Translator Container does not receive CryptoKeys.Location field

[sfc-gh-gharris]

While working on a new agent and translator, I introduced a custom build parameter to my agent wherein I store an encryption type. This agent and translator will mange their own encryption, but re-use existing profiles like http. When the agent is built, I can see the translator get called twice to generate encryption keys - once through the http profiles AESPSK parameter and once through the agents encryption_type build parameter.

When the agent connects and initiates a new callback, I need some way to identify my encryption_type parameter and keys. Looking through the Mythic source code - I should receive a set of CryptoKeys, one from the C2 profile and one from the Build payload. This behavior can be seen in util_agent_message.go. To distinguish between the two, the CryptoKey struct has a Location field which should be one of the following values:

	CRYPTO_LOCATION_CALLBACK       = "callback"
	CRYPTO_LOCATION_STAGING        = "staging"
	CRYPTO_LOCATION_C2             = "c2"
	CRYPTO_LOCATION_PAYLOAD        = "payload"

However, when the gRPC call is made to the translation container, these keys are converted into a gRPC message type which does not support the location parameter:

	for i := 0; i < len(toMythicC2Format.CryptoKeys); i++ {
		newCrypto := services.CryptoKeysFormat{}
		adjustedKeys[i] = &newCrypto
		adjustedKeys[i].Value = toMythicC2Format.CryptoKeys[i].Value
		if toMythicC2Format.CryptoKeys[i].EncKey != nil {
			adjustedKeys[i].EncKey = *toMythicC2Format.CryptoKeys[i].EncKey
		}
		if toMythicC2Format.CryptoKeys[i].DecKey != nil {
			adjustedKeys[i].DecKey = *toMythicC2Format.CryptoKeys[i].DecKey
		}
	}
	grpcSendMsg.CryptoKeys = adjustedKeys
	sndMsgChan, rcvMsgChan, err := grpc.TranslationContainerServer.GetCustomToMythicChannels(toMythicC2Format.TranslationContainerName)

(This is also true in the other direction (i..e., send_tr_rpc_mythic_c2_to_custom_message).

By the time the translation container executes the registered function, the key has been converted back into a agentstructs.CryptoKey but the location field is blank which prevents us from distinguishing which key is the key we'd like to use for encryption operations.

It would be awesome if we could get the Location field forwarded over the gRPC call so that its available within the translator to avoid brute forcing all possible keys, or using Mythic RPC to lookup the build parameter based on the UUID.

[its-a-feature]

Thanks for opening up an issue! I can see how that would be confusing and how passing through the location could help. In the meantime, since this your own agent, have you looked into the new agent c2_parameter_deviations? In the definition for your agent you can specify the following:

c2_parameter_deviations = {
        "http": {
            "AESPSK": C2ParameterDeviation(supported=False),
        }
    }

With this, Mythic sees that the AESPSK parameter for the http profile for your agent is not supported, so it won't appear in the UI when building. This means that you'd only have the one encryption key that you were wanting.

[sfc-gh-gharris]

That works as a simplified workaround for us, thanks!