From 1cfec4d7373f066c3844cecc18d103798f7147cc Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 26 Nov 2025 14:11:29 +0300
Subject: [PATCH] nfqws2: update code

---
 nfq2/crypto/aes-ctr.c | 51 +++++++++++++++++++++++++++++--------------
 nfq2/crypto/aes-ctr.h |  1 +
 nfq2/desync.c         |  2 +-
 nfq2/lua.c            | 43 +++++++++++++++++++++++++++++++++++-
 nfq2/lua.h            |  1 +
 5 files changed, 80 insertions(+), 18 deletions(-)

diff --git a/nfq2/crypto/aes-ctr.c b/nfq2/crypto/aes-ctr.c
index 4c351d4..f046c01 100644
--- a/nfq2/crypto/aes-ctr.c
+++ b/nfq2/crypto/aes-ctr.c
@@ -3,33 +3,52 @@
 
 #define AES_BLOCKLEN 16
 
+
+// add 64-bit value to 16-byte big endian counter
+#if defined(__GNUC__) && !defined(__llvm__)
+__attribute__((optimize ("no-strict-aliasing")))
+#endif
+void ctr_add(uint8_t *counter, uint64_t add)
+{
+#ifndef __BYTE_ORDER__
+ #error "__BYTE_ORDER__ not defined"
+#endif
+	uint64_t *c = (uint64_t*)counter;
+
+#if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+	uint64_t sum = c[1] + add;
+	if (sum < c[1]) // overflow
+		c[0]++;
+	c[1] = sum;
+#else
+	uint64_t lsw = __builtin_bswap64(c[1]);
+	uint64_t sum = lsw + add;
+	if (sum < lsw) // overflow
+		c[0] = __builtin_bswap64(__builtin_bswap64(c[0]) + 1);
+	c[1] = __builtin_bswap64(sum);
+#endif
+}
+
+// increment 16-byte big endian counter
+static inline void ctr_increment(uint8_t *counter)
+{
+	for (int8_t bi = (AES_BLOCKLEN - 1); (bi >= 0) && !++counter[bi]; bi--);
+}
+
 #if defined(__GNUC__) && !defined(__llvm__)
 __attribute__((optimize ("no-strict-aliasing")))
 #endif
 void aes_ctr_xcrypt_buffer(aes_context *ctx, const uint8_t *iv, const uint8_t *in, size_t length, uint8_t *out)
 {
-	uint8_t bi, buffer[AES_BLOCKLEN], ivc[AES_BLOCKLEN];
+	uint8_t bi, ivc[AES_BLOCKLEN], buffer[AES_BLOCKLEN];
 	size_t i, l16 = length & ~0xF;
 
 	memcpy(ivc, iv, AES_BLOCKLEN);
 
 	for (i = 0; i < l16; i += 16)
 	{
-		memcpy(buffer, ivc, AES_BLOCKLEN);
-		aes_cipher(ctx, buffer, buffer);
-
-		// Increment ivc and handle overflow
-		for (bi = (AES_BLOCKLEN - 1); bi >= 0; --bi)
-		{
-			// inc will owerflow
-			if (ivc[bi] == 255)
-			{
-				ivc[bi] = 0;
-				continue;
-			}
-			ivc[bi]++;;
-			break;
-		}
+		aes_cipher(ctx, ivc, buffer);
+		ctr_increment(ivc);
 		*((uint64_t*)(out + i)) = *((uint64_t*)(in + i)) ^ ((uint64_t*)buffer)[0];
 		*((uint64_t*)(out + i + 8)) = *((uint64_t*)(in + i + 8)) ^ ((uint64_t*)buffer)[1];
 	}
diff --git a/nfq2/crypto/aes-ctr.h b/nfq2/crypto/aes-ctr.h
index 7fc9bbe..644535b 100644
--- a/nfq2/crypto/aes-ctr.h
+++ b/nfq2/crypto/aes-ctr.h
@@ -5,3 +5,4 @@
 
 void aes_ctr_xcrypt_buffer(aes_context *ctx, const uint8_t *iv, const uint8_t *in, size_t length, uint8_t *out);
 int aes_ctr_crypt(const uint8_t *key, unsigned int key_len, const uint8_t *iv, const uint8_t *in, size_t length, uint8_t *out);
+void ctr_add(uint8_t *counter, uint64_t add);
diff --git a/nfq2/desync.c b/nfq2/desync.c
index 7d98d80..a6de8af 100644
--- a/nfq2/desync.c
+++ b/nfq2/desync.c
@@ -659,7 +659,7 @@ static uint8_t desync(
 	struct func_list *func;
 	int ref_arg = LUA_NOREF, status;
 	bool b, b_cutoff_all, b_unwanted_payload;
-	t_lua_desync_context ctx = { .dp = dp,.ctrack = ctrack };
+	t_lua_desync_context ctx = { .dp = dp, .ctrack = ctrack, .dis = dis };
 	const char *sDirection = bIncoming ? "in" : "out";
 	struct packet_range *range;
 	size_t l;
diff --git a/nfq2/lua.c b/nfq2/lua.c
index 9ce2c57..948dbad 100644
--- a/nfq2/lua.c
+++ b/nfq2/lua.c
@@ -1,5 +1,6 @@
 #include <time.h>
 #include <fcntl.h>
+#include <sys/utsname.h>
 
 #include "lua.h"
 #include "params.h"
@@ -526,6 +527,27 @@ static int luacall_hkdf(lua_State *L)
 }
 
 
+static int luacall_uname(lua_State *L)
+{
+	lua_check_argc(L,"uname", 0);
+
+	LUA_STACK_GUARD_ENTER(L)
+
+	struct utsname udata;
+
+	if (uname(&udata))
+		lua_pushnil(L);
+	else
+	{
+		lua_createtable(params.L, 0, 5);
+		lua_pushf_str("sysname", udata.sysname);
+		lua_pushf_str("nodename", udata.nodename);
+		lua_pushf_str("release", udata.release);
+		lua_pushf_str("version", udata.version);
+		lua_pushf_str("machine", udata.machine);
+	}
+	LUA_STACK_GUARD_RETURN(L,1)
+}
 
 static int luacall_instance_cutoff(lua_State *L)
 {
@@ -610,6 +632,23 @@ bool lua_instance_cutoff_check(const t_lua_desync_context *ctx, bool bIn)
 	return b;
 }
 
+static int luacall_raw_packet(lua_State *L)
+{
+	lua_check_argc(L,"raw_packet",1);
+
+	LUA_STACK_GUARD_ENTER(L)
+
+	const t_lua_desync_context *ctx;
+
+	if (!lua_islightuserdata(L,1))
+		luaL_error(L, "raw_packet expect desync context in the first argument");
+	ctx = lua_touserdata(L,1);
+
+	lua_pushlstring(L, (const char*)ctx->dis->data_pkt, ctx->dis->len_pkt);
+
+	LUA_STACK_GUARD_RETURN(L,1)
+}
+
 
 void lua_pushf_nil(const char *field)
 {
@@ -716,7 +755,6 @@ void lua_push_blob(int idx_desync, const char *blob)
 	{
 		lua_pop(params.L,1);
 		lua_getglobal(params.L, blob);
-printf("TYPE %s %d\n",blob,lua_type(params.L,-1));
 	}
 }
 void lua_pushf_blob(int idx_desync, const char *field, const char *blob)
@@ -2721,6 +2759,9 @@ static void lua_init_functions(void)
 
 		// voluntarily stop receiving packets
 		{"instance_cutoff",luacall_instance_cutoff},
+		// get raw packet data
+		{"raw_packet",luacall_raw_packet},
+		{"uname",luacall_uname},
 
 		// convert table representation to blob or vise versa
 		{"reconstruct_tcphdr",luacall_reconstruct_tcphdr},
diff --git a/nfq2/lua.h b/nfq2/lua.h
index 9b81886..fd694ef 100644
--- a/nfq2/lua.h
+++ b/nfq2/lua.h
@@ -82,6 +82,7 @@ typedef struct {
 	const char *func, *instance;
 	const struct desync_profile *dp;
 	const t_ctrack *ctrack;
+	const struct dissect *dis;
 } t_lua_desync_context;
 
 bool lua_instance_cutoff_check(const t_lua_desync_context *ctx, bool bIn);