search

kkamagui / shadow-box-for-arm

Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)
Other
70 stars 16 forks source link

How to build the linux kernel with adore-ng #2

Open pronaww opened 4 years ago

pronaww commented 4 years ago

In 3.4.2. Build Linux Kernel with the Sample Rootkit to Check Protection Features of Shadow-Box for ARM, we have add

Add the sample rootkit

CONFIG_ADORE_NG=y

to kconfigs/rpi3.conf

but we are not using "make" command after that so while testing, it's saying adore not installed.

So I added CONFIG_ADORE_NG first and then make but now another error is coming

drivers/built-in.o: In function strnstr': adore-ng.c:(.text+0x194b10): multiple definition ofstrnstr' lib/lib.a(string.o):string.c:(.text+0x810): first defined here make[1]: [Makefile:949: vmlinux] Error 1 make[1]: Leaving directory '/home/pranav/shadow-box/linux' make: [common.mk:186: linux-common] Error 2

kkamagui commented 4 years ago

Hi @pronaww ,

I'm so sorry for the late reply. Maybe you need clean and build, so please do 'make clean && make -j'.

Best regards,

Seunghun

asifsultan-THD commented 3 years ago

Add the sample rootkit

CONFIG_ADORE_NG=y I have made this change, can you please help me how to run feature test, i have searched a lot but could not find

kkamagui commented 3 years ago

@asifsultan-THD Hi,

Thank you for using Shadow-box. Please see https://github.com/kkamagui/shadow-box-for-arm#42-test-the-linux-kernel-protection-feature and you can use it like below.

$> sudo modprobe adore-ng
$> sudo dmesg

And you can also build the client program (https://github.com/kkamagui/shadow-box-for-arm#41-test-the-executable-file-protection-ima-feature) and run it like below.

$> # These commands should be executed in your Raspberry Pi
$ cd $HOME/shadow-box-for-ARM/sample_rootkit/adore-ng_client
$ make

# Execute a unauthorized executable file
$ sudo ./ava

Best regards,

Seunghun

asifsultan-THD commented 3 years ago

In the below part of the section I am facing error in producing hash_table.dat and the error is show below. Please suggest something 3.6.5. Activate Shadow-Box for ARM and Start Secure Pi! After creating address_table.dat, you need to produce hash_table.dat with commands below in shadow-box-for-arm/shadow_box_client directory.

$ sudo shadow_box_client -g the error is=> /bin/shadow_box_client: 1: /bin/shadow_box_client: Syntax error: Unterminated quoted string

kkamagui commented 3 years ago

Hi @asifsultan-THD ,

It seems that you didn't build shadow_box_client on RPI3 and used the binary that is built with your host system. Did you build shadow_box_client again on RPI3? Please let me know.

Best regards,

Seunghun

asifsultan-THD commented 3 years ago

Actually I was using RPI4 thats why may be the error was coming. Now its done and there is no issues. Now the testing part is not able to run properly.In tha shadow_box_for_arm/sample_rootkit after cloning also I am not able to find the adore-ng.c,adore-ng.h,adore-ng.ko files.

kkamagui commented 3 years ago

Hello @asifsultan-THD,

My code only supports RPI3, so it doesn't work in RPI4 at the moment. Please try it with RPI3, not RPI3 b+.

Best regards,

Seunghun