Initial commit

Author: franckferman

.gitattributes

@@ -0,0 +1,18 @@
+# Linguist
+docs/** linguist-documentation=true
+scripts/** linguist-vendored=true
+samples/** linguist-documentation=true
+samples/*.lastlog binary
+samples/*.wtmp binary
+samples/*.utmp binary
+samples/*.btmp binary
+
+# LF normalization
+*.rs text eol=lf diff=rust
+*.toml text eol=lf
+*.md text eol=lf
+*.yml text eol=lf
+*.yaml text eol=lf
+LICENSE text eol=lf
+.gitignore text eol=lf
+.gitattributes text eol=lf

.github/workflows/ci.yml

@@ -0,0 +1,73 @@
+name: CI
+
+on:
+  push:
+    branches: [stable, dev]
+    paths:
+      - 'src/**'
+      - 'Cargo.toml'
+      - 'scripts/**'
+  pull_request:
+    branches: [stable]
+
+jobs:
+  build:
+    name: Build & Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - run: cargo build --release
+      - run: cargo test
+      - name: Verify binary
+        run: ./target/release/hidemylogs --version
+
+  generate-samples:
+    name: Regenerate samples
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - uses: dtolnay/rust-toolchain@stable
+
+      - name: Check if generate script changed
+        id: check
+        run: |
+          if git diff --name-only HEAD~1 2>/dev/null | grep -q 'scripts/generate_samples.py'; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Generate samples
+        if: steps.check.outputs.changed == 'true'
+        run: python3 scripts/generate_samples.py
+
+      - name: Build and verify samples parse
+        if: steps.check.outputs.changed == 'true'
+        run: |
+          cargo build --release
+          echo "--- utmp ---"
+          ./target/release/hidemylogs -q print -u samples/compromised.utmp -s u
+          echo "--- wtmp ---"
+          ./target/release/hidemylogs -q print -w samples/compromised.wtmp -s w
+          echo "--- btmp ---"
+          ./target/release/hidemylogs -q print -b samples/compromised.btmp -s b
+          echo "--- lastlog ---"
+          ./target/release/hidemylogs -q print -l samples/compromised.lastlog -s l
+
+      - name: Commit updated samples
+        if: steps.check.outputs.changed == 'true' && github.event_name == 'push'
+        run: |
+          git config user.name "franckferman"
+          git config user.email "franckferman@users.noreply.github.com"
+          git add samples/
+          if git diff --cached --quiet; then
+            echo "[*] No changes to samples."
+          else
+            git commit -m "Regenerate sample files"
+            git push
+          fi

.github/workflows/release.yml

@@ -0,0 +1,86 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    name: Build ${{ matrix.name }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - target: x86_64-unknown-linux-musl
+            name: linux-x86_64-musl
+            poly: false
+          - target: x86_64-unknown-linux-musl
+            name: linux-x86_64-musl-poly
+            poly: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        if: matrix.poly
+        with:
+          python-version: "3.12"
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - name: Install musl tools
+        run: sudo apt-get update && sudo apt-get install -y musl-tools
+
+      - name: Polymorphic prep
+        if: matrix.poly
+        run: python3 scripts/polymorphic.py
+
+      - name: Build
+        run: |
+          if [ "${{ matrix.poly }}" = "true" ]; then
+            RUSTFLAGS="-Ccontrol-flow-guard=no -Cforce-frame-pointers=no" \
+              cargo build --profile poly --target ${{ matrix.target }}
+            cp target/${{ matrix.target }}/poly/hidemylogs hidemylogs-${{ matrix.name }}
+          else
+            cargo build --release --target ${{ matrix.target }}
+            cp target/${{ matrix.target }}/release/hidemylogs hidemylogs-${{ matrix.name }}
+          fi
+
+      - name: Revert sources
+        if: matrix.poly
+        run: python3 scripts/polymorphic.py --revert
+
+      - name: Checksum
+        run: sha256sum hidemylogs-${{ matrix.name }} > hidemylogs-${{ matrix.name }}.sha256
+
+      - name: Upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: hidemylogs-${{ matrix.name }}
+          path: |
+            hidemylogs-${{ matrix.name }}
+            hidemylogs-${{ matrix.name }}.sha256
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          merge-multiple: true
+
+      - name: Generate checksums
+        run: cat *.sha256 > checksums.sha256
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          files: |
+            hidemylogs-*
+            checksums.sha256
+          generate_release_notes: true

.github/workflows/static.yml

@@ -0,0 +1,40 @@
+name: Deploy static content to Pages
+
+on:
+  push:
+    branches: ["stable"]
+    paths:
+      - "docs/**"
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: './docs'
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.gitignore

@@ -0,0 +1,24 @@
+# Rust
+/target
+Cargo.lock
+
+# Editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+desktop.ini
+$RECYCLE.BIN/
+
+# Signing
+*.pfx
+*.cer
+*.p12
+*.pem
+*.key
+.poly_backup/

Cargo.toml

@@ -0,0 +1,33 @@
+[package]
+name = "hidemylogs"
+version = "1.0.0"
+edition = "2021"
+authors = ["Franck FERMAN <franckferman@users.noreply.github.com>"]
+description = "Surgical *nix log cleaner - selectively erase access records from lastlog, wtmp, btmp, and utmp while preserving file metadata"
+license = "AGPL-3.0"
+repository = "https://github.com/franckferman/hidemylogs"
+keywords = ["security", "forensics", "red-team", "post-exploitation", "logs"]
+categories = ["command-line-utilities"]
+
+[dependencies]
+clap = { version = "4", features = ["derive"] }
+chrono = "0.4"
+colored = "2"
+filetime = "0.2"
+
+[profile.release]
+opt-level = "z"
+lto = true
+strip = true
+panic = "abort"
+
+# Polymorphic build profile: max obfuscation at compiler level
+[profile.poly]
+inherits = "release"
+opt-level = 3              # O3 instead of Oz: different inlining/vectorization decisions
+lto = "fat"                # full cross-crate LTO: more aggressive reordering
+codegen-units = 1          # single codegen unit: deterministic but different layout from release
+strip = "symbols"          # strip symbols but keep .rodata (our randomized strings)
+panic = "abort"
+overflow-checks = false    # remove overflow checks: changes CFG
+debug-assertions = false