I decided to make a RAT and I am trying to make it look like Bifrost wit the same features (Not easy at all).

Here is my current progress after 2 days:


Features:
*Server Information
*System Manager
*File Manager
*Process Manager
*Screen Capture
*Webcam Capture
*Keylogger
*Basic Server Functions

Traffic is encrypted using RC4 and a random pre-shared key.
Server current size: 22kb unpacked.
Programming Language: Delphi.

This is designed to be a light rat with only the necessary features for remote controlling a pc.
Some of them aren't finished though, like the keylogger is not working on Vista (I am planning on making it working later).
This will be semi-vista compitable (It will disable the functions that does not work on Vista if the server is on Vista).

Looking good, Great work so far

Keep it up

yes it looks very intresting..
please share when done...

I will share if I ever get it done

How random?
Why RC4?
What kind of protocol is used to verify the server/client?
How is the key to encrypt the traffic derived?

First it sends anyone attempting to connect a simple test command ('<#>') and if the server replies than it lists it in the listview.
Then it generates a random SHA1 and adds 10 random chars at the end of the hash that is to be used as encryption key for the RC4 and sends it to the server which stores it until it is reconnected or restarted.
I use RC4 because it is small & good enough for RAT traffic, there is no need to use AES or Blowfish for things like this.

Example of a key used to encrypt the traffic: "F7FF9E8B7BB2E09B70935A5D785E0CC5D9D0ABF03O4S4D9F9D".

In what programming language is this done?

I would be prepared to place a bet on VB, given that this post was answered (http://www.swerat.com/forums/index.php?showtopic=4342&hl=) , then followed by this thread we are in now

Do I have to quote myself?

"Programming Language: Delphi." - First post.
It is not VB due to the fact that I am much better with Delphi

Totally missed that line :-)

Ok, or rather - not ok.

There is indeed no need to use AES or Blowfish - but there's no need to use anything more "secure" than XOR in this case.
"Random SHA1" for this purpose is also quite unnecessary and doesn't improve the security at all.

You didn't answer where you got your "randomness" from either.

Read up on some key-exchange algorithms (e.g. look at wikipedia's articles), encryption and general computer security - BEFORE saying that it uses RC4, which is generally percieved as the connection being secure from eves-droppers.

Apart from this (I am a bitch by default about encryption), it looks ok. Keep it up.

Oh, and you've probably got a looong way before even coming close to Bifrost's level. And yes, that's supposed to be long as in really long.

[DELETED BY MJA]
Removed the post since I were "spreading false claims".
Hope to many of you didnt read it, disregard what was said in it.

How random is the key?
It is generated using Random(32767) (32767 is the same as RAND_MAX in C++).
Does the encryption really matter THAT much? Its not like you're going to remote control government computers so anyone would try to crack it.
I dont understand why people need a strong encryption for a rat, noone is going to try and crack it and if they did... so what?

I don't get why people are performing key-exchanging using algos such as RC4 when dealing with RATs.
If you have a builder for the server, then you can predefine/store the key within the recently created server, and later on use it for both the server as the client.
Unfortunately, I've no idea whether the client offers password-definition or not.
As in your method about transmitting the key within a hash may look kinda suspicous, because when analyzing the traffic would for sure pay attention on the hash, which is one of the first transmitted data.
This would make it easy to figure out which algorithm that was used to generate the hash, and then get the pasword out of the hash by decrypting it (unless you don't use a salt to make this more dufficult).

For example when an exchange of an key could be nessecary is when you have a chat network, where the server NEEDS to exchange an encryption/decryption-key, as it is not possible to predefine the key within the client, because the client may want to connect to another server with a different password.

In your case, the servers will only be able to connect to one master (client), and therefore the key should already been stored in the server, as in same way as you're thinking about transferring the key.

You mentioned that the client senda a command to the server upon a connection-request, and if the server replies the connection will remain established.
What should the server reply? From what I can see, this feels vulnerable, as an unauthorized socket may connect to the client...

Apart from this, see this as a possible. I believe this can be a good RAT
Good luck!

@Mja - No!
A pre-shared key shouldn't be used for encryption. Never, ever! NO!
It should only be used to derive the "real" key used to encrypt the traffic, and to verify end users.
Otherwise (as I've already told marjinz in a previous thread...) you'll end up opening for a reply-attack, which is not the best thing one could do.

Just because you send random data doesn't mean you've invented an assymetric cipher... Nor a symmetric cipher.
There are ways to perform validation AND key-exchange quite easily by the help of hash algorithms.

In this case RC4 could've been any encryption algorithm - it wouldn't matter since the protocol is flawed (...and apparently also the RNG used, not that it'd matter).

It's not just RC4 that's "hard" to use right, all algorithms needs some consideration before using it - even qsort.

The cost of implementing better-than-"necessary" security today is often very low. In most cases the cost-difference between low-security and high-security isn't that big at all. With publicly known encryption algorithms of high quality and protocols and all that - in a way it's just ignorant to go the "XOR"- or cost-beneficial-way that all textbooks teach ya'.

Then don't use encryption, use XOR. And what more?
Don't write it as a feature when you're not even into it!!!

Oh, I am into it since it is already implented, I encrypted the encrypting key with RC4 due to that fact that you would be unable to tell the difference from the key and the rest of the traffic, as for the algorithm, I am thinking of using a predefined key like marjinz said and then use Serpent, AES or Twofish as the algorithm since it seems like a nice feature to have

[DELETED BY MJA]
Removed the post since I were "spreading false claims".
Hope to many of you didnt read it, disregard what was said in it.

Yes, that's what you thought.

Just because the standard containers use all this doesn't mean that it should be used in every single design.

There are ways to exchange keys without the use of asymmetric ciphers, but since you've been taught the basic stuff - that's what you think is the case in all implementations. And since you've already exchanged keys in a PSK-situation, why do it again?

You keep talking about a COMPLETELY DIFFERENT SUBJECT! by dragging the asymmetric ciphers along - and FYI it's an english invention and NOT an american. Thank you very much!

No that's also wrong!
It's not the "re-seeding" that's the problem here but the genericly cryptographicly insecure random number generators implemented in the standard libraries. And you're still talking about a situation with asymmetric key-exchange - IT'S NOT!

Apparently - yes.
But you still had to make that looong post, spreading false claims.

@Mja: Du är inte lite kaxig du... känner man inte lite troll-vibbar?

Hell yes!

This is something I really want! *thumbs up*
I just love the gui bifrost has and that's probably why I use it aswell
Now when ksv is gone it's really nice too see a new, hopefully updated rat, with the same simplistic look.
I really hope you will continue to develop this rat

Regards,
Garath

Here is my updated progress:

Id say that it looks really good, Vista compitable is good theese days

Talking about looks, I like that your Bifrost clone actually looks like Bifrost and come clean with it and not just like Bifrost with some hideously ugly skin.

Also Bifrost isn’t just a bunch of features slapped together, it needs to bypass security software as well so that it doesn’t have to be configured. I think that is going to be the hardest part, but you probably already knew that.

Yea, I have been thinking about that and I think that it will start out as process injection (later kernel unhooking if I get around to that).
The beta release (which will test stability) will probaly be without fwb and will most likely be unstable as hell (that is why I need it tested xD).

Here is screens of the System Manager

Great to see a Dane on the board!

I don't know if it's a breach of etiquette to speak in other languages then english? But i will give it a shot anyway.

Hej! Herligt at se at her også er danskere Jeg skal med glæde hjælpe med at beta-teste Sleipner hvis det er?

Selvfølgelig ikke. Det är ett svenskt forum. Danska och norska är förståeligt. Engelska är bäst om man inte kan något av de språken eller vill göra sig bättre förstådd.

Sen säger jag inte att vi vill ha trådar fyllda med mandarin, turkiska eller ryska.

scheisse .. haha


The rat looks nice keep it up.

lol

The project failed, my harddrive died and I didn't have a backup so the source was lost along with alot of other sources so thats really annoying.
Thanks for the comments though but this should be locked now.

wow many harddrives dies these days.. I wonder why ? ,, hmm.

Global warming omg!!1!!! (JK).

aww.. that's too bad, it looked so good