new anti-VM features: checks coherence of files dates

Victor MASIAK · Victor MASIAK · commit 9354b5ad6dbc · 2021-06-01T10:45:25.000+02:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -28,7 +28,7 @@ add_executable(
         antiVM/loadedModulesFromLSMOD.c antiVM/loadedModulesFromLSMOD.h
 
         antiFake/firefoxHistory.c antiFake/firefoxHistory.h
-        antiFake/chromeHistory.c antiFake/chromeHistory.h antiFake/browserHistory.c antiFake/browserHistory.h antiFake/upTime.c antiFake/upTime.h antiVM/screenResolution.c antiVM/screenResolution.h antiVM/userNames.c antiVM/userNames.h antiVM/devicesScsi.c antiVM/devicesScsi.h antiVM/biosVendor.c antiVM/biosVendor.h antiVM/productName.c antiVM/productName.h antiVM/systemVendor.c antiVM/systemVendor.h antiVM/boardVendor.c antiVM/boardVendor.h)
+        antiFake/chromeHistory.c antiFake/chromeHistory.h antiFake/browserHistory.c antiFake/browserHistory.h antiFake/upTime.c antiFake/upTime.h antiVM/screenResolution.c antiVM/screenResolution.h antiVM/userNames.c antiVM/userNames.h antiVM/devicesScsi.c antiVM/devicesScsi.h antiVM/biosVendor.c antiVM/biosVendor.h antiVM/productName.c antiVM/productName.h antiVM/systemVendor.c antiVM/systemVendor.h antiVM/boardVendor.c antiVM/boardVendor.h antiVM/systemAge.c antiVM/systemAge.h)
 
 find_package(X11 REQUIRED)
 include_directories(${X11_INCLUDE_DIR})
diff --git a/antiVM/systemAge.c b/antiVM/systemAge.c
@@ -0,0 +1,45 @@
+#include <time.h>
+#include "systemAge.h"
+
+const char* FILES_CHECK_AGE[]   = {".", "/"};
+const int FILES_CHECK_AGE_SIZE  = 2;
+
+int checkSystemAgeCoherence(char* resultDescriptionBuffer){
+
+    char tmp[3][128];
+    strcpy(resultDescriptionBuffer, "");
+
+    time_t systemAge, currentDirectory;
+    int isOlder;
+    int couldReadFiles = RESULT_SUCCESS;
+    int result = RESULT_SUCCESS;
+
+    if(getLastModification("/var/log/installer", &systemAge)){
+        strcat(resultDescriptionBuffer, "--> Could not read /var/log/installer metadata.\n");
+        return RESULT_UNKNOWN;
+    }
+
+    for(int i=0 ; i<FILES_CHECK_AGE_SIZE ; i++){
+        if(getLastModification(FILES_CHECK_AGE[i], &currentDirectory)){
+            snprintf(tmp[0], 128, "--> Could not read %s metadata.\n", FILES_CHECK_AGE[i]);
+            strcat(resultDescriptionBuffer, tmp[0]);
+            couldReadFiles = RESULT_UNKNOWN;
+        }
+        isOlder = difftime(currentDirectory, systemAge) >= 0;//should be true
+        if(!isOlder){
+            strftime(tmp[0], 128, "%d-%m-%Y", localtime(&currentDirectory));
+            strftime(tmp[1], 128, "%d-%m-%Y", localtime(&systemAge));
+            snprintf(tmp[2], 128, "--> %s is older than /var/log/installer (%s vs %s).\n", FILES_CHECK_AGE[i], tmp[0], tmp[1]);
+            strcat(resultDescriptionBuffer, tmp[2]);
+            result = RESULT_FAILURE;
+        }
+    }
+
+    if(result == RESULT_FAILURE){
+        return result;
+    }else if(couldReadFiles == RESULT_UNKNOWN){
+        return RESULT_UNKNOWN;
+    }else{
+        return RESULT_SUCCESS;
+    }
+}
diff --git a/antiVM/systemAge.h b/antiVM/systemAge.h
@@ -0,0 +1,9 @@
+#ifndef APATE_SYSTEMAGE_H
+#define APATE_SYSTEMAGE_H
+
+#include "../constants.h"
+#include "../files.h"
+
+int checkSystemAgeCoherence(char* resultDescriptionBuffer);
+
+#endif //APATE_SYSTEMAGE_H
diff --git a/files.c b/files.c
@@ -86,4 +86,19 @@ void readFileLine(char* filename, int lineNumber, char* buffer){
         }
         fclose(file);
     }
+}
+
+int getLastModification(char* path, time_t* lastModification){
+
+    int file=0;
+    if((file=open(path,O_RDONLY)) < -1)
+        return 1;
+
+    struct stat fileStat;
+    if(fstat(file,&fileStat) < 0)
+        return 1;
+
+    *lastModification = fileStat.st_mtime;
+    return 0;
+
 }
diff --git a/files.h b/files.h
@@ -9,8 +9,12 @@
 #include <unistd.h>
 #include <errno.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 int cp(const char *to, const char *from);
 int checkWordInFile(FILE* file, char* str);
 void readFileLine(char* filename, int lineNumber, char* buffer);
+int getLastModification(char* path, time_t* lastModification);
 
 #endif //APATE_FILES_H
diff --git a/main.c b/main.c
@@ -55,6 +55,7 @@ int main(int argc, char *argv[]) {
     printHeader("ANTI-FAKE");
     printResult("Inspects browsers histories", checkBrowserHistory(resultDescriptionBuffer), resultDescriptionBuffer);
     printResult("Checks that the system has been running for at least 30 minutes", checkUpTime(resultDescriptionBuffer), resultDescriptionBuffer);
+    printResult("Checks the coherence of system age", checkSystemAgeCoherence(resultDescriptionBuffer), resultDescriptionBuffer);
 
     return 0;
 }
diff --git a/main.h b/main.h
@@ -38,5 +38,6 @@ extern int paramCompact;
 
 #include "antiFake/browserHistory.h"
 #include "antiFake/upTime.h"
+#include "antiVM/systemAge.h"
 
 #endif //APATE_MAIN_H

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ int main(int argc, char *argv[]) {`
`55`	`55`	`printHeader("ANTI-FAKE");`
`56`	`56`	`printResult("Inspects browsers histories", checkBrowserHistory(resultDescriptionBuffer), resultDescriptionBuffer);`
`57`	`57`	`printResult("Checks that the system has been running for at least 30 minutes", checkUpTime(resultDescriptionBuffer), resultDescriptionBuffer);`
	`58`	`+ printResult("Checks the coherence of system age", checkSystemAgeCoherence(resultDescriptionBuffer), resultDescriptionBuffer);`
`58`	`59`
`59`	`60`	`return 0;`
`60`	`61`	`}`