This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

netbots mod

Requests for complete scripts or modifications/fixes for scripts you didn't write. Response not guaranteed, and no thread bumping!
Post Reply
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

netbots mod

Post by geek »

hi,
I use the well-known netbots.tcl v4.10 of 8/8/2005 from slennox
but I'm not a good tcl writer

netbots uses the "nb_key" variable to make bots of the botnet recognize each other

the encrypted remote "nb_key" variable is decrypted and compared with the local "nb_key"

I'm not sure but by analyzing the code I figured out that netbots use the encrypt/decrypt functions that are contained in the blowfish module

in eggdrop 1.9.x I already use the new PBKDF2 module for userfile, but I still have to load blowfish module only for encrypt/decrypt functions

blowfish module is planned to be removed in Eggdrop 2.0

the question is:
How can I replace these 2 functions?

I read about the md5 package for tcl, could it possibly be useful for the purpose?
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

The encryption module is alway existing, so you can alway use encrypt and decrypt, even if blowfish is not loaded.
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

I think encrypt/decrypt are provided by this module



from eggdrop.conf:
#### BLOWFISH MODULE ####
#
# This module is planned to be removed in Eggdrop 2.0
#
# Load this if you intend to use a pre-1.9.0 userfile (Or in other words, do
# not load this if you are starting this as a fresh bot and are not linking
# it to a botnet that uses blowfish hashes)
#
# You also need to load this if you use a script that employs the
# encrypt/decrypt Tcl commands.
#
loadmodule blowfish
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

Code: Select all

.modules
[21:01:55] #CrazyCat# modules 
Modules loaded:
  Module: assoc (v2.1)
  Module: seen (v2.1)
  Module: console (v1.3)
  Module: notes (v2.2)
  Module: compress (v1.2)
  Module: share (v2.4)
  Module: transfer (v2.4)
  Module: irc (v1.5)
  Module: ctcp (v1.1)
  Module: server (v1.5)
  Module: channels (v1.2)
  Module: uptime (v1.4)
  Module: encryption (v2.2)
  Module: eggdrop (v109.3)
End of modules list.
No reference to blowfish

Code: Select all

.tcl encrypt test mystring
Tcl: *6xjjueyEvdMzeoq61Zox8A==
.tcl decrypt test *6xjjueyEvdMzeoq61Zox8A==
Tcl: mystring
encrypt/decrypt work.
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

ok, thanks

so the eggdrop documentation is wrong
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

Peharps that the doc is true: I just saw that blowfish is loaded but not shown in modules list.

BTW, you can probably choose, for next version, to use pbkdf2 and use its utilities
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

ok I understand thanks

Code: Select all

   Module: encryption (v2.2)
   Module: encryption2 (v1.0)
I have both PBKDF2 and blowfish loaded

I think encryption v2.2 is the "old" blowfish
and encryption2 v1.0 is the "new" pbkdf2

but for now the new module does not provide the encrypt/decrypt tcl commands


maybe in the future :)
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

Looking at netbots.tcl, it will be hard to adapt it to work without blowfish: pbkdf2 is not reversible, so some utilities cannot be used, as the nb_netpass proc (changement of bot password) or nb_autopass.

Proc using just the key (nb_checkbot) can easily be adapted
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

CrazyCat wrote:pbkdf2 is not reversible
yes, the problem is just that



maybe something like this?

Code: Select all

IF (remote nb_key) == md5(local nb_key) THAN go ELSE dont go
where (remote nb_key) is md5(nb_key)

i.e. you compare the hashes instead of the keys

so there is no need to decrypt anything
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

No.
netbot encrypt all the command sent, so you can't guess what you receive, and cannot compare with anything.

The purpose of netbot is to encrypt the most things as possible.
encryption can be decrypted, but MD5 (and others) are not encryption, they are hashing, so impossible to "unhash" them.

The only way I can see is to use base64 (which is encryption), but it's really easy to decode, unless you create an algorythm to add salt in it.
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

oh

so ALL the commands are encrypted... I thought only "nb_key" variable and only one time :?


this is a problem
Online
User avatar
CrazyCat
Revered One
Posts: 1216
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

I had a short chat with Geo: blowfish will stay in eggdrop until they have a replacement plan, so don't worry about the encrypt/decrypt functionnalities.

Just keep in mind that blowfish won't be loaded by default in next versions of eggdrop, so you'll have to check your config or simply modify the script to make it loading the module (with a check to know if it is not already loaded)
g
geek
Halfop
Posts: 47
Joined: Fri Oct 24, 2008 6:07 am

Post by geek »

perfect CrazyCat

very thanks
Post Reply