/// <summary> /// Register this agent with the server. Receives new System UUID. /// </summary> /// <returns>True when we've received a new System UUID</returns> public static bool RegisterWithServer() { Log.Info("Registering with the server"); // Register yourself in order to get a System GUID RegistrationEventPost registration = new RegistrationEventPost(); registration.CustomerUUID = SRSvc.conf.GroupUUID; registration.AgentVersion = SRSvc.conf.Version; registration.OSHumanName = GetOSFriendlyName(); registration.OSVersion = Environment.OSVersion.ToString(); registration.Arch = (Environment.Is64BitOperatingSystem ? "64-bit" : "32-bit"); registration.MachineName = Environment.MachineName; ManufacturerData md = GetManufacturerData(); registration.Manufacturer = md.Manufacturer; registration.Model = md.Model; registration.MachineGUID = GetWindowsMachineGUID(); string postMessage = Helpers.SerializeToJson(registration, typeof(RegistrationEventPost)); string response = Beacon.PostToServer(postMessage, "/api/v1/Register"); if (response == "") { // Likely we were unable to contact the server return(false); } dynamic serverMsg = Json.Decode(response); if (serverMsg.Command == "SetSystemUUID") { Command.SetSystemUUID(serverMsg); } else { throw new Exception("Registration response command not in correct format"); } return(true); }
public static bool PostCatalogFile(CatalogFile catalogFile) { CatalogFilePost catalogFilePost = new CatalogFilePost(); catalogFilePost.TimeOfEvent = Helpers.ConvertToUnixTime(catalogFile.FirstAccessTime); catalogFilePost.Path = catalogFile.FilePath; catalogFilePost.Size = catalogFile.Size; catalogFilePost.Sha256 = Helpers.ByteArrayToHexString(catalogFile.Sha256); string postMessage = Helpers.SerializeToJson(catalogFilePost, typeof(CatalogFilePost)); string response = Beacon.PostToServer(postMessage, "/api/v1/CatalogFileEvent"); if (response == "") { // Remote server could not be reached or encountered an error return(false); } CatalogFileResponse processEventResponse = (CatalogFileResponse)Helpers.DeserializeFromJson(response, typeof(CatalogFileResponse)); return(true); }
/// <summary> /// Update this agent /// </summary> /// <param name="serverMsg">Ignored, but provides what the new version will be</param> /// <returns></returns> public static dynamic Update(dynamic serverMsg) { // Tell the server what version we currently have and it will return an exe that will update this agent to the next version GetUpdatePost getUpdatePost = new GetUpdatePost(SRSvc.conf.Version); string postMessage = Helpers.SerializeToJson(getUpdatePost, typeof(GetUpdatePost)); byte[] filedata = Beacon.PostForm(Encoding.UTF8.GetBytes(postMessage), "/api/v1/GetUpdate", "text/json"); //string updateName = String.Format("srepp_update-{0}.exe", SRSvc.conf.Version); string updateFilePath = Path.GetTempFileName(); try { using (FileStream fs = File.Create(updateFilePath)) { using (System.IO.BinaryWriter file = new System.IO.BinaryWriter(fs)) { file.Write(filedata); } } Log.Info("Update file written to: {0}", updateFilePath); // Check it List <Signer> signers = null; bool isVerified = WinTrustVerify.WinTrust.Verify(updateFilePath, out signers); if (!isVerified) { Log.Error("Update file could not be verified"); return(null); } // File is signed and can be verified, but make sure it's signed by me string SignerName = ""; byte[] SerialNumber = null; if (signers != null && signers.Count >= 1 && signers[0] != null) { SignerName = signers[0].Name; SerialNumber = signers[0].SigningCert.SerialNumber; } else { Log.Error("Could not extract signer info from file"); return(null); } bool isSignedByMe = false; // TODO Should also check the chain (the root) and some other info, in case a rogue CA granted someone a cert with my info #if DEBUG byte[] TestSerialNumber = new byte[] { 0x4c, 0x18, 0xd9, 0xaa, 0x26, 0x83, 0x36, 0x95, 0x4c, 0xc4, 0x35, 0x6d, 0xaa, 0xbe, 0x82, 0xc9 }; if (SignerName == "SR_Test" && Helpers.ByteArrayAreEqual(SerialNumber, TestSerialNumber)) { isSignedByMe = true; } #endif // TODO MUST Check Relase build requirements byte[] ReleaseSerialNumber = new byte[] { 0x4c, 0x18, 0xd9, 0xaa, 0x26, 0x83, 0x36, 0x95, 0x4c, 0xc4, 0x35, 0x6d, 0xaa, 0xbe, 0x82, 0xc9 }; if (SignerName == "SR_Test" && Helpers.ByteArrayAreEqual(SerialNumber, ReleaseSerialNumber)) { isSignedByMe = true; } if (!isSignedByMe) { Log.Error("Update file was not signed by the correct issuer! Bailing on update. Was signed by {0}, with serial number {1}", SignerName, Helpers.ByteArrayToHexString(SerialNumber)); return(null); } // TODO Check the new file is a greater version than this file, or at least the date the file was signed is more recent // Execute it Process myProcess = new Process(); try { myProcess.StartInfo.UseShellExecute = false; myProcess.StartInfo.FileName = updateFilePath; myProcess.StartInfo.CreateNoWindow = true; myProcess.Start(); // TODO Should I kill this parent process so the child isn't trying kill it? } catch (Exception e) { Console.WriteLine(e.Message); } } finally { // Delete file, especially in case of errors. In theory an update should occcur. File.Delete(updateFilePath); } return(null); }