Class: Msf::Encoder::XorAdditiveFeedback
- Inherits:
-
Xor
- Object
- Module
- Msf::Encoder
- Xor
- Msf::Encoder::XorAdditiveFeedback
- Defined in:
- lib/msf/core/encoder/xor_additive_feedback.rb
Overview
This class performs per-block XOR additive feedback encoding.
Constant Summary
Constants inherited from Module
Module::REPLICANT_EXTENSION_DS_KEY
Constants included from Module::ModuleInfo
Module::ModuleInfo::UpdateableOptions
Instance Attribute Summary
Attributes inherited from Msf::Encoder
Attributes inherited from Module
#error, #job_id, #license, #platform, #privileged, #references, #user_data
Attributes included from Framework::Offspring
Attributes included from Module::UUID
Attributes included from Rex::Ui::Subscriber::Input
Attributes included from Rex::Ui::Subscriber::Output
Attributes included from Module::Privileged
Attributes included from Module::Options
Attributes included from Module::ModuleStore
Attributes included from Module::ModuleInfo
Attributes included from Module::FullName
Attributes included from Module::DataStore
Attributes included from Module::Author
Attributes included from Module::Arch
Attributes included from Module::Alert
#alerts, #you_have_been_warned
Instance Method Summary collapse
-
#encode_block(state, block) ⇒ Object
Encodes a block using the XOR additive feedback algorithm.
-
#find_key(buf, badchars, state = Msf::EncoderState.new) ⇒ Object
Finds a key that is compatible with the badchars list.
-
#initialize(info) ⇒ XorAdditiveFeedback
constructor
A new instance of XorAdditiveFeedback.
Methods inherited from Xor
Methods inherited from Msf::Encoder
#can_preserve_registers?, #decoder_block_size, #decoder_hash, #decoder_key_offset, #decoder_key_pack, #decoder_key_size, #decoder_stub, #do_encode, #encode, #encode_begin, #encode_end, #encode_finalize_stub, #encoder_type, #find_bad_keys, #find_context_key, #find_key_verify, #has_badchars?, #init_platform, #init_state, #integer_to_key_bytes, #key_bytes_to_buffer, #key_bytes_to_integer, #modified_registers, #obtain_key, #prepend_buf, #preserves_stack?, #to_native, type, #type
Methods inherited from Module
#adapted_refname, #adapter_refname, #black_listed_auth_filenames, cached?, #debugging?, #default_cred?, #default_options, #fail_with, #file_path, #framework, #has_check?, #orig_cls, #owner, #perform_extensions, #platform?, #platform_to_s, #post_auth?, #register_extensions, #register_parent, #replicant, #required_cred_options, #set_defaults, #stage_refname, #stager_refname, #workspace
Methods included from Module::Reliability
#reliability, #reliability_to_s
Methods included from Module::Stability
Methods included from Module::SideEffects
#side_effects, #side_effects_to_s
Methods included from Module::UUID
Methods included from Module::UI
Methods included from Module::UI::Message
#print_error, #print_good, #print_prefix, #print_status, #print_warning
Methods included from Module::UI::Message::Verbose
#vprint_error, #vprint_good, #vprint_status, #vprint_warning
Methods included from Module::UI::Line
#print_line, #print_line_prefix
Methods included from Module::UI::Line::Verbose
Methods included from Rex::Ui::Subscriber
Methods included from Rex::Ui::Subscriber::Input
Methods included from Rex::Ui::Subscriber::Output
#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning
Methods included from Module::Type
#auxiliary?, #encoder?, #evasion?, #exploit?, #nop?, #payload?, #post?, #type
Methods included from Module::Ranking
Methods included from Module::Privileged
Methods included from Module::Options
#deregister_option_group, #deregister_options, #register_advanced_options, #register_evasion_options, #register_option_group, #register_options, #validate
Methods included from Module::Network
#comm, #support_ipv6?, #target_host, #target_port
Methods included from Module::ModuleStore
Methods included from Module::ModuleInfo
#alias, #description, #disclosure_date, #info_fixups, #merge_check_key, #merge_info, #merge_info_advanced_options, #merge_info_alias, #merge_info_description, #merge_info_evasion_options, #merge_info_name, #merge_info_options, #merge_info_string, #merge_info_version, #name, #notes, #update_info
Methods included from Module::FullName
#aliases, #fullname, #promptname, #realname, #refname, #shortname
Methods included from Module::DataStore
#import_defaults, #import_target_defaults, #share_datastore
Methods included from Module::Compatibility
#compat, #compatible?, #init_compat
Methods included from Module::Author
Methods included from Module::Auth
Methods included from Module::Arch
#arch?, #arch_to_s, #each_arch
Methods included from Module::Alert
#add_alert, #add_error, #add_info, #add_warning, #alert_user, #errors, #get_alerts, included, #infos, #is_usable?, #warnings, #without_prompt
Constructor Details
#initialize(info) ⇒ XorAdditiveFeedback
Returns a new instance of XorAdditiveFeedback.
10 11 12 |
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 10 def initialize(info) super(info) end |
Instance Method Details
#encode_block(state, block) ⇒ Object
Encodes a block using the XOR additive feedback algorithm.
17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 17 def encode_block(state, block) # XOR the key with the current block orig = block.unpack(decoder_key_pack)[0] oblock = orig ^ state.key # Add the original block contents to the key state.key = (state.key + orig) % (1 << (decoder_key_size * 8)) # Return the XOR'd block return [ oblock ].pack(decoder_key_pack) end |
#find_key(buf, badchars, state = Msf::EncoderState.new) ⇒ Object
Finds a key that is compatible with the badchars list.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 32 def find_key(buf, badchars, state = Msf::EncoderState.new) key_bytes = integer_to_key_bytes(super(buf, badchars, nil)) valid = false # Save the original key_bytes so we can tell if we loop around orig_key_bytes = key_bytes.dup # While we haven't found a valid key, keep trying the encode operation while (!valid) # Initialize the state back to defaults since we're trying to find a # key. init_state(state) begin # Reset the encoder state's key to the current set of key bytes state.reset(key_bytes_to_integer(key_bytes)) # If the key itself contains a bad character, throw the bad # character exception with the index of the bad character in the # key. Use a stub_size of zero to bypass the check to in the # rescue block. if ((idx = has_badchars?([state.key.to_i].pack(decoder_key_pack), badchars)) != nil) raise Msf::BadcharError.new(nil, idx, 0, nil) end # Perform the encode operation...if it encounters a bad character # an exception will be thrown valid = do_encode(state) rescue Msf::BadcharError => info # If the decoder stub contains a bad character, then there's not # much we can do about it if (info.index < info.stub_size) raise info, "The #{self.name} decoder stub contains a bad character.", caller end # Determine the actual index to the bad character inside the # encoded payload by removing the decoder stub from the index and # modulus off the decoder's key size idx = (info.index - info.stub_size) % (decoder_key_size) # Increment the key byte at the index that the bad character was # detected key_bytes[idx] = ((key_bytes[idx] + 1) % 255) # If we looped around, then give up. if (key_bytes[idx] == orig_key_bytes[idx]) raise info, "The #{self.name} encoder failed to encode without bad characters.", caller end end end # Return the original key return state.orig_key end |