netbots mod

geek · Post by **geek** » Sat Jan 14, 2023 9:09 am

hi,
I use the well-known netbots.tcl v4.10 of 8/8/2005 from slennox
but I'm not a good tcl writer

netbots uses the "nb_key" variable to make bots of the botnet recognize each other

the encrypted remote "nb_key" variable is decrypted and compared with the local "nb_key"

I'm not sure but by analyzing the code I figured out that netbots use the encrypt/decrypt functions that are contained in the blowfish module

in eggdrop 1.9.x I already use the new PBKDF2 module for userfile, but I still have to load blowfish module only for encrypt/decrypt functions

blowfish module is planned to be removed in Eggdrop 2.0

the question is:
How can I replace these 2 functions?

I read about the md5 package for tcl, could it possibly be useful for the purpose?

Post by **CrazyCat** » Sat Jan 14, 2023 12:02 pm

The encryption module is alway existing, so you can alway use encrypt and decrypt, even if blowfish is not loaded.

geek · Post by **geek** » Sat Jan 14, 2023 1:32 pm

I think encrypt/decrypt are provided by this module

from eggdrop.conf:

#### BLOWFISH MODULE ####
#
# This module is planned to be removed in Eggdrop 2.0
#
# Load this if you intend to use a pre-1.9.0 userfile (Or in other words, do
# not load this if you are starting this as a fresh bot and are not linking
# it to a botnet that uses blowfish hashes)
#
# You also need to load this if you use a script that employs the
# encrypt/decrypt Tcl commands.
#
loadmodule blowfish

Post by **CrazyCat** » Sat Jan 14, 2023 4:03 pm

Code: Select all

.modules
[21:01:55] #CrazyCat# modules 
Modules loaded:
  Module: assoc (v2.1)
  Module: seen (v2.1)
  Module: console (v1.3)
  Module: notes (v2.2)
  Module: compress (v1.2)
  Module: share (v2.4)
  Module: transfer (v2.4)
  Module: irc (v1.5)
  Module: ctcp (v1.1)
  Module: server (v1.5)
  Module: channels (v1.2)
  Module: uptime (v1.4)
  Module: encryption (v2.2)
  Module: eggdrop (v109.3)
End of modules list.

No reference to blowfish

Code: Select all

.tcl encrypt test mystring
Tcl: *6xjjueyEvdMzeoq61Zox8A==
.tcl decrypt test *6xjjueyEvdMzeoq61Zox8A==
Tcl: mystring

encrypt/decrypt work.

geek · Post by **geek** » Sun Jan 15, 2023 5:07 am

ok, thanks

so the eggdrop documentation is wrong

Post by **CrazyCat** » Sun Jan 15, 2023 9:39 am

Peharps that the doc is true: I just saw that blowfish is loaded but not shown in modules list.

BTW, you can probably choose, for next version, to use pbkdf2 and use its utilities

geek · Post by **geek** » Mon Jan 16, 2023 2:05 pm

ok I understand thanks

Code: Select all

   Module: encryption (v2.2)
   Module: encryption2 (v1.0)

I have both PBKDF2 and blowfish loaded

I think encryption v2.2 is the "old" blowfish
and encryption2 v1.0 is the "new" pbkdf2

but for now the new module does not provide the encrypt/decrypt tcl commands

maybe in the future :)

Post by **CrazyCat** » Tue Jan 17, 2023 4:11 am

Looking at netbots.tcl, it will be hard to adapt it to work without blowfish: pbkdf2 is not reversible, so some utilities cannot be used, as the nb_netpass proc (changement of bot password) or nb_autopass.

Proc using just the key (nb_checkbot) can easily be adapted

geek · Post by **geek** » Tue Jan 17, 2023 11:30 am

CrazyCat wrote:pbkdf2 is not reversible

yes, the problem is just that

maybe something like this?

Code: Select all

IF (remote nb_key) == md5(local nb_key) THAN go ELSE dont go

where (remote nb_key) is md5(nb_key)

i.e. you compare the hashes instead of the keys

so there is no need to decrypt anything

Post by **CrazyCat** » Tue Jan 17, 2023 11:46 am

No.
netbot encrypt all the command sent, so you can't guess what you receive, and cannot compare with anything.

The purpose of netbot is to encrypt the most things as possible.
encryption can be decrypted, but MD5 (and others) are not encryption, they are hashing, so impossible to "unhash" them.

The only way I can see is to use base64 (which is encryption), but it's really easy to decode, unless you create an algorythm to add salt in it.

geek · Post by **geek** » Tue Jan 17, 2023 12:17 pm

oh

so ALL the commands are encrypted... I thought only "nb_key" variable and only one time

this is a problem

Post by **CrazyCat** » Wed Jan 18, 2023 9:03 am

I had a short chat with Geo: blowfish will stay in eggdrop until they have a replacement plan, so don't worry about the encrypt/decrypt functionnalities.

Just keep in mind that blowfish won't be loaded by default in next versions of eggdrop, so you'll have to check your config or simply modify the script to make it loading the module (with a check to know if it is not already loaded)

geek · Post by **geek** » Wed Jan 18, 2023 10:06 am

perfect CrazyCat

very thanks