Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TrojanDropper/Agent.nl #2266

Closed
sam-mix opened this issue Oct 14, 2024 · 4 comments
Closed

TrojanDropper/Agent.nl #2266

sam-mix opened this issue Oct 14, 2024 · 4 comments

Comments

@sam-mix
Copy link

sam-mix commented Oct 14, 2024

go.mod

`
module xx

go 1.18

require github.com/btcsuite/btcd/btcec/v2 v2.1.3

require github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
`

main.go

`
package main

import (
"crypto/rand"
"crypto/sha256"
"encoding/hex"
"fmt"

"github.com/btcsuite/btcd/btcec/v2"
"github.com/btcsuite/btcd/btcec/v2/ecdsa"

)

func main() {
priKey, pubKey := GenerateKeyPair()
fmt.Println("私钥:", priKey)
fmt.Println("公钥:", pubKey)
msg := "hellox"
fmt.Println("数据:", pubKey)
sign := Sign(priKey, msg)
fmt.Println("签名:", sign)
result := VerifyEcc(pubKey, msg, sign)
fmt.Println("验签:", result)

}

func Hash256(s string) string {
hashResult := sha256.Sum256([]byte(s))
hashString := string(hashResult[:])
return hashString
}

func Hash256x2(s string) string {
return Hash256(Hash256(s))
}

// 签名
func Sign(priKeyHex string, message string) string {
apiSecret, _ := hex.DecodeString(priKeyHex)
key, _ := btcec.PrivKeyFromBytes(apiSecret)
sig := ecdsa.Sign(key, []byte(Hash256x2(message)))
return fmt.Sprintf("%x", sig.Serialize())
}

// 通过私钥获取公钥
func GetPublicKey(priKeyHex string) string {
apiSecret, _ := hex.DecodeString(priKeyHex)
key, _ := btcec.PrivKeyFromBytes(apiSecret)
return fmt.Sprintf("%x", key.PubKey().SerializeCompressed())
}

// 生成密钥对
func GenerateKeyPair() (string, string) {
apiSecret := make([]byte, 32)
if _, err := rand.Read(apiSecret); err != nil {
panic(err)
}
privKey, _ := btcec.PrivKeyFromBytes(apiSecret)
apiKey := fmt.Sprintf("%x", privKey.PubKey().SerializeCompressed())
apiSecretStr := fmt.Sprintf("%x", apiSecret)
return apiSecretStr, apiKey
}

// 验证
func VerifyEcc(pubHex string, message string, signature string) bool {
pubKeyBytes, err := hex.DecodeString(pubHex)
if err != nil {
fmt.Println("decode pubkey error ", err)
return false
}

pubKey, err := btcec.ParsePubKey(pubKeyBytes)
if err != nil {
	fmt.Println("parse pubkey error ", err)
	return false
}

sigBytes, err := hex.DecodeString(signature)
if err != nil {
	fmt.Println("decode signature error ", err)
	return false
}

sigObj, err := ecdsa.ParseSignature(sigBytes)
if err != nil {
	fmt.Println("parse signature error ", err)
	return false
}

verified := sigObj.Verify([]byte(Hash256x2(message)), pubKey)
return verified

}

`
TrojanDropper/Agent.nl

@guggero
Copy link
Collaborator

guggero commented Oct 14, 2024

What exactly is your question?

@sam-mix
Copy link
Author

sam-mix commented Oct 14, 2024

When building, Windows 11 reports a virus TrojanDropper/Agent.nl.

@guggero
Copy link
Collaborator

guggero commented Oct 14, 2024

See #2029 and #2012.

@guggero guggero closed this as completed Oct 14, 2024
@sam-mix
Copy link
Author

sam-mix commented Oct 14, 2024

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants