dstruct 0.0.1

data/lib/rex/encoders/xor_dword_additive.rb

@@ -0,0 +1,53 @@
+# -*- coding: binary -*-
+
+require 'rex/encoder/xor/dword_additive'
+
+##
+#
+# Jmp/Call Dword Additive Feedback Encoder
+# Author: skape
+# Arch:   x86
+#
+##
+module Rex
+module Encoders
+
+class XorDwordAdditive < Rex::Encoder::Xor::DwordAdditive
+  module Backend
+
+    def _unencoded_transform(data)
+      # check for any dword aligned zeros that would falsely terminate the decoder
+      idx = 0
+      while true
+        idx = data.index("\x00\x00\x00\x00", idx)
+        break if !idx
+        if idx & 3 == 0
+          raise RuntimeError, "Unencoded data cannot have a dword aligned 0 dword!", caller()
+        end
+        idx += 1
+      end
+
+      # pad to a dword boundary and append null dword for termination
+      data = data + ("\x00" * ((4 - data.length & 3) & 3)) + "\x00\x00\x00\x00"
+    end
+
+    def _prepend
+      "\xfc"                + # cld
+      "\xbb" + key          + # mov ebx, key
+      "\xeb\x0c"            + # jmp short 0x14
+      "\x5e"                + # pop esi
+      "\x56"                + # push esi
+      "\x31\x1e"            + # xor [esi], ebx
+      "\xad"                + # lodsd
+      "\x01\xc3"            + # add ebx, eax
+      "\x85\xc0"            + # test eax, eax
+      "\x75\xf7"            + # jnz 0xa
+      "\xc3"                + # ret
+      "\xe8\xef\xff\xff\xff"  # call 0x8
+    end
+  end
+
+  include Backend
+end
+
+end end

data/lib/rex/encoding/xor.rb

@@ -0,0 +1,20 @@
+# -*- coding: binary -*-
+
+#
+# make sure the namespace is created
+#
+
+module Rex
+module Encoding
+module Xor
+end end end
+
+#
+# include the Xor encodings
+#
+
+require 'rex/encoding/xor/generic'
+require 'rex/encoding/xor/byte'
+require 'rex/encoding/xor/word'
+require 'rex/encoding/xor/dword'
+require 'rex/encoding/xor/qword'

data/lib/rex/encoding/xor/byte.rb

@@ -0,0 +1,15 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/generic'
+
+module Rex
+module Encoding
+module Xor
+
+class Byte < Generic
+
+  def Byte.keysize
+    1
+  end
+
+end end end end # Byte/Xor/Encoding/Rex

data/lib/rex/encoding/xor/dword.rb

@@ -0,0 +1,21 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/generic'
+
+#
+# Routine for xor encoding a buffer by a 2-byte (intel word) key.  The perl
+# version used to pad this buffer out to a 2-byte boundary, but I can't think
+# of a good reason to do that anymore, so this doesn't.
+#
+
+module Rex
+module Encoding
+module Xor
+
+class Dword < Generic
+
+  def Dword.keysize
+    4
+  end
+
+end end end end # Dword/Xor/Encoding/Rex

data/lib/rex/encoding/xor/dword_additive.rb

@@ -0,0 +1,92 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/exceptions'
+require 'rex/encoding/xor/generic'
+
+#
+# Routine for xor encoding a buffer by a 2-byte (intel word) key.  The perl
+# version used to pad this buffer out to a 2-byte boundary, but I can't think
+# of a good reason to do that anymore, so this doesn't.
+#
+
+module Rex
+module Encoding
+module Xor
+
+class DwordAdditive < Generic
+
+  def DwordAdditive.keysize
+    4
+  end
+
+  def DwordAdditive._packspec
+    'V'
+  end
+
+  def DwordAdditive.pack_key(key)
+    return [ key ].pack(_packspec)
+  end
+  def DwordAdditive.unpack_key(key)
+    return key.unpack(_packspec)[0]
+  end
+
+  # hook in the key mutation routine of encode for the additive feedback
+  def DwordAdditive._encode_mutate_key(buf, key, pos, len)
+    if (pos + 1) % len == 0
+      # add the last len bytes (in this case 4) with the key,
+      # dropping off any overflow
+      key = pack_key(
+        unpack_key(key) + unpack_key(buf[pos - (len - 1), len]) &
+          (1 << (len << 3)) - 1
+      )
+    end
+
+    return key
+  end
+
+  #
+  # I realize this algorithm is broken.  We invalidate some keys
+  # in _find_bad_keys that could actually be perfectly fine.  However,
+  # it seems to work ok for now, and this is all just a lame adhoc method.
+  # Maybe someday we can revisit this and make it a bit less ghetto...
+  #
+
+  def DwordAdditive._find_good_key(data, badkeys, badchars)
+
+    ksize  = keysize
+    kstart = ""
+    ksize.times { kstart << rand(256) } # random key starting place
+
+    key = kstart.dup
+
+    #
+    # now for the ghettoness of an algorithm:
+    #  try the random key we picked
+    #  if the key failed, figure out which key byte corresponds
+    #  increment that key byte
+    #  if we wrapped a byte all the way around, fail :(
+    #
+
+    loop do
+      # ok, try to encode it, any bad chars present?
+      pos = _check(data, key, badchars)
+
+      # yay, no problems, we found a key!
+      break if !pos
+
+      strip = pos % ksize
+
+      # increment the offending key byte
+      key[strip] = key[strip] + 1 & 0xff
+
+      # We wrapped around!
+      if key[strip] == kstart[strip]
+        raise KeySearchError, "Key space exhausted on strip #{strip}!", caller
+      end
+    end
+
+    return key
+  end
+
+end end end end # DwordAdditive/Xor/Encoding/Rex
+

data/lib/rex/encoding/xor/exceptions.rb

@@ -0,0 +1,17 @@
+# -*- coding: binary -*-
+
+module Rex
+module Encoding
+module Xor
+
+module Exception
+
+end
+
+class KeySearchError < ::Exception
+  include Exception
+  MSG = "Error finding a key."
+end
+
+end end end
+

data/lib/rex/encoding/xor/generic.rb

@@ -0,0 +1,146 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/exceptions'
+require 'rex/text'
+
+module Rex
+module Encoding
+module Xor
+
+class Generic
+
+  def Generic.keysize
+    # special case:
+    # 0 means we encode based on the length of the key
+    # we don't enforce any perticular key length
+    return 0
+  end
+
+  #
+  # Now for some internal check methods
+  #
+
+  # hook stylies!
+  # return index of offending byte or nil
+  def Generic._check(data, key, badchars)
+    return _check_key(key, badchars) || _check_encode(data, key, badchars)
+  end
+  def Generic._check_key(key, badchars)
+    return Rex::Text.badchar_index(key, badchars)
+  end
+  def Generic._check_encode(data, key, badchars)
+    return Rex::Text.badchar_index(encode(data, key), badchars)
+  end
+
+  def Generic.find_key(data, badchars)
+    return _find_good_key(data, _find_bad_keys(data, badchars), badchars)
+  end
+
+  # !!! xxx MAKE THESE PRIVATE
+
+  #
+  # Find a list of bytes that can't be valid xor keys, from the data and badchars.
+  # This returns a Array of hashes, length keysize
+  #
+  def Generic._find_bad_keys(data, badchars)
+
+    ksize = keysize
+
+    # array of hashes for the bad characters based
+    # on their position in the data
+    badkeys = [ ]
+    ksize.times { badkeys << { } }
+
+    badchars.each_byte { |badchar|
+      pos = 0
+      data.each_byte { |char|
+        badkeys[pos % ksize][char ^ badchar] = true
+        pos += 1
+      }
+    }
+
+    return badkeys
+  end
+
+  #
+  # (Hopefully) find a good key, from badkeys and badchars
+  #
+  def Generic._find_good_key(data, badkeys, badchars)
+
+    ksize = keysize
+    strip = 0
+    key   = ""
+
+    while strip < keysize
+
+      kbyte = rand(256)
+
+      catch(:found_kbyte) do
+        256.times {
+
+          if !badkeys[strip][kbyte] && !badchars[kbyte.chr]
+            throw :found_kbyte
+          end
+
+          kbyte = (kbyte + 1) & 0xff
+        }
+
+        raise KeySearchError, "Exhausted byte space for strip #{strip}!", caller
+      end
+
+      key << kbyte
+      strip += 1
+    end
+
+    # ok, we should have a good key now, lets double check...
+    if _check(data, key, badchars)
+      raise KeySearchError, "Key found, but bad character check failed!", caller
+    end
+
+    return key
+  end
+
+  def Generic.encode(buf, key)
+
+    if !key.kind_of?(String)
+      raise ::ArgumentError, "Key must be a string!", caller
+    end
+
+    len = key.length
+
+    if len == 0
+      raise ::ArgumentError, "Zero key length!", caller
+    end
+
+    if keysize != 0 && keysize != len
+      raise ::ArgumentError, "Key length #{len}, expected #{keysize}", caller
+    end
+
+    encoded = ""
+    pos     = 0
+
+    while pos < buf.length
+      encoded += (buf[pos,1].unpack("C*")[0] ^ key[pos % len, 1].unpack("C*")[0]).chr
+      key = _encode_mutate_key(buf, key, pos, len)
+      pos += 1
+    end
+
+    return [ encoded, key ]
+
+  end
+
+  # kind of ghetto, but very convenient for mutating keys
+  # by default, do no key mutations
+  def Generic._encode_mutate_key(buf, key, pos, len)
+    return key
+  end
+
+  # maybe a bit a smaller of method name?
+  def Generic.find_key_and_encode(data, badchars)
+    key        = find_key(data, badchars)
+    enc, fkey  = encode(data, key)
+    return [ enc, key, fkey ]
+  end
+
+
+end end end end # Generic/Xor/Encoding/Rex

data/lib/rex/encoding/xor/qword.rb

@@ -0,0 +1,15 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/generic'
+
+module Rex
+module Encoding
+module Xor
+
+class Qword < Generic
+
+  def Qword.keysize
+    8
+  end
+
+end end end end

data/lib/rex/encoding/xor/word.rb

@@ -0,0 +1,21 @@
+# -*- coding: binary -*-
+
+require 'rex/encoding/xor/generic'
+
+#
+# Routine for xor encoding a buffer by a 2-byte (intel word) key.  The perl
+# version used to pad this buffer out to a 2-byte boundary, but I can't think
+# of a good reason to do that anymore, so this doesn't.
+#
+
+module Rex
+module Encoding
+module Xor
+
+class Word < Generic
+
+  def Word.keysize
+    2
+  end
+
+end end end end # Word/Xor/Encoding/Rex

data/lib/rex/exceptions.rb

@@ -0,0 +1,275 @@
+# -*- coding: binary -*-
+
+module Rex
+
+###
+#
+# Base mixin for all exceptions that can be thrown from inside Rex.
+#
+###
+module Exception
+end
+
+###
+#
+# This exception is raised when a timeout occurs.
+#
+###
+class TimeoutError < Interrupt
+  include Exception
+
+  def to_s
+    "Operation timed out."
+  end
+end
+
+###
+#
+# This exception is raised when a method is called or a feature is used that
+# is not implemented.
+#
+###
+class NotImplementedError < ::NotImplementedError
+  include Exception
+
+  def to_s
+    "The requested method is not implemented."
+  end
+end
+
+###
+#
+# This exception is raised when a generalized runtime error occurs.
+#
+###
+class RuntimeError < ::RuntimeError
+  include Exception
+end
+
+###
+#
+# This exception is raised when an invalid argument is supplied to a method.
+#
+###
+class ArgumentError < ::ArgumentError
+  include Exception
+
+  def initialize(message = nil)
+    @message = message
+  end
+
+  def to_s
+    str = 'An invalid argument was specified.'
+    if @message
+      str << " #{@message}"
+    end
+    str
+  end
+end
+
+###
+#
+# This exception is raised when an argument that was supplied to a method
+# could not be parsed correctly.
+#
+###
+class ArgumentParseError < ::ArgumentError
+  include Exception
+
+  def to_s
+    "The argument could not be parsed correctly."
+  end
+end
+
+###
+#
+# This exception is raised when an argument is ambiguous.
+#
+###
+class AmbiguousArgumentError < ::RuntimeError
+  include Exception
+
+  def initialize(name = nil)
+    @name = name
+  end
+
+  def to_s
+    "The name #{@name} is ambiguous."
+  end
+end
+
+###
+#
+# This error is thrown when a stream is detected as being closed.
+#
+###
+class StreamClosedError < ::IOError
+  include Exception
+
+  def initialize(stream)
+    @stream = stream
+  end
+
+  def stream
+    @stream
+  end
+
+  def to_s
+    "Stream #{@stream} is closed."
+  end
+end
+
+##
+#
+# Socket exceptions
+#
+##
+
+###
+#
+# This exception is raised when a general socket error occurs.
+#
+###
+module SocketError
+  include Exception
+
+  def to_s
+    "A socket error occurred."
+  end
+end
+
+###
+#
+# This exception is raised when there is some kind of error related to
+# communication with a host.
+#
+###
+module HostCommunicationError
+  def initialize(addr = nil, port = nil)
+    self.host = addr
+    self.port = port
+  end
+
+  #
+  # This method returns a printable address and optional port associated
+  # with the host that triggered the exception.
+  #
+  def addr_to_s
+    if host and port
+      "(#{host}:#{port})"
+    elsif host
+      "(#{host})"
+    else
+      ""
+    end
+  end
+
+  attr_accessor :host, :port
+end
+
+
+###
+#
+# This is a generic exception for errors that cause a connection to fail.
+#
+###
+class ConnectionError < ::IOError
+  include SocketError
+  include HostCommunicationError
+end
+
+###
+#
+# This exception is raised when a connection attempt fails because the remote
+# side refused the connection.
+#
+###
+class ConnectionRefused < ConnectionError
+  def to_s
+    "The connection was refused by the remote host #{addr_to_s}."
+  end
+end
+
+###
+#
+# This exception is raised when a connection attempt fails because the remote
+# side is unreachable.
+#
+###
+class HostUnreachable < ConnectionError
+  def to_s
+    "The host #{addr_to_s} was unreachable."
+  end
+end
+
+###
+#
+# This exception is raised when a connection attempt times out.
+#
+###
+class ConnectionTimeout < ConnectionError
+  def to_s
+    "The connection timed out #{addr_to_s}."
+  end
+end
+
+
+###
+#
+# This exception is raised when an attempt to use an address or port that is
+# already in use occurs, such as binding to a host on a given port that is
+# already in use.  Note that Windows raises this in some cases when attempting
+# to connect to addresses that it can't handle, e.g. "0.0.0.0".  Thus, this is
+# a ConnectionError.
+#
+###
+class AddressInUse < ConnectionError
+  include SocketError
+  include HostCommunicationError
+
+  def to_s
+    "The address is already in use #{addr_to_s}."
+  end
+end
+
+###
+#
+# This exception is raised when an unsupported internet protocol is specified.
+#
+###
+class UnsupportedProtocol < ::ArgumentError
+  include SocketError
+
+  def initialize(proto = nil)
+    self.proto = proto
+  end
+
+  def to_s
+    "The protocol #{proto} is not supported."
+  end
+
+  attr_accessor :proto
+end
+
+
+###
+#
+# This exception is raised when a proxy fails to pass a connection
+#
+###
+class ConnectionProxyError < ConnectionError
+  def initialize(host,port,ptype,reason)
+    super(host,port)
+    self.ptype = ptype
+    self.reason = reason
+  end
+
+  def to_s
+    self.ptype + ": " + self.reason
+  end
+
+  attr_accessor :ptype, :reason
+end
+
+end
+