From 9806720d19ca73bee95a678ce1d4cea3521e4cdb Mon Sep 17 00:00:00 2001
From: Stefano Moioli <smxdev4@gmail.com>
Date: Wed, 1 May 2024 01:07:01 +0200
Subject: [PATCH] invoker: use stock ssh client with the new dynamic signature
 check patch. removed hardcoded path of modified ssh client

---
 invoker.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/invoker.php b/invoker.php
index f707a77..8e5edb0 100644
--- a/invoker.php
+++ b/invoker.php
@@ -864,12 +864,17 @@ public function ssh_client_main(){
         $sshd_port = 2022;
 
         say('running ssh client');
-        pcntl_exec('/root/sshd/openssh/openssh-9.6p1/ssh', [
+        $ssh = rtrim(shell_exec('which ssh'));
+
+        $envp = getenv();
+        // patch to disable signature verification of backdoor certificate
+        $envp['LD_PRELOAD'] = path_combine(__DIR__, 'build', 'libssh_patch.so');
+        pcntl_exec($ssh, [
             '-vvvv',
             '-i', $this->gdb_file('id_rsa-cert2.pub'),
             '-p', $sshd_port,
             'root@localhost'
-        ]);
+        ], $envp);
     }
 
     public function ssh_server_main(){