-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.c
151 lines (122 loc) · 2.88 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#include "main.h"
int main(int argc, char** argv)
{
if(argc < 3)
usage();
long rsaptr = getRSAPointer(argv[1]);
long hostptr = getHostPointer(argv[1]);
printf("%lo %lo", rsaptr, hostptr);
int childpid = fork();
if(childpid == -1)
fatal("Unable to fork.");
if(childpid == 0)
{
printf("I'm the child");
//chdir(TIBIA_ENV);
execl(TIBIA_PATH, (const char*) NULL, (char*) NULL);
exit(0);
}
sleep(2);
pid_t pid = findPid("Tibia");
//write RSA key
char data[310] = "";
strcpy(data, RSA_KEY);
writeMemory(pid, rsaptr, data, RSALEN);
//DEBUG
readMemory(pid, rsaptr, data, RSALEN);
printf("rsa: %s\n", data);
//DEBUG
//read pointer to Hostname struct
unsigned char ptrdata[4] = "";
readMemory(pid, hostptr, ptrdata, 4);
//read offset+4 on Hostname struct
readMemory(pid, chartohex(ptrdata)+4, ptrdata, 4);
char loc[26] = "";
strcpy(loc,argv[2]);
int len = 26;
writeMemory(pid, chartohex(ptrdata), loc, len);
readMemory(pid,chartohex(ptrdata), data, 30);
printf("IP changed to: %s\n", data);
return 1;
}
int chartohex(unsigned char *data)
{
int ret = 0;
int i;
for(i = 0; i < 4; i++)
ret += (int)data[i]*pow(16,i*2);
return ret;
}
pid_t findPid(char* name)
{
char command[80] = "";
strcpy(command, "pidof ");
strcat(command,name);
char line[LEN];
FILE *cmd = popen(command, "r");
fgets(line, LEN, cmd);
pid_t pid = strtoul(line, NULL, 10);
pclose(cmd);
if(pid == 0)
fatal("Could not find Tibia process");
return pid;
}
int readMemory(pid_t pid, long addr, char *data, unsigned size)
{
if(ptrace(PTRACE_ATTACH, pid, 0, 0) != 0) {
fatal("Could not attach to Tibia process. Try running this program as root");
}
wait(NULL);
int i;
for(i = 0;i<size;i+=sizeof(int)){
int buff;
buff = ptrace(PTRACE_PEEKDATA, pid, addr+i, 0);
memcpy(data+i, &buff, sizeof(int));
}
if(ptrace(PTRACE_DETACH, pid, 0, 0)!=0)
return -1;
return 1;
}
int writeMemory(pid_t pid, long addr, char *data, unsigned size)
{
if(ptrace(PTRACE_ATTACH, pid, 0, 0) != 0) {
fatal("Could not attach to Tibia. Try running this program as root");
}
wait(NULL);
int i;
for(i=0;i<size;i+=sizeof(int)){
int buff;
memcpy(&buff, data+i, sizeof(int));
ptrace(PTRACE_POKEDATA, pid, addr+i, buff);
}
if(ptrace(PTRACE_DETACH, pid, 0, 0)!=0)
fatal("Could not detach from Tibia process. Try running this program as root");
return 1;
}
void fatal(char *msg)
{
printf("Fatal error: %s\n", msg);
exit(0);
}
void usage()
{
printf("Usage: ipchanger [version] [IP]\n");
exit(0);
}
long getRSAPointer(char *version)
{
if(strcmp(version,"10.31") == 0)
return RSAPTR31;
if(strcmp(version,"10.37") == 0)
return RSAPTR37;
fatal("Version not supported.");
return (long)NULL;
}
long getHostPointer(char *version) {
if(strcmp(version,"10.31") == 0)
return HOSTNAMEPTR31;
if(strcmp(version,"10.37") == 0)
return HOSTNAMEPTR37;
fatal("Version not supported.");
return (long)NULL;
}