I've tested this on a few distros

Kabot commented 9 years ago

EVERYTHING worked fine on: Debian 6, 64Bit, 2.6.32-5-amd64 Debian 7, 64Bit, 3.2.0-4-amd64 Ubuntu 10, 64Bit, 2.6.32-46-server Ubuntu Server 12, 64Bit, 3.5.0-23-generic Ubuntu 14.1, 64Bit, 3.16.0-28-generic Fedora 20, 32Bit, 3.11.10-301.fc20.i686+PAE

I've had issues on: Gentoo 2013.10, 64Bit, 3.10.7-gentoo-r1 ArchLinux 2013.08, 64Bit, 3.10.5-1-ARCH Centos 6.4, 64Bit, 2.6.32-358.23.2.el6.x86_64

I will do more tests and hopefully push some improvements in the coming days. While I'm at it, can you please make Diamorphine more compile-friendly? It should compile without modifications to Makefile on more distros...

m0nad commented 9 years ago

Thank you for the feedback.

Those issues appear in the last commit? Because some compability problems for the 2.6 kernels have been fixed in the af9a0f45 commit.

aremai commented 8 years ago

works ace on Red Hat Enterprise Linux Server release 7.2 (Maipo) 3.10.0-327.13.1.el7.x86_64

thanks for writing this rootkit :+1:

aremai commented 8 years ago

However, on a CentOS 6.7 I ran into this issue

make -C /lib/modules/2.6.32-573.22.1.el6.centos.plus.x86_64/build M=/root/git/Diamorphine modules make: * /lib/modules/2.6.32-573.22.1.el6.centos.plus.x86_64/build: No such file or directory. Stop. make: * [all] Error 2

I just cloned it from the master branch...

m0nad commented 8 years ago

Thanks for your feedback @aremai .

Make sure you have kernel-devel and gcc packages installed(yum install kernel-devel gcc).

Regards.

aremai commented 8 years ago

Awesome, thanks so much @m0nad !! Now it also works on CentOS 6.7 with an older kernel (2.6.32-573)

Would you mind mentioning this in the README? This would clear some confusion.... (maybe I'm just dumb) hehe

aremai commented 8 years ago

hi @m0nad ,

sorry it's me again. I came across an odd situation.... I'm on a CentOS release 6.8 box I've managed to successfully compile (make) diamorphine, however when I want to load the kernel module (insmod diamorphine.ko) it takes a while to run, and all of the sudden I'm kicked off the machine

packet_write_wait: Connection to 10.0.0.123 port 22: Broken pipe

Afterwards these files are zero'd (have 0 bytes) -rw-r--r--. 1 root root 0 Jul 23 21:42 diamorphine.ko -rw-r--r--. 1 root root 0 Jul 23 21:42 diamorphine.ko.unsigned -rw-r--r--. 1 root root 0 Jul 23 21:42 diamorphine.mod.c -rw-r--r--. 1 root root 0 Jul 23 21:42 diamorphine.mod.o -rw-r--r--. 1 root root 0 Jul 23 21:42 modules.order -rw-r--r--. 1 root root 0 Jul 23 21:42 Module.symvers

I know that it worked on another CentOS 6 box just fine a couple of months ago, but on this time I can't seem to load the kernel module. Any idea what could be blocking it? It's driving me crazy...

dimitriakos commented 7 years ago

This is awesome work, thank you m0nad!

Just on Raspbian (on Raspberry Pi 2 B at least), I had to put the following instead of line 21 in order to make it work:

#ifndef _ASM_X86_SPECIAL_INSNS_H
#define _ASM_X86_SPECIAL_INSNS_H
#ifdef __KERNEL__

unsigned long cr0;

static inline unsigned long native_read_cr0(void)
{
        unsigned long val;
        asm volatile("mov %0, %1\n\t" : "=r" (val) : "r" (cr0));
        return val;
}

static inline void native_write_cr0(unsigned long val)
{
    asm volatile("mov %0, %1\n\t" : "=r" (cr0) : "r" (val));
}

#ifdef CONFIG_PARAVIRT
#include <asm/paravirt.h>
#else

static inline unsigned long read_cr0(void)
{
    return native_read_cr0();
}

static inline void write_cr0(unsigned long x)
{
    native_write_cr0(x);
}

#endif/* CONFIG_PARAVIRT */
#endif /* __KERNEL__ */

#endif /* _ASM_X86_SPECIAL_INSNS_H */

m0nad commented 7 years ago

Thank's for the feedback @dimitriakos, can you do a fork and a pull request for this?

m0nad commented 4 years ago

Commit 4438984 tested on Ubuntu 18.04/20.04 with kernel 5.4.0-42-generic