-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0542e94
commit ddf0ae1
Showing
64 changed files
with
32,465 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
[submodule "dropbear-hacks"] | ||
path = dropbear-hacks | ||
url = https://github.com/zcutlip/dropbear-hacks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,53 @@ | ||
HOST=arm-buildroot-linux-musleabihf | ||
proftpd=proftpd-1.3.5e | ||
CONFIG_OPTIONS=--disable-pam --disable-syslog --disable-shadow --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-loginfunc --disable-pututline --disable-pututxline --disable-zlib | ||
|
||
#--disable-syslog --disable-zlib --disable-pam --disable-shadow | ||
all: pbjb.zip | ||
pbjb.zip: Uninstall.app Jailbreak.app Services.app | ||
zip pbjb.zip *.app | ||
clean: | ||
rm -f Jailbreak.app Services.app pbjb.zip svc/bin/dropbear svc/bin/smbd svc/bin/ntlmhash svc/bin/proftpd | ||
make -C $(proftpd) clean || true | ||
make -C dropbear-hacks/src clean || true | ||
Jailbreak.app: hax.c | ||
arm-buildroot-linux-musleabihf-gcc -s -static $< -o $@ | ||
Services.app: FORCE | ||
(cat svc.sh && tar cvzf - -C svc .) > Services.app | ||
#tar cvf test.tar -C svc . | ||
svc: svc/bin/dropbear svc/bin/smbd svc/bin/ntlmhash svc/bin/proftpd | ||
echo done | ||
|
||
pure-ftpd-1.0.49: | ||
wget -c https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.49.tar.gz | ||
tar -xvzf pure-ftpd-1.0.49.tar.gz | ||
svc/bin/pure-ftpd: pure-ftpd-1.0.49 | ||
(cd pure-ftpd-1.0.49 && ./configure --without-inetd --without-privsep --without-shadow --without-ascii --without-globbing --with-puredb --disable-silent-rules --prefix=/mnt/secure --sbindir=/mnt/secure/bin --sharedstatedir=/var --localstatedir=/var --datadir=/mnt/secure --host=arm-linux-gnueabi CC="arm-buildroot-linux-musleabihf-gcc" LDFLAGS="-static -Wl,-gc-sections" CFLAGS="-ffunction-sections -fdata-sections -DACCEPT_ROOT_VIRTUAL_USERS=1") | ||
make -C pure-ftpd-1.0.49 | ||
cp -f pure-ftpd-1.0.49/src/pure-ftpd svc/bin/pure-ftpd | ||
cp -f pure-ftpd-1.0.49/src/pure-pw svc/bin/pure-pw | ||
arm-buildroot-linux-musleabihf-strip svc/bin/pure-* | ||
|
||
$(proftpd).tar.gz: | ||
wget -c ftp://ftp.proftpd.org/distrib/source/$(proftpd).tar.gz | ||
tar -xvzf $(proftpd).tar.gz | ||
|
||
svc/bin/proftpd: | ||
(cd $(proftpd) && ./configure --disable-autoshadow --without-pic --disable-auth-pam --disable-cap --disable-facl --disable-dso --disable-trace --disable-ipv6 CC=arm-buildroot-linux-musleabihf-gcc LDFLAGS="--static -Wl,-gc-sections" CFLAGS="-D__mempcpy=mempcpy -ffunction-sections -fdata-sections" --prefix=/mnt/secure --sbindir=/mnt/secure/bin --sharedstatedir=/var --datarootdir=/mnt/secure) | ||
make -C $(proftpd) | ||
cp -f $(proftpd)/proftpd svc/bin | ||
arm-buildroot-linux-musleabihf-strip svc/bin/proftpd | ||
|
||
svc/bin/dropbear: | ||
cp options.h dropbear-hacks/src | ||
cd dropbear-hacks/src && ./configure LDFLAGS="-static -Wl,-gc-sections" CFLAGS="-ffunction-sections -fdata-sections" --verbose $(CONFIG_OPTIONS) --host=$(HOST) | ||
#make -C dropbear-hacks MULTI=1 CC=arm-buildroot-linux-musleabihf-gcc TRIP=arm-buildroot-linux-musleabihf-strip PROGRAMS="scp dbclient dropbear" BUILDSTATIC=1 || true | ||
make -C dropbear-hacks/src MULTI=1 CC=arm-buildroot-linux-musleabihf-gcc HOST=arm-buildroot-linux-musleabihf STRIP=arm-buildroot-linux-musleabihf-strip PROGRAMS="scp dbclient dropbear" BUILDSTATIC=1 || true | ||
cp dropbear-hacks/src/dropbearmulti svc/bin/dropbear | ||
arm-buildroot-linux-musleabihf-strip svc/bin/dropbear | ||
svc/bin/smbd: | ||
cp -f ./samba-3.6.25/source3/bin/smbd svc/bin | ||
arm-buildroot-linux-musleabihf-strip svc/bin/smbd | ||
svc/bin/ntlmhash: ntlmhash.c | ||
arm-buildroot-linux-musleabihf-gcc -static -s ntlmhash.c -o svc/bin/ntlmhash | ||
FORCE: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/mnt/secure/su /bin/sh | ||
chattr -i /mnt/secure/su /mnt/secure/runonce/*.sh | ||
rm -rf /mnt/secure/su /mnt/secure/runonce/*.sh /mnt/secure/bin /mnt/secure/etc | ||
rm -f $0 | ||
reboot |
Submodule dropbear-hacks
added at
5bb72e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
#include <unistd.h> | ||
#include <string.h> | ||
|
||
//Init values | ||
#define INIT_A 0x67452301 | ||
#define INIT_B 0xefcdab89 | ||
#define INIT_C 0x98badcfe | ||
#define INIT_D 0x10325476 | ||
|
||
#define SQRT_2 0x5a827999 | ||
#define SQRT_3 0x6ed9eba1 | ||
|
||
unsigned int nt_buffer[16]; | ||
unsigned int output[4]; | ||
char hex_format[33]; | ||
char itoa16[16] = "0123456789ABCDEF"; | ||
|
||
//This is the MD4 compress function | ||
static void ntlm_crypt() | ||
{ | ||
unsigned int a = INIT_A; | ||
unsigned int b = INIT_B; | ||
unsigned int c = INIT_C; | ||
unsigned int d = INIT_D; | ||
|
||
/* Round 1 */ | ||
a += (d ^ (b & (c ^ d))) + nt_buffer[0] ;a = (a << 3 ) | (a >> 29); | ||
d += (c ^ (a & (b ^ c))) + nt_buffer[1] ;d = (d << 7 ) | (d >> 25); | ||
c += (b ^ (d & (a ^ b))) + nt_buffer[2] ;c = (c << 11) | (c >> 21); | ||
b += (a ^ (c & (d ^ a))) + nt_buffer[3] ;b = (b << 19) | (b >> 13); | ||
|
||
a += (d ^ (b & (c ^ d))) + nt_buffer[4] ;a = (a << 3 ) | (a >> 29); | ||
d += (c ^ (a & (b ^ c))) + nt_buffer[5] ;d = (d << 7 ) | (d >> 25); | ||
c += (b ^ (d & (a ^ b))) + nt_buffer[6] ;c = (c << 11) | (c >> 21); | ||
b += (a ^ (c & (d ^ a))) + nt_buffer[7] ;b = (b << 19) | (b >> 13); | ||
|
||
a += (d ^ (b & (c ^ d))) + nt_buffer[8] ;a = (a << 3 ) | (a >> 29); | ||
d += (c ^ (a & (b ^ c))) + nt_buffer[9] ;d = (d << 7 ) | (d >> 25); | ||
c += (b ^ (d & (a ^ b))) + nt_buffer[10] ;c = (c << 11) | (c >> 21); | ||
b += (a ^ (c & (d ^ a))) + nt_buffer[11] ;b = (b << 19) | (b >> 13); | ||
|
||
a += (d ^ (b & (c ^ d))) + nt_buffer[12] ;a = (a << 3 ) | (a >> 29); | ||
d += (c ^ (a & (b ^ c))) + nt_buffer[13] ;d = (d << 7 ) | (d >> 25); | ||
c += (b ^ (d & (a ^ b))) + nt_buffer[14] ;c = (c << 11) | (c >> 21); | ||
b += (a ^ (c & (d ^ a))) + nt_buffer[15] ;b = (b << 19) | (b >> 13); | ||
|
||
/* Round 2 */ | ||
a += ((b & (c | d)) | (c & d)) + nt_buffer[0] +SQRT_2; a = (a<<3 ) | (a>>29); | ||
d += ((a & (b | c)) | (b & c)) + nt_buffer[4] +SQRT_2; d = (d<<5 ) | (d>>27); | ||
c += ((d & (a | b)) | (a & b)) + nt_buffer[8] +SQRT_2; c = (c<<9 ) | (c>>23); | ||
b += ((c & (d | a)) | (d & a)) + nt_buffer[12]+SQRT_2; b = (b<<13) | (b>>19); | ||
|
||
a += ((b & (c | d)) | (c & d)) + nt_buffer[1] +SQRT_2; a = (a<<3 ) | (a>>29); | ||
d += ((a & (b | c)) | (b & c)) + nt_buffer[5] +SQRT_2; d = (d<<5 ) | (d>>27); | ||
c += ((d & (a | b)) | (a & b)) + nt_buffer[9] +SQRT_2; c = (c<<9 ) | (c>>23); | ||
b += ((c & (d | a)) | (d & a)) + nt_buffer[13]+SQRT_2; b = (b<<13) | (b>>19); | ||
|
||
a += ((b & (c | d)) | (c & d)) + nt_buffer[2] +SQRT_2; a = (a<<3 ) | (a>>29); | ||
d += ((a & (b | c)) | (b & c)) + nt_buffer[6] +SQRT_2; d = (d<<5 ) | (d>>27); | ||
c += ((d & (a | b)) | (a & b)) + nt_buffer[10]+SQRT_2; c = (c<<9 ) | (c>>23); | ||
b += ((c & (d | a)) | (d & a)) + nt_buffer[14]+SQRT_2; b = (b<<13) | (b>>19); | ||
|
||
a += ((b & (c | d)) | (c & d)) + nt_buffer[3] +SQRT_2; a = (a<<3 ) | (a>>29); | ||
d += ((a & (b | c)) | (b & c)) + nt_buffer[7] +SQRT_2; d = (d<<5 ) | (d>>27); | ||
c += ((d & (a | b)) | (a & b)) + nt_buffer[11]+SQRT_2; c = (c<<9 ) | (c>>23); | ||
b += ((c & (d | a)) | (d & a)) + nt_buffer[15]+SQRT_2; b = (b<<13) | (b>>19); | ||
|
||
/* Round 3 */ | ||
a += (d ^ c ^ b) + nt_buffer[0] + SQRT_3; a = (a << 3 ) | (a >> 29); | ||
d += (c ^ b ^ a) + nt_buffer[8] + SQRT_3; d = (d << 9 ) | (d >> 23); | ||
c += (b ^ a ^ d) + nt_buffer[4] + SQRT_3; c = (c << 11) | (c >> 21); | ||
b += (a ^ d ^ c) + nt_buffer[12] + SQRT_3; b = (b << 15) | (b >> 17); | ||
|
||
a += (d ^ c ^ b) + nt_buffer[2] + SQRT_3; a = (a << 3 ) | (a >> 29); | ||
d += (c ^ b ^ a) + nt_buffer[10] + SQRT_3; d = (d << 9 ) | (d >> 23); | ||
c += (b ^ a ^ d) + nt_buffer[6] + SQRT_3; c = (c << 11) | (c >> 21); | ||
b += (a ^ d ^ c) + nt_buffer[14] + SQRT_3; b = (b << 15) | (b >> 17); | ||
|
||
a += (d ^ c ^ b) + nt_buffer[1] + SQRT_3; a = (a << 3 ) | (a >> 29); | ||
d += (c ^ b ^ a) + nt_buffer[9] + SQRT_3; d = (d << 9 ) | (d >> 23); | ||
c += (b ^ a ^ d) + nt_buffer[5] + SQRT_3; c = (c << 11) | (c >> 21); | ||
b += (a ^ d ^ c) + nt_buffer[13] + SQRT_3; b = (b << 15) | (b >> 17); | ||
|
||
a += (d ^ c ^ b) + nt_buffer[3] + SQRT_3; a = (a << 3 ) | (a >> 29); | ||
d += (c ^ b ^ a) + nt_buffer[11] + SQRT_3; d = (d << 9 ) | (d >> 23); | ||
c += (b ^ a ^ d) + nt_buffer[7] + SQRT_3; c = (c << 11) | (c >> 21); | ||
b += (a ^ d ^ c) + nt_buffer[15] + SQRT_3; b = (b << 15) | (b >> 17); | ||
|
||
output[0] = a + INIT_A; | ||
output[1] = b + INIT_B; | ||
output[2] = c + INIT_C; | ||
output[3] = d + INIT_D; | ||
} | ||
|
||
//This include the Unicode conversion and the padding | ||
static void prepare_key(char *key) | ||
{ | ||
int i=0; | ||
int length=strlen(key); | ||
memset(nt_buffer,0,16*4); | ||
//The length of key need to be <= 27 | ||
for(;i<length/2;i++) | ||
nt_buffer[i] = key[2*i] | (key[2*i+1]<<16); | ||
|
||
//padding | ||
if(length%2==1) | ||
nt_buffer[i] = key[length-1] | 0x800000; | ||
else | ||
nt_buffer[i]=0x80; | ||
//put the length | ||
nt_buffer[14] = length << 4; | ||
} | ||
|
||
//This convert the output to hexadecimal form | ||
static void convert_hex() | ||
{ | ||
int i=0; | ||
//Iterate the integer | ||
for(;i<4;i++) | ||
{ | ||
int j=0; | ||
unsigned int n=output[i]; | ||
//iterate the bytes of the integer | ||
for(;j<4;j++) | ||
{ | ||
unsigned int convert=n%256; | ||
hex_format[i*8+j*2+1]=itoa16[convert%16]; | ||
convert=convert/16; | ||
hex_format[i*8+j*2+0]=itoa16[convert%16]; | ||
n=n/256; | ||
} | ||
} | ||
//null terminate the string | ||
hex_format[33]=0; | ||
} | ||
|
||
int main(int argc, char **argv) | ||
{ | ||
prepare_key(argv[1]); | ||
ntlm_crypt(); | ||
convert_hex(); | ||
write(1, hex_format, 32); | ||
return 0; | ||
} |
Oops, something went wrong.