Adversarial C2 Protocol Implemented in Zig
1// Copyright 2026 Robby Zambito
2//
3// This file is part of zaprus.
4//
5// Zaprus is free software: you can redistribute it and/or modify it under the
6// terms of the GNU General Public License as published by the Free Software
7// Foundation, either version 3 of the License, or (at your option) any later
8// version.
9//
10// Zaprus is distributed in the hope that it will be useful, but WITHOUT ANY
11// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12// A PARTICULAR PURPOSE. See the GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License along with
15// Zaprus. If not, see <https://www.gnu.org/licenses/>.
16
17socket: RawSocket,
18headers: EthIpUdp,
19connection: SaprusMessage,
20
21const Connection = @This();
22
23// 'p' as base64
24const pong = "cA==";
25
26/// Attempts to read from the network, and returns the next message, if any.
27///
28/// Asserts that `buf` is large enough to store the message that is received.
29///
30/// This will internally process management messages, and return the message
31/// payload for the next non management connection message.
32/// This function is ignorant to the message encoding.
33pub fn next(self: *Connection, io: Io, buf: []u8) ![]const u8 {
34 while (true) {
35 log.debug("Awaiting connection message", .{});
36 const res = try self.socket.receive(buf);
37 log.debug("Received {} byte connection message", .{res.len});
38 const msg = SaprusMessage.parse(res[42..]) catch |err| {
39 log.err("Failed to parse next message: {t}\n{x}\n{x}", .{ err, res[0..], res[42..] });
40 return err;
41 };
42
43 switch (msg) {
44 .connection => |con_res| {
45 if (try con_res.management()) |mgt| {
46 log.debug("Received management message {t}", .{mgt});
47 switch (mgt) {
48 .ping => {
49 log.debug("Sending pong", .{});
50 try self.send(io, .{ .management = true }, pong);
51 log.debug("Sent pong message", .{});
52 },
53 else => |m| log.debug("Received management message that I don't know how to handle: {t}", .{m}),
54 }
55 } else {
56 log.debug("Payload was {s}", .{con_res.payload});
57 return con_res.payload;
58 }
59 },
60 else => |m| {
61 std.debug.panic("Expected connection message, instead got {x}. This means there is an error with the BPF.", .{@intFromEnum(m)});
62 },
63 }
64 }
65}
66
67/// Attempts to write a message to the network.
68///
69/// Clients should pass `.{}` for options unless you know what you are doing.
70/// `buf` will be sent over the network as-is; this function is ignorant of encoding.
71pub fn send(self: *Connection, io: Io, options: SaprusMessage.Connection.Options, buf: []const u8) !void {
72 const io_source: std.Random.IoSource = .{ .io = io };
73 const rand = io_source.interface();
74
75 log.debug("Sending connection message", .{});
76
77 self.connection.connection.options = options;
78 self.connection.connection.payload = buf;
79 var connection_bytes_buf: [2048]u8 = undefined;
80 const connection_bytes = self.connection.toBytes(&connection_bytes_buf);
81
82 self.headers.ip.id = rand.int(u16);
83 self.headers.setPayloadLen(connection_bytes.len);
84
85 var msg_buf: [2048]u8 = undefined;
86 var msg_w: Writer = .fixed(&msg_buf);
87 try msg_w.writeAll(&self.headers.toBytes());
88 try msg_w.writeAll(connection_bytes);
89 const full_msg = msg_w.buffered();
90
91 try self.socket.send(full_msg);
92
93 log.debug("Sent {} byte connection message", .{full_msg.len});
94}
95
96const std = @import("std");
97const Io = std.Io;
98const Writer = std.Io.Writer;
99
100const log = std.log;
101
102const SaprusMessage = @import("./message.zig").Message;
103
104const EthIpUdp = @import("./EthIpUdp.zig").EthIpUdp;
105const RawSocket = @import("./RawSocket.zig");