Skip to content
/ VDR Public

Vulnerable driver research tool, result and exploit PoCs

License

GPL-3.0 license
171 stars 29 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TakahiroHaruyama/VDR

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
PoCs/firmware
PoCs/firmware
 
 
kmdf_re @ 02a068b
kmdf_re @ 02a068b
 
 
yara
yara
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
ida_ioctl_propagate.py
ida_ioctl_propagate.py
 
 
ioctl_batch.py
ioctl_batch.py
 
 
result_firmware.org
result_firmware.org
 
 

Repository files navigation

Vulnerable Driver Research

Writeup

Static Analysis Automation for Hunting Vulnerable Kernel Drivers

Discovered Vulnerable Drivers

All give full control of the devices to non-admin users. The list in each file contains driver names, hashes, signer information, other arbitrary read/write vulnerabilities and so on.

result_firmware.org
Drivers with firmware access allowing arbitrary port I/O & memory mapped I/O

Tool

ida_ioctl_propagate.py
IDAPython script for automating static code analysis of x64 vulnerable drivers
ioctl_batch.py
Python wrapper script to run in IDA batch mode for triage

Note: The script will not work for x86 drivers.

You need the 3rd-party WDF type information (kmdf_re). Please clone with the submodule.

git clone --recurse-submodules https://github.com/TakahiroHaruyama/VDR.git

Exploit PoCs

The exploit PoCs are located in the PoCs directory.

Reference

About

Vulnerable driver research tool, result and exploit PoCs

Resources

Readme

License

GPL-3.0 license
Activity

Stars

171 stars

Watchers

3 watching

Forks

29 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages