All code has been run on a machine with the following settings:
- Ubuntu 22.04
- Linux kernel 6.5
- qemu-system-aarch64 6.2.0
- glibc 2.36
Follow this guide to prepare environment.
- Add new syscall
getcpu
- Write a simple shell and call
getcpu
- Hide/Unhide rootkit from
lsmod
- Hook syscalls
execve
andreboot
- Protect module list and
sys_call_table
bymutex
- Trasfer data with
copy_to_user
andcopy_from_user
- Use
kmalloc
to allocate memory at kernel - Memory should be protected by
mutex
- A simple in-mermoy file system
This project is modified by CSIE5374. I tried to run experiments on ubuntu 22.04 and kernel 6.5.