From 0b1149518d46d294690142bbe29e1adeec5ab89b Mon Sep 17 00:00:00 2001 From: Alessandro Mauri Date: Sat, 22 Aug 2020 13:35:31 +0200 Subject: [PATCH] more complete version of the prepare script - dependencies are fetched recursively - script is more verbose - increased compression ratio of package - strip preload of comments before injection - more I am missing --- .gitignore | 1 + posix/preload | 4 ++-- posix/prepare | 61 ++++++++++++++++++++++++++++++++++----------------- 3 files changed, 44 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index f531ce5..7039b0b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/pcmi/** +**/badwolf/** diff --git a/posix/preload b/posix/preload index e08451c..a07bd1c 100755 --- a/posix/preload +++ b/posix/preload @@ -1,7 +1,7 @@ #!/bin/sh -e +# TODO: verify checksum before extracting # SUM - # TODO: extract self without resolving to $0 because it doesn't resolve links tail -c +"$(expr BYTES + 1)" $0 | lz4 -dc | tar -x # TODO: remove hardcoded directory @@ -12,7 +12,7 @@ export ORIGIN="$(pwd)" export LD_LIBRARY_PATH="$ORIGIN/lib" export PATH="$ORIGIN/bin":$PATH -export LD_DEBUG='libs' +#export LD_DEBUG='libs' # TODO: use $0 instead # FIXME: uses the system's basename diff --git a/posix/prepare b/posix/prepare index d142f59..13f54b5 100755 --- a/posix/prepare +++ b/posix/prepare @@ -1,4 +1,4 @@ -#!/bin/sh -ex +#!/bin/sh -e # NEEDED: lz4 readelf tar cat awk cut sed sh sort @@ -20,22 +20,38 @@ getlibs () tmplist=$WORKDIR/tmplist touch $LIBLIST - + + # Take the executable and get the first level dependencies readelf -d "$1" | grep NEEDED | awk '{print $5}' | sed s/\\[/\ / | sed s/\\]/\ / > $tmplist - while test -s $tmplist; do + # While there are more dependencies + while [ "$(cat $tmplist)" ]; do + # Add them to the master file cat $LIBLIST $tmplist > $tmpfile mv -f $tmpfile $LIBLIST - for f in $tmplist; do - readelf -d "$f" | - grep NEEDED | - awk '{print $5}' | - sed s/\\[/\ / | sed s/\\]/\ / > $tmplist + + # Copy them to lib/ + while read l; do + find -L $SYS_LIBDIR -maxdepth 2 -name "$l" -exec cp -n {} $WORKDIR/lib/ \; + done < $tmplist + + # Extract their dependencies + touch $tmpfile + for f in $WORKDIR/lib/*; do + if [ "$(grep -F "$(basename "$f")" "$tmplist")" ]; then + readelf -d "$f" | + grep NEEDED | + awk '{print $5}' | + sed s/\\[/\ / | sed s/\\]/\ / >> $tmpfile + fi done + sort -u $tmpfile > $tmplist done + sort -u $LIBLIST > $tmpfile + mv -f $tmpfile $LIBLIST rm -f $tmplist } @@ -76,22 +92,25 @@ mkdir -p $WORKDIR/ext touch $WORKDIR/env # TODO: add usage and error checking -# FIXME: double sed should be avoided DIRNAME="$WORKDIR"/"$(head -1 $WORKDIR/id | awk '{print $1}')" if test -s $LIBLIST; then rm -f $LIBLIST fi +echo "Fetching dependencies and stripping binaries..." +# TODO: get al binary dependencies from deps file +# Get all dependencies and strip them for b in $WORKDIR/bin/*; do getlibs $b + strip $b +done +echo "Stripping libraries..." +for l in $WORKDIR/lib/*; do + strip $l done -sort -u $LIBLIST > $tmpfile -mv -f $tmpfile $LIBLIST -while read f; do - find -L $SYS_LIBDIR -maxdepth 2 -name "$f" -exec cp -n {} $WORKDIR/lib/ \; -done < $LIBLIST +echo "Compressing destination directory..." if test -d $DIRNAME; then rm -rf $DIRNAME fi @@ -106,11 +125,13 @@ cp $WORKDIR/id $DIRNAME/ tar -c -f $DIRNAME.tar -C $WORKDIR "$(basename $DIRNAME)" md5sum -b $DIRNAME.tar | cut -d " " -f1 > $SUMFILE -lz4 --rm $DIRNAME.tar +lz4 --rm -9 -c $DIRNAME.tar > "$DIRNAME".tar.lz4 +echo "Injecting payload..." cat "$PRELOAD_SCRIPT" | sed s/SUM/"$(cat $SUMFILE)"/ | -sed s/ID/"$(basename "$DIRNAME")"/ > tpp +sed s/ID/"$(basename "$DIRNAME")"/ | +awk '!/^ *#/ && NF' > tpp size="$(wc -c tpp | cut -d " " -f1)" strsize="$(echo "BYTES" | wc -c)" @@ -119,10 +140,10 @@ normsize="$(expr "$size" - "$(expr "$strsize" - "$numsize")")" cat tpp | sed s/BYTES/"$normsize"/ > tpr -cat tpr "$DIRNAME".tar.lz4 > "$DIRNAME".it +cat tpr "$DIRNAME".tar.lz4 > "$DIRNAME".ti +echo "Cleaning up..." rm -f tpr tpp -chmod +x "$DIRNAME".it +chmod +x "$DIRNAME".ti -rm -rf "$DIRNAME" -#"$DIRNAME".tar* +rm -rf "$DIRNAME" "$DIRNAME".tar*