#!/usr/bin/perl # # slackbotconf - Show the config for Slackbot 1.0 # # Author: PinkFreud / Nightstar IRC Network # Date : 2006-02-11 # $version = 1.0.0; # # Revision history: # 1.0.0 Initial release sub usage { die "Usage: $0 \n"; } $#ARGV > -1 or usage; sub readconf { my ($fh, $offset, $length) = @_; seek ($fh, $offset, 0); my $current_offset = tell ($fh); die "Uh oh, I tried to seek to $offset, but found myself at $current_offset instead.\n" unless $offset == $current_offset; my $bytesread = read ($fh, $data, $length); die "Whoops, tried to read $length bytes, but got $bytesread instead - truncated file?\n" unless $bytesread == $length; return $data; } sub deobfuscate { my ($num, @data) = @_; my ($data); my (@realdata); for $data (@data) { my ($tmp, $chr); for $chr (split (//, $data)) { $tmp .= chr (ord ($chr) ^ $num); } push (@realdata, $tmp); } return (@realdata); } my $slackbot = $ARGV[0]; my $config_offset = (-s $slackbot) - 0x289; (-r $slackbot) or die "$slackbot not found, or not readable. Exiting...\n"; open (SLACKBOT, $slackbot) or die "Failed to open $slackbot: $!\n"; binmode (SLACKBOT); my $config = readconf (*SLACKBOT, $config_offset, 0x289); close (SLACKBOT); my ($unique, $server, $port, $xor, $channel, $exe, $bpass, $spass); ($unique, $server, $port, $xor, $channel, $exe, $bpass, $spass) = unpack (a34Z27vCZ201Z128Z128Z128, $config); $unique_data = "\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00" . "\x00\x10\x00\x00\x00\x38\x00\x00\x00\x40\x00\x00\x00\x52\x00\x00" . "\xcd\xab"; warn "We don't appear to be looking at Slackbot 1.0 - things may not work as expected.\n" unless $unique_data eq $unique; ($server, $channel, $exe, $bpass, $spass) = deobfuscate ($xor, $server, $channel, $exe, $bpass, $spass); my $xor_hex = sprintf "0x%02x", $xor; print <<_EOF_; XOR value : $xor_hex Server : $server Port : $port Server password: $spass Channel : $channel Bot password : $bpass Bot filename : $exe _EOF_