Jump to content




1lann's Rescue Disk/Antivirus (v0.5)


  • This topic is locked This topic is locked
25 replies to this topic

#1 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 06 July 2012 - 04:59 PM

Hello! This is a rescue disk/antivirus that I wrote which can (hopeully) detect and remove viruses on your CC Computer
You must have the HTTP API Enabled (And working)
Also, on the first time, you must run the program when you know your computer's startup is clean.

Features:
Window GUI and Auto-updating database
Posted Image


You have to run the program from a disk as startup.
You can download the program by using
pastebin get hLnnpXtZ /disk/startup
Note: If you get an message saying that the disk is infected, reinstall the antivirus.
Constructive feedback/criticism is welcome. Please post if you get any false-positives or any viruses being undetected. Feel free to post ideas and improvements to make. Btw, editing the file will cause you to get a message saying the dis is infected XD.

#2 Wolvan

  • New Members
  • 384 posts
  • LocationIn the TARDIS

Posted 07 July 2012 - 10:36 AM

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?

#3 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 07 July 2012 - 12:00 PM

View PostWolvan, on 07 July 2012 - 10:36 AM, said:

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?
Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it

Anyway, it reads a database from http://pastebin.com/xJhGLZeV
What it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.

#4 Pinkishu

  • Members
  • 484 posts

Posted 07 July 2012 - 01:44 PM

View Post1lann, on 07 July 2012 - 12:00 PM, said:

View PostWolvan, on 07 July 2012 - 10:36 AM, said:

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?
Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it

Anyway, it reads a database from http://pastebin.com/xJhGLZeV
What it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.

So easy to get around :P/>

#5 Wolvan

  • New Members
  • 384 posts
  • LocationIn the TARDIS

Posted 07 July 2012 - 02:40 PM

No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC

#6 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 07 July 2012 - 04:23 PM

View PostPinkishu, on 07 July 2012 - 01:44 PM, said:

So easy to get around :P/>
lol

View PostWolvan, on 07 July 2012 - 02:40 PM, said:

No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC

Thanks!

#7 Pinkishu

  • Members
  • 484 posts

Posted 07 July 2012 - 05:04 PM

it doesn't cover if someone uses rawset to change a function from what i've seen :P/>
also seems you could write a new function and do
function myFunc() end
rs.setOutput = myFunc
or
rawset(rs,"setOutput", function() end )

One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc

#8 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 08 July 2012 - 09:48 AM

View PostPinkishu, on 07 July 2012 - 05:04 PM, said:

it doesn't cover if someone uses rawset to change a function from what i've seen :)/>
also seems you could write a new function and do
function myFunc() end
rs.setOutput = myFunc
or
rawset(rs,"setOutput", function() end )

One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc

Well.... I'll add support for rawset and os.function = myfunction. But as for encoding code, I'll just wait until I see one and add it to the database XD

#9 Exerro

  • Members
  • 801 posts

Posted 14 July 2012 - 12:51 PM

i want to download this to test my virus but dont know how...can you upload the file pls?

#10 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 15 July 2012 - 12:20 AM

View Postawsumben13, on 14 July 2012 - 12:51 PM, said:

i want to download this to test my virus but dont know how...can you upload the file pls?
sure, http://pastebin.com/....php?i=hLnnpXtZ

#11 Exerro

  • Members
  • 801 posts

Posted 15 July 2012 - 08:55 AM

it didnt work??? it says attempt to index (a nil value)

#12 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 15 July 2012 - 03:48 PM

View Postawsumben13, on 15 July 2012 - 08:55 AM, said:

it didnt work??? it says attempt to index (a nil value)

You sure you have the HTTP API Enabled?

#13 Exerro

  • Members
  • 801 posts

Posted 15 July 2012 - 06:11 PM

how do you enable it? i dont think its enabled

#14 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 16 July 2012 - 01:22 AM

View Postawsumben13, on 15 July 2012 - 06:11 PM, said:

how do you enable it? i dont think its enabled
Go to
.minecraft/config/ComputerCraft.cfg
And make sure enableHTTPAPI is set to 1
(or something like that)
I made some changes recently so you may have to re-download it.

#15 dragoon2

  • Members
  • 10 posts

Posted 17 July 2012 - 03:36 AM

i have the same problem but i have httpapi enabled to 1

#16 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 17 July 2012 - 05:10 AM

View Postdragoon2, on 17 July 2012 - 03:36 AM, said:

i have the same problem but i have httpapi enabled to 1
Telling me what line the error occurs would be helpful :P/>
Go to the lua prompt
(type lua into shell)
then type "http" (without the quotes) and hit enter
what does it return?

#17 FUNCTION MAN!

  • Members
  • 292 posts

Posted 14 December 2012 - 01:35 AM

Can i include this in Aurora OS (Sorry no question mark)

#18 rickydaan

  • Members
  • 93 posts
  • LocationThe Netherlands

Posted 14 December 2012 - 01:41 AM

To prevent errors, add at the top of the script:

if http == false then print("HTTP API required. Please change this in the config.") error() end

Might help you :P

#19 Orwell

    Self-Destructive

  • Members
  • 1,091 posts

Posted 14 December 2012 - 03:20 AM

View Postrickydaan, on 14 December 2012 - 01:41 AM, said:

To prevent errors, add at the top of the script:

if http == false then print("HTTP API required. Please change this in the config.") error() end

Might help you :P

Wouldn't you rather do:
if not http then error("HTTP API required. Please change this in the config.") end
I don't think http ever equals false, rather nil.

#20 Cranium

    Ninja Scripter

  • Moderators
  • 4,031 posts
  • LocationLincoln, Nebraska

Posted 14 December 2012 - 03:48 AM

I personally like it written like this.
if not http then print("HTTP API required. Please change this in the config.") return end
It looks cleaner, because you don't actually error out the console, you just exit the program.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users