123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 |
- package de.tudarmstadt.informatik.hostage.protocol.cifs;
- import android.app.Activity;
- import android.app.FragmentManager;
- import android.content.Context;
- import org.alfresco.jlan.server.SrvSession;
- import org.alfresco.jlan.server.core.DeviceContext;
- import org.alfresco.jlan.server.filesys.FileExistsException;
- import org.alfresco.jlan.server.filesys.FileName;
- import org.alfresco.jlan.server.filesys.FileOpenParams;
- import org.alfresco.jlan.server.filesys.NetworkFile;
- import org.alfresco.jlan.server.filesys.TreeConnection;
- import org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver;
- import org.alfresco.jlan.smb.server.disk.JavaNetworkFile;
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.FileWriter;
- import java.math.BigInteger;
- import java.security.MessageDigest;
- import java.security.NoSuchAlgorithmException;
- import java.util.Set;
- import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
- import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
- import de.tudarmstadt.informatik.hostage.protocol.SMB;
- import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
- import de.tudarmstadt.informatik.hostage.ui.fragment.FileAlertDialogFragment;
- import virustotalapi.ReportScan;
- import virustotalapi.VirusTotal;
- /**
- * HostageV3
- * ================
- * @author Alexander Brakowski
- * @author Daniel Lazar
- * @author Shreyas Srinivasa
- *
- * This is a pseudo file disk driver, which overwrites the libs JavaFileDiskDriver,
- * so that we can get more information about the attack
- */
- public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
- private static class PseudoJavaNetworkFile extends JavaNetworkFile {
- protected final SMB SMB;
- private final SrvSession sess;
- boolean wasWrittenTo = false;
- private final FileInject fileInject;
- public PseudoJavaNetworkFile(File file, String netPath, SMB SMB, SrvSession sess, FileInject fileInject) {
- super(file, netPath);
- this.SMB = SMB;
- this.sess = sess;
- this.fileInject = fileInject;
- }
- /**
- * method that checks if the file was just written, then gets the MD5 checksum of the
- * file and logs it. Afterwards the file gets deleted.
- * @throws java.io.IOException
- */
- public void closeFile() throws java.io.IOException {
- super.closeFile();
- if(wasWrittenTo){
- HelperUtils.setIsFileInjected(true);
- try {
- MessageDigest digest = MessageDigest.getInstance("SHA256");
- FileInputStream fis = new FileInputStream(m_file);
- byte[] buffer = new byte[8192];
- int numOfBytesRead;
- while( (numOfBytesRead = fis.read(buffer)) > 0){
- digest.update(buffer, 0, numOfBytesRead);
- }
- byte[] hash = digest.digest();
- String checksum = new BigInteger(1, hash).toString(16);
- StringBuilder sb = new StringBuilder();
- //Creates use of Virustotal api
- VirusTotal VT = new VirusTotal("111c226204f5de7228563bbca91c5860e4965fbe936307dffa8f2f2d575ff292"); // Virus Total API Key
- Set<ReportScan> Report = VT.ReportScan(checksum); //The SHA256 file
- for (ReportScan report : Report) {
- if (report.getDetected().contentEquals("true")){
- if (report.getVendor().contentEquals("McAfee")||report.getVendor().contentEquals("Microsoft")||report.getVendor().contentEquals("AVG")||report.getVendor().contentEquals("Symantec")||report.getVendor().contentEquals("CAT-QuickHeal")||report.getVendor().contentEquals("TrendMicro")||report.getVendor().contentEquals("Kaspersky"))
- {
- sb.append("\n\nVendor: " + report.getVendor() + " \nDetected: " + report.getDetected() + " \nMalware Name: " + report.getMalwarename());
- }
- }
- }
- //Setting the display component with the results obtained from Virustotal
- String message = "File received: " + m_file.getName() + "\n\nCHECKSUM:\n" + checksum+"\n Scroll Down for Malware Details"+sb.toString();
- fileInject.log(MessageRecord.TYPE.RECEIVE, message, 445, sess.getRemoteAddress(), 445);
- HelperUtils.setFileName(m_file.getName());
- HelperUtils.setFilePath(m_file.getPath());
- HelperUtils.setFileSHA256(checksum);
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- wasWrittenTo = true; // Saving file in phones memory
- }
- }
- public void writeFile(byte[] buf, int len, int pos)
- throws java.io.IOException {
- super.writeFile(buf, len, pos);
- wasWrittenTo = true;
- }
- public void writeFile(byte[] buf, int len, int pos, long offset)
- throws java.io.IOException {
- super.writeFile(buf, len, pos, offset);
- wasWrittenTo = true;
- }
- }
- private final SMB SMB;
- private final FileInject fileInject;
- public PseudoJavaFileDiskDriver(SMB SMB, FileInject fileInject) {
- this.SMB = SMB;
- this.fileInject = fileInject;
- }
- public NetworkFile createFile(SrvSession sess, TreeConnection tree, FileOpenParams params)
- throws java.io.IOException {
- DeviceContext ctx = tree.getContext();
- String fname = FileName.buildPath(ctx.getDeviceName(), params.getPath(), null, java.io.File.separatorChar);
- // Check if the file already exists
- File file = new File(fname);
- String path = file.getAbsolutePath();
- if (file.exists())
- throw new FileExistsException();
- // Create the new file
- FileWriter newFile = new FileWriter(fname, false);
- newFile.close();
- // Create a Java network file
- file = new File(fname);
- PseudoJavaNetworkFile netFile = new PseudoJavaNetworkFile(file, params.getPath(), SMB, sess, fileInject);
- netFile.setGrantedAccess(NetworkFile.READWRITE);
- netFile.setFullName(params.getPath());
- // Return the network file
- return netFile;
- }
- private static void displayAlert() {
- Context context = null;
- final Activity activity = MainActivity.getInstance();
- final FragmentManager fragmentManager = activity.getFragmentManager();
- if (fragmentManager != null) {
- FileAlertDialogFragment fileAlertDialogFragment = new FileAlertDialogFragment();
- fileAlertDialogFragment.show(fragmentManager.beginTransaction(), fileAlertDialogFragment.getTag());
- }
- }
- }
|