Added files

2025-07-17 20:43:21 +00:00 · 2015-11-27 15:31:09 +01:00
parent cba8c81e37
commit b316a7bb57
5 changed files with 65 additions and 0 deletions
--- a/libos/README.md
+++ b/libos/README.md
@ -0,0 +1,11 @@
+# libos
+
+## Compile
+
+1. gcc -c -Wall -Werror -fpic libos.c
+2. gcc -shared -o libos.so.0.0.0 libos.o
+
+## Install
+
+1. Move new libos.so.0.0.0 to /usr/lib/libos.so.0.0.0
+2. Link /usr/lib/libos.so.0.0.0 to /usr/lib/libos.so.0
--- a/libos/libos.c
+++ b/libos/libos.c
@ -0,0 +1,3 @@
+int validate_os(){
+    return 1;
+}
--- a/patterns/angae-010.template
+++ b/patterns/angae-010.template
@ -0,0 +1,35 @@
+// Files are in little endian
+struct FILE {
+    // from loadHeaderOnly
+    struct HEAD {
+        char    PatternDate[4] <bgcolor=cLtBlue>; // a timestamp in little endian; there is also a "PatternDate" in the header data, maybe something different
+
+        // the following 7 fields are "HeadDatas" 
+        char    unknown[1000] <bgcolor=cLtGray>;
+        int     PackageID  <bgcolor=cLtBlue>; // see CUserPatternDBMgr::SetPackageID
+        int     unknown2 <bgcolor=cLtGray>; // next 4 are rather unclear, info from CPatternDBMgr::GetOSFile()
+        int     PatternDate <bgcolor=cBlue>;
+        int     FileCount <bgcolor=cLtBlue>;
+        int     HeadPos <bgcolor=cBlue>;
+        int     RealSize <bgcolor=cLtBlue>;
+
+        // Count is split into two 32bit integers, unclear why
+        int     Count1 <bgcolor=cPurple>; // this is 153719 in little endian
+        int     Count2 <bgcolor=cPurple>;
+    } magic <bgcolor=cLtGray>;
+
+    struct PACKAGES {
+        int     RecLen <bgcolor=cYellow>; // length of the pattern, 0xc8, 200 byte
+        int     PackageID <bgcolor=cGreen>; // mostly goes from 01 to 0E max at position 1.
+        //ushort     incrementing <bgcolor=cLtGray>; // this increments over the file. Sometimes multiple patterns have the same "id". Maybe the same identifier identifies a single file? Interestingly this is going up to FF FE.
+        char       HeadData2[8] <bgcolor=cLtGray>; // looks like there is another header
+
+        char    content[192] <bgcolor=cRed>; // cannot confirm that I can decrypt this out of the box with openssl. 
+    } packages[153719];
+
+    // sha1 of whatever
+    struct CHECKSUM {
+        char sha1[20] <bgcolor=cPurple>;
+    } checksum;
+
+} file;
--- a/rtscan/README.md
+++ b/rtscan/README.md
@ -0,0 +1,5 @@
+# Interact with /dev/res
+
+`resctl.py` can be used to interact with `rtscan` kernel module via ioctl calls to `/dev/res`.
+
+**TODO**: Implement all ioctl calls
--- a/rtscan/resctl.py
+++ b/rtscan/resctl.py
@ -0,0 +1,11 @@
+#!/usr/bin/env python2
+from fcntl import ioctl
+
+filename = '/dev/res'
+fd = open(filename, 'wb')
+ret = ioctl(fd, 29187, 0)
+
+if ret is not 0:
+    print('Error')
+
+fd.close()