex(cs2);
		if(checksum == xmitcsum) break;
		if(gdb_debug) {
			gdb_printf("bad checksum.  My count = 0x%x, sent=0x%x. buf=%s\n",
			   checksum,xmitcsum,inbuf);
		}
		dbg_putc('-');  /* failed checksum */ 
    } 
	dbg_putc('+');  /* successful transfer */
	/* if a sequence char is present, reply the sequence ID */
	if(inbuf[2] == ':') {
		dbg_putc(inbuf[0]);
		dbg_putc(inbuf[1]);
		/* remove sequence chars from buffer */
		i = 3;
		for( ;; ) {
			inbuf[i-3] = inbuf[i];
			if(inbuf[i] == '\0') break;
			++i;
		}
	} 
    return(TRUE);
}
Пример #9
0
// Updates the list of available beacons
int CNTronBase::detectBeacons() {
	int result, size, lines, line = 0, age;
	char c;
	std::string cmd = GETBEACONS(255);
	char id[12]; // MAC of a beacon (contains the ID of the beacon).
	CNTronNode node;

	result = sendCommand(cmd.c_str(), cmd.size());
	if (result < 0)
		return -1;

	// Find the beginning of the stream
	c = 0;
	while (c != '#') {
		result = read(m_portHandler, &c, 1);
		if (result < 0) {
			usleep(10000);
			return -5;
		}
	}

	// Read first line (number of remaining lines)
	c = 0;
	size = 0;
	while (c != '\n') {
		result = read(m_portHandler, &c, 1);
		if (result < 0) {
			usleep(10000);
			return -5;
		}
		if (result == 1) {
			m_readBuff[size++] = c;
		}
	}
	m_readBuff[size] = '\0';
	sscanf(m_readBuff, "%d", &lines);

	// Read list of nodes detected
	for (line = 1; line <= lines; line++) {
		// Read new line
		c = 0;
		size = 0;
		while (c != '\n') {
			result = read(m_portHandler, &c, 1);
			if (result < 0) {
				usleep(10000);
				return -5;
			}

			if (result == 1) {
				m_readBuff[size++] = c;
			}
		}

		// IDs start at line 3
		if (line >= 3) {
			m_readBuff[size] = '\0';

			sscanf(m_readBuff, "%d:%s", &age, id);

			if (age <= MAX_AGE) {

				int nodeID = chartohex(id);
				if (m_nodes.count(nodeID) == 0) { // Add a new beacon
					node.failures = 0;
					node.penalization = 0;
					node.id = nodeID;

					strncpy(node.mac, id, 12);
					node.mac[12] = '\0';

					m_nodes[nodeID] = node;
					m_nodeIDs.push_back(nodeID);
				} else { // Check penalization
					if (checkPenalization(m_nodes[nodeID]) > 0) {
						m_nodes[nodeID].penalization--;
					}
				}
			}
		}
	}

#if DEBUG
	printBeacons();
#endif

	return 0;
}