Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71494
Caterpillar ICE Command-Line Parser Notes, Plans, Etc.
Task Description
The ICEIn-memory Code Execution spec outlines the ability to pass command line arguments into the tool being kicked off by ICE. Caterpillar uses a config file burned in at deployment time via Builderpillar.py. The Operators would like the ability to use the command line arguments specified in the Builderpillar documentation to override portions of the burned-in configuration.
Specific conditions and constraints
- Persistence of config edits is not necessary.
- I can expect there to be a command line arguments whenever edits need to be made.
- Operators should be able to modify everything, except the baked-in RC4 key.
Commands That Need to Be Implemented:
- id <number>
- chunksize <number>
- kill file
- state file
- completion file
- mtu <packet_size>
- redundancy <percentage>
- rate <rate>
- max <bytes>
- add destination <address>,<port>,<type>
- remove destination <address>,<port>,<type>
- add collection target <filename>, <start index>,<end index>
- remove collection target <filename>,<start index>,<end index>
Implementation Plans:
Legend: To do, In Work, Complete
- Get the command line options in the ICEIn-memory Code Execution arguments struct from ICE_Entry() down into the thread running caterpillar_main()
- Add 11 new methods to CatepillarConfig and 3 to TransmitterRTPConfig which will allow a command line parser to directly operate on the burned in config after it has been loaded from the buffer produced by Builderpillar. Other modifications will be required in deeper-in objects to pass the updates along to them as well.
-
Create a parser which calls the appropriate update functions in the read-in config object. This will also have the joy of validating the user input.
-
Add tests for the 14 new methods.
- Validate the re-configured config and allow Caterpillar to proceed on it's way.
- Build, run, test, fix bugs