alterwain/Frida
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes to be committed:

Browse Source 
modified:   Cargo.lock
	modified:   Cargo.toml
	modified:   src/client.rs
	new file:   src/client_socks.rs
	modified:   src/main.rs
This commit is contained in:
Michael Wain 2024-09-08 20:47:14 +03:00
parent edadf5a518
commit 3224d541f6
5 changed files with 178 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Cargo.lock generated
View File

@ -554,6 +554,7 @@ dependencies = [
"serde_derive",
"serde_yaml",
"socket2 0.4.10",
"socks5-server",
"tokio",
"tun2",
"x25519-dalek",
@ -1500,6 +1501,29 @@ dependencies = [
"windows-sys 0.52.0",
]
[[package]]
name = "socks5-proto"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d91431c4672e25e372ef46bc554be8f315068c03608f99267a71ad32a12e8c4"
dependencies = [
"bytes",
"thiserror",
"tokio",
]
[[package]]
name = "socks5-server"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5223c26981806584cc38c74fddf58808dbdcf4724890471ced69e7a2e8d86345"
dependencies = [
"async-trait",
"bytes",
"socks5-proto",
"tokio",
]
[[package]]
name = "strsim"
version = "0.8.0"

3
Cargo.toml
View File

@ -33,4 +33,5 @@ x25519-dalek = { version = "2.0.1", features = ["getrandom", "static_secrets"] }
base64 = "0.22.1"
chrono = "0.4.38"
console-subscriber = "0.4.0"
network-interface = "2.0.0"
network-interface = "2.0.0"
socks5-server = "0.10.1"

23
src/client.rs
View File

@ -32,17 +32,28 @@ fn configure_routes(endpoint_ip: &str, s_interface: Option<&str>) {
let mut ip_output = Command::new("sudo")
.arg("ip")
.arg("route")
.arg("change")
.arg("del")
.arg("default")
.arg("via")
.arg("10.66.66.1")
.output()
.expect("Failed to delete default gateway.");
if !ip_output.status.success() {
error!("Failed to delete default gateway: {:?}", String::from_utf8_lossy(&ip_output.stderr));
}
ip_output = Command::new("sudo")
.arg("ip")
.arg("-4")
.arg("route")
.arg("add")
.arg("0.0.0.0/0")
.arg("dev")
.arg("tun0")
.output()
.expect("Failed to execute ip route command.");
if !ip_output.status.success() {
error!("Failed to forward packets: {:?}", String::from_utf8_lossy(&ip_output.stderr));
error!("Failed to route all traffic: {:?}", String::from_utf8_lossy(&ip_output.stderr));
}
ip_output = Command::new("sudo")
@ -55,10 +66,10 @@ fn configure_routes(endpoint_ip: &str, s_interface: Option<&str>) {
.arg("dev")
.arg(inter_name)
.output()
.expect("Failed to execute ip route command.");
.expect("Failed to make exception for vpns endpoint.");
if !ip_output.status.success() {
error!("Failed to forward packets: {:?}", String::from_utf8_lossy(&ip_output.stderr));
error!("Failed to make exception for vpns endpoint: {:?}", String::from_utf8_lossy(&ip_output.stderr));
}
}

134
src/client_socks.rs Normal file
View File

@ -0,0 +1,134 @@
use crossbeam_channel::unbounded;
use socket2::SockAddr;
use tokio::{net::UdpSocket, sync::Mutex};
use std::{io::{Read, Write}, net::SocketAddr};
use base64::prelude::*;
use log::{error, info, warn};
use std::sync::Arc;
use std::net::Ipv4Addr;
use x25519_dalek::{PublicKey, StaticSecret};
use std::process::Command;
use aes_gcm::{
aead::{Aead, AeadCore, KeyInit, OsRng},
Aes256Gcm, Nonce};
use crate::config::ClientConfiguration;
use crate::udp::{UDPVpnPacket, UDPVpnHandshake, UDPSerializable};
pub async fn client_mode(client_config: ClientConfiguration) {
info!("Starting client...");
let sock = UdpSocket::bind("0.0.0.0:25565").await.unwrap();
sock.connect(&client_config.server.endpoint).await.unwrap();
// socks5
let (mut dev_reader, mut dev_writer) = dev.split();
let sock_rec = Arc::new(sock);
let sock_snd = sock_rec.clone();
let (tx, rx) = unbounded::<Vec<u8>>();
let (dx, mx) = unbounded::<Vec<u8>>();
let cipher_shared = Arc::new(Mutex::new(None));
tokio::spawn(async move {
while let Ok(bytes) = rx.recv() {
//info!("Write to tun {:?}", hex::encode(&bytes));
dev_writer.write_all(&bytes).unwrap();
}
});
tokio::spawn(async move {
let mut buf = vec![0; 8192];
while let Ok(n) = dev_reader.read(&mut buf) {
dx.send(buf[..n].to_vec()).unwrap();
}
});
let s_a: SocketAddr = client_config.server.endpoint.parse().unwrap();
#[cfg(target_os = "linux")]
configure_routes(&s_a.ip().to_string(), s_interface);
let priv_key = BASE64_STANDARD.decode(client_config.client.private_key).unwrap();
let cipher_shared_clone = cipher_shared.clone();
tokio::spawn(async move {
let mut buf = vec![0; 4096];
loop {
if let Ok(l) = sock_rec.recv(&mut buf).await {
let mut s_cipher = cipher_shared_clone.lock().await;
match buf.first() {
Some(h) => {
match h {
0 => {
let handshake = UDPVpnHandshake::deserialize(&(buf[..l].to_vec()));
let mut k = [0u8; 32];
for (&x, p) in handshake.public_key.iter().zip(k.iter_mut()) {
*p = x;
}
let mut k1 = [0u8; 32];
for (&x, p) in priv_key.iter().zip(k1.iter_mut()) {
*p = x;
}
*s_cipher = Some(StaticSecret::from(k1)
.diffie_hellman(&PublicKey::from(k)));
}, // handshake
1 => {
let wrapped_packet = UDPVpnPacket::deserialize(&(buf[..l].to_vec()));
if s_cipher.is_some() {
let aes = Aes256Gcm::new(s_cipher.as_ref().unwrap().as_bytes().into());
let nonce = Nonce::clone_from_slice(&wrapped_packet.nonce);
match aes.decrypt(&nonce, &wrapped_packet.data[..]) {
Ok(decrypted) => { let _ = tx.send(decrypted); },
Err(error) => error!("Decryption error! {:?}", error)
}
} else {
warn!("There is no static_secret");
}
}, // payload
2 => info!("Got keepalive packet"),
_ => error!("Unexpected header value.")
}
},
None => error!("There is no header.")
}
drop(s_cipher);
}
}
});
let pkey = BASE64_STANDARD.decode(client_config.client.public_key).unwrap();
let handshake = UDPVpnHandshake{ public_key: pkey, request_ip: client_config.client.address.parse::<Ipv4Addr>().unwrap() };
let mut nz = 0;
while nz < 25 {
sock_snd.send(&handshake.serialize()).await.unwrap();
nz += 1
}
//sock_snd.send(&handshake.serialize()).await.unwrap();
let s_cipher = cipher_shared.clone();
loop {
if let Ok(bytes) = mx.recv() {
let s_c = s_cipher.lock().await;
if s_c.is_some() {
let aes = Aes256Gcm::new(s_c.as_ref().unwrap().as_bytes().into());
let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
let ciphered_data = aes.encrypt(&nonce, &bytes[..]);
if let Ok(ciphered_d) = ciphered_data {
let vpn_packet = UDPVpnPacket{ data: ciphered_d, nonce: nonce.to_vec()};
let serialized_data = vpn_packet.serialize();
sock_snd.send(&serialized_data).await.unwrap();
} else {
error!("Socket encryption failed.");
}
} else {
warn!("There is no shared_secret in main loop");
}
}
}
}

1
src/main.rs
View File

@ -10,6 +10,7 @@ mod server;
mod client;
mod udp;
mod config;
//mod client_socks;
fn generate_server_config(matches: &ArgMatches, config_path: &str) {
let bind_address = matches.value_of("bind-address").expect("No bind address specified");