From 239d75955ed9c510a37e8acd76281a6260e397fa Mon Sep 17 00:00:00 2001
From: Johannes Bader <git@bin.re>
Date: Fri, 29 Apr 2022 18:42:04 +0200
Subject: [PATCH] extended the m0yv DGA (formerly mis-classified as Expiro)

- moved the DGA to `m0yv`, which is the name given by the authors
- added a reference in the `expiro` folder to not break links to this
file
- created a version of the dga which is time dependent (from the source
code leak)
- added two additional seeds that are mentioned in the source code leak
---
 expiro/dga.py            | 40 +--------------------
 m0yv/dga-td.py           | 75 ++++++++++++++++++++++++++++++++++++++++
 m0yv/dga.py              | 39 +++++++++++++++++++++
 m0yv/example_domains.txt |  0
 4 files changed, 115 insertions(+), 39 deletions(-)
 create mode 100644 m0yv/dga-td.py
 create mode 100644 m0yv/dga.py
 create mode 100644 m0yv/example_domains.txt

diff --git a/expiro/dga.py b/expiro/dga.py
index f698a52..602cbde 100644
--- a/expiro/dga.py
+++ b/expiro/dga.py
@@ -1,39 +1 @@
-import argparse
-
-class Rand:
-    def __init__(self, seed):
-        self.seed = seed
-        self.r = self.seed
-
-    def rand(self):
-        v = (214013 * self.r + 2531011) & 0xFFFFFFFF
-        self.r = v
-        v = v >> 16
-        if v > 0x7FFF:
-            v = v - 2 ** 15
-        return v
-
-
-def dga(seed):
-    for i in range(128):
-        r = Rand(seed ^ i)
-        k = r.rand()
-        l = 5 + k % 5
-        domain = ""
-        for c in range(l):
-            n = r.rand()
-            letter = chr(n % 26 + ord("a"))
-            domain += letter
-        domain += ".biz"
-
-        yield domain
-
-def seed_parser(s):
-    return int(s, 0)
-
-if __name__=="__main__":
-    parser = argparse.ArgumentParser()
-    parser.add_argument("-s", "--seed", default=0x2484A18, type=seed_parser)
-    args = parser.parse_args()
-    for domain in dga(args.seed):
-        print(domain)
+# moved to https://github.com/baderj/domain_generation_algorithms/blob/master/m0yv/dga.py
diff --git a/m0yv/dga-td.py b/m0yv/dga-td.py
new file mode 100644
index 0000000..e3a11f4
--- /dev/null
+++ b/m0yv/dga-td.py
@@ -0,0 +1,75 @@
+import argparse
+from ctypes import c_uint
+from datetime import datetime
+
+class Rand:
+    def __init__(self, seed):
+        self.seed = seed
+        self.r = self.seed
+
+    def rand(self):
+        v = (214013 * self.r + 2531011) & 0xFFFFFFFF
+        self.r = v
+        v = v >> 16
+        if v > 0x7FFF:
+            v = v - 2 ** 15
+        return v
+
+def secret_pool_seed(seed, date):
+    year = date.year
+    month = date.month
+    day = date.day
+
+    ret = seed + year
+    week = (30.5 * month - date.day) / 7.0
+    week = c_uint(int((30.5 * month - date.day) / 7.0))
+
+    for c in range(week.value):
+        ret = lrotl(ret + 1, 1)
+
+    return ret
+
+
+def lrotl(value, shift):
+    MASK = 0xFFFFFFFF
+    overflow = ((value << shift) >> 32) & MASK
+    value = (value << shift)
+    value += overflow 
+    value &= MASK
+    return value 
+
+def dga(seed, date):
+    for i in range(128):
+        s = secret_pool_seed(seed, date) 
+        r = Rand(s ^ i)
+        k = r.rand()
+        l = 5 + k % 5
+        domain = ""
+        for c in range(l):
+            n = r.rand()
+            letter = chr(n % 26 + ord("a"))
+            domain += letter
+        domain += ".biz"
+
+        yield domain
+
+def seed_parser(s):
+    return int(s, 0)
+
+if __name__=="__main__":
+    parser = argparse.ArgumentParser()
+    # other known seeds are 0x128a0e, 0x7178af3f
+    parser.add_argument("-s", "--seed", default=0x2484A18, type=seed_parser)
+    parser.add_argument(
+        "-d", "--date", 
+        help="date for which to generate domains"
+    )
+    args = parser.parse_args()
+
+    if args.date:
+        d = datetime.strptime(args.date, "%Y-%m-%d")
+    else:
+        d = datetime.utcnow()
+
+    for domain in dga(args.seed, d):
+        print(domain)
diff --git a/m0yv/dga.py b/m0yv/dga.py
new file mode 100644
index 0000000..f698a52
--- /dev/null
+++ b/m0yv/dga.py
@@ -0,0 +1,39 @@
+import argparse
+
+class Rand:
+    def __init__(self, seed):
+        self.seed = seed
+        self.r = self.seed
+
+    def rand(self):
+        v = (214013 * self.r + 2531011) & 0xFFFFFFFF
+        self.r = v
+        v = v >> 16
+        if v > 0x7FFF:
+            v = v - 2 ** 15
+        return v
+
+
+def dga(seed):
+    for i in range(128):
+        r = Rand(seed ^ i)
+        k = r.rand()
+        l = 5 + k % 5
+        domain = ""
+        for c in range(l):
+            n = r.rand()
+            letter = chr(n % 26 + ord("a"))
+            domain += letter
+        domain += ".biz"
+
+        yield domain
+
+def seed_parser(s):
+    return int(s, 0)
+
+if __name__=="__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-s", "--seed", default=0x2484A18, type=seed_parser)
+    args = parser.parse_args()
+    for domain in dga(args.seed):
+        print(domain)
diff --git a/m0yv/example_domains.txt b/m0yv/example_domains.txt
new file mode 100644
index 0000000..e69de29