Class: Msf::Encoder::XorAdditiveFeedback

Inherits:
Xor show all
Defined in:
lib/msf/core/encoder/xor_additive_feedback.rb

Overview

This class performs per-block XOR additive feedback encoding.

Instance Attribute Summary

Attributes inherited from Module

#arch, #author, #datastore, #error, #job_id, #license, #module_store, #options, #platform, #privileged, #references, #uuid

Attributes included from Framework::Offspring

#framework

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Instance Method Summary collapse

Methods inherited from Xor

#find_bad_keys

Methods inherited from Msf::Encoder

#decoder_block_size, #decoder_hash, #decoder_key_offset, #decoder_key_pack, #decoder_key_size, #decoder_stub, #do_encode, #encode, #encode_begin, #encode_end, #encode_finalize_stub, #encoder_type, #prepend_buf, #to_native, #type, type

Methods inherited from Module

#[], #[]=, #alias, #arch?, #arch_to_s, #author_to_s, #auxiliary?, cached?, #check, #comm, #compat, #compatible?, #debugging?, #description, #disclosure_date, #each_arch, #each_author, #encoder?, #exploit?, #fail_with, #file_path, #framework, #fullname, fullname, #import_defaults, is_usable, #name, #nop?, #orig_cls, #owner, #payload?, #platform?, #platform_to_s, #post?, #print_error, #print_good, #print_line, #print_line_prefix, #print_prefix, #print_status, #print_warning, #privileged?, rank, #rank, rank_to_h, #rank_to_h, rank_to_s, #rank_to_s, #refname, #register_parent, #replicant, #search_filter, #share_datastore, #shortname, shortname, #support_ipv6?, #target_host, #target_port, #type, type, #validate, #vprint_debug, #vprint_error, #vprint_good, #vprint_line, #vprint_status, #vprint_warning, #workspace

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_debug, #print_error, #print_good, #print_line, #print_status, #print_warning

Constructor Details

#initialize(info) ⇒ XorAdditiveFeedback

Returns a new instance of XorAdditiveFeedback


11
12
13
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 11

def initialize(info)
  super(info)
end

Instance Method Details

#encode_block(state, block) ⇒ Object

Encodes a block using the XOR additive feedback algorithm.


18
19
20
21
22
23
24
25
26
27
28
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 18

def encode_block(state, block)
  # XOR the key with the current block
  orig       = block.unpack(decoder_key_pack)[0]
  oblock     = orig ^ state.key

  # Add the original block contents to the key
  state.key  = (state.key + orig) % (1 << (decoder_key_size * 8))

  # Return the XOR'd block
  return [ oblock ].pack(decoder_key_pack)
end

#find_key(buf, badchars, state = Msf::EncoderState.new) ⇒ Object

Finds a key that is compatible with the badchars list.


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 33

def find_key(buf, badchars, state = Msf::EncoderState.new)
  key_bytes = integer_to_key_bytes(super(buf, badchars, nil))
  valid = false

  # Save the original key_bytes so we can tell if we loop around
  orig_key_bytes = key_bytes.dup

  # While we haven't found a valid key, keep trying the encode operation
  while (!valid)
    # Initialize the state back to defaults since we're trying to find a
    # key.
    init_state(state)

    begin
      # Reset the encoder state's key to the current set of key bytes
      state.reset(key_bytes_to_integer(key_bytes))

      # If the key itself contains a bad character, throw the bad
      # character exception with the index of the bad character in the
      # key.  Use a stub_size of zero to bypass the check to in the
      # rescue block.
      if ((idx = has_badchars?([state.key.to_i].pack(decoder_key_pack), badchars)) != nil)
        raise Msf::BadcharError.new(nil, idx, 0, nil)
      end

      # Perform the encode operation...if it encounters a bad character
      # an exception will be thrown
      valid = do_encode(state)
    rescue Msf::BadcharError => info
      # If the decoder stub contains a bad character, then there's not
      # much we can do about it
      if (info.index < info.stub_size)
        raise info, "The #{self.name} decoder stub contains a bad character.", caller
      end

      # Determine the actual index to the bad character inside the
      # encoded payload by removing the decoder stub from the index and
      # modulus off the decoder's key size
      idx = (info.index - info.stub_size) % (decoder_key_size)

      # Increment the key byte at the index that the bad character was
      # detected
      key_bytes[idx] = ((key_bytes[idx] + 1) % 255)

      # If we looped around, then give up.
      if (key_bytes[idx] == orig_key_bytes[idx])
        raise info, "The #{self.name} encoder failed to encode without bad characters.",
            caller
      end
    end
  end

  # Return the original key
  return state.orig_key
end