likema / linux_syscall_hook Goto Github PK
View Code? Open in Web Editor NEWThis project forked from 3intermute/linux_syscall_hook
system call hooking on arm64 linux via a variety of methods
This project forked from 3intermute/linux_syscall_hook
system call hooking on arm64 linux via a variety of methods
. .. . @88> < .z@8"` @88> .u . %8P u. u. !@88E %8P u. u. .d88B :@8c u . x@88k u@88c. '888E u . x@88k u@88c. uL ="8888f8888r us888u. .@88u ^"8888""8888" 888E u@8NL .@88u ^"8888""8888" .ue888Nc.. 4888>'88" .@88 "8888" ''888E` 8888 888R 888E`"88*" ''888E` 8888 888R d88E`"888E` 4888> ' 9888 9888 888E 8888 888R 888E .dN. 888E 8888 888R 888E 888E 4888> 9888 9888 888E 8888 888R 888E~8888 888E 8888 888R 888E 888E .d888L .+ 9888 9888 888E 8888 888R 888E '888& 888E 8888 888R 888E 888E ^"8888*" 9888 9888 888& "*88*" 8888" 888E 9888. 888& "*88*" 8888" 888& .888E "Y" "888*""888" R888" "" 'Y" '"888*" 4888" R888" "" 'Y" *888" 888& ^Y" ^Y' "" "" "" "" `" "888E .dWi `88E 4888~ J8% ^"===*"` "rain wont drop until i say so" --------------------------------------------- a collection of tests and random bits that will eventually make up a rootkit /ARM_write_protect_disable - flip write protection bit of vaddr through pagetable /direct_hook_test - system call hooking via directly over-writing sys_call_table - some useful header files here -> resolve_kallsyms.h: does exactly as youd expect, uses kprobes to find kallsyms_lookup_name and then uses that to resolve syms -> set_page_flags.h: given a vaddr, set its corresponding PTEs flags -> direct_syscall_hook.h: ftrace-like wrapper for direct hooking of sys_call_table /fg-kaslr_test - fg-kaslr bypass, this isnt actually anything important i was just using pr_info wrong /ftrace_hook_epic_fail - FTRACE_OPS_FL_SAVE_REGS is not supported on arm64 and i spent 2 days debugging this, however this will work on x86 /phe - partial homomorphic encryption of LKM, unfinished /exception_handler hooking - THIS IS THE COOLEST ONE, hooks exception handler and redirects to 2 different tables based on syscall #, original table unmodified /assembler - assembles mov absolute address for shellcode generation on the fly without leaving kernelmode ! todo: - dropper - find fg-kaslr offsets via bootkit - overwrite ftrace records - integrate functionality of my other projects into this one - finish rk scanner hiding via PHE - process hiding from usermode - network connection hiding from usermode - redirect entire sys_call_table - use OP-TEE to hide functions new exception hooking process: copy (el0_svc_common entry, length x) -> hooked_el0_svc_common copy shellcode (jmp hooked_el0_svc_common, length x) -> el0_svc_common el0_svc_common entry 0 --------------- jmp hooked_el0_svc_common x --------------- el0_svc_common body >>>>>>>>>>> hooked_el0_svc_common entry 0 --------------- OVERWRITTEN el0_svc_common body x --------------- set sys_call_table to new addr jmp el0_svc_common entry + x
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.