Botnet Raw Traffic

From Eggdrop Wiki

Jump to: navigation, search

This page is meant to explain the botnet "protocol" eggdrop uses to send traffic between bots. DO NOT confuse these "flags" with the normal bot flags used on the partyline. If you are just trying to link your bots or share userfiles, this page is not for you!


Link Process

Bot A is the initiating side (used ".link" or has a bot entry with "+h" or "+a" in it's userfile). It should be noted that due to networking principles, there is no strict order between input arriving at A and B, meaning: output sent by A can arrive as input at B before or after certain output from B arriving as input at A. It is listed under the "Reaction" column to what input this output is sent. The "<" and ">" around text mean this is no literal text, if literal "<" or ">" is meant, a "\" will precede it (and same for "\" then which becomes "\\").

Linking between bots that have sucessfully linked before (they have correct passwords set).
A -> B A <- B Reaction Notes
<A-botnet-nick> Sent when a connection is established.
0xFF 0xFB 0x05 Telnet control codes (see RFC 854 and RFC 875) sent when a connection is received. No newline and no spaces.
<B-telnet-banner> Only sent when "use-telnet-banner" is set to 1 in conf.
<B-stealth-prompt> Since v1.8.4; default "\n\nNickname." and only used when "stealth-telnets" is set to 1 in conf, otherwise language code 0x53e is used from the core.*.lang file prepended with "\n\n".
(If you are new, enter 'NEW' here.) Only sent when "open-telnets" is set to 1 in conf.
starttls <A-botnet-nick> Since v1.8.0; only sent when compiled with TLS enabled.
passreq \<<B-pid in hex><B-current time in hex>@<B-botnet-nick>\> <A-botnet-nick> Since v1.3.29; the argument is used as challenge for the other bot to generate an MD5 hash. Before there was no argument.
starttls - starttls Since v1.8.0; only sent when compiled with TLS enabled.
digest <A-MD5 hash> passreq Only sent when a "passreq" was received with challenge, otherwise the pass is sent in cleartext without "digest ".
*hello! digest
version <B-eggnumver> <B-handlen> <B-eggstringver> \<B-networkname\> digest "version" is "v" if NO_OLD_BOTNET is defined.
version <A-eggnumver> <A-handlen> <A-eggstringver> \<A-networkname\> *hello! "version" is "v" if NO_OLD_BOTNET is defined.
tb <A-botnet-nick> version
tb <B-botnet-nick> version

Share Process

Botnet Raw Flags

(If two flags are shown, such as pi/ping, the first is NO_OLD_BOTNET, second is !NO_OLD_BOTNET)

Core Botnet

i?/info? [idx:user@bot]
Request info to fill out 'botinfo' command
l/link [idx:user@bot viaBot targetBotToConnect]
Link via bot to target bot
"nick change"
ping: Once a minute, send ping to each bot (Hub to leaf only?)
pong: Reply to a 'pi' commamd
ul/unlink [idx:user@bot connecetedHub targetBotToDisconnect]
Tells the target bot specified to disconnect from the botnet (not used to disconnect self from botnet)
w/who [user@bot, dest bot, chan(?)]
Requests who is on a bot


All share commands (anything that is placing info into the userfile) are prefixed with a 's'. These flags are the second argument of that line. Example, adding flags to a user would look like 's a user pflo', but this section will only list the 'a' flag. The following list is sorted and each command has it's arguments listed. Mandatory arguments are within <>, optional within []. At the end of the explanation, the dcc commands triggering the share command, are listed between ().

End of share communication (not of the share connection)
+b <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global ban. Flag can be "s" (sticky), "p" (permanent) or "-" (none). (".+ban")
+bc <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel ban. See "+b" for flags. (".+ban")
+bh <bot_handle> <hostmask>
Add a hostmask to a bot. (".+host")
+cr <handle> <channel>
Add a channel record (".+chrec")
+e <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global exempt. See "+b" for flags. (".+exempt")
+ec <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel exempt. See "+b" for flags. (".+exempt")
+h <handle> <hostmask>
Add a hostmask. (".+host")
+i <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add ignore. See "+b" for flags. (".+ignore")
+inv <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global invite. See "+b" for flags. (".+invite")
+invc <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel invite. See "+b" for flags. (".+invite")
-b <hostmask>
Remove global ban. (".-ban")
-bc <channel> <hostmask>
Remove channel ban. (".-ban")
-cr <handle> <channel>
Remove a channel record. (".-chrec")
-e <hostmask>
Remove global exempt. (".-exempt")
-ec <channel> <hostmask>
Remove channel exempt. (".-exempt")
-h <handle> <hostmask>
Remove a hostmask. (".-host")
-i <hostmask>
Remove ignore. (".-ignore")
-inv <hostmask>
Remove global invite. (".-invite")
-invc <channel> <hostmask>
Remove channel invite. (".-invite")
a <handle> <flags> [channel]
Add or remove user flags. (".chattr")
c <userfield> <argv>
Change or add values for userfields (CONSOLE, FSTAT, FPRINT, HOSTS, PASS, BOTADDR, LASTON, INFO, XTRA, COMMENT, BOTFL) or create a new userentry for a bot. (".+bot", ".chaddr", ".comment", ".chpass", ".newpass", ".fprint", ".chfinger", ".chinfo")
chchinfo <handle> <channel> <info>
Change channel info/greet (needs "use-info" and "share-greet" set to 1). (".chinfo")
e <reason>
Ends the share connection with the given reason.
feats [features_list]
Response to "s uy <features_list>" with which of the requested userfile features are supported.
h <old_handle> <new_handle>
Change a handle (".chhandle")
k <handle>
Remove (kill) a user (".deluser", ".-user", ".-bot")
n <handle> <hostmask> <pass> <flags>
Add a new user. "hostmask" is "none" if user was added without any. "pass" is in all normal cases "-", "flags" is mostly "b" if the user is a bot, "default-flags"-setting via ".adduser" or "-" else. (".adduser", ".+user", ".+bot")
Allow a resync of the userfile.
Ask for a resync of the userfile, this is not the complete userfile but what is still left in the buffer of the hub.
rn <reason>
Reject a resync of the userfile for the given reason, a userfile send request ("s u?") will be sent as response.
s <hostmask> <on_or_off> [channel]
Add or remove sticky ban. 0 means unstick, 1 stick. (".stick", ".unstick")
se <hostmask> <on_or_off> [channel]
Add or remove sticky exempt. 0 means unstick, 1 stick. (".stick", ".unstick")
sInv <hostmask> <on_or_off> [channel]
Add or remove sticky invite. 0 means unstick, 1 stick. (".stick", ".unstick")
Ask if a userfile can be sent.
un <reason>
Reject a userfile for the given reason.
us <longip> <[+]port> <length>
Response from the hub to "s uy" giving the connection details of the hub for the leaf to connect to and receive the userfile. NOTE: As of 1.8.3, this IP address is ignored and the leaf instead uses the IP address of the active link connection it already has with the bot.
uy [features_list]
Response from a leaf to "s u?" from a hub, acknowledging it and also sending a list of wanted userfile features, seperated by a space (by default available: "exempts", "invites", "overbots"; with compress module loaded also: "compress").
v <bot_version>
Initiates the share communication, verifies the minimum share version is met (the bot_version argument here is actually ignored, the version is taken rom the "v"/"version" command) and starts a resync ("s r?") or full userfile send ("s u?) request.
Personal tools