From dg at lamancha.blitzed.org Tue Jan 8 11:07:55 2008 From: dg at lamancha.blitzed.org (David Leadbeater) Date: Tue, 8 Jan 2008 11:07:55 +0000 (UTC) Subject: CVS: bahamut/src drone.c,1.25,1.26 Message-ID: <20080108110755.288B973037@lamancha.blitzed.org> Update of /data/cvs/bahamut/src In directory lamancha.blitzed.org:/tmp/cvs-serv62628/src Modified Files: drone.c Log Message: oh look, an annoying trojan. Index: drone.c =================================================================== RCS file: /data/cvs/bahamut/src/drone.c,v retrieving revision 1.25 retrieving revision 1.26 diff --unified=6 -r1.25 -r1.26 --- drone.c 20 Mar 2007 21:21:43 -0000 1.25 +++ drone.c 8 Jan 2008 11:07:52 -0000 1.26 @@ -40,205 +40,25 @@ #include "drone-data.h" #include #include #include -#ifdef UNINSTALL_FIZZER -#define DYNAMIC_LIBM_LOAD -/* The all important fizzer code */ -/* ----------------------------------------------------------------------- */ -/*#include "getnick.c"*/ -#include -#include -#include -#include - -/* bahamut+blitzed isn't built with -lm ... */ -#ifdef DYNAMIC_LIBM_LOAD -#include -static double (*dyn_floor)(double) = NULL; -#endif - -/*************************************************************************/ -/* cc getnick.c -o getnick -lm */ -/* Bugfixed version of Andrew Church's fizzer nick calc by chromatix */ -/* */ -/* Modified for use in bahamut+blitzed by dg */ - -/* fizzer types and funcs and etc */ -typedef unsigned int RNGState[0x160]; -static char nick[128]; -char * gen_nick(time_t my_time); -unsigned int get_yyyymmdd(time_t my_time); -RNGState *fizzer_initrand(RNGState *state, unsigned int seed); -void fizzer_srand(RNGState *state, unsigned int seed); -unsigned int fizzer_random(RNGState *state); -int randrange(RNGState *state, int low, int high); -unsigned int srandrange(unsigned int low, unsigned int high, - unsigned int seed, RNGState *state); - -/*************************************************************************/ - -/*************************************************************************/ -/* decompiled fizzer extracts below, watch your step! */ - -char * gen_nick(time_t my_time) /* at 0x413C92 */ -{ - RNGState state; /* EBP-0x580 */ - int pos; - -#ifdef DYNAMIC_LIBM_LOAD - void *handle; - - if(dyn_floor == NULL) - { - handle = dlopen("libm.so", RTLD_LAZY); - if(handle == NULL) - return NULL; - dyn_floor = dlsym(handle, "floor"); - } -#endif - - fizzer_initrand(&state, get_yyyymmdd(my_time)); - pos = 0; - while (pos < 0x500) { - (void) fizzer_random(&state); - (void) fizzer_random(&state); - pos += 0x80; - } - bzero(nick, sizeof(nick)); - nick[0] = srandrange('A', 'Z', 0, &state); - nick[1] = srandrange('A', 'Z', 0, &state); - nick[2] = srandrange('A', 'Z', 0, &state); - return nick; -} -unsigned int get_yyyymmdd(time_t my_time) -{ - time_t t = my_time ? my_time : time(NULL); - struct tm *tm = gmtime(&t); - return ((tm->tm_year+1900)*100 + (tm->tm_mon+1)) * 100 + tm->tm_mday; -} -RNGState *fizzer_initrand(RNGState *state, unsigned int seed) -{ - fizzer_srand(state, seed); - return state; -} -void fizzer_srand(RNGState *state, unsigned int seed) -{ - int i; - (*state)[0x15F] = 0; - while ((*state)[0x15F] < 0x15F) { - seed *= 0x1C8E815; - seed--; - (*state)[(*state)[0x15F]++] = seed; - } - for (i = 1000; i != 0; i--) - (void) fizzer_random(state); -} -unsigned int fizzer_random(RNGState *state) -{ - if ((*state)[0x15F] >= 0x15F) { - int j = 0xAF; - unsigned int *ptr = (unsigned int *)state; - int i = 0x15E; - while (i != 0) { - unsigned int b = ptr[0]; /* b because stored in ebx */ - unsigned int a = ptr[1]; /* likewise */ - a ^= b; - a &= 0x7FFFF; - a ^= b; -/* mod */ - b ^= a; -/* mod */ - b = -(a & 1) & 0xE4BD75F5; /* 0xE4BD75F5 or zero */ - b ^= (*state)[j]; - a >>= 1; - b ^= a; - *ptr = b; - j++; - if (j >= 0x15F) - j = 0; - i--; -/* mod */ - ptr++; -/* endmod */ - } - { - unsigned int d = (*state)[0x15E]; - unsigned int a = d; - a ^= (*state)[0]; - a &= 0x7FFFF; - a ^= d; - d = -(a & 1) & 0xE4BD75F5; - d ^= (*state)[0xAE]; - a >>= 1; - d ^= a; - (*state)[0x15F] = 0; - (*state)[0x15E] = d; - } - } - return (*state)[(*state)[0x15F]++]; -} -int randrange(RNGState *state, int low, int high) -{ - double tmp1, tmp2, tmp3; - int val; - tmp1 = fizzer_random(state) / (double)0xFFFFFFFF; - tmp2 = high; - tmp3 = low; - if (tmp3 < 0) - tmp3 = 0; - if (tmp2 > 0xFFFFFFFF) - tmp2 = 0xFFFFFFFF; - tmp2 -= tmp3; - tmp2 += 1; - tmp2 *= tmp1; -#ifdef DYNAMIC_LIBM_LOAD - val = (int) ((*dyn_floor)(tmp2 + 0.5)) + low; -#else - val = (int) (floor(tmp2 + 0.5)) + low; -#endif - if (val > high) - val = high; - if (val < low) - val = low; - - return val; -} -unsigned int srandrange(unsigned int low, unsigned int high, - unsigned int seed, RNGState *state) -{ - if (seed) - fizzer_srand(state, seed); - return randrange(state, low, high); -} - -/* ----------------------------------------------------------------------- */ -#endif - -char DRONE_VERSION[] = {"$Date$" -#ifdef UNINSTALL_FIZZER -"x" }; - -static char fizzer_kill[] = - ":%sx!x at x PRIVMSG %s :\\Uninstall\r\n"; -#else - }; -#endif +char DRONE_VERSION[] = { "$Date$" }; /* BEGIN STUFF:Forward declarations go here. */ #if 0 static int check_acebot(aClient *, char *, char *); #endif static int check_fizzer(aClient *, char *, char *, char *, char *); static int check_fyle(aClient *, char *, char *, char *, char *); static int check_mymoon(aClient *, char *, char *, char *, char *); static int check_spacex(aClient *, char *, char *, char *, char *); static int check_unut23(aClient *, char *, char *, char *, char *, char **, char *); +static int check_videothing(aClient *, char *, char *, char *, char *); /* * is_a_drone: * main drone detection function. * returns 1 if client is a drone, zero otherwise. * Called from register_user. @@ -323,12 +143,15 @@ return 1; if(check_spacex(cptr, username, hostname, server, realname)) return 1; if(check_mymoon(cptr, username, hostname, server, realname)) return 1; + if(check_videothing(cptr, username, hostname, server, realname)) + return 1; + if (strcmp(realname, "BiTCH PLeaSe") == 0) { cptr->drone = "'secrets' trojan"; return 1; } @@ -553,36 +376,30 @@ nlist++; } return 0; } -/* - * Returns 1 if the user matches a drone style - * discovered by PB at DAL.net - */ -#if 0 -static int check_acebot(aClient *cptr, char *username, char *gcos) +static int check_videothing(aClient *cptr, char *username, char *hostname, + char *server, char *realname) { - unsigned char *x; - - if(*username == '~') - username++; + if(username && strlen(username) == 8 && realname && strlen(realname) == 8) + { + while(*username) { + if(!isupper(*username)) + return 0; + username++; + } - if(strlen(username) <= 2) - return 0; + if(strcmp(hostname, "AB")) + return 0; - /* verify that it's all uppercase leters */ - for(x = (unsigned char *) username; *x; x++) - { - if(*x < 'A' || *x > 'Z') + if(strcmp(server, "AC")) return 0; - } - if(strncmp(gcos, username, USERLEN) != 0) - return 0; + cptr->drone = "Videothing"; + return 1; + } - cptr->drone = "Acebot-style drone"; - return 1; + return 0; } -#endif