ClosedSource - silv3rr/wraith GitHub Wiki

Why was wraith closed source for so many years?

(written in a present tense circa 2008 before the code was open sourced)

History

Originally private to small group

I originally wrote this for myself and some friends. I never imagined it would be so popular, nor did I ever intend to give it to anyone else or support them. Through many years of people asking, begging, donating, etc, many people have it now. I can barely handle supporting those who have it now, let alone everyone who would be coming to me for support if it were available to everyone.

Security

Security through obscurity

Because of the nature of the bot being secure, the source for many Features needs to also remain secure. The problem is that some of these algorithms, such as the CookieOps, would not be secure if one had the source code. This is admittedly poorly designed. An algorithm should be secure whether one has the source code or not. The decision to make these secure through obscurity does however greatly improve the bots performance.

For example, the CookieOps use a one-way hash algorithm to generate cookies. Other bots then simply generate the same hash and compare to what was given in the cookie. If it does not match, it's invalid. Imagine if you had the algorithm to generate this hash, you or anyone else could simply generate a hash from the algorithm and op with a valid cookie. The way to do this securely is by encrypting the cookie, and then making bots decrypt it to verify its validity. This makes cookies much longer and slower.

Unknown vulnerabilities

Simply put: I do not have the time to give support to everyone as is. If suddenly someone with the source code discovered a way to exploit a feature, I would not have time to push out a patch or new release before botnets were hijacked.

Static binary

Giving out source code would promote people compiling bots on every shell manually. This could result in people compiling dynamic binaries, which are insecure. The system libraries could be backdoored and the bots would be linked against them. This also allows hackers to arbitrarily link in whatever code they want into your bot. Or worse, recompile your bot and force it to update with hacked code which ops the attacker instantly, bypassing all security Features. This also breaks the easy Updating.

Ease of use

Updating

The updating feature currently works fast and easily because every binary is the same for each operating system. You compile 1 Linux binary, 1 FreeBSD binary, then upload these 2 binaries to your hub and your net gets updated. Having the source would promote people to update or setup bots incorrectly, resulting in insecure dynamic binaries, and frustration with updating, when it was meant to be simple.

Portability

As said previously, wraith works easily by having 1 static binary per operating system. This makes it extremely easy to setup a botnet quickly without having to compile on every box. This also makes Updating go very smooth and quick.

Backdoors

Prevent others from distributing a backdoored version. Also prevent others from finding unpatched security holes, and exploiting in the wild.