/
Secret.go
175 lines (142 loc) · 3.88 KB
/
Secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
package main
import (
"crypto/md5"
"encoding/hex"
"math/rand"
"strconv"
)
// Secret Values
var (
secret = []int{}
secretEgg = ""
secretEggEOF = ""
generatedSecret = false
secretREQ = ""
secretREQALL = ""
)
// Check to see if the secrets are found inside of a packet
func IsSecretFound(packet *pPacket) bool {
// Identify Secret In Packet
totalMatches := 0
// Checking each TCP Flag for a match
for _, sec := range secret {
if flags[sec] == "FIN" {
if packet.TCPHeader.FIN {
totalMatches++
}
} else if flags[sec] == "SYN" {
if packet.TCPHeader.SYN {
totalMatches++
}
} else if flags[sec] == "RST" {
if packet.TCPHeader.RST {
totalMatches++
}
} else if flags[sec] == "ACK" {
if packet.TCPHeader.ACK {
totalMatches++
}
} else if flags[sec] == "URG" {
if packet.TCPHeader.URG {
totalMatches++
}
} else if flags[sec] == "ECE" {
if packet.TCPHeader.ECE {
totalMatches++
}
} else if flags[sec] == "CWR" {
if packet.TCPHeader.CWR {
totalMatches++
}
} else if flags[sec] == "NS" {
if packet.TCPHeader.NS {
totalMatches++
}
}
// Check to see if we have the correct amount of flags based on the secret.
if totalMatches == len(secret) {
// Check to see if the secret egg is present
if checkEgg(packet.rawData) {
return true
}
}
}
return false
}
// Checks for the custom Request All after X packet.
func checkSecretREQALL(data []byte, port int) bool {
// Strip our inital data
strippedData := ParserRun(data, mapProtocolByPort(port))
// Check length to see if its even there.
if len(strippedData) >= len([]byte(secretREQ))+len([]byte(secretREQALL)) {
if string(strippedData[len([]byte(secretREQ)):len([]byte(secretREQ))+len([]byte(secretREQALL))]) == secretREQALL {
return true
}
}
return false
}
// Checks for the custom Request packet.
func checkSecretREQ(data []byte, port int) bool {
// Strip our inital data
strippedData := ParserRun(data, mapProtocolByPort(port))
// Check length to see if its even there.
if len(strippedData) >= len([]byte(secretREQ)) {
if string(strippedData[:len([]byte(secretREQ))]) == secretREQ {
return true
}
}
return false
}
// Check to see if our egg is present in the raw data
func checkEgg(data []byte) bool {
// Do we have enough bytes for there to be an egg?
if len(data) < len([]byte(secretEgg)) {
return false
}
// Calculate the offset to the secret egg and compare it
if string(data[len([]byte(OFFSETSTART)):len([]byte(secretEgg))+len([]byte(OFFSETSTART))]) == secretEgg {
return true
}
return false
}
// Generate a random number between 2 sets
func random(min int, max int) int {
return rand.Intn(max-min) + min
}
// RUNS ONLY ONCE!
// Generates the inital secrets for the binary
func generateSecret() {
// Seed random with our Signature
rand.Seed(SIGNATURE)
// Get how many TCP flags we will be using
randFlagCount := random(1, 6)
// Generate which TCP flags based on the random amount to be used
for i := 0; i < randFlagCount; i++ {
newRand := random(0, 7)
for contains(secret, newRand) {
newRand = random(0, 7)
}
secret = append(secret, newRand)
}
// Generate all secrets required
secretEgg = strconv.Itoa(random(1, SIGNATURE))
secretEggEOF = strconv.Itoa(random(1, SIGNATURE))
secretREQ = strconv.Itoa(random(1, SIGNATURE))
secretREQALL = strconv.Itoa(random(1, SIGNATURE))
// Set this to true so we dont generate again
generatedSecret = true
}
// Strip the secret egg from our raw data
func stripSecretEgg(data []byte) []byte {
return data[len([]byte(OFFSETSTART))+len([]byte(secretEgg)):]
}
// Strip the EOF egg from raw data
func stripSecretEggEOF(data []byte) []byte {
return data[:len(data)-len([]byte(secretEggEOF))]
}
// Calc the MD5 of a byte slice
func GetMD5(data []byte) string {
hashObj := md5.New()
hash := hashObj.Sum(data)[:16]
return hex.EncodeToString(hash)
}