search

mncoppola / suterusu

An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
MIT License
635 stars 210 forks source link

can't insmod suterusu in ubuntu16.04_desktop(with 4.15.0-55-generic) #12

Open YaKaiLi opened 5 years ago

YaKaiLi commented 5 years ago

I use this command to compile:

make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build

When i insmod suterusu.ko,i get this error in dmesg:

[  929.932188] ia32_sys_call_table obtained at           (null)
[  929.932202] sys_call_table obtained at           (null)
[  929.932219] Hooking function 0x          (null) with 0x00000000b54d3505
[  929.932230] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[  929.932247] IP: hijack_start+0x4d/0x110 [suterusu]
[  929.932251] PGD 0 P4D 0 
[  929.932260] Oops: 0000 [#2] SMP PTI
[  929.932264] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack libcrc32c br_netfilter bridge stp llc rfcomm ccm aufs bbswitch(OE) overlay bnep nls_iso8859_1 rtsx_usb_ms memstick rtsx_usb_sdmmc rtsx_usb intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp btusb kvm_intel kvm irqbypass btrtl wmi_bmof crct10dif_pclmul crc32_pclmul ghash_clmulni_intel btbcm btintel pcbc uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core aesni_intel aes_x86_64 crypto_simd videodev media glue_helper cryptd bluetooth arc4 snd_hda_codec_realtek snd_hda_codec_generic intel_cstate nvidia_uvm(POE) intel_rapl_perf
[  929.932356]  rtl8723be snd_hda_intel btcoexist input_leds serio_raw snd_hda_codec rtl8723_common rtl_pci snd_hda_core snd_hwdep snd_pcm ecdh_generic snd_seq_midi snd_seq_midi_event rtlwifi mac80211 cfg80211 snd_rawmidi snd_seq mei_me snd_seq_device snd_timer wmi mei shpchp snd soundcore mac_hid lpc_ich parport_pc ppdev lp parport autofs4 hid_generic usbhid hid nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops e1000e ahci drm libahci ptp pps_core video [last unloaded: lkm]
[  929.932434] CPU: 1 PID: 5193 Comm: insmod Tainted: P      D    OE    4.15.0-55-generic #60~16.04.2-Ubuntu
[  929.932439] Hardware name: LENOVO ThinkCentre M8250z-D102/SHARKBAY, BIOS FGKT35AUS 12/04/2014
[  929.932448] RIP: 0010:hijack_start+0x4d/0x110 [suterusu]
[  929.932453] RSP: 0018:ffffa2b841ef7c20 EFLAGS: 00010282
[  929.932459] RAX: 000000000000003b RBX: 0000000000000000 RCX: 0000000000000006
[  929.932463] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff8ef9afa96490
[  929.932467] RBP: ffffa2b841ef7c58 R08: 00000000000e397b R09: 00000000000003ca
[  929.932472] R10: ffffdc5806ab3800 R11: ffffffffbf95380d R12: ffffffffc198b060
[  929.932476] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8ef99adee840
[  929.932482] FS:  00007f3ac3c04700(0000) GS:ffff8ef9afa80000(0000) knlGS:0000000000000000
[  929.932487] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  929.932491] CR2: 0000000000000000 CR3: 00000001be412006 CR4: 00000000001606e0
[  929.932495] Call Trace:
[  929.932509]  ? filp_close+0x59/0x80
[  929.932518]  ? 0xffffffffc1991000
[  929.932528]  i_solemnly_swear_that_i_am_up_to_no_good+0x9b/0x1000 [suterusu]
[  929.932538]  do_one_initcall+0x55/0x1ac
[  929.932548]  ? _cond_resched+0x1a/0x50
[  929.932557]  ? kmem_cache_alloc_trace+0x10f/0x1d0
[  929.932567]  do_init_module+0x5f/0x219
[  929.932575]  load_module+0x1937/0x1d80
[  929.932586]  ? ima_post_read_file+0x83/0xa0
[  929.932595]  SYSC_finit_module+0xe5/0x120
[  929.932602]  ? SYSC_finit_module+0xe5/0x120
[  929.932612]  SyS_finit_module+0xe/0x10
[  929.932619]  do_syscall_64+0x73/0x130
[  929.932625]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  929.932630] RIP: 0033:0x7f3ac37344d9
[  929.932635] RSP: 002b:00007fffd99fc4e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[  929.932641] RAX: ffffffffffffffda RBX: 000055c9b6ceb250 RCX: 00007f3ac37344d9
[  929.932645] RDX: 0000000000000000 RSI: 000055c9b62d826b RDI: 0000000000000003
[  929.932649] RBP: 000055c9b62d826b R08: 0000000000000000 R09: 00007f3ac39f9ea0
[  929.932653] R10: 0000000000000003 R11: 0000000000000206 R12: 0000000000000000
[  929.932657] R13: 000055c9b6ceb210 R14: 0000000000000000 R15: 0000000000000000
[  929.932662] Code: 83 ec 20 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 05 fd 0c 00 00 48 89 45 d4 8b 05 fb 0c 00 00 89 45 dc e8 33 3e 76 fc <48> 8b 03 48 89 45 c8 8b 43 08 89 45 d0 e8 91 06 6e fc 66 90 48 
[  929.932754] RIP: hijack_start+0x4d/0x110 [suterusu] RSP: ffffa2b841ef7c20
[  929.932757] CR2: 0000000000000000
[  929.932763] ---[ end trace 7d90928f7494299f ]---
Mrdongzai commented 4 years ago

I use this command to compile: make android-arm CROSS_COMPILE=arm-buildroot-linux-gnueabi- KDIR=/home/dongzai/suterusu/linux-4.1.27/

I got this error image