Skip to content

Commit

Permalink
Deploying to gh-pages from @ 6fc4a74 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
@smx-smx
smx-smx committed Apr 6, 2024
1 parent 218433d commit d3b8780
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 30 deletions.
19 changes: 16 additions & 3 deletions xzre_8h.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@
<a href="#define-members">Macros</a> &#124;
<a href="#typedef-members">Typedefs</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> </div>
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<div class="title">xzre.h File Reference</div> </div>
</div><!--header-->
Expand Down Expand Up @@ -602,6 +603,12 @@
<tr class="memitem:abc618a02e31b94194ce03b0c4a2b3597"><td class="memItemLeft" align="right" valign="top">lzma_allocator *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="xzre_8h.html#abc618a02e31b94194ce03b0c4a2b3597">get_lzma_allocator</a> ()</td></tr>
<tr class="memdesc:abc618a02e31b94194ce03b0c4a2b3597"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets the fake LZMA allocator, used for imports resolution the "opaque" field of the structure holds a pointer to <a href="xzre_8h.html#abc618a02e31b94194ce03b0c4a2b3597">More...</a><br /></td></tr>
<tr class="separator:abc618a02e31b94194ce03b0c4a2b3597"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a130ba7ecb28e28acacb98c965d80dba3"><td class="memItemLeft" align="right" valign="top"><a id="a130ba7ecb28e28acacb98c965d80dba3"></a>
BOOL&#160;</td><td class="memItemRight" valign="bottom"><b>secret_data_append_from_instruction</b> (<a class="el" href="structdasm__ctx__t.html">dasm_ctx_t</a> *dctx, <a class="el" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> *cursor)</td></tr>
<tr class="separator:a130ba7ecb28e28acacb98c965d80dba3"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:afd18479d4cfc83d3d3cbd69a3315ab38"><td class="memItemLeft" align="right" valign="top"><a id="afd18479d4cfc83d3d3cbd69a3315ab38"></a>
BOOL&#160;</td><td class="memItemRight" valign="bottom"><b>secret_data_append_from_function</b> (void *function_start, void *code_end, <a class="el" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor, unsigned shift_count, unsigned operation_index)</td></tr>
<tr class="separator:afd18479d4cfc83d3d3cbd69a3315ab38"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ad21c1f0b4b9127ea1234d46dbadc3e8b"><td class="memItemLeft" align="right" valign="top">BOOL&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b">secret_data_append_if_flags</a> (<a class="el" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor, unsigned operation_index, unsigned reg2reg_instruction_count, int flags, u8 *code)</td></tr>
<tr class="memdesc:ad21c1f0b4b9127ea1234d46dbadc3e8b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Calls <a class="el" href="xzre_8h.html#aa571c1c4c376e99b6e4306cf6d9d5f18">secret_data_append_singleton</a>, if <code>flags</code> are non-zero. <a href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b">More...</a><br /></td></tr>
<tr class="separator:ad21c1f0b4b9127ea1234d46dbadc3e8b"><td class="memSeparator" colspan="2">&#160;</td></tr>
Expand All @@ -617,6 +624,12 @@
<tr class="memitem:a0d70747b6216270de07c783fc499938e"><td class="memItemLeft" align="right" valign="top">BOOL&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="xzre_8h.html#a0d70747b6216270de07c783fc499938e">resolve_libc_imports</a> (struct link_map *libc, <a class="el" href="structelf__info.html">elf_info_t</a> *libc_info, <a class="el" href="structlibc__imports.html">libc_imports_t</a> *imports)</td></tr>
<tr class="memdesc:a0d70747b6216270de07c783fc499938e"><td class="mdescLeft">&#160;</td><td class="mdescRight">parses the libc ELF from the supplied link map, and resolves its imports <a href="xzre_8h.html#a0d70747b6216270de07c783fc499938e">More...</a><br /></td></tr>
<tr class="separator:a0d70747b6216270de07c783fc499938e"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="var-members"></a>
Variables</h2></td></tr>
<tr class="memitem:aba335b5173c376997dd9e8686255413c"><td class="memItemLeft" align="right" valign="top"><a id="aba335b5173c376997dd9e8686255413c"></a>
<a class="el" href="structglobal__context__t.html">global_context_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><b>global_ctx</b></td></tr>
<tr class="separator:aba335b5173c376997dd9e8686255413c"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>XZ backdoor structures and functions. </p>
Expand Down Expand Up @@ -1700,7 +1713,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aa571c1c4c376e99b6e4306cf
<p>the <code>code</code> will be verified to check if the shift operation should be allowed or not. the algorithm will:</p><ul>
<li>locate the beginning of the function, by scanning for the <code>endbr64</code> instruction and making sure that the code lies between a pre-defined code range (set in <a class="el" href="xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423">backdoor_setup</a> from <a class="el" href="xzre_8h.html#af3f0d23e5fece210bdf4945c65e3a10a">elf_get_code_segment</a>)</li>
<li>search for <code>shift_count</code> number of "reg2reg" instructions (explained below)</li>
<li>for each instruction, shift a '1' in the data register, and increment the shift cursor to the next bit index if, at any given point, a non reg2reg instruction is encountered, the whole loop will stop and FALSE will be returned.</li>
<li>for each instruction, shift a '1' in the data register, and increment the shift cursor to the next bit index if, at any given point, a non reg2reg instruction is encountered, the whole loop will stop. the function will return TRUE if the number of shifts executed == number of wanted shifts NOTE: MOV instructions are counted, but don't cause any shift (they are skipped).</li>
</ul>
<p>a reg2reg instruction is an x64 instruction with one of the following characteristics:</p><ul>
<li>primary opcode of 0x89 (MOV) or 0x3B (CMP) or, alternatively, an opcode that passes the following validation opcode_check = opcode - 0x83; if ( opcode_check &gt; 0x2E || ((0x410100000101 &gt;&gt; opcode_value) &amp; 1) == 0 )</li>
Expand All @@ -1720,7 +1733,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aa571c1c4c376e99b6e4306cf
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>BOOL TRUE if validation was successful and data was added, FALSE otherwise </dd></dl>
<dl class="section return"><dt>Returns</dt><dd>BOOL TRUE if the number of requested shifts were all executed. FALSE if some shift wasn't executed due to code validation failure. </dd></dl>

</div>
</div>
Expand Down
64 changes: 37 additions & 27 deletions xzre_8h_source.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -567,33 +567,43 @@
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span>&#160; </div>
<div class="line"><a name="l00829"></a><span class="lineno"><a class="line" href="xzre_8h.html#abc618a02e31b94194ce03b0c4a2b3597"> 829</a></span>&#160;<span class="keyword">extern</span> lzma_allocator *<a class="code" href="xzre_8h.html#abc618a02e31b94194ce03b0c4a2b3597">get_lzma_allocator</a>();</div>
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span>&#160; </div>
<div class="line"><a name="l00841"></a><span class="lineno"><a class="line" href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b"> 841</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b">secret_data_append_if_flags</a>(</div>
<div class="line"><a name="l00842"></a><span class="lineno"> 842</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00843"></a><span class="lineno"> 843</span>&#160; <span class="keywordtype">unsigned</span> operation_index,</div>
<div class="line"><a name="l00844"></a><span class="lineno"> 844</span>&#160; <span class="keywordtype">unsigned</span> reg2reg_instruction_count,</div>
<div class="line"><a name="l00845"></a><span class="lineno"> 845</span>&#160; <span class="keywordtype">int</span> flags, u8 *code);</div>
<div class="line"><a name="l00846"></a><span class="lineno"> 846</span>&#160; </div>
<div class="line"><a name="l00886"></a><span class="lineno"><a class="line" href="xzre_8h.html#aa571c1c4c376e99b6e4306cf6d9d5f18"> 886</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#aa571c1c4c376e99b6e4306cf6d9d5f18">secret_data_append_singleton</a>(</div>
<div class="line"><a name="l00887"></a><span class="lineno"> 887</span>&#160; u8 *call_site, u8 *code,</div>
<div class="line"><a name="l00888"></a><span class="lineno"> 888</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00889"></a><span class="lineno"> 889</span>&#160; <span class="keywordtype">unsigned</span> shift_count, <span class="keywordtype">unsigned</span> operation_index);</div>
<div class="line"><a name="l00890"></a><span class="lineno"> 890</span>&#160; </div>
<div class="line"><a name="l00902"></a><span class="lineno"><a class="line" href="xzre_8h.html#aa74b87d0023e8efc4e820768518a884d"> 902</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#aa74b87d0023e8efc4e820768518a884d">secret_data_append_from_call_site</a>(</div>
<div class="line"><a name="l00903"></a><span class="lineno"> 903</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00904"></a><span class="lineno"> 904</span>&#160; <span class="keywordtype">unsigned</span> shift_count, <span class="keywordtype">unsigned</span> operation_index,</div>
<div class="line"><a name="l00905"></a><span class="lineno"> 905</span>&#160; BOOL bypass</div>
<div class="line"><a name="l00906"></a><span class="lineno"> 906</span>&#160;);</div>
<div class="line"><a name="l00907"></a><span class="lineno"> 907</span>&#160; </div>
<div class="line"><a name="l00914"></a><span class="lineno"><a class="line" href="xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423"> 914</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423">backdoor_setup</a>(<a class="code" href="structbackdoor__setup__params__t.html">backdoor_setup_params_t</a> *params);</div>
<div class="line"><a name="l00915"></a><span class="lineno"> 915</span>&#160; </div>
<div class="line"><a name="l00924"></a><span class="lineno"><a class="line" href="xzre_8h.html#a0d70747b6216270de07c783fc499938e"> 924</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#a0d70747b6216270de07c783fc499938e">resolve_libc_imports</a>(</div>
<div class="line"><a name="l00925"></a><span class="lineno"> 925</span>&#160; <span class="keyword">struct</span> link_map *libc,</div>
<div class="line"><a name="l00926"></a><span class="lineno"> 926</span>&#160; <a class="code" href="structelf__info.html">elf_info_t</a> *libc_info,</div>
<div class="line"><a name="l00927"></a><span class="lineno"> 927</span>&#160; <a class="code" href="structlibc__imports.html">libc_imports_t</a> *imports</div>
<div class="line"><a name="l00928"></a><span class="lineno"> 928</span>&#160;);</div>
<div class="line"><a name="l00929"></a><span class="lineno"> 929</span>&#160; </div>
<div class="line"><a name="l00930"></a><span class="lineno"> 930</span>&#160;<span class="preprocessor">#include &quot;util.h&quot;</span></div>
<div class="line"><a name="l00931"></a><span class="lineno"> 931</span>&#160;<span class="preprocessor">#endif</span></div>
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span>&#160;<span class="keyword">extern</span> BOOL secret_data_append_from_instruction(<a class="code" href="structdasm__ctx__t.html">dasm_ctx_t</a> *dctx, <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> *cursor);</div>
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span>&#160; </div>
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span>&#160;<span class="keyword">extern</span> BOOL secret_data_append_from_function(</div>
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span>&#160; <span class="keywordtype">void</span> *function_start,</div>
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span>&#160; <span class="keywordtype">void</span> *code_end,</div>
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span>&#160; <span class="keywordtype">unsigned</span> shift_count, <span class="keywordtype">unsigned</span> operation_index);</div>
<div class="line"><a name="l00838"></a><span class="lineno"> 838</span>&#160; </div>
<div class="line"><a name="l00849"></a><span class="lineno"><a class="line" href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b"> 849</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#ad21c1f0b4b9127ea1234d46dbadc3e8b">secret_data_append_if_flags</a>(</div>
<div class="line"><a name="l00850"></a><span class="lineno"> 850</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00851"></a><span class="lineno"> 851</span>&#160; <span class="keywordtype">unsigned</span> operation_index,</div>
<div class="line"><a name="l00852"></a><span class="lineno"> 852</span>&#160; <span class="keywordtype">unsigned</span> reg2reg_instruction_count,</div>
<div class="line"><a name="l00853"></a><span class="lineno"> 853</span>&#160; <span class="keywordtype">int</span> flags, u8 *code);</div>
<div class="line"><a name="l00854"></a><span class="lineno"> 854</span>&#160; </div>
<div class="line"><a name="l00897"></a><span class="lineno"><a class="line" href="xzre_8h.html#aa571c1c4c376e99b6e4306cf6d9d5f18"> 897</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#aa571c1c4c376e99b6e4306cf6d9d5f18">secret_data_append_singleton</a>(</div>
<div class="line"><a name="l00898"></a><span class="lineno"> 898</span>&#160; u8 *call_site, u8 *code,</div>
<div class="line"><a name="l00899"></a><span class="lineno"> 899</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00900"></a><span class="lineno"> 900</span>&#160; <span class="keywordtype">unsigned</span> shift_count, <span class="keywordtype">unsigned</span> operation_index);</div>
<div class="line"><a name="l00901"></a><span class="lineno"> 901</span>&#160; </div>
<div class="line"><a name="l00913"></a><span class="lineno"><a class="line" href="xzre_8h.html#aa74b87d0023e8efc4e820768518a884d"> 913</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#aa74b87d0023e8efc4e820768518a884d">secret_data_append_from_call_site</a>(</div>
<div class="line"><a name="l00914"></a><span class="lineno"> 914</span>&#160; <a class="code" href="unionsecret__data__shift__cursor.html">secret_data_shift_cursor</a> shift_cursor,</div>
<div class="line"><a name="l00915"></a><span class="lineno"> 915</span>&#160; <span class="keywordtype">unsigned</span> shift_count, <span class="keywordtype">unsigned</span> operation_index,</div>
<div class="line"><a name="l00916"></a><span class="lineno"> 916</span>&#160; BOOL bypass</div>
<div class="line"><a name="l00917"></a><span class="lineno"> 917</span>&#160;);</div>
<div class="line"><a name="l00918"></a><span class="lineno"> 918</span>&#160; </div>
<div class="line"><a name="l00925"></a><span class="lineno"><a class="line" href="xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423"> 925</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#a229ee0bd4111363061bc4230bc1f6423">backdoor_setup</a>(<a class="code" href="structbackdoor__setup__params__t.html">backdoor_setup_params_t</a> *params);</div>
<div class="line"><a name="l00926"></a><span class="lineno"> 926</span>&#160; </div>
<div class="line"><a name="l00935"></a><span class="lineno"><a class="line" href="xzre_8h.html#a0d70747b6216270de07c783fc499938e"> 935</a></span>&#160;<span class="keyword">extern</span> BOOL <a class="code" href="xzre_8h.html#a0d70747b6216270de07c783fc499938e">resolve_libc_imports</a>(</div>
<div class="line"><a name="l00936"></a><span class="lineno"> 936</span>&#160; <span class="keyword">struct</span> link_map *libc,</div>
<div class="line"><a name="l00937"></a><span class="lineno"> 937</span>&#160; <a class="code" href="structelf__info.html">elf_info_t</a> *libc_info,</div>
<div class="line"><a name="l00938"></a><span class="lineno"> 938</span>&#160; <a class="code" href="structlibc__imports.html">libc_imports_t</a> *imports</div>
<div class="line"><a name="l00939"></a><span class="lineno"> 939</span>&#160;);</div>
<div class="line"><a name="l00940"></a><span class="lineno"> 940</span>&#160; </div>
<div class="line"><a name="l00941"></a><span class="lineno"> 941</span>&#160;<span class="keyword">extern</span> <a class="code" href="structglobal__context__t.html">global_context_t</a> *global_ctx;</div>
<div class="line"><a name="l00942"></a><span class="lineno"> 942</span>&#160; </div>
<div class="line"><a name="l00943"></a><span class="lineno"> 943</span>&#160;<span class="preprocessor">#include &quot;util.h&quot;</span></div>
<div class="line"><a name="l00944"></a><span class="lineno"> 944</span>&#160;<span class="preprocessor">#endif</span></div>
<div class="ttc" id="astructbackdoor__data__t_html"><div class="ttname"><a href="structbackdoor__data__t.html">backdoor_data_t</a></div><div class="ttdoc">this structure is used to hold most of the backdoor information. it's used as a local variable in fun...</div><div class="ttdef"><b>Definition:</b> xzre.h:517</div></div>
<div class="ttc" id="astructbackdoor__data__t_html_a1729f7578790ffabfb83b9597696fe4e"><div class="ttname"><a href="structbackdoor__data__t.html#a1729f7578790ffabfb83b9597696fe4e">backdoor_data_t::libcrypto_info</a></div><div class="ttdeci">elf_info_t libcrypto_info</div><div class="ttdoc">ELF context for libcrypto.so.</div><div class="ttdef"><b>Definition:</b> xzre.h:548</div></div>
<div class="ttc" id="astructbackdoor__data__t_html_a22234d8d48ec0cbc076e8ba334f36400"><div class="ttname"><a href="structbackdoor__data__t.html#a22234d8d48ec0cbc076e8ba334f36400">backdoor_data_t::libc</a></div><div class="ttdeci">elf_info_t * libc</div><div class="ttdoc">points to libc_info</div><div class="ttdef"><b>Definition:</b> xzre.h:524</div></div>
Expand Down

0 comments on commit d3b8780

Please sign in to comment.