[1] | 1 | #include "config_xor.h"
|
---|
| 2 |
|
---|
| 3 | #ifdef HAVE_BROKEN_INCLUDES
|
---|
| 4 | #define _ANSI_C_SOURCE
|
---|
| 5 | #define _POSIX_SOURCE
|
---|
| 6 | #endif
|
---|
| 7 |
|
---|
| 8 | #include <stdio.h>
|
---|
| 9 | #include <stdlib.h>
|
---|
| 10 | #include <unistd.h>
|
---|
| 11 | #include <string.h>
|
---|
| 12 | #include <ctype.h>
|
---|
| 13 | #include <sys/types.h>
|
---|
| 14 | #include <sys/stat.h>
|
---|
| 15 | #include <fcntl.h>
|
---|
| 16 | #include <errno.h>
|
---|
| 17 |
|
---|
| 18 |
|
---|
| 19 | #ifndef SH_BUFSIZE
|
---|
| 20 | #define SH_BUFSIZE 1024
|
---|
| 21 | #endif
|
---|
| 22 |
|
---|
| 23 | #ifdef SH_STEALTH
|
---|
| 24 | char * globber(const char * string);
|
---|
| 25 | #define _(string) globber(string)
|
---|
| 26 | #define N_(string) string
|
---|
| 27 | #else
|
---|
| 28 | #define _(string) string
|
---|
| 29 | #define N_(string) string
|
---|
| 30 | #endif
|
---|
| 31 |
|
---|
| 32 | #ifdef SH_STEALTH
|
---|
| 33 |
|
---|
| 34 | #ifndef SH_MAX_GLOBS
|
---|
| 35 | #define SH_MAX_GLOBS 32
|
---|
| 36 | #endif
|
---|
| 37 |
|
---|
| 38 | #ifndef GLOB_LEN
|
---|
| 39 | #define GLOB_LEN 511
|
---|
| 40 | #endif
|
---|
| 41 |
|
---|
| 42 | char * globber(const char * str)
|
---|
| 43 | {
|
---|
| 44 | register int i, j;
|
---|
| 45 | static int count = -1;
|
---|
| 46 | static char glob[SH_MAX_GLOBS][GLOB_LEN+1];
|
---|
| 47 |
|
---|
| 48 | ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0;
|
---|
| 49 | j = strlen(str);
|
---|
| 50 | if (j > GLOB_LEN) j = GLOB_LEN;
|
---|
| 51 |
|
---|
| 52 | for (i = 0; i < j; ++i)
|
---|
| 53 | {
|
---|
| 54 | if (str[i] != '\n' && str[i] != '\t')
|
---|
| 55 | glob[count][i] = str[i] ^ XOR_CODE;
|
---|
| 56 | else
|
---|
| 57 | glob[count][i] = str[i];
|
---|
| 58 | }
|
---|
| 59 | glob[count][j] = '\0';
|
---|
| 60 | return glob[count];
|
---|
| 61 | }
|
---|
| 62 | #endif
|
---|
| 63 |
|
---|
| 64 | static unsigned long off_data;
|
---|
| 65 |
|
---|
| 66 | char sh_util_charhex( int c )
|
---|
| 67 | {
|
---|
| 68 | if ( c >= 0 && c <= 9 )
|
---|
| 69 | return '0' + c;
|
---|
| 70 | else if ( c >= 10 && c <= 15 )
|
---|
| 71 | return 'a' + (c - 10);
|
---|
| 72 | else
|
---|
| 73 | {
|
---|
| 74 | fprintf(stderr, _("Out of range: %d\n"), c);
|
---|
| 75 | return 'X';
|
---|
| 76 | }
|
---|
| 77 | }
|
---|
| 78 |
|
---|
| 79 | int sh_util_hexchar( char c )
|
---|
| 80 | {
|
---|
| 81 | if ( c >= '0' && c <= '9' )
|
---|
| 82 | return c - '0';
|
---|
| 83 | else if ( c >= 'a' && c <= 'f' )
|
---|
| 84 | return c - 'a' + 10;
|
---|
| 85 | else if ( c >= 'A' && c <= 'F' )
|
---|
| 86 | return c - 'A' + 10;
|
---|
| 87 | else return -1;
|
---|
| 88 | }
|
---|
| 89 |
|
---|
| 90 | /* --------- third step -----------
|
---|
| 91 | *
|
---|
| 92 | * get data from a block of hex data
|
---|
| 93 | */
|
---|
| 94 | int hideout_hex_block(int fd, unsigned char * str, int len)
|
---|
| 95 | {
|
---|
| 96 | register int i, j, k;
|
---|
| 97 | unsigned char c, e;
|
---|
| 98 | register int num;
|
---|
| 99 | unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
|
---|
| 100 | unsigned long here = 0;
|
---|
| 101 | unsigned long retval = 0;
|
---|
| 102 |
|
---|
| 103 | i = 0;
|
---|
| 104 | while (i < len)
|
---|
| 105 | {
|
---|
| 106 | for (j = 0; j < 8; ++j)
|
---|
| 107 | {
|
---|
| 108 |
|
---|
| 109 | /* get a low byte, modify, read back */
|
---|
| 110 | for (k = 0; k < 2; ++k)
|
---|
| 111 | {
|
---|
| 112 | c = ' ';
|
---|
| 113 | do {
|
---|
| 114 | do {
|
---|
| 115 | num = read (fd, &c, 1);
|
---|
| 116 | } while (num == 0 && errno == EINTR);
|
---|
| 117 | if (num == 0) return -1;
|
---|
| 118 | ++here;
|
---|
| 119 | } while (c == '\n' || c == '\t' || c == '\r' ||
|
---|
| 120 | c == ' ');
|
---|
| 121 | }
|
---|
| 122 |
|
---|
| 123 |
|
---|
| 124 | /* e is the value of the low byte
|
---|
| 125 | */
|
---|
| 126 | e = (unsigned char) sh_util_hexchar( c );
|
---|
| 127 | if ((e & mask[7]) != 0) /* bit is set */
|
---|
| 128 | str[i] |= mask[j];
|
---|
| 129 | else /* bit is not set */
|
---|
| 130 | str[i] &= ~mask[j];
|
---|
| 131 |
|
---|
| 132 | }
|
---|
| 133 | if (str[i] == '\n') break;
|
---|
| 134 | ++i;
|
---|
| 135 | }
|
---|
| 136 | str[i+1] = '\0';
|
---|
| 137 | retval += here;
|
---|
| 138 | return retval;
|
---|
| 139 | }
|
---|
| 140 |
|
---|
| 141 | /* --------- second step -----------
|
---|
| 142 | *
|
---|
| 143 | * hide data in a block of hex data
|
---|
| 144 | */
|
---|
| 145 | int hidein_hex_block(int fd, char * str, int len)
|
---|
| 146 | {
|
---|
| 147 | register int i, j, k;
|
---|
| 148 | unsigned char c, d, e;
|
---|
| 149 | register int num;
|
---|
| 150 | unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
|
---|
| 151 | unsigned long here = 0;
|
---|
| 152 | unsigned long retval = 0;
|
---|
| 153 |
|
---|
| 154 | for (i = 0; i < len; ++i)
|
---|
| 155 | {
|
---|
| 156 | d = str[i];
|
---|
| 157 | for (j = 0; j < 8; ++j)
|
---|
| 158 | {
|
---|
| 159 |
|
---|
| 160 | /* get a low byte, modify, read back */
|
---|
| 161 | for (k = 0; k < 2; ++k)
|
---|
| 162 | {
|
---|
| 163 | c = ' ';
|
---|
| 164 | do {
|
---|
| 165 | do {
|
---|
| 166 | num = read (fd, &c, 1);
|
---|
| 167 | } while (num == 0 && errno == EINTR);
|
---|
| 168 | if (num == 0) return -1;
|
---|
| 169 | ++here;
|
---|
| 170 | } while (c == '\n' || c == '\t' || c == '\r' ||
|
---|
| 171 | c == ' ');
|
---|
| 172 | }
|
---|
| 173 |
|
---|
| 174 | /* e is the value of the low byte
|
---|
| 175 | */
|
---|
| 176 | e = (unsigned char) sh_util_hexchar( c );
|
---|
| 177 | if ((d & mask[j]) != 0) /* bit is set */
|
---|
| 178 | e |= mask[7];
|
---|
| 179 | else /* bit is not set */
|
---|
| 180 | e &= ~mask[7];
|
---|
| 181 |
|
---|
| 182 | e = sh_util_charhex ( e );
|
---|
| 183 | lseek(fd, -1, SEEK_CUR);
|
---|
| 184 | do {
|
---|
| 185 | num = write(fd, &e, 1);
|
---|
| 186 | } while (num == 0 && errno == EINTR);
|
---|
| 187 | }
|
---|
| 188 | }
|
---|
| 189 | retval += here;
|
---|
| 190 | return retval;
|
---|
| 191 | }
|
---|
| 192 |
|
---|
| 193 | /* --------- first step -----------
|
---|
| 194 | *
|
---|
| 195 | * find first block of hex data
|
---|
| 196 | */
|
---|
| 197 | unsigned long first_hex_block(int fd, unsigned long * max)
|
---|
| 198 | {
|
---|
| 199 | int i;
|
---|
| 200 | register int num = 1;
|
---|
| 201 | char c;
|
---|
| 202 | int nothex = 0;
|
---|
| 203 | unsigned long retval = 0;
|
---|
| 204 | int this_line = 0;
|
---|
| 205 | char theline[SH_BUFSIZE];
|
---|
| 206 |
|
---|
| 207 | *max = 0;
|
---|
| 208 |
|
---|
| 209 | while (1)
|
---|
| 210 | {
|
---|
| 211 | theline[0] = '\0';
|
---|
| 212 | this_line = 0;
|
---|
| 213 | c = '\0';
|
---|
| 214 | while (c != '\n' && num > 0)
|
---|
| 215 | {
|
---|
| 216 | do {
|
---|
| 217 | num = read (fd, &c, 1);
|
---|
| 218 | } while (num == 0 && errno == EINTR);
|
---|
| 219 | if (num > 0) theline[this_line] = c;
|
---|
| 220 | else return 0;
|
---|
| 221 | this_line += num;
|
---|
| 222 | }
|
---|
| 223 | theline[this_line] = '\0';
|
---|
| 224 |
|
---|
| 225 | /* not only 'newline' */
|
---|
| 226 | if (this_line > 60)
|
---|
| 227 | {
|
---|
| 228 | nothex = 0;
|
---|
| 229 | i = 0;
|
---|
| 230 | while (nothex == 0 && i < (this_line-1))
|
---|
| 231 | {
|
---|
| 232 | if (! isxdigit((int)theline[i])) nothex = 1;
|
---|
| 233 | ++i;
|
---|
| 234 | }
|
---|
| 235 | if (nothex == 1) retval += this_line;
|
---|
| 236 | }
|
---|
| 237 | else
|
---|
| 238 | {
|
---|
| 239 | nothex = 1;
|
---|
| 240 | retval += this_line;
|
---|
| 241 | }
|
---|
| 242 |
|
---|
| 243 | if (nothex == 0)
|
---|
| 244 | {
|
---|
| 245 | *max = 0;
|
---|
| 246 | do {
|
---|
| 247 | do {
|
---|
| 248 | num = read (fd, theline, SH_BUFSIZE);
|
---|
| 249 | } while (num == 0 && errno == EINTR);
|
---|
| 250 | for (i = 0; i < num; ++i)
|
---|
| 251 | {
|
---|
| 252 | c = theline[i];
|
---|
| 253 | if (c == '\n' || c == '\t' || c == '\r' || c == ' ')
|
---|
| 254 | ;
|
---|
| 255 | else if (!isxdigit((int)c))
|
---|
| 256 | break;
|
---|
| 257 | else
|
---|
| 258 | *max += 1;
|
---|
| 259 | }
|
---|
| 260 | } while (num > 0);
|
---|
| 261 |
|
---|
| 262 | *max /= 16;
|
---|
| 263 | return retval;
|
---|
| 264 | }
|
---|
| 265 |
|
---|
| 266 | }
|
---|
| 267 | /* return 0; *//* unreachable */
|
---|
| 268 | }
|
---|
| 269 |
|
---|
| 270 | static void usage ()
|
---|
| 271 | {
|
---|
| 272 | fprintf(stdout, _("\nUsage: samhain_stealth -i|s|g|o <where> "\
|
---|
| 273 | "[what]\n\n"));
|
---|
| 274 |
|
---|
| 275 | fprintf(stdout, _(" -i info on PS image 'where'\n"));
|
---|
| 276 | fprintf(stdout, _(" (how much bytes can be hidden in it).\n"));
|
---|
| 277 | fprintf(stdout, _(" -s hide file 'what' in PS image 'where'\n"));
|
---|
| 278 | fprintf(stdout, _(" -g get hidden data from PS image 'where'\n"));
|
---|
[205] | 279 | fprintf(stdout, _(" (output to stdout)\n"));
|
---|
[1] | 280 | fprintf(stdout, _(" -o size of file 'where' = offset to "\
|
---|
| 281 | "end-of-file\n"));
|
---|
[205] | 282 | fprintf(stdout, _(" (same as wc -c).\n\n"));
|
---|
| 283 | fprintf(stdout, _(" Example: let bar.ps be the ps file, and foo the config file\n"));
|
---|
| 284 | fprintf(stdout, _(" 1) extract with: samhain_stealth -g bar.ps >foo\n"));
|
---|
| 285 | fprintf(stdout, _(" 2) hide with: samhain_stealth -s bar.ps foo\n\n"));
|
---|
[1] | 286 |
|
---|
| 287 | fprintf(stdout, _(" This program hides a file in an UNCOMPRESSED "\
|
---|
| 288 | "postscript\n"));
|
---|
| 289 | fprintf(stdout, _(" image. To generate such an image, you may "\
|
---|
| 290 | "use e.g.:\n"));
|
---|
| 291 | fprintf(stdout, _(" 'convert +compress foo.jpg bar.ps'.\n"));
|
---|
| 292 | fprintf(stdout, _(" 'gimp' apparently saves postscript uncompressed "\
|
---|
| 293 | "by default\n"));
|
---|
| 294 | fprintf(stdout, _(" (V 1.06 of the postscript plugin).\n"));
|
---|
| 295 | fprintf(stdout, _(" 'xv' seems to save with run-length compression, "\
|
---|
| 296 | "which is unsuitable.\n"));
|
---|
| 297 | fprintf(stdout, _(" The program does not check the compression type of "\
|
---|
| 298 | "the PS file.\n"));
|
---|
[205] | 299 | fprintf(stdout, _(" Just have a look at the result to check.\n"));
|
---|
[1] | 300 | return;
|
---|
| 301 | }
|
---|
| 302 |
|
---|
| 303 | int main (int argc, char * argv[])
|
---|
| 304 | {
|
---|
| 305 | int fd;
|
---|
| 306 | int add_off;
|
---|
| 307 | unsigned long max;
|
---|
| 308 | char buf[1024];
|
---|
| 309 | FILE * infil;
|
---|
| 310 | int pgp_flag = 0;
|
---|
| 311 |
|
---|
| 312 | if (argc == 2 && argv[1][0] == '-' && argv[1][1] == 'h')
|
---|
| 313 | {
|
---|
| 314 | usage();
|
---|
| 315 | return (0);
|
---|
| 316 | }
|
---|
| 317 | if (argc == 2 && 0 == strcmp(argv[1], _("--help")))
|
---|
| 318 | {
|
---|
| 319 | usage();
|
---|
| 320 | return (0);
|
---|
| 321 | }
|
---|
| 322 |
|
---|
| 323 | if (argc < 3 || argv[1][0] != '-' ||
|
---|
| 324 | (argv[1][1] != 'o' && argv[1][1] != 'i' &&
|
---|
| 325 | argv[1][1] != 's' && argv[1][1] != 'g'))
|
---|
| 326 | {
|
---|
| 327 | usage ();
|
---|
| 328 | return (1);
|
---|
| 329 | }
|
---|
| 330 |
|
---|
| 331 |
|
---|
| 332 |
|
---|
| 333 | /* offset to end
|
---|
| 334 | */
|
---|
| 335 | if (argv[1][1] == 'o')
|
---|
| 336 | {
|
---|
| 337 | fd = open(argv[2], O_RDONLY);
|
---|
| 338 | if (fd == -1)
|
---|
| 339 | {
|
---|
| 340 | fprintf(stderr, _("Error: could not open() %s for reading\n"), argv[2]);
|
---|
| 341 | return (1);
|
---|
| 342 | }
|
---|
| 343 |
|
---|
| 344 | off_data = lseek (fd, 0, SEEK_END);
|
---|
| 345 | fprintf(stdout, _("%ld %s\n"),
|
---|
| 346 | off_data, argv[2]);
|
---|
| 347 | close (fd);
|
---|
| 348 | return (0);
|
---|
| 349 | }
|
---|
| 350 |
|
---|
| 351 | fd = open(argv[2], O_RDWR);
|
---|
| 352 | if (fd == -1)
|
---|
| 353 | {
|
---|
| 354 | fprintf(stderr, _("Error: could not open() %s for read/write\n"),
|
---|
| 355 | argv[2]);
|
---|
| 356 | return (1);
|
---|
| 357 | }
|
---|
| 358 |
|
---|
| 359 | /* find the first block of hex data
|
---|
| 360 | */
|
---|
| 361 | if (argv[1][1] == 'i')
|
---|
| 362 | {
|
---|
| 363 | off_data = first_hex_block(fd, &max);
|
---|
| 364 | fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"),
|
---|
| 365 | off_data, max);
|
---|
| 366 | if (max > 0)
|
---|
| 367 | return (0);
|
---|
| 368 | else
|
---|
| 369 | {
|
---|
| 370 | fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]);
|
---|
| 371 | return (1);
|
---|
| 372 | }
|
---|
| 373 | }
|
---|
| 374 |
|
---|
| 375 | /* seek to the first block of fresh hex data and hide data
|
---|
| 376 | */
|
---|
| 377 | if (argv[1][1] == 's')
|
---|
| 378 | {
|
---|
| 379 | infil = fopen(argv[3], "r");
|
---|
| 380 | if (infil == NULL)
|
---|
| 381 | {
|
---|
| 382 | fprintf(stderr, _("Error: could not open() %s\n"), argv[3]);
|
---|
| 383 | return (8);
|
---|
| 384 | }
|
---|
| 385 | off_data = first_hex_block(fd, &max);
|
---|
| 386 | fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"),
|
---|
| 387 | off_data, max);
|
---|
| 388 | if (max == 0)
|
---|
| 389 | {
|
---|
| 390 | fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]);
|
---|
| 391 | return (1);
|
---|
| 392 | }
|
---|
| 393 |
|
---|
| 394 | fprintf(stdout, _(" .. hide %s in %s .. \n"), argv[3], argv[2]);
|
---|
[34] | 395 | while (fgets(buf, sizeof(buf), infil))
|
---|
[1] | 396 | {
|
---|
| 397 | lseek(fd, off_data, SEEK_SET);
|
---|
| 398 | add_off = hidein_hex_block(fd, buf, strlen(buf));
|
---|
| 399 | if (add_off == -1)
|
---|
| 400 | {
|
---|
| 401 | fprintf(stderr, _("Error: %s has insufficient capacity\n"),
|
---|
| 402 | argv[2]);
|
---|
| 403 | return (1);
|
---|
| 404 | }
|
---|
| 405 | off_data += add_off;
|
---|
| 406 | }
|
---|
| 407 | fclose(infil);
|
---|
| 408 | /*
|
---|
| 409 | * make sure there is a terminator
|
---|
| 410 | */
|
---|
| 411 | lseek(fd, off_data, SEEK_SET);
|
---|
| 412 | add_off = hidein_hex_block(fd, _("[EOF]\n"), 6);
|
---|
| 413 | if (add_off == -1)
|
---|
| 414 | {
|
---|
| 415 | fprintf(stderr, _("Error: %s has insufficient capacity\n"),
|
---|
| 416 | argv[2]);
|
---|
| 417 | return (1);
|
---|
| 418 | }
|
---|
| 419 | fprintf(stdout, _(" .. finished\n"));
|
---|
| 420 | return (0);
|
---|
| 421 | }
|
---|
| 422 |
|
---|
| 423 | if (argv[1][1] == 'g')
|
---|
| 424 | {
|
---|
| 425 | off_data = first_hex_block(fd, &max);
|
---|
| 426 | if (max == 0)
|
---|
| 427 | {
|
---|
| 428 | fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]);
|
---|
| 429 | return (1);
|
---|
| 430 | }
|
---|
| 431 | lseek(fd, off_data, SEEK_SET);
|
---|
| 432 |
|
---|
| 433 | while (1 == 1)
|
---|
| 434 | {
|
---|
| 435 | add_off = hideout_hex_block(fd, (unsigned char *) buf, 1023);
|
---|
| 436 | if (add_off == -1)
|
---|
| 437 | {
|
---|
| 438 | fprintf(stderr, _("Error: premature end of data in %s\n"),
|
---|
| 439 | argv[2]);
|
---|
| 440 | return (1);
|
---|
| 441 | }
|
---|
| 442 | if (0 == strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n")))
|
---|
| 443 | pgp_flag = 1;
|
---|
| 444 | fprintf(stdout, "%s", buf);
|
---|
| 445 | if (0 == strncmp(buf, _("[EOF]"), 5) && pgp_flag == 0)
|
---|
| 446 | break;
|
---|
| 447 | if (0 == strcmp(buf, _("-----END PGP SIGNATURE-----\n")) &&
|
---|
| 448 | pgp_flag == 1)
|
---|
| 449 | break;
|
---|
| 450 |
|
---|
| 451 | off_data += add_off;
|
---|
| 452 | lseek(fd, off_data, SEEK_SET);
|
---|
| 453 | }
|
---|
| 454 | return (0);
|
---|
| 455 | }
|
---|
| 456 |
|
---|
| 457 | fprintf(stderr, _("Invalid mode of operation: %s"), argv[1]);
|
---|
| 458 | return (1);
|
---|
| 459 | }
|
---|
| 460 |
|
---|
| 461 |
|
---|