Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/felix-hellman/CruzControl
Browse files Browse the repository at this point in the history
  • Loading branch information
@felix-hellman
felix-hellman committed Oct 31, 2017
2 parents 6373e82 + 1abc04b commit 2e143de
Showing 1 changed file with 31 additions and 2 deletions.
33 changes: 31 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ By default the bot uses Ted Cruz's twitterfeed as a C&C but this could be easily

```cpp
...
std::string target = "https://twitter.com/anypublictwitter";
const std::string target = "https://twitter.com/anypublictwitter";
...
```

Expand All @@ -17,9 +17,38 @@ The concept is to set up a free encrypted C&C going somewhere nondescript and to
To enable information leaking to imgur paste your accesstoken into the credentials.
```cpp
...
std::string accesstoken = "**Your Access Token**";
const std::string accesstoken = "**Your Access Token**";
...
```
This token will be encrypted using XOR into the binary with a randomized key which will be generated at compile time with help of the obfuscator. This is mainly to remove easy snooping using strings.

Since the decryption key is inside the binary it is feasible to extract the key and steal the access token.

## Command Structure

The commands that the bot runs is dependant on how many proper hashtag links are used in a given tweet

| Hashtags | Command | Leak to Imgur |
| ------------- |---------------|---|
| 1 | Take picture with webcam |Yes|
| 2 | Take screenshot of machine |Yes|
| 3 | Rick'Roll User |No|
| 4 | Eject Diskdrive |No|

## Obfuscator

The obfuscator works as a preprocessor of strings in the files **strings.h** & **credentials**

First it generates a XOR key of given size

Second it extracts names and text from the given strings.

Third it encrypts the contents of these strings using the xor key and pastes the result as int arrays into a header/body combination inside the namespace **locker**.

This obfuscates the strings in the program to make it harder to reverse engineer somewhat sensetive information whilst still letting the programmer easily use said string. But it's far from being secure.
```cpp
...
//Example of decrypting accesstoken
std::string accesstoken = decrypt(locker::accesstoken,locker::key);
...
```

0 comments on commit 2e143de

Please sign in to comment.