I checked the script mentioned here a bit closer...seems like it's got quite a few hidden "features" ...should I post a script that will "deobfuscate" it or are you guys like billy G...thinking that we should give people a fair chance to remove the script before making the "vuln" public?
The previously mentioned post is in the junk yard and will probably disappear pretty soon, so here's a direct link to the script just in case: http://www.rootshell.be/~netgate/netgate.tcl
EDIT: changed the subject
Last edited by user on Thu Mar 22, 2007 11:21 am, edited 1 time in total.
That script has for long, cheated many a user. I've tried to get most scripters to look into it, but due to time limitations and laziness, as we all know, they didn't wanna do it.
But you, my man, have accomplished something. Tell us. And provide us with a 'readable' format, if you can, and you're infamous!
# Make http://www.rootshell.be/~netgate/netgate.tcl a bit easier to
# read (I didn't verify that it runs fine after the conversion, but
# who would want to run that sucky script anyway, right? :P)
#
# Usage: change the variables below before you source this script in
# your eggdrop. eggdrop is needed because parts of the descrambling is
# done using eggdrop's 'decrypt' command
set infile scripts/netgate.tcl
set outfile scripts/netgate.fixed.tcl
# The main (de)scrambler proc
# Escaping is honored for ['s but not the ], $ and space
# - Don't ask me why... I just reproduce the output of the original
proc lines str {
# The part swapping L with 0 and 0 with L reminds me of my
# first reaction when i saw the netgate.tcl code :P
set map {
a z z a b y y b c x x c d w w d e v v e f u u f g t
t g h s s h i r r i j q q j k p p k l o o l m n n m
A Z Z A B Y Y B C X X C D W W D E V V E F U U F G T
T G H S S H I R R I J Q Q J K P P K L O O L M N N M
}
if {[regexp {[\$\[~]+} $str]} {
set out ""
set s ""
set p "";# previous char
foreach c [split $str ""] {
if {$s==""} {
if {$c=="~"} {
set s ~
} elseif {$c=="\$"} {
set s " "; set c ~$c
} elseif {$c=="\[" && $p!="\\"} {
set s "\]"; set c ~$c
} else {
set c [string map $map $c]
}
} elseif {$c=="~"} {
set s ""
} elseif {$c==$s} {
set s ""; append c ~
}
append out [set p $c]
}
if {$s==""} {set out} {append out ~}
} {
string map $map $str
}
}
proc puthlp str {
set str "puthelp \"[string map {~ ""} [lines $str]]\""
}
proc putsrv str {
set str "putserv \"[string map {~ ""} [lines $str]]\""
}
proc putqck str {
set str "putquick \"[string map {~ ""} [lines $str]]\""
}
proc dcp str {
set str \"[qesc [decrypt 64 $str]]\"
}
proc dezip str {
if {[string match {*\\*} $str]} {set str [subst -noc -nov $str]}
set str [qesc [decrypt 64 [string map {~ ""} $str]]]
}
proc qesc str {
set out ""
foreach c [split [string map {
\\ \\\\ \[ \\\[ \] \\\] \{ \\\{
\} \\\} \$ \\\$ \" \\\" " " "\\ "
} $str] ""] {
if {[set i [scan $c %c]]>31 && $i<127} {
append out $c
} {
append out [format \\%.3o $i]
}
}
set out
}
proc clearify {var cmdstart {stderr stdout}} {
upvar 1 $var code
set off [string len $cmdstart]
set cmd [lindex [split $cmdstart " "] 0]
set off2 [string match {\[*} $cmdstart]
if {$off2} {
set cmd [string range $cmd 1 end]
}
incr off2
#puts $stderr "*** running \"$cmd\""
set c 0
foreach line [split [set code][set code ""] \n] {
incr c
set i 0
set ll [string len $line]
while {$i<$ll && [set i [string first $cmdstart $line $i]]>-1} {
set j [expr {$i+$off+1}]
while {$j<$ll && ![info complete [set run [string range $line $i $j]]]} {incr j}
if {[info complete $run]} {
# lame hack because this was the only command with more arguments :P
if {$cmdstart=={[decrypt 64 "}} {
set res [decrypt 64 [string range $run $off end-$off2]]
} {
set res [$cmd [string range $run $off end-$off2]]
}
set line [string replace $line $i $j $res]
} {
#puts $stderr "line#$c INCOMPLETE: \"$run\""
break
}
incr i
}
append code "$line\n"
}
#puts $stderr "*** done: \"$cmd\""
}
proc indent {code {dent { }}} {
set out ""
set i 0
foreach line [split $code \n] {
set line [string trimleft $line]
foreach {o c e} {0 0 0} break
foreach a [split $line ""] {
if {$e} {set e 0; continue}
switch -exact -- $a {
"\\" {set e 1}
"\{" {incr o}
"\}" {if {$o} {incr o -1} {incr c}}
}
}
incr i -$c
append out [string repeat $dent $i]$line\n
incr i $o
}
set out
}
set code [read [set f [open $infile]]]; close $f
clearify code {[decrypt 64 "}
clearify code {[lines "}
clearify code {[dcp "}
clearify code {[dezip "}
clearify code {puthlp "}
clearify code {putsrv "}
clearify code {putqck "}
set f [open $outfile w]
puts $f [indent [set code]][unset code]
close $f
putlog "Check $outfile :)"
# It's a bit of a mess, but it does the job. Have fun :P
Last edited by user on Tue Jan 27, 2004 11:59 pm, edited 2 times in total.
I was talking about that netgate.tcl script.. also, I don't have something agains Dalnet users, don't get me wrong there. The "untrustworty" authors actualy of that script are carders and probably (not shure 100% hackers). User's tcl is a neat thing to "unscramble" the code.. nice job.
PS: My appologies Yourname if I have let you the totaly wrong impresion that I have something agains Dalnet users and my appologies if I have expressed myself wrong and let you under the impresion that user's code is not good to run in order to make that "FULL-DISCLOSURE! " of the triky code.
Once the game is over, the king and the pawn go back in the same box.
aww caesar, I'm just playin with you dude.
And yes, those people are prolly carders or so.
user, There are some neat things DALnet really needs all -in- one in that script. Since I was testing it out, but never really got to understand 90% of that [censored], I took it off apart from the fact that it scared me because I knew there are trojans here and there.
Yourname wrote:user, There are some neat things DALnet really needs all -in- one in that script. Since I was testing it out, but never really got to understand 90% of that ****, I took it off apart from the fact that it scared me because I knew there are trojans here and there.
I wouldn't copy stuff from their code. It is 100% pure crap. Seems like they spent all their skills trying to make it hard to read If you have trouble coding a particular feature, it would be better to ask in the tcl forum on this site
user, There are some neat things DALnet really needs all -in- one in that script. Since I was testing it out, but never really got to understand 90% of that ****, I took it off apart from the fact that it scared me because I knew there are trojans here and there.
not trojan in this tcl buat dalnet have autoklines that script. dalnet read from tha NETGATE word in away. this is a 2 time dalnet have kill it's, first read from the realname andtwo in away logo NETGATE (i Have fixed for this in 9.6)
The "untrustworty" authors actualy of that script are carders and probably (not shure 100% hackers).
tha authors nickname in DALnet is KaISaR, it's not a hackers.
NeTgAtE wrote:not trojan in this tcl buat dalnet have autoklines that script. dalnet read from tha NETGATE word in away. this is a 2 time dalnet have kill it's, first read from the realname andtwo in away logo NETGATE (i Have fixed for this in 9.6)
tha authors nickname in DALnet is KaISaR, it's not a hackers.
So this is not a backdoor? Is that what you're trying to say? (the code below is from v8.9)
i think that is not a backdoor just a copyright who maker that tcl, just to remember who make netgate tcl is KaISaR (now he has been sign in from irc). some of user in dalnet have riped netgate tcl and make another tcl version with alot of logo/slogan but "STILL" same like netgate tcl.
$ps : Any one or people in dalnet always look this a backdoor, why?