Initial commit (after some work)! :) (065f7879) · Commits · wirklichniemand / security-foo

Makefile

0 → 100644

+25 −0

Original line number	Diff line number	Diff line
		obj-m += src/

		PWD := $(CURDIR)

		all: module hax

		module:
		make -C /vm/9pfs/lkm-arch/root/lib/modules/6.0.8-arch1-1-tinyvm/build M=$(PWD) modules

		build:
		mkdir build

		hax: hax_read hax_exec set_cr

		build/hax_read.o: build src/hax_read.c
		gcc -o build/hax_read.o -c src/hax_read.c

		hax_read: build/hax_read.o
		gcc -o hax_read build/hax_read.o

		hax_exec: src/hax_exec.c
		gcc -o hax_exec src/hax_exec.c

		set_cr:
		gcc -o set_cr src/set_cr.c

src/Makefile

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		obj-m += control-registers.o
		control-registers-m := module_main.o register.o debug_file.o hax_file.o

src/debug_file.c

0 → 100644

+87 −0

Original line number	Diff line number	Diff line
		#include "debug_file.h"
		#include "register.h"
		#include "register_ioctl.h"

		static void to_bitstring(uint64_t val, char* out) {
		out[64] = 0;

		for(unsigned int i = 0; i < 64; i++) {
		out[63 - i] = '0' + ((val >> i) & 1);
		}
		}

		#define SPRINTF_BUF_SIZE 768
		static ssize_t read_impl(struct file f, char __user ubuf, size_t buf_size, loff_t *u_pos) {
		char temp_buf[SPRINTF_BUF_SIZE];
		int temp_len;
		int total_len = 0;

		if(f->f_pos > 0) {
		return 0;
		}

		temp_len = sprintf_cr0(get_cr0(), temp_buf, SPRINTF_BUF_SIZE);
		if(copy_to_user(ubuf + total_len, temp_buf, temp_len) > 0) {
		return -1;
		}
		total_len += temp_len;

		temp_len = snprintf(temp_buf, SPRINTF_BUF_SIZE, "CR2: 0x%p", (void *)get_cr2());
		temp_buf[temp_len++] = '\n';
		temp_buf[temp_len++] = 0;
		if(copy_to_user(ubuf + total_len, temp_buf, temp_len) > 0) {
		return -1;
		}
		total_len += temp_len;

		temp_len = sprintf_cr3(get_cr3(), temp_buf, SPRINTF_BUF_SIZE);
		if(copy_to_user(ubuf + total_len, temp_buf, temp_len) > 0) {
		return -1;
		}
		total_len += temp_len;

		temp_len = sprintf_cr4(get_cr4(), temp_buf, SPRINTF_BUF_SIZE);
		if(copy_to_user(ubuf + total_len, temp_buf, temp_len) > 0) {
		return -1;
		}
		total_len += temp_len;

		temp_len = snprintf(temp_buf, SPRINTF_BUF_SIZE, "CR8: ");
		to_bitstring(get_cr8(), temp_buf + temp_len);
		temp_len = strnlen(temp_buf, SPRINTF_BUF_SIZE);
		temp_buf[temp_len++] = '\n';
		temp_buf[temp_len++] = 0;
		if(copy_to_user(ubuf + total_len, temp_buf, temp_len) > 0) {
		return -1;
		}
		total_len += temp_len;

		*u_pos += total_len;

		return total_len;
		}

		static long ioctl_impl(struct file *f, unsigned int cmd, unsigned long arg) {
		enum command command = (enum command)cmd;

		switch(command) {
		case COMMAND_WP:
		set_wp(arg);
		break;
		case COMMAND_SMAP:
		set_smap(arg);
		break;
		case COMMAND_SMEP:
		set_smep(arg);
		break;
		default:
		return -ENOTTY;
		}

		return 0;
		}

		struct file_operations debug_fops = {
		.read = read_impl,
		.unlocked_ioctl = ioctl_impl
		};

src/debug_file.h

0 → 100644

+8 −0

Original line number	Diff line number	Diff line
		#ifndef debug_file_h_INCLUDED
		#define debug_file_h_INCLUDED

		#include <linux/fs.h>

		extern struct file_operations debug_fops;

		#endif

src/hax_exec.c

0 → 100644

+33 −0

Original line number	Diff line number	Diff line
		#include <errno.h>
		#include <fcntl.h>
		#include <stdio.h>
		#include <string.h>
		#include <sys/ioctl.h>
		#include <sys/param.h>
		#include <unistd.h>

		#include "hax_ioctl.h"

		int function(int arg) {
		// printf("Hello from Userspace :)! [arg=%d]\n", arg);
		return 420;
		}

		int main(int argc, char **argv) {
		int dev_fd = open("/dev/hack_registers", O_RDWR);
		if(dev_fd == -1) {
		printf("Error opening device file: %s\n", strerror(errno));
		return -1;
		}

		if(ioctl(dev_fd, IOCTL_EXEC_USER, function) == -1) {
		close(dev_fd);
		printf("Error sending ioctl to device file: %s\n", strerror(errno));
		return -2;
		}

		printf("Sending ioctl was successful!\n");
		close(dev_fd);

		return 0;
		}

Admin message