diff --git a/xzre.h b/xzre.h index 071d014..6b1ab04 100644 --- a/xzre.h +++ b/xzre.h @@ -1862,7 +1862,21 @@ extern BOOL elf_parse(Elf64_Ehdr *ehdr, elf_info_t *elf_info); * The main_elf_t::dynamic_linker_ehdr is set in backdoor_setup() by an interesting trick where the address of __tls_get_addr() * is found via GOT in update_got_address(). Then a backwards search for the ELF header magic bytes from this address is * performed to find the ld.so ELF header. - * + * + * The function will succeed if the checks outlined in @ref process_is_sshd (invoked by this function) are successful. + * + * @param main_elf The main executable to parse. + * @return BOOL TRUE if successful and all checks passed, or FALSE otherwise. + */ +extern BOOL main_elf_parse(main_elf_t *main_elf); + +extern char *check_argument(char arg_first_char, char* arg_name); + +/** + * @brief checks if the current process is sshd by inspecting `argv` and `envp`. + * + * this is done by reading the top of the process stack ( represented by @p stack_end ) + * * The following checks are performed: * - that argv[0] is "/usr/sbin/sshd" * - the remaining args all start with '-' @@ -1880,14 +1894,13 @@ extern BOOL elf_parse(Elf64_Ehdr *ehdr, elf_info_t *elf_info); * - "LINES=" * - "TERM=" * - "WAYLAND_DISPLAY=" - * - "yolAbejyiejuvnup=Evjtgvsh5okmkAvj" - * - * @param main_elf The main executable to parse. - * @return BOOL TRUE if successful and all checks passed, or FALSE otherwise. + * - "yolAbejyiejuvnup=Evjtgvsh5okmkAvj" + * + * @param elf the main ELF context + * @param stack_end pointer to the top of the process stack, also known as `__libc_stack_end` + * @return BOOL TRUE if the process is `sshd`, FALSE otherwise */ -extern BOOL main_elf_parse(main_elf_t *main_elf); - -extern char *check_argument(char arg_first_char, char* arg_name); +extern BOOL process_is_sshd(elf_info_t *elf, u8 *stack_end); /** * @brief parses the ELF rodata section, looking for strings and the instructions that reference them @@ -2719,6 +2732,69 @@ extern int sshd_get_host_keys_score( elf_info_t *elf, string_references_t *refs); +/** + * @brief Serializes the BIGNUM @p bn to the buffer @p buffer + * + * @param buffer the destination buffer to write the bignum to + * @param bufferSize size of the destination buffer + * @param pOutSize pointer to a variable that will receive the number of bytes written to the buffer + * @param bn the BIGNUM to serialize + * @param funcs + * @return BOOL TRUE if successfully serialized, FALSE otherwise + */ +extern BOOL bignum_serialize( + u8 *buffer, u64 bufferSize, + u64 *pOutSize, + const BIGNUM *bn, + imported_funcs_t *funcs); + +/** + * @brief obtains a SHA256 hash of the supplied RSA key + * + * @param rsa the RSA key to hash + * @param mdBuf buffer to write the resulting digest to + * @param mdBufSize size of the buffer indicated by @p mdBuf + * @param funcs + * @return BOOL TRUE if the hash was successfully generated, FALSE otherwise + */ +extern BOOL rsa_key_hash( + const RSA *rsa, + u8 *mdBuf, + u64 mdBufSize, + imported_funcs_t *funcs); + +/** + * @brief obtains a SHA256 hash of the supplied RSA key + * + * @param dsa the DSA key to hash + * @param mdBuf buffer to write the resulting digest to + * @param mdBufSize size of the buffer indicated by @p mdBuf + * @param funcs + * @return BOOL TRUE if the hash was successfully generated, FALSE otherwise + */ +extern BOOL dsa_key_hash( + const DSA *dsa, + u8 *mdBuf, + u64 mdBufSize, + imported_funcs_t *funcs); + +/** + * @brief computes the SHA256 hash of the supplied data + * + * @param data buffer containing the data to hash + * @param count number of bytes to hash from @p data + * @param mdBuf buffer to write the resulting digest to + * @param mdBufSize size of the buffer indicated by @p mdBuf + * @param funcs + * @return BOOL + */ +extern BOOL sha256( + const void *data, + size_t count, + u8 *mdBuf, + u64 mdBufSize, + imported_funcs_t *funcs); + /** * @brief counts the number of times the IFUNC resolver is called * diff --git a/xzre.lds.in b/xzre.lds.in index 533f954..60027c6 100644 --- a/xzre.lds.in +++ b/xzre.lds.in @@ -107,6 +107,13 @@ SECTIONS_BEGIN() DEFSYM(sshd_get_host_keys_score_in_main, .text.lzma_decoder_inia) DEFSYM(sshd_get_host_keys_score_in_do_child, .text.lzma_check_finisa) DEFSYM(sshd_get_host_keys_score, .text.lzma_lzma2_encoder_memusaga) + DEFSYM(bignum_serialize, .text.lzma_block_decoder_inia) + DEFSYM(rsa_key_hash, .text.lzma_filters_copa) + DEFSYM_START(.text.lzma_file_info_decodea) + DEFSYM2(process_is_sshd, 0) + DEFSYM2(dsa_key_hash, 0x3B70 - 0x3A10) + DEFSYM_END(.text.lzma_file_info_decodea) + DEFSYM(sha256, .text.lzma_easy_encodea) SECTIONS_END(.text) SECTIONS_BEGIN()