Closed mauri870 closed 6 years ago
Hi,
Have a look here : https://github.com/KoreTeam/KoreCoin/tree/master/src/tor
and here you can see how it is called :
and : https://github.com/KoreTeam/KoreCoin/blob/master/src/tor/korecoin.cpp and : https://github.com/KoreTeam/KoreCoin/blob/master/src/tor/korecoin.h
here you can see many things like in makefile etc : https://github.com/KoreTeam/KoreCoin/search?p=1&q=tor&utf8=%E2%9C%93
note this needs libevent and maybe openssl not sure if this helps, i still didn't have the chance to test the code, ill try to soon.
also found this related to -mthreads :
https://github.com/KoreTeam/KoreCoin/blob/master/korecoin-qt.pro#L479
Hi @Hanoosh, thanks for the links. I will check soon.
I'm stucked on this part and I need finish this to proceed with the next features :disappointed:
Here is another link: http://blog.hashbangbash.com/2014/04/linking-golang-statically/
i'm also trying to dig for more info about this. if this can not be done, i think the best way is to pack tor.exe and the .dlls with the malware, then auto extract and run and make proxy on the malware ( but this is not good as the final malware.exe will be big size.
another idea is to just make it connect to C&C server with tor2web urls like https://XXXXXXX.onion.cab
I think I'm just missing some flags during compilation or not using mingw correctly because it is suposed to work while building for windows... On linux linking tor statically generates a 12mb binary
i think you can use : strip , it will reduce the file size
The C&C need to be a hidden service, tor2web can be an alternative to this
I've spend some time trying to link tor with the final binary, it generates a lot of code, a lot of dependencies and a lot of time to compile... I'm thinking to leave this idea and choose a more lightweight alternative
Yes, i hope some other developers joins the party. good job mate
Thanks for the ideas and links @Hanoosh I will keep this issue open for discussion and any progress I will post here Cheers!
you got Tor linked for windows ?
Yes
On Oct 10, 2016 3:21 PM, "Hanoosh" notifications@github.com wrote:
you got Tor linked for windows ?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mauri870/ransomware/issues/3#issuecomment-252597273, or mute the thread https://github.com/notifications/unsubscribe-auth/AMxY5hBGwZYMtzRQ9csjVhynvG4EkGfCks5qyibegaJpZM4KPz9m .
@appendhc Can you share the code with us?
@Hanoosh Not yet :disappointed:
Probably I will use tor2web
i have given this instruction in terminal of lubuntu 14.04.1 below mentioned go get -v github.com/mauri870/ransomware and i got this error can't load package: package github.com/mauri870/ransomware: no buildable Go source files in /root/Projects/Proj1/src/github.com/mauri870/ransomware i can't able to resolve that error pls help me
@karikalansaitechnology Try go get -v github.com/mauri870/ransomware/...
ugh u can use this lolol... for Windows... why would u want a large openssl.. https://github.com/wbenny/mini-tor
also u can use winsock to make requests if u want... but i dont know how you would resolve the onion domain since tor doesnt have DNS
I think the best way to hide the communication between the malware and the server is to include the tor binaries in the malware with go-bindata or download it at the start of the program and start the proxy before any http calls.
Just like WanaDecrypt0r:
WanaDecrypt0r moves on to download a TOR client and extracts the contents into the TaskData folder. The TOR client is necessary to communicate to the known Command and Control servers
Finished the tor support using the standalone tor windows proxy :smile:. Enjoy
@mauri870 - I wrote https://github.com/cretz/bine which leverages https://github.com/cretz/tor-static to let you statically compile Tor in if you want. You can create onion services on the client side too if you want. There is built-in support for data dir deletion and not leaving things in default locations like regular Tor use might.
Hi guys, I've found some problems with the compilation with tor statically linked on the malware. I'm on this feature
It's currently working on linux but the malware is only for windows so we need make the cross compilation.
The Makefile has been updated to download tor and it's dependecies and compile then. The malware is now importing the main C code of tor and start it.
I'm compiling with the following command:
And I got it working with no problems But when I try to compile for windows...
Well, I update this command to use mingw:
And it thrown errors like
netdb.h
not found (WTF it is on the standard library :|)Then if I add
-I/usr/include
to the CFLAGS on the malware I receive a bunch of warnings for conflicts with methods :(If anyone has knowledge to help I would appreciate, cheers!