Ejemplo n.º 1
0
        /// <summary>
        /// Register this agent with the server.  Receives new System UUID.
        /// </summary>
        /// <returns>True when we've received a new System UUID</returns>
        public static bool RegisterWithServer()
        {
            Log.Info("Registering with the server");

            // Register yourself in order to get a System GUID
            RegistrationEventPost registration = new RegistrationEventPost();

            registration.CustomerUUID = SRSvc.conf.GroupUUID;
            registration.AgentVersion = SRSvc.conf.Version;

            registration.OSHumanName = GetOSFriendlyName();
            registration.OSVersion   = Environment.OSVersion.ToString();
            registration.Arch        = (Environment.Is64BitOperatingSystem ? "64-bit" : "32-bit");
            registration.MachineName = Environment.MachineName;

            ManufacturerData md = GetManufacturerData();

            registration.Manufacturer = md.Manufacturer;
            registration.Model        = md.Model;
            registration.MachineGUID  = GetWindowsMachineGUID();

            string postMessage = Helpers.SerializeToJson(registration, typeof(RegistrationEventPost));

            string response = Beacon.PostToServer(postMessage, "/api/v1/Register");

            if (response == "")
            {
                // Likely we were unable to contact the server
                return(false);
            }

            dynamic serverMsg = Json.Decode(response);

            if (serverMsg.Command == "SetSystemUUID")
            {
                Command.SetSystemUUID(serverMsg);
            }
            else
            {
                throw new Exception("Registration response command not in correct format");
            }

            return(true);
        }
Ejemplo n.º 2
0
        public static bool PostCatalogFile(CatalogFile catalogFile)
        {
            CatalogFilePost catalogFilePost = new CatalogFilePost();

            catalogFilePost.TimeOfEvent = Helpers.ConvertToUnixTime(catalogFile.FirstAccessTime);
            catalogFilePost.Path        = catalogFile.FilePath;
            catalogFilePost.Size        = catalogFile.Size;
            catalogFilePost.Sha256      = Helpers.ByteArrayToHexString(catalogFile.Sha256);

            string postMessage = Helpers.SerializeToJson(catalogFilePost, typeof(CatalogFilePost));
            string response    = Beacon.PostToServer(postMessage, "/api/v1/CatalogFileEvent");

            if (response == "")
            {
                // Remote server could not be reached or encountered an error
                return(false);
            }
            CatalogFileResponse processEventResponse = (CatalogFileResponse)Helpers.DeserializeFromJson(response, typeof(CatalogFileResponse));

            return(true);
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Update this agent
        /// </summary>
        /// <param name="serverMsg">Ignored, but provides what the new version will be</param>
        /// <returns></returns>
        public static dynamic Update(dynamic serverMsg)
        {
            // Tell the server what version we currently have and it will return an exe that will update this agent to the next version
            GetUpdatePost getUpdatePost = new GetUpdatePost(SRSvc.conf.Version);

            string postMessage = Helpers.SerializeToJson(getUpdatePost, typeof(GetUpdatePost));

            byte[] filedata = Beacon.PostForm(Encoding.UTF8.GetBytes(postMessage), "/api/v1/GetUpdate", "text/json");

            //string updateName = String.Format("srepp_update-{0}.exe", SRSvc.conf.Version);
            string updateFilePath = Path.GetTempFileName();

            try
            {
                using (FileStream fs = File.Create(updateFilePath))
                {
                    using (System.IO.BinaryWriter file = new System.IO.BinaryWriter(fs))
                    {
                        file.Write(filedata);
                    }
                }

                Log.Info("Update file written to: {0}", updateFilePath);

                // Check it
                List <Signer> signers    = null;
                bool          isVerified = WinTrustVerify.WinTrust.Verify(updateFilePath, out signers);
                if (!isVerified)
                {
                    Log.Error("Update file could not be verified");
                    return(null);
                }

                // File is signed and can be verified, but make sure it's signed by me
                string SignerName   = "";
                byte[] SerialNumber = null;
                if (signers != null && signers.Count >= 1 && signers[0] != null)
                {
                    SignerName   = signers[0].Name;
                    SerialNumber = signers[0].SigningCert.SerialNumber;
                }
                else
                {
                    Log.Error("Could not extract signer info from file");
                    return(null);
                }

                bool isSignedByMe = false;
                // TODO Should also check the chain (the root) and some other info, in case a rogue CA granted someone a cert with my info

#if DEBUG
                byte[] TestSerialNumber = new byte[] { 0x4c, 0x18, 0xd9, 0xaa, 0x26, 0x83, 0x36, 0x95, 0x4c, 0xc4, 0x35, 0x6d, 0xaa, 0xbe, 0x82, 0xc9 };
                if (SignerName == "SR_Test" && Helpers.ByteArrayAreEqual(SerialNumber, TestSerialNumber))
                {
                    isSignedByMe = true;
                }
#endif

                // TODO MUST Check Relase build requirements
                byte[] ReleaseSerialNumber = new byte[] { 0x4c, 0x18, 0xd9, 0xaa, 0x26, 0x83, 0x36, 0x95, 0x4c, 0xc4, 0x35, 0x6d, 0xaa, 0xbe, 0x82, 0xc9 };
                if (SignerName == "SR_Test" && Helpers.ByteArrayAreEqual(SerialNumber, ReleaseSerialNumber))
                {
                    isSignedByMe = true;
                }

                if (!isSignedByMe)
                {
                    Log.Error("Update file was not signed by the correct issuer!  Bailing on update. Was signed by {0}, with serial number {1}", SignerName, Helpers.ByteArrayToHexString(SerialNumber));
                    return(null);
                }

                // TODO Check the new file is a greater version than this file, or at least the date the file was signed is more recent

                // Execute it
                Process myProcess = new Process();
                try
                {
                    myProcess.StartInfo.UseShellExecute = false;
                    myProcess.StartInfo.FileName        = updateFilePath;
                    myProcess.StartInfo.CreateNoWindow  = true;
                    myProcess.Start();

                    // TODO Should I kill this parent process so the child isn't trying kill it?
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }
            }
            finally
            {
                // Delete file, especially in case of errors.  In theory an update should occcur.
                File.Delete(updateFilePath);
            }

            return(null);
        }