v4.0.3 Enhance -H flag

xinjiezhu · Feb 26, 2019 · 6495e11 · 6495e11
1 parent 6efba2a
commit 6495e11
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 21 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,9 @@
 CHANGES
 
+4.0.3 Tue Nov 20 08:22:20 UTC 2018
+
+    * Enhance -H flag by intika <https://github.com/intika> (Hide commands arguments from ps and cmdline)
+
 4.0.2 Tue Nov 20 08:22:20 UTC 2018
 
     * Remove -s flag (experimental feature not working as expected by intika <https://github.com/intika>)

diff --git a/configure b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for shc 4.0.2.
+# Generated by GNU Autoconf 2.69 for shc 4.0.3.
 #
 # Report bugs to <http://github.com/neurobin/shc/issues>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='shc'
 PACKAGE_TARNAME='shc'
-PACKAGE_VERSION='4.0.2'
-PACKAGE_STRING='shc 4.0.2'
+PACKAGE_VERSION='4.0.3'
+PACKAGE_STRING='shc 4.0.3'
 PACKAGE_BUGREPORT='http://github.com/neurobin/shc/issues'
 PACKAGE_URL=''
 
@@ -1279,7 +1279,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures shc 4.0.2 to adapt to many kinds of systems.
+\`configure' configures shc 4.0.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1346,7 +1346,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of shc 4.0.2:";;
+     short | recursive ) echo "Configuration of shc 4.0.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1437,7 +1437,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-shc configure 4.0.2
+shc configure 4.0.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1863,7 +1863,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by shc $as_me 4.0.2, which was
+It was created by shc $as_me 4.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2733,7 +2733,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='shc'
- VERSION='4.0.2'
+ VERSION='4.0.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5311,7 +5311,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by shc $as_me 4.0.2, which was
+This file was extended by shc $as_me 4.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5368,7 +5368,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-shc config.status 4.0.2
+shc config.status 4.0.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([shc], [4.0.2], [http://github.com/neurobin/shc/issues])
+AC_INIT([shc], [4.0.3], [http://github.com/neurobin/shc/issues])
 AC_CONFIG_AUX_DIR(config)
 #prefix="/usr"
 AC_CONFIG_SRCDIR([src/shc.c])

diff --git a/src/shc.c b/src/shc.c
@@ -17,7 +17,7 @@
  */
 
 static const char my_name[] = "shc";
-static const char version[] = "Version 4.0.2";
+static const char version[] = "Version 4.0.3";
 static const char subject[] = "Generic Shell Script Compiler";
 static const char cpright[] = "GNU GPL Version 3";
 static const struct { const char * f, * s, * e; }
@@ -147,6 +147,86 @@ static int BUSYBOXON_flag = 0;
 
 static const char * RTC[] = {
 "",
+"#if HARDENING",
+"static const char * shc_x[] = {",
+"\"/*\",",
+"\" * Copyright 2019 - Intika <[email protected]>\",",
+"\" * Replace ******** with secret read from fd 21\",",
+"\" * Also change arguments location of sub commands (sh script commands)\",",
+"\" * gcc -Wall -fpic -shared -o shc_secret.so shc_secret.c -ldl\",",
+"\" */\",",
+"\"\",",
+"\"#define _GNU_SOURCE /* needed to get RTLD_NEXT defined in dlfcn.h */\",",
+"\"#define PLACEHOLDER \\\"********\\\"\",",
+"\"#include <dlfcn.h>\",",
+"\"#include <stdlib.h>\",",
+"\"#include <string.h>\",",
+"\"#include <unistd.h>\",",
+"\"#include <stdio.h>\",",
+"\"#include <signal.h>\",",
+"\"\",",
+"\"static char secret[128000]; //max size\",",
+"\"typedef int (*pfi)(int, char **, char **);\",",
+"\"static pfi real_main;\",",
+"\"\",",
+"\"// copy argv to new location\",",
+"\"char **copyargs(int argc, char** argv){\",",
+"\"    char **newargv = malloc((argc+1)*sizeof(*argv));\",",
+"\"    char *from,*to;\",",
+"\"    int i,len;\",",
+"\"\",",
+"\"    for(i = 0; i<argc; i++){\",",
+"\"        from = argv[i];\",",
+"\"        len = strlen(from)+1;\",",
+"\"        to = malloc(len);\",",
+"\"        memcpy(to,from,len);\",",
+"\"        // zap old argv space\",",
+"\"        memset(from,'\\\\0',len);\",",
+"\"        newargv[i] = to;\",",
+"\"        argv[i] = 0;\",",
+"\"    }\",",
+"\"    newargv[argc] = 0;\",",
+"\"    return newargv;\",",
+"\"}\",",
+"\"\",",
+"\"static int mymain(int argc, char** argv, char** env) {\",",
+"\"    //fprintf(stderr, \\\"Inject main argc = %d\\\\n\\\", argc);\",",
+"\"    return real_main(argc, copyargs(argc,argv), env);\",",
+"\"}\",",
+"\"\",",
+"\"int __libc_start_main(int (*main) (int, char**, char**),\",",
+"\"                      int argc,\",",
+"\"                      char **argv,\",",
+"\"                      void (*init) (void),\",",
+"\"                      void (*fini)(void),\",",
+"\"                      void (*rtld_fini)(void),\",",
+"\"                      void (*stack_end)){\",",
+"\"    static int (*real___libc_start_main)() = NULL;\",",
+"\"    int n;\",",
+"\"\",",
+"\"    if (!real___libc_start_main) {\",",
+"\"        real___libc_start_main = dlsym(RTLD_NEXT, \\\"__libc_start_main\\\");\",",
+"\"        if (!real___libc_start_main) abort();\",",
+"\"    }\",",
+"\"\",",
+"\"    n = read(21, secret, sizeof(secret));\",",
+"\"    if (n > 0) {\",",
+"\"      int i;\",",
+"\"\",",
+"\"    if (secret[n - 1] == '\\\\n') secret[--n] = '\\\\0';\",",
+"\"    for (i = 1; i < argc; i++)\",",
+"\"        if (strcmp(argv[i], PLACEHOLDER) == 0)\",",
+"\"          argv[i] = secret;\",",
+"\"    }\",",
+"\"\",",
+"\"    real_main = main;\",",
+"\"\",",
+"\"    return real___libc_start_main(mymain, argc, argv, init, fini, rtld_fini, stack_end);\",",
+"\"}\",",
+"\"\",",
+"0};",
+"#endif /* HARDENING */",
+"",
 "/* rtc.c */",
 "",
 "#include <sys/stat.h>",
@@ -281,26 +361,51 @@ static const char * RTC[] = {
 "} ",
 "/* End Seccomp Sandboxing Init */",
 "",
+"void shc_x_file() {",
+"    FILE *fp;",
+"    int line = 0;",
+"",
+"    if ((fp = fopen(\"/tmp/shc_x.c\", \"w\")) == NULL ) {exit(1); exit(1);}",
+"    for (line = 0; shc_x[line]; line++)	fprintf(fp, \"%s\\n\", shc_x[line]);",
+"    fflush(fp);fclose(fp);",
+"}",
+"",
+"int make() {",
+"	char * cc, * cflags, * ldflags;",
+"    char cmd[4096];",
+"",
+"	cc = getenv(\"CC\");",
+"	if (!cc) cc = \"cc\";",
+"",
+"	sprintf(cmd, \"%s %s -o %s %s\", cc, \"-Wall -fpic -shared\", \"/tmp/shc_x.so\", \"/tmp/shc_x.c -ldl\");",
+"	if (system(cmd)) {remove(\"/tmp/shc_x.c\"); return -1;}",
+"	remove(\"/tmp/shc_x.c\"); return 0;",
+"}",
+"",
 "void arc4_hardrun(void * str, int len) {",
 "    //Decode locally",
 "    char tmp2[len];",
+"    char tmp3[len+1024];",
 "    memcpy(tmp2, str, len);",
 "",
 "	unsigned char tmp, * ptr = (unsigned char *)tmp2;",
-"",
 "    int lentmp = len;",
 "    int pid, status;",
 "    pid = fork();",
-"",     
+"",
+"    shc_x_file();",
+"    if (make()) {exit(1);}",
+"",
+"    setenv(\"LD_PRELOAD\",\"/tmp/shc_x.so\",1);",
+"",
 "    if(pid==0) {",
 "",
 "        //Start tracing to protect from dump & trace",
 "        if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {",
-"            printf(\"Operation not permitted\\n\");",
 "            kill(getpid(), SIGKILL);",
 "            _exit(1);",
 "        }",
-"",     
+"",
 "        //Decode Bash",
 "        while (len > 0) {",
 "            indx++;",
@@ -314,25 +419,29 @@ static const char * RTC[] = {
 "            len--;",
 "        }",
 "",
-"        //Exec bash script",
+"        //Do the magic",
+"        sprintf(tmp3, \"%s %s\", \"'********' 21<<<\", tmp2);",
+"",
+"        //Exec bash script //fork execl with 'sh -c'",
 "        system(tmp2);",
 "",
 "        //Empty script variable",
 "        memcpy(tmp2, str, lentmp);",
 "",
+"        //Clean temp",
+"        remove(\"/tmp/shc_x.so\");",
+"",
 "        //Sinal to detach ptrace",
 "        ptrace(PTRACE_DETACH, 0, 0, 0);",
 "        exit(0);",
 "    }",
-"    else {",
-"        wait(&status);",
-"    }",
+"    else {wait(&status);}",
 "",
 "    /* Seccomp Sandboxing - Start */",
 "    seccomp_hardening();",
 "",
 "    exit(0);",
-"} ",
+"}",
 "#endif /* HARDENING */",
 "",
 "/*",