Class: Msf::Encoder::XorAdditiveFeedback

Inherits:
Xor show all
Defined in:
lib/msf/core/encoder/xor_additive_feedback.rb

Overview

This class performs per-block XOR additive feedback encoding.

Constant Summary

Constants inherited from Module

Module::REPLICANT_EXTENSION_DS_KEY

Constants included from Module::ModuleInfo

Module::ModuleInfo::UpdateableOptions

Instance Attribute Summary

Attributes inherited from Msf::Encoder

#available_space

Attributes inherited from Module

#error, #job_id, #license, #platform, #privileged, #references, #user_data

Attributes included from Framework::Offspring

#framework

Attributes included from Module::UUID

#uuid

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Module::Privileged

#priveli, #privileged

Attributes included from Module::Options

#options

Attributes included from Module::ModuleStore

#module_store

Attributes included from Module::ModuleInfo

#module_info

Attributes included from Module::FullName

#aliased_as

Attributes included from Module::DataStore

#datastore

Attributes included from Module::Author

#author

Attributes included from Module::Arch

#arch

Attributes included from Module::Alert

#alerts, #you_have_been_warned

Instance Method Summary collapse

Methods inherited from Xor

#find_bad_keys

Methods inherited from Msf::Encoder

#can_preserve_registers?, #decoder_block_size, #decoder_hash, #decoder_key_offset, #decoder_key_pack, #decoder_key_size, #decoder_stub, #do_encode, #encode, #encode_begin, #encode_end, #encode_finalize_stub, #encoder_type, #find_bad_keys, #find_context_key, #find_key_verify, #has_badchars?, #init_platform, #init_state, #integer_to_key_bytes, #key_bytes_to_buffer, #key_bytes_to_integer, #modified_registers, #obtain_key, #prepend_buf, #preserves_stack?, #to_native, type, #type

Methods inherited from Module

#adapted_refname, #adapter_refname, #black_listed_auth_filenames, cached?, #debugging?, #default_cred?, #default_options, #fail_with, #file_path, #framework, #has_check?, #orig_cls, #owner, #perform_extensions, #platform?, #platform_to_s, #post_auth?, #register_extensions, #register_parent, #replicant, #required_cred_options, #set_defaults, #stage_refname, #stager_refname, #workspace

Methods included from Module::Reliability

#reliability, #reliability_to_s

Methods included from Module::Stability

#stability, #stability_to_s

Methods included from Module::SideEffects

#side_effects, #side_effects_to_s

Methods included from Module::UUID

#generate_uuid

Methods included from Module::UI

#init_ui

Methods included from Module::UI::Message

#print_error, #print_good, #print_prefix, #print_status, #print_warning

Methods included from Module::UI::Message::Verbose

#vprint_error, #vprint_good, #vprint_status, #vprint_warning

Methods included from Module::UI::Line

#print_line, #print_line_prefix

Methods included from Module::UI::Line::Verbose

#vprint_line

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Module::Type

#auxiliary?, #encoder?, #evasion?, #exploit?, #nop?, #payload?, #post?, #type

Methods included from Module::Ranking

#rank, #rank_to_h, #rank_to_s

Methods included from Module::Privileged

#privileged?

Methods included from Module::Options

#deregister_option_group, #deregister_options, #register_advanced_options, #register_evasion_options, #register_option_group, #register_options, #validate

Methods included from Module::Network

#comm, #support_ipv6?, #target_host, #target_port

Methods included from Module::ModuleStore

#[], #[]=

Methods included from Module::ModuleInfo

#alias, #description, #disclosure_date, #info_fixups, #merge_check_key, #merge_info, #merge_info_advanced_options, #merge_info_alias, #merge_info_description, #merge_info_evasion_options, #merge_info_name, #merge_info_options, #merge_info_string, #merge_info_version, #name, #notes, #update_info

Methods included from Module::FullName

#aliases, #fullname, #promptname, #realname, #refname, #shortname

Methods included from Module::DataStore

#import_defaults, #import_target_defaults, #share_datastore

Methods included from Module::Compatibility

#compat, #compatible?, #init_compat

Methods included from Module::Author

#author_to_s, #each_author

Methods included from Module::Auth

#store_valid_credential

Methods included from Module::Arch

#arch?, #arch_to_s, #each_arch

Methods included from Module::Alert

#add_alert, #add_error, #add_info, #add_warning, #alert_user, #errors, #get_alerts, included, #infos, #is_usable?, #warnings, #without_prompt

Constructor Details

#initialize(info) ⇒ XorAdditiveFeedback

Returns a new instance of XorAdditiveFeedback.



10
11
12
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 10

def initialize(info)
  super(info)
end

Instance Method Details

#encode_block(state, block) ⇒ Object

Encodes a block using the XOR additive feedback algorithm.



17
18
19
20
21
22
23
24
25
26
27
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 17

def encode_block(state, block)
  # XOR the key with the current block
  orig       = block.unpack(decoder_key_pack)[0]
  oblock     = orig ^ state.key

  # Add the original block contents to the key
  state.key  = (state.key + orig) % (1 << (decoder_key_size * 8))

  # Return the XOR'd block
  return [ oblock ].pack(decoder_key_pack)
end

#find_key(buf, badchars, state = Msf::EncoderState.new) ⇒ Object

Finds a key that is compatible with the badchars list.



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/msf/core/encoder/xor_additive_feedback.rb', line 32

def find_key(buf, badchars, state = Msf::EncoderState.new)
  key_bytes = integer_to_key_bytes(super(buf, badchars, nil))
  valid = false

  # Save the original key_bytes so we can tell if we loop around
  orig_key_bytes = key_bytes.dup

  # While we haven't found a valid key, keep trying the encode operation
  while (!valid)
    # Initialize the state back to defaults since we're trying to find a
    # key.
    init_state(state)

    begin
      # Reset the encoder state's key to the current set of key bytes
      state.reset(key_bytes_to_integer(key_bytes))

      # If the key itself contains a bad character, throw the bad
      # character exception with the index of the bad character in the
      # key.  Use a stub_size of zero to bypass the check to in the
      # rescue block.
      if ((idx = has_badchars?([state.key.to_i].pack(decoder_key_pack), badchars)) != nil)
        raise Msf::BadcharError.new(nil, idx, 0, nil)
      end

      # Perform the encode operation...if it encounters a bad character
      # an exception will be thrown
      valid = do_encode(state)
    rescue Msf::BadcharError => info
      # If the decoder stub contains a bad character, then there's not
      # much we can do about it
      if (info.index < info.stub_size)
        raise info, "The #{self.name} decoder stub contains a bad character.", caller
      end

      # Determine the actual index to the bad character inside the
      # encoded payload by removing the decoder stub from the index and
      # modulus off the decoder's key size
      idx = (info.index - info.stub_size) % (decoder_key_size)

      # Increment the key byte at the index that the bad character was
      # detected
      key_bytes[idx] = ((key_bytes[idx] + 1) % 255)

      # If we looped around, then give up.
      if (key_bytes[idx] == orig_key_bytes[idx])
        raise info, "The #{self.name} encoder failed to encode without bad characters.",
            caller
      end
    end
  end

  # Return the original key
  return state.orig_key
end