proone-mkdvault
Tool for building the Data Vault (DVault) binary containing masked configuration and sensitive data.Overview
proone-mkdvault compiles various configuration files and data into a single masked binary blob. The DVault is appended to Proone executables and contains all sensitive data needed for operation.Usage
Arguments
<cred dict>: Path to binary credential dictionary (from proone-mkcdict)
Data Sources
The tool compiles data from:Compile-Time Configuration
PRNE_PROG_VER: Program version UUIDPRNE_SHG_SALT: Shared global salt valuePRNE_CNC_TXT_REC: CNC TXT record domainPRNE_VER_MAT: Version compatibility matrixPRNE_BNE_EXEC_NAME: Executable name for deploymentPRNE_BNE_LOCK_NAME: Lock file name
X.509 Certificates (from proone_conf/x509.h)
PRNE_X509_CA_CRT: CA certificatePRNE_X509_DH: Diffie-Hellman parametersPRNE_X509_S_CRT: Server certificatePRNE_X509_S_KEY: Server private keyPRNE_X509_C_CRT: Client certificatePRNE_X509_C_KEY: Client private key
DNS Configuration (from proone_conf/config.h)
PRNE_RESOLV_NS_POOL_IPV4: IPv4 DoT server addressesPRNE_RESOLV_NS_POOL_IPV6: IPv6 DoT server addresses
Recon Configuration (from proone_conf/config.h)
PRNE_RCN_PORTS: Target port listPRNE_RCN_T_IPV4: IPv4 target networksPRNE_RCN_BL_IPV4: IPv4 blacklist networksPRNE_RCN_T_IPV6: IPv6 target networksPRNE_RCN_BL_IPV6: IPv6 blacklist networks
External Files
- Credential dictionary (command-line argument)
DVault Format
Masking Process
Mask Generation
- Generate 256 random bytes using mbedtls entropy
- Create random permutation (0-255)
- Store in DVault header
Data Masking
For each data entry:- Generate random salt byte
- XOR data with salt
- Apply mask permutation
- Store masked result
Types of Data
- Binary (PRNE_DATA_TYPE_BIN): Raw binary data
- C String (PRNE_DATA_TYPE_CSTR): Null-terminated strings
Data Keys
DVault entries are accessed by key:PRNE_DATA_KEY_PROG_VER: Program versionPRNE_DATA_KEY_SHG_SALT: Shared global saltPRNE_DATA_KEY_X509_CA_CRT: CA certificatePRNE_DATA_KEY_X509_DH: DH parametersPRNE_DATA_KEY_X509_S_CRT: Server certificatePRNE_DATA_KEY_X509_S_KEY: Server keyPRNE_DATA_KEY_X509_C_CRT: Client certificatePRNE_DATA_KEY_X509_C_KEY: Client keyPRNE_DATA_KEY_RESOLV_NS_IPV4: IPv4 DNS serversPRNE_DATA_KEY_RESOLV_NS_IPV6: IPv6 DNS serversPRNE_DATA_KEY_CNC_TXT_REC: CNC domainPRNE_DATA_KEY_RCN_PORTS: Recon portsPRNE_DATA_KEY_RCN_T_IPV4: IPv4 targetsPRNE_DATA_KEY_RCN_BL_IPV4: IPv4 blacklistPRNE_DATA_KEY_RCN_T_IPV6: IPv6 targetsPRNE_DATA_KEY_RCN_BL_IPV6: IPv6 blacklistPRNE_DATA_KEY_CRED_DICT: CredentialsPRNE_DATA_KEY_EXEC_NAME: Executable namePRNE_DATA_KEY_VER_MAT: Version matrixPRNE_DATA_KEY_BNE_LOCK_NAME: Lock file name
Size Limits
- Maximum total size: 65,535 bytes (16-bit size field)
- Individual entry sizes vary by content
Validation
The tool performs three load/unload cycles:- Initialize DVault from binary
- Retrieve all entries by key
- Verify data matches original
- Repeat 3 times
- Correct masking/unmasking
- No data corruption
- Proper offset calculation
Terminal Safety
Version Matrix
ThePRNE_VER_MAT contains UUIDs of compatible versions:
- Sorted in ascending order
- Used for version comparison
- Enables compatibility checks
Security Features
Data Obfuscation
- XOR masking prevents
stringsanalysis - Random mask per build
- Different mask for each entry
- Salt randomization
Anti-Analysis
- High entropy prevents compression
- Difficult to identify data types
- No clear structure in binary
- Randomized offsets
Exit Codes
| Code | Description |
|---|---|
| 0 | Success |
| 1 | Runtime error |
| 2 | Invalid arguments or validation failure |
Error Messages
Null Entry
Size Limit
Masking Errors
Example Usage
Dependencies
- mbedtls (entropy and CSPRNG)
- Credential dictionary binary
- Configuration headers:
proone_conf/config.hproone_conf/x509.h
Integration
DVault is used by:- proone-pack: Embedded in all executables
- proone: Loaded at runtime
- proone-bne: Loaded for testing
- Configuration changes
- Certificates are updated
- Network targets change
- Credential dictionary updates
Source
Location:src/proone-mkdvault.c