If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since september. Please use hippie2000@webnmail.de instead.

0
U

Property:dnsqcheckd (avmcmd)

From BoxMatrix


BoxMatrix >> Shell-Commands >> dnsqcheckd (avmcmd) @ BoxMatrix   -   IRC-Chat   -   Translate: de es fr it nl pl
News Selectors Models Accessories Components Environment Config Commands System Webif Software Develop Lexicon Community Project Gallery

Startup-Scr Hotplug-Scr BusyBox-Cmds Bash-Cmds AVM-Cmds Chipset-Cmds Linux-Cmds Shared-Libs Kernel-Mods Research

Info
  
Name-Collision - multiple objects in this wiki use the name dnsqcheckd!
dnsqcheckd (avmcmd) TODO
dnsqcheckd (process) TODO
dnsqcheckd (watchdog) TODO

AVM-Command

Goto:   Endpoints  -  Events  -  Dependencies   -   Model-Matrix   -   Symbols   -   SMW-Browser

Details

dnsqcheckd is a Botnet controller DNS filtering daemon. It never was used in release firmware, only tested in Labor.

It accesses:

/var/candc.data
/var/candc.data.update
/var/InternerSpeicher/FRITZ/candc.data
/var/InternerSpeicher/FRITZ/candc.data.update
/var/run/dnsqcheckd.pid
/var/tmp/candc_report.json
/var/tmp/candc.statistic

In libbotnetfilterlib.so additionally:

/etc/candc_public_key

candc means Command & Control, which is the name of the master server in a Botnet.
The job of this daemon is to apply a DNS filter for known candc servers, so they are not reachable by infected machines.

candc.data.update was downloaded by libcmapi.so from a cinflst.de URL, a domain registered by AVM[1].
Once updated this daemon is notyfied to reolad the list from candc.data.update:

msgsend dnsqcheckd botnet-update

Fw 7.08 dnsqcheckd tested on fw 7.29 help:

fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so librt.so.1
fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so libdl.so.1 
fritz3:/var/mod/root $ ln -s /lib/libuClibc-1.0.31.so libpthread.so.1
fritz3:/var/mod/root $ dnsqcheckd -?

usage: dnsqcheckd [options]

options:

  -?                 - print this help
  -f                 - run in forground. (NOTSET)
  -s                 - stop daemon. (NOTSET)
  -v                 - verbose. (NOTSET)
  -p STRING          - Pidfile. ("/var/run/dnsqcheckd.pid")
  -D STRING          - switch debug logs on. (FUNC)

start server:  dnsqcheckd
stop server :  dnsqcheckd -s

Endpoints

aicmd endpoint(s) provided by dnsqcheckd, with these functions: (fw 7.08)

root@fritz:/var/mod/root# aicmd dnsqcheckd

# provided by dnsqcheckd: - fw 7.08+

HELP                                     - show help
SLABDUMP                                 - show slab allocation
SLABSHOW                                 - show slab information
QUIT                                     - disconnect

candcreport                              - create Command & Control malware detection report

# provided by libewnwlinux.so: - fw 7.01+

ewnwlinux show csockshell                - show shells running
ewnwlinux show genetlink                 - show gerneric netlink families

# provided by libavmcsock.so: - fw 7.01+

avmcsock show csock                      - show all csock
avmcsock show dnsconfig                  - show all dns context
avmcsock show timercb                    - show all timer
avmcsock show debughandles               - show all debughandles
avmcsock show cprocess                   - show all processes
avmcsock set debug                       - set debug flags

# provided by libavmcsock.so: - fw 7.29+

avmcsock show cbcontext                  - show all cbdata
avmcsock show daemon                     - show daemon status
avmcsock show cbuf                       - show cbuf status

# provided by libavmcsock.so: - fw 7.39+

avmcsock getsymbol <address>             - get symbol for address
avmcsock show dnsglobal                  - show all dns global values
avmcsock show dnscache                   - show cache
avmcsock show dnsqueries                 - show all pending queries
avmcsock show avmipc [endpoint shmatch]  - show avmipc events and states
avmcsock ctimer show                     - show all timer
avmcsock ctimer overview                 - show ctimer overview
avmcsock iotrace format unctrl|hexdump   - set format for csock iotrace
avmcsock iotrace file                    - enable iotrace to file
avmcsock iotrace enable                  - enable iotrace via debugmsg
avmcsock iotrace disable                 - disable iotrace
avmcsock iotrace match help|<match>      - show allowed matches or set match
avmcsock iotrace reset                   - remove all matches
avmcsock iotrace show                    - show configuration

msgsend endpoint(s) provided by dnsqcheckd, with these functions: (endpoints + commands, collected manually)

dnsqcheckd botnet-update      # from libcmapi.so

Events

Daily updated index of AVM-Events and AVMIPC-Datastore nodes affecting this command. Last update: 2023-02-04 06:37 GMT.
The owners of Event-Sinks and Event-Sources are manual research, which may be incomplete or even wrong.
A * in the Mod column marks info from Supportdata-Probes, which will always stay incomplete.
A ** in the Mod column marks info from Supportdata2 probes, which by their nature will stay way more incomplete.
A - in the Mod column marks manual research, the Firmware then shows where the item occurs, not the Relation.

Relation Typ Object Mod Firmware Info Origin
Endpoint sock me_anony-dnsqcheckd-($num)-($num).ctl 2* 7.08 - 7.11 Anonymous avmipc endpoint of dnsqcheckd AVM
Endpoint sock me_dnsqcheckd.ctl 5* 7.08 - 7.11 avmipc_command endpoint of dnsqcheckd AVM
2 event relations for this command

Dependencies

Daily updated index of all dependencies of this command. Last update: 2023-02-04 07:20 GMT.
A * in the Mod column marks info from Supportdata-Probes, which will always stay incomplete.

Relation Typ Object Mod Firmware Info Origin
Runs as proc dnsqcheckd (process) 5* 7.08 - 7.11 Botnet controller DNS filtering daemon. AVM
Registers wdog dnsqcheckd (watchdog) 5* 7.08 - 7.11 Botnet controller DNS filtering daemon. AVM
Serving sock me_anony-dnsqcheckd-($num)-($num).ctl 2* 7.08 - 7.11 Anonymous avmipc endpoint of dnsqcheckd AVM
Serving sock me_dnsqcheckd.ctl 5* 7.08 - 7.11 avmipc_command endpoint of dnsqcheckd AVM
Depends on lib ld.so 16 7.08 - 7.19 Dynamic linker / loader Linux
Depends on lib libar7cfg.so 24 7.08 - 7.19 TFFS-Configuration API to ar7.cfg and many more. AVM
Depends on lib libavmauth.so 24 7.08 - 7.19 Fritzbox authentification helpers AVM
Depends on lib libavmcipher.so 24 7.08 - 7.19 AES / DES / Rijndael encryption / decryption. AVM
Depends on lib libavmcsock.so 24 7.08 - 7.19 Networking, I/O and helper functions AVM
Depends on lib libavmhmac.so 24 7.08 - 7.19 HMAC / SHA / MD5 hashing. AVM
Depends on lib libboxlib.so 24 7.08 - 7.19 Box status, logging and statistics functions AVM
Depends on lib libc.so 24 7.08 - 7.19 Standard C library Linux
Depends on lib libdl.so 24 7.08 - 7.14 Dynamic linking library Linux
Depends on lib libdputil.so 24 7.08 - 7.19 DataPipe / packet utilities AVM
Depends on lib libewnwlinux.so 24 7.08 - 7.19 Linux networking functions AVM
Depends on lib libewnwnet.so 24 7.08 - 7.19 Internet helper functions AVM
Depends on lib liblandev.so 24 7.08 - 7.19 TODO Linux
Depends on lib libpthread.so 24 7.08 - 7.14 POSIX threading library Linux
Depends on lib librt.so 24 7.08 - 7.14 POSIX realtime extensions library Linux
Depends on lib libwdt.so 24 7.08 - 7.19 AVM-Watchdogs management API AVM
Depends on lib libwebsrv.so 24 7.08 - 7.19 HTTP / HTTPS webserver and tools. AVM
Depends on lib libz.so 24 7.08 - 7.19 Zlib compressor / decompressor Linux
22 dependencies for this command

Model-Matrix

Daily updated index of the presence, path and size of this command for each model. Last update: 2023-02-04 05:55 GMT.
Showing all models using this command. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom) label in the Model column shows which CPU is meant for models with multiple Linux instances.
Note that this list is merged from Firmware-Probes of all known AVM firmware for a model, including Recovery.exe and Labor-Files.

Model Firmware Path Size
FRITZ!Box 4040 7.08 /sbin 29.8k
FRITZ!Box 6490 Cable (arm) 7.08 /sbin 33.7k
FRITZ!Box 6490 Cable (atom) 7.08 /sbin 33.7k
FRITZ!Box 6590 Cable (arm) 7.08 /sbin 33.7k
FRITZ!Box 6590 Cable (atom) 7.08 /sbin 33.7k
FRITZ!Box 6591 Cable (arm) 7.08 /sbin 33.9k
FRITZ!Box 6591 Cable (atom) 7.08 /sbin 33.9k
FRITZ!Box 6660 Cable (arm) 7.14 /sbin 30.5k
FRITZ!Box 6660 Cable (atom) 7.14 /sbin 30.5k
FRITZ!Box 6820 LTE v1 7.08 /sbin 36.9k
FRITZ!Box 6820 LTE v2 7.08 /sbin 36.9k
FRITZ!Box 6890 LTE 7.08 /sbin 36.9k
FRITZ!Box 6890 LTE v1 7.08 /sbin 36.9k
FRITZ!Box 6890 LTE v2 7.08 /sbin 36.9k
FRITZ!Box 7362 SL 7.08 /sbin 36.9k
FRITZ!Box 7430 7.08 /sbin 36.9k
FRITZ!Box 7490 (main) 7.08 - 7.19 /sbin 36.9k - 37.0k
FRITZ!Box 7520 7.08 /sbin 29.8k
FRITZ!Box 7530 7.08 /sbin 29.8k
FRITZ!Box 7560 7.08 /sbin 36.9k
FRITZ!Box 7580 7.08 - 7.11 /sbin 36.9k
FRITZ!Box 7581 7.08 /sbin 29.9k
FRITZ!Box 7582 7.08 /sbin 29.9k
FRITZ!Box 7590 7.08 - 7.19 /sbin 36.9k
24 models use this command

Symbols

Daily updated index of all symbols of this command. Last update: 2023-02-04 07:20 GMT.

Firmware Symbol
7.08 - 7.19 BOTNETQUERY_botnetquery_free
7.08 - 7.19 botnet_dns_filter_async_create
7.08 - 7.19 botnet_dns_filter_async_destroy
7.08 - 7.19 botnet_dns_filter_async_gen_report
7.08 - 7.19 botnet_dns_filter_async_handle_file_update
7.08 - 7.19 botnet_dns_filter_async_query
7.08 - 7.19 botnet_filter_get_ids
7.08 - 7.19 botnet_filter_get_mem
7.08 - 7.19 botnet_filter_get_signature
7.08 - 7.19 botnet_filter_load
7.08 - 7.19 botnet_filter_signature_match
7.08 - 7.19 botnet_filter_statistic_count
7.08 - 7.19 botnet_filter_statistic_create
7.08 - 7.19 botnet_filter_statistic_create_from_file
7.08 - 7.19 botnet_filter_statistic_destroy
7.08 - 7.19 botnet_filter_statistic_get_json
7.08 - 7.19 botnet_filter_statistic_serialize_to_file
7.08 - 7.19 botnet_filter_unload
7.08 - 7.19 botnet_query_thread
7.08 - 7.19 botnetquery_event_register
7.08 - 7.19 botnetquery_event_unregister
7.08 - 7.19 botnetquery_getcfg
7.08 - 7.19 domain_match_avm_flags
7.08 - 7.19 domain_match_malware_names
7.08 - 7.19 main
7.08 - 7.19 mem_botnetfilter::domain_match
7.08 - 7.19 mem_botnetfilter::mem_botnetfilter
27 symbols for this command

References

SMW-Browser

Information is currently being retrieved from the backend.