From 6d0b048cff64e99777228b08f0f9ffe3b16b174e Mon Sep 17 00:00:00 2001 From: Quentin Date: Mon, 24 Feb 2020 13:42:35 +0100 Subject: [PATCH] Donar accepts my fake tor control port... --- src/faketor.c | 23 +++++++++- src/tor_ctl.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++- src/tor_ctl.h | 4 ++ 3 files changed, 137 insertions(+), 3 deletions(-) diff --git a/src/faketor.c b/src/faketor.c index 873479e..b90e62a 100644 --- a/src/faketor.c +++ b/src/faketor.c @@ -2,6 +2,7 @@ #include #include "evt_core.h" #include "socks5.h" +#include "tor_ctl.h" int faketor_socks5_listen(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { int conn_sock1; @@ -14,19 +15,36 @@ int faketor_socks5_listen(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdin if (conn_sock1 == -1 && errno == EAGAIN) return EVT_CORE_FD_EXHAUSTED; if (conn_sock1 == -1) goto co_error; - + make_socket_non_blocking (conn_sock1); printf("[%s][torfake] Accepted a new connection for socks5 \n", current_human_datetime ()); socks5_server_handle_req (ctx, conn_sock1); return EVT_CORE_FD_UNFINISHED; co_error: - perror("Failed to handle new connection"); + perror("Failed to handle new socks5 connection"); exit(EXIT_FAILURE); } int faketor_control_listen(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { + int conn_sock; + struct sockaddr_in addr; + socklen_t in_len; + + in_len = sizeof(addr); + conn_sock = accept(fdinfo->fd, (struct sockaddr*)&addr, &in_len); + + if (conn_sock == -1 && errno == EAGAIN) return EVT_CORE_FD_EXHAUSTED; + if (conn_sock == -1) goto co_error; + + make_socket_non_blocking (conn_sock); + printf("[%s][torfake] Accepted a new connection for control port \n", current_human_datetime ()); + tor_ctl_server_handle(ctx, conn_sock); return EVT_CORE_FD_UNFINISHED; + +co_error: + perror("Failed to handle new control port connection"); + exit(EXIT_FAILURE); } int faketor_socks5_server_success(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { @@ -115,6 +133,7 @@ int main(void) { evt_core_add_fd(&evts, &fdinfo); socks5_server_init(&evts); + tor_ctl_server_init (&evts); evt_core_loop (&evts); diff --git a/src/tor_ctl.c b/src/tor_ctl.c index cf04583..77f63b2 100644 --- a/src/tor_ctl.c +++ b/src/tor_ctl.c @@ -95,9 +95,13 @@ int tor_ctl_add_onion(struct tor_ctl* ctx, struct tor_os_str* tos, uint16_t* por //fprintf(ctx->wsock, "add_onion NEW:RSA1024 Port=%d\n", port[i]); + err = 0; fscanf(ctx->rsock, "%d", &err); - if (err != 250) return -2; + if (err != 250) { + fprintf(stderr, "Got error %d instead of 250\n", err); + return -2; + } err = fscanf(ctx->rsock, "-ServiceID=%s\n", buffer1); if (err <= 0) return -3; printf("Created onion service %s.onion\n", buffer1); @@ -120,3 +124,110 @@ void tor_ctl_close(struct tor_ctl* ctx) { fclose(ctx->rsock); fclose(ctx->wsock); } + +int on_torctl_server_auth_read(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { + char *expected = "authenticate \"\"\n"; + size_t to_read = strlen(expected); + char buffer[128] = {0}; + ssize_t nread = recv(fdinfo->fd, buffer, to_read, MSG_PEEK); + if (nread == -1 && errno == EAGAIN) return EVT_CORE_FD_EXHAUSTED; + if (nread != to_read) return EVT_CORE_FD_EXHAUSTED; + + recv(fdinfo->fd, buffer, to_read, 0); + if (strstr(buffer, "authenticate") == NULL) { + fprintf(stderr, "Unable to find string 'authenticate' in receveived command: '%s'\n", buffer); + exit(EXIT_FAILURE); + } + + evt_core_mv_fd2 (ctx, fdinfo, "torctl-server-auth-write"); + return EVT_CORE_FD_EXHAUSTED; +} + +int on_torctl_server_auth_write(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { + char *response = "250 OK\r\n"; + ssize_t nwrite = send(fdinfo->fd, response, sizeof(response), 0); + if (nwrite != sizeof(response)) { + perror("@FIXME: Unproper handling of sockets in torctl_server_auth_write."); + exit(EXIT_FAILURE); + } + evt_core_mv_fd2 (ctx, fdinfo, "torctl-server-add-onion-read"); + return EVT_CORE_FD_EXHAUSTED; +} + +int on_torctl_server_add_onion_read(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { + char buffer[1024] = {0}; + + ssize_t nread = recv(fdinfo->fd, buffer, sizeof(buffer), MSG_PEEK); + if (nread == -1 && errno == EAGAIN) return EVT_CORE_FD_EXHAUSTED; + if (nread == -1) { + perror("an error occured..."); + exit(EXIT_FAILURE); + } + if (buffer[nread-1] != '\n') return EVT_CORE_FD_EXHAUSTED; + nread = recv(fdinfo->fd, buffer, sizeof(buffer), 0); + + printf("[%s][torctl] Received command: %s\n", current_human_datetime (), buffer); + evt_core_mv_fd2 (ctx, fdinfo, "torctl-server-add-onion-write"); + return EVT_CORE_FD_EXHAUSTED; +} + +int on_torctl_server_add_onion_write(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { + char *answer = "250-ServiceID=iu7aeep42k5ky3fwcfag5el2raelfcwuilsstqhcz3c6bmxilr2nuayd\r\n250-PrivateKey=ED25519-V3:ULk3Q/TFqngKCDDzeM93YC80IDOjz13PKTx718UjE0Svf+u/QZmN9EHzUCqCa1ZkNAXSQJIzcOVeJ8OL8Zg5Xg==\r\n250 OK\r\n"; + + ssize_t nwrite; + nwrite = send(fdinfo->fd, answer, strlen(answer), 0); + if (nwrite != strlen(answer)) goto error; + + printf("[%s][torctl] Sent add-onion reply\n", current_human_datetime ()); + evt_core_mv_fd2(ctx,fdinfo,"torctl-server-add-onion-read"); + return EVT_CORE_FD_EXHAUSTED; + +error: + perror("@FIXME: unproper handling of non blocking sockets, you have been bitten in torctl server add onion write\n"); + exit(EXIT_FAILURE); +} + +void tor_ctl_server_init(struct evt_core_ctx *ctx) { + struct evt_core_cat template = {0}; + + template.cb = on_torctl_server_auth_read; + template.err_cb = NULL; + template.name = "torctl-server-auth-read"; + template.flags = EPOLLIN | EPOLLET; + evt_core_add_cat (ctx, &template); + + template.cb = on_torctl_server_auth_write; + template.err_cb = NULL; + template.name = "torctl-server-auth-write"; + template.flags = EPOLLOUT | EPOLLET; + evt_core_add_cat (ctx, &template); + + template.cb = on_torctl_server_add_onion_read; + template.err_cb = NULL; + template.name = "torctl-server-add-onion-read"; + template.flags = EPOLLIN | EPOLLET; + evt_core_add_cat (ctx, &template); + + template.cb = on_torctl_server_add_onion_write; + template.err_cb = NULL; + template.name = "torctl-server-add-onion-write"; + template.flags = EPOLLOUT | EPOLLET; + evt_core_add_cat (ctx, &template); +} + +void tor_ctl_server_handle(struct evt_core_ctx *ctx, int fd) { + struct evt_core_fdinfo *reg_fdinfo; + struct evt_core_fdinfo fdinfo; + struct evt_core_cat cat; + char url[256]; + + fdinfo.cat = &cat; + fdinfo.cat->name = "torctl-server-auth-read"; + fdinfo.fd = fd; + fdinfo.other = NULL; + fdinfo.free_other = NULL; + sprintf(url, "tor-ctl-server:%d", fd); + fdinfo.url = url; + + reg_fdinfo = evt_core_add_fd (ctx, &fdinfo); +} diff --git a/src/tor_ctl.h b/src/tor_ctl.h index e1c6c86..60d7a2d 100644 --- a/src/tor_ctl.h +++ b/src/tor_ctl.h @@ -1,6 +1,7 @@ #pragma once #include "tor_os.h" #include "net_tools.h" +#include "evt_core.h" /* * We want to use fscanf and fprintf as these func provide a nice abstraction @@ -23,3 +24,6 @@ int tor_ctl_connect(struct tor_ctl* ctx, char* addr, char* service); int tor_ctl_add_onion(struct tor_ctl* ctx, struct tor_os_str* tos, uint16_t* port, uint64_t port_per_os, enum TOR_ONION_FLAGS flags); void tor_ctl_list_onions(struct tor_ctl* ctx); void tor_ctl_close(struct tor_ctl* ctx); + +void tor_ctl_server_init(struct evt_core_ctx *ctx); +void tor_ctl_server_handle(struct evt_core_ctx *ctx, int fd);