forked from p34709852/monkey
Agent: Add InPlaceEncryptor
InPlaceEncryptor encrypts a file in place. It accepts a callable that performs the actual bit manipulation. This allows the in-place encryption functionality to be easily reused, while the actual encryption algorithm can be changed.
This commit is contained in:
Mike Salvatore
parent
ce2ad81321
commit
55ba5f530d
|
|
@ -0,0 +1,21 @@
|
||||||
|
from pathlib import Path
|
||||||
|
from typing import Callable
|
||||||
|
|
||||||
|
|
||||||
|
class InPlaceEncryptor:
|
||||||
|
def __init__(self, encrypt_bytes: Callable[[bytes], bytes], chunk_size: int = 64):
|
||||||
|
self._encrypt_bytes = encrypt_bytes
|
||||||
|
self._chunk_size = chunk_size
|
||||||
|
|
||||||
|
def __call__(self, filepath: Path):
|
||||||
|
with open(filepath, "rb+") as f:
|
||||||
|
data = f.read(self._chunk_size)
|
||||||
|
while data:
|
||||||
|
num_bytes_read = len(data)
|
||||||
|
|
||||||
|
encrypted_data = self._encrypt_bytes(data)
|
||||||
|
|
||||||
|
f.seek(-num_bytes_read, 1)
|
||||||
|
f.write(encrypted_data)
|
||||||
|
|
||||||
|
data = f.read(self._chunk_size)
|
||||||
|
|
@ -0,0 +1,49 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
from tests.unit_tests.infection_monkey.ransomware.ransomware_target_files import (
|
||||||
|
ALL_ZEROS_PDF,
|
||||||
|
ALL_ZEROS_PDF_CLEARTEXT_SHA256,
|
||||||
|
ALL_ZEROS_PDF_ENCRYPTED_SHA256,
|
||||||
|
TEST_KEYBOARD_TXT,
|
||||||
|
TEST_KEYBOARD_TXT_CLEARTEXT_SHA256,
|
||||||
|
TEST_KEYBOARD_TXT_ENCRYPTED_SHA256,
|
||||||
|
)
|
||||||
|
from tests.utils import hash_file
|
||||||
|
|
||||||
|
from infection_monkey.ransomware.in_place_encryptor import InPlaceEncryptor
|
||||||
|
from infection_monkey.utils.bit_manipulators import flip_bits
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture(scope="module")
|
||||||
|
def in_place_bitflip_encryptor():
|
||||||
|
return InPlaceEncryptor(flip_bits, 64)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
"file_name,cleartext_hash,encrypted_hash",
|
||||||
|
[
|
||||||
|
(TEST_KEYBOARD_TXT, TEST_KEYBOARD_TXT_CLEARTEXT_SHA256, TEST_KEYBOARD_TXT_ENCRYPTED_SHA256),
|
||||||
|
(ALL_ZEROS_PDF, ALL_ZEROS_PDF_CLEARTEXT_SHA256, ALL_ZEROS_PDF_ENCRYPTED_SHA256),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
def test_file_encrypted(
|
||||||
|
in_place_bitflip_encryptor, ransomware_target, file_name, cleartext_hash, encrypted_hash
|
||||||
|
):
|
||||||
|
test_keyboard = ransomware_target / file_name
|
||||||
|
|
||||||
|
assert hash_file(test_keyboard) == cleartext_hash
|
||||||
|
|
||||||
|
in_place_bitflip_encryptor(test_keyboard)
|
||||||
|
|
||||||
|
assert hash_file(test_keyboard) == encrypted_hash
|
||||||
|
|
||||||
|
|
||||||
|
def test_file_encrypted_in_place(in_place_bitflip_encryptor, ransomware_target):
|
||||||
|
test_keyboard = ransomware_target / TEST_KEYBOARD_TXT
|
||||||
|
|
||||||
|
expected_inode = os.stat(test_keyboard).st_ino
|
||||||
|
in_place_bitflip_encryptor(test_keyboard)
|
||||||
|
actual_inode = os.stat(test_keyboard).st_ino
|
||||||
|
|
||||||
|
assert expected_inode == actual_inode
|
||||||
Loading…
Reference in New Issue