Log - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

Date	Commit message	Author	Files	+	-
2022-10-23 07:56	adds presentation PDF	deurzen	2	+0	-1
2021-02-08 09:48	updates slides	deurzen	1	+5	-3
2021-02-08 08:51	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+22	-3
2021-02-08 08:51	adds to slides	deurzen	1	+8	-3
2021-02-08 08:42	~~system-level~~	Tizian Leonhardt	1	+1	-1
2021-02-08 08:39	Add exemplary outputs for demos	Tizian Leonhardt	1	+21	-2
2021-02-08 08:22	updates Approach section	deurzen	1	+60	-67
2021-02-08 08:11	adds changes to presentation	deurzen	1	+23	-22
2021-02-08 00:06	Fix watchpoint	Tizian Leonhardt	1	+1	-1
2021-02-08 00:03	adds rk-data example	deurzen	1	+18	-3
2021-02-07 23:48	updates documentation	deurzen	4	+417	-415
2021-02-07 23:48	updates slides	deurzen	1	+2	-3
2021-02-07 23:37	More documentation	Tizian Leonhardt	1	+26	-16
2021-02-07 23:11	tracepoint -> watchpoint	Tizian Leonhardt	1	+2	-2
2021-02-07 22:26	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	4	+80	-16
2021-02-07 22:26	updates presentation	deurzen	3	+115	-84
2021-02-07 22:09	Add small user guide	Tizian Leonhardt	1	+37	-0
2021-02-07 21:56	Change wording	Tizian Leonhardt	1	+1	-1
2021-02-07 21:27	Range-based type lookups; better documentation at places	Tizian Leonhardt	1	+24	-5
2021-02-07 21:20	Make occ.sh clearer	Tizian Leonhardt	1	+3	-1
2021-02-07 21:19	This time, I didn't forget to add the value to the dict..; remove legacy file description	Tizian Leonhardt	1	+2	-5
2021-02-07 21:16	Remove debug output; prints for ux	Tizian Leonhardt	1	+2	-2
2021-02-07 21:08	Very specific dup_task_struct case	Tizian Leonhardt	1	+7	-0
2021-02-07 20:31	Documentation for commands	Tizian Leonhardt	1	+6	-4
2021-02-07 19:31	refactors print statements	deurzen	1	+10	-14
2021-02-07 12:40	fixes command name	deurzen	1	+1	-1
2021-02-07 12:38	implements critical value handling, debug refactoring	deurzen	1	+72	-41
2021-02-07 00:09	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+12	-0
2021-02-07 00:09	fixes last changes, implements nice diff reporting	deurzen	1	+21	-7
2021-02-06 23:24	Add demo 2g	Tizian Leonhardt	1	+12	-0
2021-02-06 23:06	attempt fix for diff check bug	deurzen	1	+5	-4
2021-02-06 22:43	fixes watchpoint amount issue	deurzen	1	+11	-16
2021-02-06 22:35	Finish slides up until results	Tizian Leonhardt	1	+113	-1
2021-02-06 21:57	fixes watchpoint removal bug	deurzen	1	+5	-3
2021-02-06 21:48	fixes watchpoint delete bug	deurzen	1	+3	-1
2021-02-06 21:41	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+52	-3
2021-02-06 21:41	fixes n_watchpoints bug	deurzen	1	+19	-26
2021-02-06 21:16	Approach phase 1	Tizian Leonhardt	1	+52	-3
2021-02-06 21:13	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+75	-14
2021-02-06 21:04	refactors watchpoint code	deurzen	1	+73	-63
2021-02-06 20:19	Begin section 'Our approach'	Tizian Leonhardt	1	+19	-2
2021-02-06 20:10	Change agenda; finalize livedm section (for now!)	Tizian Leonhardt	1	+56	-12
2021-02-06 16:31	[WIP] support for struct cred watchpoints	Tizian Leonhardt	1	+90	-1
2021-02-06 00:16	fixes inconsistency in output	deurzen	1	+1	-1
2021-02-06 00:03	implements task_struct allocation tracking	deurzen	1	+24	-7
2021-02-05 23:36	Add task struct ref	Tizian Leonhardt	1	+1	-1
2021-02-05 22:19	Add more info to LiveDM	Tizian Leonhardt	1	+35	-2
2021-02-05 21:29	Add info to LiveDM	Tizian Leonhardt	1	+14	-7
2021-02-05 21:18	Add info to BG - DKM	Tizian Leonhardt	1	+26	-3
2021-02-05 21:09	Update agenda structure; consistency changes	Tizian Leonhardt	1	+26	-81
2021-02-05 19:45	Switch to dark mode 😎	Tizian Leonhardt	2	+3	-3
2021-02-05 19:41	Adjust template, add gitignore	Tizian Leonhardt	3	+15	-7
2021-02-05 19:13	Pretty printing by default	Tizian Leonhardt	1	+4	-0
2021-02-05 19:10	beautifies print	deurzen	1	+1	-1
2021-02-05 19:05	adds newline to print	deurzen	1	+1	-1
2021-02-05 19:03	implements rk-data heap allocation type resolution	deurzen	1	+31	-18
2021-02-05 18:37	Remove rk-data for now (since gdb can handle this..)	Tizian Leonhardt	1	+0	-93
2021-02-05 18:08	Handle pointers and 'direct' structs [WIP]	Tizian Leonhardt	1	+50	-15
2021-02-05 17:21	Better formatting for output	Tizian Leonhardt	1	+1	-1
2021-02-05 17:18	Restructure code, fix issue when struct is typedef	Tizian Leonhardt	1	+13	-8
2021-02-05 15:53	Working rk-data for basetypes	Tizian Leonhardt	1	+43	-8
2021-02-05 14:48	Refactor class names for commands and add rk-data stub	Tizian Leonhardt	1	+31	-4
2021-02-05 12:54	Add rk-debug to toggle debug messages; set pagination off to avoid system stalls	Tizian Leonhardt	1	+22	-2
2021-02-05 12:47	print-mem -> rk-print-mem for consistency	Tizian Leonhardt	1	+1	-1
2021-02-05 12:46	Add vfree to improve coverage	Tizian Leonhardt	1	+2	-1
2021-02-05 12:14	Add default.sty just in case	Tizian Leonhardt	1	+311	-0
2021-02-05 12:07	Merging	Tizian Leonhardt	2	+59	-8
2021-02-05 12:07	Add slides template	Tizian Leonhardt	7	+679	-0
2021-02-05 09:56	slight improvement	deurzen	1	+4	-4
2021-02-05 00:58	adds valloc variants	deurzen	1	+10	-1
2021-02-05 00:39	adds debug info	deurzen	1	+1	-0
2021-02-05 00:14	fixes bugs	deurzen	1	+4	-1
2021-02-04 23:58	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+2	-5
2021-02-04 23:57	adds recursive field access type resolution, array handling	deurzen	1	+44	-6
2021-02-04 21:48	Remove unnecessary line stuff	Tizian Leonhardt	1	+2	-5
2021-02-04 21:45	Make occ.sh smarter	Tizian Leonhardt	1	+10	-5
2021-02-04 16:46	Slight refactor	Tizian Leonhardt	1	+9	-5
2021-02-04 16:31	Add freeing logic	Tizian Leonhardt	1	+36	-0
2021-02-04 16:29	Toss out unneeded kfree	Tizian Leonhardt	1	+1	-1
2021-02-04 15:47	Switch to dict for fast kfree lookups	Tizian Leonhardt	1	+21	-18
2021-02-04 14:31	Change to dict for faster lookup (kfree)	Tizian Leonhardt	1	+4	-4
2021-02-03 22:29	refactors code	deurzen	1	+21	-18
2021-02-03 21:55	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	2	+12	-34
2021-02-03 21:55	accounts for trailing slash	deurzen	1	+2	-1
2021-02-03 21:54	fix find issue & add mem map stuff	Tizian Leonhardt	2	+11	-33
2021-02-03 21:03	Fix ret/retq quirk on different machines	Tizian Leonhardt	1	+1	-1
2021-02-03 20:31	PrintMem stub	Tizian Leonhardt	1	+13	-1
2021-02-03 20:21	Get rid of newlines	Tizian Leonhardt	1	+1	-4
2021-02-03 19:30	Use read_register and early return when type is not available	Tizian Leonhardt	1	+16	-8
2021-02-03 17:32	Load dict and retrieve type	Tizian Leonhardt	1	+30	-1
2021-02-03 16:48	Move to new function	Tizian Leonhardt	2	+17	-13
2021-02-03 09:23	refactors code :)	deurzen	1	+1	-4
2021-02-03 09:08	fixes comment	deurzen	1	+1	-1
2021-02-03 08:31	updates project script	deurzen	3	+20	-94
2021-02-03 08:29	updates gitignore	deurzen	2	+5	-0
2021-02-03 00:11	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	2	+43	-0
2021-02-03 00:05	adds project scripts	deurzen	3	+223	-0
2021-01-25 11:46	Merge pull request #7 from deurzen/feat/dkom	Tizian Leonhardt	2	+43	-0
2021-01-25 11:10	refactors code	deurzen	1	+3	-15
2021-01-25 10:59	stop machine to avoid crashes	Tizian Leonhardt	1	+19	-15
2021-01-25 10:13	adds call -> nop skipping	deurzen	1	+7	-2
2021-01-25 09:58	fixes byte shift	deurzen	1	+1	-1
2021-01-25 09:57	removes redundant check	deurzen	1	+3	-16
2021-01-25 09:46	adds debug info	deurzen	1	+17	-3
2021-01-25 09:36	implements 0f1f to e9 skipping	deurzen	1	+4	-14
2021-01-25 09:06	adds debug info	deurzen	1	+8	-8
2021-01-25 06:50	adjusts for KASLR offset	deurzen	1	+28	-19
2021-01-25 06:00	implements partial KASLR offset resolution	deurzen	1	+42	-5
2021-01-25 03:10	adds preempt {disabling,enabling}	deurzen	1	+4	-0
2021-01-25 02:52	latest crashing attempt	deurzen	1	+3	-4
2021-01-25 02:41	attempt 3	deurzen	1	+5	-1
2021-01-25 02:37	fixes issues	deurzen	1	+9	-1
2021-01-25 02:33	fixes bugs	deurzen	1	+2	-12
2021-01-25 02:27	next attempt	deurzen	1	+19	-14
2021-01-25 02:15	fixes issue	deurzen	1	+1	-1
2021-01-25 02:13	fixes issue	deurzen	1	+2	-1
2021-01-25 02:10	fixes issues	deurzen	1	+3	-4
2021-01-25 02:08	attept list_for_each_safe	deurzen	1	+14	-3
2021-01-25 02:01	fixes issues	deurzen	1	+3	-2
2021-01-25 01:58	fixes issue	deurzen	1	+1	-1
2021-01-25 01:54	fixes issue	deurzen	1	+1	-1
2021-01-25 01:52	release_task attempt	deurzen	1	+10	-12
2021-01-25 01:48	fixes bug	deurzen	1	+4	-0
2021-01-25 01:46	fixes bug	deurzen	1	+0	-5
2021-01-25 01:42	fixes error	deurzen	1	+1	-1
2021-01-25 01:40	fixes errors	deurzen	1	+8	-8
2021-01-25 01:39	fixes issues	deurzen	1	+1	-1
2021-01-25 01:38	testing	deurzen	1	+15	-3
2021-01-25 00:54	implements pid removal from task_struct	deurzen	2	+4	-1
2021-01-25 00:41	adds task_struct retrieval for pid	deurzen	1	+5	-0
2021-01-25 00:33	fixes premature stop to comparisons	deurzen	1	+4	-11
2021-01-24 23:00	Fix small issues, limit count	Tizian Leonhardt	1	+10	-6
2021-01-24 22:51	pair work	deurzen	2	+35	-164
2021-01-24 22:27	working inferior reading	Tizian Leonhardt	1	+8	-10
2021-01-24 21:42	working inferior reading	Tizian Leonhardt	1	+46	-4
2021-01-24 20:36	Some new stuff	Tizian Leonhardt	1	+56	-32
2021-01-24 13:59	fixes small issue	deurzen	1	+6	-5
2021-01-24 13:41	initial relocation calculations	deurzen	1	+40	-12
2021-01-24 08:42	adds symbol value resolution	deurzen	1	+4	-1
2021-01-24 08:25	adds initial relatext data retrieval	deurzen	2	+83	-18
2021-01-24 05:26	adds performance optimization	deurzen	1	+15	-11
2021-01-24 05:18	adds nop exclusion	deurzen	1	+38	-13
2021-01-24 00:15	uncomments debug statement code	deurzen	1	+3	-3
2021-01-24 00:15	adds initial checking code	deurzen	1	+18	-7
2021-01-23 23:32	initial refactoring	deurzen	2	+32	-16
2021-01-23 21:50	Switch to code dictionary (very slow!)	Tizian Leonhardt	1	+37	-63
2021-01-23 19:22	Nicer debugging output for now	Tizian Leonhardt	1	+4	-5
2021-01-23 19:15	Quiet memory access errors	Tizian Leonhardt	1	+5	-5
2021-01-23 19:06	Fix error msg	Tizian Leonhardt	1	+1	-1
2021-01-23 19:02	Re-merge comparison	Tizian Leonhardt	1	+69	-3
2021-01-23 18:53	Fill dict for .parainstructions as well	Tizian Leonhardt	1	+42	-3
2021-01-23 18:33	Dict now contains list of ranges	Tizian Leonhardt	1	+5	-2
2021-01-23 18:20	altinstructions now in dict as symbol:range pairs	Tizian Leonhardt	1	+20	-4
2021-01-23 17:02	Address calculation working for altinstr	Tizian Leonhardt	1	+17	-6
2021-01-23 16:31	Add altinstr stub	Tizian Leonhardt	1	+17	-73
2021-01-22 08:53	adds better byte extraction and initial (commented out) address-dependency check	deurzen	1	+23	-18
2021-01-21 22:33	adds initial live to ELF byte comparison code	deurzen	1	+58	-14
2021-01-21 11:49	adds test code	deurzen	1	+19	-7
2021-01-21 07:30	adds live bytes retrieval gdb script	deurzen	2	+55	-16
2021-01-21 05:43	initial check_files structure	deurzen	1	+397	-75
2021-01-18 00:02	refactors code (consistency refactoring)	deurzen	1	+26	-23
2021-01-17 23:27	Merge syscall checker, fix small issues	Tizian Leonhardt	1	+131	-8
2021-01-16 02:22	updates gitignore	deurzen	1	+1	-0
2021-01-16 02:02	adds debug info	deurzen	1	+26	-1
2021-01-16 01:35	changes plugin permissions	deurzen	1	+0	-0
2021-01-16 01:34	reorganizes files; adds memory forensics gdb plugin	deurzen	39	+165	-0
2021-01-10 23:06	Delay 10s->1s	Tizian Leonhardt	1	+1	-1
2021-01-10 23:05	fix	deurzen	1	+2	-1
2021-01-10 23:01	fix attempt	deurzen	1	+2	-1
2021-01-10 22:51	adds lstar filehide install count	deurzen	3	+34	-28
2021-01-10 22:42	fixes issues	deurzen	1	+6	-2
2021-01-10 22:35	implements new filehide toggling	deurzen	1	+19	-6
2021-01-10 22:14	refactors code	deurzen	1	+10	-8
2021-01-10 22:12	Merge branch 'master' into feat/port_knocking	deurzen	5	+290	-6
2021-01-10 22:10	Merge pull request #6 from deurzen/feat/msr_hook	Tizian Leonhardt	5	+290	-6
2021-01-10 21:54	Small indentation refactor	Tizian Leonhardt	1	+58	-60
2021-01-10 21:49	Integrate lstar file hide with rest of rootkit	Tizian Leonhardt	3	+28	-22
2021-01-10 21:01	removes redundant debug statements	deurzen	1	+1	-4
2021-01-10 20:56	removes redundant code	deurzen	2	+3	-35
2021-01-10 20:38	adds debug info	deurzen	2	+11	-3
2021-01-10 20:32	fixes typo	deurzen	1	+3	-3
2021-01-10 20:30	moves from 0-check to -1-check	deurzen	2	+6	-5
2021-01-10 20:26	adds noip check	deurzen	1	+7	-3
2021-01-10 20:22	adds debug info	deurzen	2	+7	-4
2021-01-10 20:00	adds debug info	deurzen	1	+5	-1
2021-01-10 19:50	refactors code	deurzen	4	+3	-3
2021-01-10 19:45	removes redundant code	deurzen	5	+10	-14
2021-01-10 18:45	adds debug info	deurzen	1	+5	-1
2021-01-10 18:40	adds blocked handshake request debug info	deurzen	1	+1	-0
2021-01-10 18:24	fixes socket toggling bug	deurzen	3	+2	-20
2021-01-10 16:46	adds debug info	deurzen	1	+14	-1
2021-01-10 16:38	removes redundant debug statements	deurzen	1	+1	-6
2021-01-10 16:28	Small refactors	Tizian Leonhardt	1	+7	-7
2021-01-10 16:25	Undo changes to unloading	Tizian Leonhardt	1	+11	-18
2021-01-10 14:59	fix for rkcheck vm	Tizian Leonhardt	1	+22	-7
2021-01-10 13:54	It works?!	Tizian Leonhardt	2	+21	-4
2021-01-10 13:42	fixes issues	deurzen	3	+15	-5
2021-01-10 13:23	fixes issues, adds debug info	deurzen	2	+13	-5
2021-01-10 13:10	fixes bugs	deurzen	1	+3	-3
2021-01-10 13:05	fixes issue	deurzen	1	+6	-4
2021-01-10 12:59	adds debug info	deurzen	1	+7	-6
2021-01-10 12:42	clears ports and knock progress when unhiding, adds debug info	deurzen	3	+14	-0
2021-01-10 12:31	fixes issues	deurzen	3	+22	-15
2021-01-10 12:24	merges port hiding code with socket hiding	deurzen	13	+146	-248
2021-01-10 02:23	removes redundant file	deurzen	1	+0	-3
2021-01-10 02:22	fixes port knocking bugs	deurzen	3	+20	-6
2021-01-10 01:26	port knocking overhaul	deurzen	6	+110	-46
2021-01-10 01:14	Unloading working	Tizian Leonhardt	1	+10	-1
2021-01-10 01:02	Very rough around the edges, but working filehiding	Tizian Leonhardt	3	+119	-39
2021-01-09 23:17	initial port knocking implementation	deurzen	4	+371	-0
2021-01-09 21:42	Messy WIP hooking	Tizian Leonhardt	1	+15	-5
2021-01-09 21:08	Generalize and beautify offset finding	Tizian Leonhardt	1	+13	-14
2021-01-09 21:01	Restructuring	Tizian Leonhardt	1	+36	-17
2021-01-09 20:42	Fix address calculation	Tizian Leonhardt	1	+7	-8
2021-01-08 20:03	(Only slightly buggy) do_syscall_64 address implemented	Tizian Leonhardt	1	+65	-11
2021-01-06 16:33	Very WIP beginnings of new approach	Tizian Leonhardt	1	+39	-32
2021-01-04 18:56	Generalize to msr r/w	Tizian Leonhardt	1	+14	-12
2021-01-04 15:48	R/W lstar functions	Tizian Leonhardt	2	+39	-3
2021-01-01 20:45	Add lstar reading	Tizian Leonhardt	2	+40	-0
2020-12-20 20:01	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	0	+0	-0
2020-12-20 20:01	Merge branch 'master' into feat/packhide_tiz	deurzen	0	+0	-0
2020-12-20 20:00	changes command syntax from `packet` to `traffic`	deurzen	1	+11	-7
2020-12-20 19:50	Merge pull request #5 from deurzen/feat/packhide_tiz	Tizian Leonhardt	3	+16	-7
2020-12-20 16:22	Avoid directly accessing sarg to fix crash on rkcheck vm	Tizian Leonhardt	1	+6	-6
2020-12-20 15:59	Add fixes for disabling and enabling packet hiding	Tizian Leonhardt	3	+10	-1
2020-12-20 00:06	Merge pull request #4 from deurzen/feat/packhide_tiz	Tizian Leonhardt	10	+332	-3
2020-12-20 00:05	Working packet hiding	Tizian Leonhardt	1	+11	-9
2020-12-19 23:39	WIP packet hiding	Tizian Leonhardt	1	+17	-6
2020-12-19 22:50	adds packet hiding to hook_init	deurzen	1	+6	-4
2020-12-19 22:47	initial packhide message handling	deurzen	9	+230	-19
2020-12-19 21:20	Preview of packet hiding	Tizian Leonhardt	1	+22	-28
2020-12-19 17:45	Unload kprobes and drop everything	Tizian Leonhardt	1	+6	-3
2020-12-19 17:35	Initial kprobe stuff	Tizian Leonhardt	3	+106	-0
2020-12-19 16:36	Init branch	Tizian Leonhardt	0	+0	-0
2020-12-14 12:13	fixes comment typo	deurzen	1	+1	-1
2020-12-14 11:59	adds missing word in rkctl help message	deurzen	1	+1	-1
2020-12-14 11:54	adds version check s.t. code compiles on modern Linuxes	deurzen	1	+11	-3
2020-12-14 10:00	Some comments for sockhide	Tizian Leonhardt	1	+19	-0
2020-12-14 03:07	updates rktcl help message	deurzen	1	+14	-15
2020-12-14 02:49	fixes smap bug	deurzen	1	+2	-2
2020-12-13 22:54	implements SMAP disabling bug fix	deurzen	1	+11	-37
2020-12-13 21:50	Add check for SMAP support	Tizian Leonhardt	1	+30	-5
2020-12-13 05:07	adds smap disabling	deurzen	1	+16	-9
2020-12-13 04:47	access_ok hack	deurzen	1	+6	-2
2020-12-13 04:17	alters allocation and copy size	deurzen	1	+2	-2
2020-12-13 04:04	adds null check	deurzen	1	+1	-1
2020-12-13 04:01	fixes panic?	deurzen	1	+3	-0
2020-12-13 03:57	fixes smap issue	deurzen	1	+3	-2
2020-12-13 03:49	refactors code	deurzen	1	+8	-10
2020-12-13 03:45	refactors code	deurzen	1	+1	-10
2020-12-13 03:31	initial netlink hiding implementation	deurzen	2	+43	-5
2020-12-13 02:13	implements initial recvmsg hooking	deurzen	2	+51	-29
2020-12-13 01:50	refactors code	deurzen	5	+27	-29
2020-12-13 01:27	Fix many stupid mistakes in sockhide.c	Tizian Leonhardt	3	+20	-13
2020-12-13 00:25	adds sockethide disabling command	deurzen	1	+6	-2
2020-12-13 00:19	Add necessary calls for sockhide	Tizian Leonhardt	2	+16	-11
2020-12-13 00:03	adds {TCP,UDP} socket hiding handlers	deurzen	7	+110	-8
2020-12-12 23:18	Merge pull request #3 from deurzen/feat/sock-hiding	Tizian Leonhardt	2	+265	-0
2020-12-12 23:17	Revert hooking fragments	Tizian Leonhardt	1	+0	-5
2020-12-12 23:16	Finalize sockhide backbone	Tizian Leonhardt	1	+2	-2
2020-12-12 22:58	nicens header implementation	deurzen	1	+18	-10
2020-12-12 22:52	Swap out check for hidden ports	Tizian Leonhardt	1	+8	-6
2020-12-12 22:38	refactors code	deurzen	1	+28	-26
2020-12-12 22:44	Add list backbone to sockhiding	Tizian Leonhardt	2	+117	-8
2020-12-12 22:18	adds initial header construction code	deurzen	4	+59	-10
2020-12-12 21:12	refactors code	deurzen	2	+5	-2
2020-12-12 20:20	fixes issues	deurzen	1	+4	-0
2020-12-12 19:59	refactors code	deurzen	5	+39	-31
2020-12-12 16:56	Implement rest of hooks WIP	Tizian Leonhardt	1	+26	-2
2020-12-12 16:49	Add further hooks, implementation is WIP	Tizian Leonhardt	1	+33	-0
2020-12-12 16:35	Throw out string comparisons and implement hiding based on sock information	Tizian Leonhardt	1	+44	-27
2020-12-12 16:19	adds udp sending interface	deurzen	3	+18	-15
2020-12-12 15:35	refactors code	deurzen	2	+42	-34
2020-12-12 14:47	adds bind address	deurzen	1	+11	-13
2020-12-12 14:32	refactors code	deurzen	1	+33	-6
2020-12-12 04:34	refactors code	deurzen	1	+6	-2
2020-12-12 04:05	adds debug code	deurzen	1	+4	-8
2020-12-12 03:45	refactors code	deurzen	1	+23	-27
2020-12-12 02:00	adds initial sending code	deurzen	1	+53	-7
2020-12-12 01:21	adds initial socket string parsing	deurzen	2	+19	-1
2020-12-12 00:56	Minor refactors	Tizian Leonhardt	1	+7	-3
2020-12-11 23:46	Further progress	Tizian Leonhardt	1	+8	-0
2020-12-11 23:35	WIP Add initial code for netstat sockhiding	Tizian Leonhardt	3	+73	-0
2020-12-11 22:12	initial input logging code	deurzen	9	+95	-20
2020-12-11 17:26	Init	Tizian Leonhardt	0	+0	-0
2020-12-06 21:33	Add a few comments to openhide	Tizian Leonhardt	1	+7	-3
2020-12-06 21:23	adds --ssh option description to help message	deurzen	1	+3	-2
2020-12-06 19:51	fixes install root shell backdoor issue	deurzen	1	+4	-10
2020-12-06 19:33	adds to comments	deurzen	1	+7	-6
2020-12-06 14:34	reorders channels in report	deurzen	1	+2	-2
2020-12-06 14:31	fixes read-backdoor unloading issue	deurzen	1	+10	-14
2020-12-06 14:27	minimally refactors Vim-swap hack code	deurzen	1	+24	-28
2020-12-06 14:10	adds [g7] tag prefix to rootkit debug statements	deurzen	2	+14	-18
2020-12-06 13:51	refactors code	deurzen	1	+25	-21
2020-12-06 13:39	fixes rkctl help output column output issue	deurzen	1	+10	-10
2020-12-06 13:37	fixes erroneous install count checking	deurzen	3	+6	-18
2020-12-06 13:13	fixes unload panic	deurzen	4	+19	-7
2020-12-06 03:14	hides open files on startup	deurzen	1	+3	-0
2020-12-06 03:14	adds reinstall rule	deurzen	1	+5	-0
2020-12-06 02:59	fixes issues	deurzen	2	+4	-2
2020-12-06 02:55	refactors code	deurzen	16	+580	-493
2020-12-06 02:20	Merge branch 'master' into feat/of-hiding	deurzen	10	+191	-13
2020-12-06 02:18	changes comments	deurzen	1	+5	-5
2020-12-06 01:12	Add swap open file hiding	Tizian Leonhardt	1	+49	-2
2020-12-05 22:42	Fixes hang when task_struct is locked (and is safe, as we don't write to the files struct	Tizian Leonhardt	1	+1	-6
2020-12-05 22:10	refactors code, adds documentation	deurzen	1	+15	-12
2020-12-05 22:01	Add fd stuff	Tizian Leonhardt	3	+41	-6
2020-12-05 20:38	refactors code	deurzen	2	+25	-18
2020-12-05 20:32	refactors module {,un}hiding code	deurzen	1	+49	-62
2020-12-05 18:38	Clear list after every fd dir	Tizian Leonhardt	1	+2	-1
2020-12-05 18:35	Add rootkit bool for open file hiding, include check for fd list	Tizian Leonhardt	5	+19	-5
2020-12-05 18:19	Offload may_fd to avoid getdents bloat	Tizian Leonhardt	3	+62	-42
2020-12-05 18:07	Add initial path tokenization	Tizian Leonhardt	3	+152	-0
2020-12-05 17:51	changes channel numbers	deurzen	1	+5	-5
2020-12-05 17:44	refactors code	deurzen	2	+13	-5
2020-12-05 17:41	fixes `shell` command issue	deurzen	1	+3	-3
2020-12-05 17:38	refactors code	deurzen	2	+7	-4
2020-12-05 17:30	fixes issues	deurzen	2	+10	-6
2020-12-05 16:59	initial test	deurzen	9	+166	-0
2020-11-30 12:22	fixes backdoor (execve) bug	deurzen	1	+3	-1
2020-11-30 11:47	fixes small bug	deurzen	1	+6	-7
2020-11-30 11:33	refactors code	deurzen	1	+6	-3
2020-11-30 03:19	fixes pertinent root bug	deurzen	1	+4	-7
2020-11-30 02:43	fixes switch bug	deurzen	1	+16	-22
2020-11-30 02:12	implements tty_read hook	deurzen	3	+28	-70
2020-11-30 01:58	adds elevation code	deurzen	1	+6	-15
2020-11-30 00:59	attempt 1	deurzen	2	+26	-10
2020-11-30 00:37	fixes log{out,in} panic	deurzen	1	+12	-14
2020-11-30 00:35	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+2	-0
2020-11-30 00:34	fixes `read` and `tty` simultaneous backdoor issue	deurzen	1	+2	-0
2020-11-29 22:24	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	Tizian Leonhardt	1	+4	-3
2020-11-29 22:23	Add comment regarding msleep	Tizian Leonhardt	1	+2	-0
2020-11-29 22:11	adds unused result warning suppression	deurzen	1	+1	-1
2020-11-29 22:04	updates test rule	deurzen	1	+2	-1
2020-11-29 22:01	updates debug rule cflags	deurzen	1	+1	-1
2020-11-29 21:58	Conform to rest of Makefile..	Tizian Leonhardt	1	+1	-1
2020-11-29 21:56	Add xattrs to rkctl	Tizian Leonhardt	1	+1	-0
2020-11-29 21:48	Remove (for now) read_install_count	Tizian Leonhardt	1	+3	-5
2020-11-29 17:59	adds proper user access	deurzen	1	+1	-1
2020-11-29 17:55	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	deurzen	1	+9	-1
2020-11-29 17:46	Don't crash on large buffer allocations	Tizian Leonhardt	1	+9	-1
2020-11-29 17:46	adds children pid hiding	deurzen	1	+26	-0
2020-11-29 17:25	Merge branch 'master' of github.com:deurzen/rootkit-programming-dev	Tizian Leonhardt	1	+17	-11
2020-11-29 17:25	Fix passing userspace buffer	Tizian Leonhardt	1	+1	-1
2020-11-29 16:40	adds install count for read hook	deurzen	1	+17	-11
2020-11-29 16:32	refactors code	deurzen	2	+6	-5
2020-11-29 16:27	has {p,t}ty backdoor elevate to root	deurzen	2	+12	-13
2020-11-29 16:24	fixes tags rule	deurzen	1	+1	-0
2020-11-29 16:23	Merge branch 'master' into feat/hidepid	deurzen	6	+223	-2
2020-11-29 13:33	syncs between hidepid and filehide	deurzen	6	+79	-29
2020-11-29 16:02	Merge pull request #2 from deurzen/feat/readhook	Tizian Leonhardt	6	+223	-2
2020-11-29 13:16	refactors code	deurzen	2	+3	-3
2020-11-29 13:11	updates gitignore	deurzen	1	+1	-0
2020-11-29 11:39	refactors code	deurzen	4	+29	-45
2020-11-29 12:13	Refactoring	Tizian Leonhardt	2	+17	-6
2020-11-29 10:42	refactors code	deurzen	1	+17	-17
2020-11-29 10:39	implements {,un}hidepid messaging	deurzen	1	+18	-3
2020-11-29 10:39	refactors code	deurzen	1	+2	-2
2020-11-29 10:39	implements {,un}hidepid handling	deurzen	2	+23	-1
2020-11-29 09:53	refactors code	deurzen	3	+36	-52
2020-11-28 22:12	adds initial {,un}hiding code	deurzen	2	+43	-5
2020-11-28 18:18	refactors code	deurzen	1	+1	-1
2020-11-28 17:39	adds initial pid hiding code	deurzen	4	+140	-0
2020-11-28 15:14	Safe unloading	Tizian Leonhardt	3	+12	-2
2020-11-28 15:04	adds pointer unset in case of override switch	deurzen	1	+2	-0
2020-11-28 14:46	updates gitignore	deurzen	1	+1	-0
2020-11-28 14:45	adds tags rule	deurzen	1	+3	-0
2020-11-28 14:07	refactors code	deurzen	1	+1	-1
2020-11-28 14:05	fixes client argument reading bug	deurzen	1	+1	-1
2020-11-28 13:48	Merge readhook functionality	Tizian Leonhardt	5	+201	-1
2020-11-28 11:19	removes assignment 3 README	deurzen	1	+0	-50
2020-11-28 11:18	moves checker programs to dedicated directory	deurzen	2	+0	-0
2020-11-28 11:18	removes now redundant filehide toggle script	deurzen	1	+0	-12
2020-11-28 11:16	refactors code	deurzen	3	+14	-8
2020-11-28 11:06	adds togglebd (backdoor-use-tty) command to client	deurzen	1	+7	-1
2020-11-28 11:00	refactors code	deurzen	6	+31	-30
2020-11-27 19:03	adds initial {p,t}ty backdoor code	deurzen	4	+84	-14
2020-11-27 16:07	changes signature to take pt_regs, unpacks args	deurzen	2	+12	-6
2020-11-27 12:40	adds initial syscall backdoor code	deurzen	7	+112	-24
2020-11-27 12:16	adds clean_client rule	deurzen	1	+3	-0
2020-11-27 11:08	adds instant root shell command	deurzen	2	+24	-0
2020-11-27 11:02	adds nowait asynchronous backdoor handling	deurzen	1	+1	-1
2020-11-27 10:50	implements backdoor execve handling	deurzen	1	+1	-1
2020-11-27 10:42	adds initial backdoor code	deurzen	5	+56	-4
2020-11-27 09:58	refactors code	deurzen	1	+3	-4
2020-11-27 07:52	implements filehide {toggle,on,off} for arg{=0,>0,<0}	deurzen	4	+16	-8
2020-11-27 07:38	adds ping handler	deurzen	1	+11	-4
2020-11-26 18:11	adds initial control program code	deurzen	9	+234	-80
2020-11-26 14:24	adds up script	deurzen	2	+77	-0
2020-11-26 14:22	adds changes from rkp repo	deurzen	7	+74	-34
2020-11-23 08:08	refactors code	deurzen	4	+8	-11
2020-11-23 07:33	refactors code	deurzen	2	+8	-6
2020-11-23 06:38	adds usage synchronization	deurzen	1	+20	-4
2020-11-23 05:57	adds filehiding checker	deurzen	1	+0	-0
2020-11-23 05:55	refactors code; adds list-based entry-check	deurzen	3	+90	-81
2020-11-23 00:53	Implement getdents as well	Tizian Leonhardt	1	+35	-12
2020-11-23 00:49	Get rid of tainted kernel message	Tizian Leonhardt	1	+1	-0
2020-11-23 00:43	Very ugly, but working file hiding (exluding getdents)	Tizian Leonhardt	3	+52	-8
2020-11-22 18:13	initial xattr work	deurzen	1	+31	-3
2020-11-22 15:32	adds inode retrieval to getdents{,64}	deurzen	1	+11	-0
2020-11-22 14:34	implements getdents{,64} boilerplate	deurzen	5	+113	-75
2020-11-21 20:54	refactors code	deurzen	3	+16	-20
2020-11-21 16:30	initial getdents{,64} override	deurzen	6	+91	-28
2020-11-21 14:57	fixes sys_call_table loading bug	deurzen	5	+17	-17
2020-11-21 14:30	refactors code	deurzen	2	+8	-4
2020-11-21 14:30	adds filehide test script	deurzen	1	+25	-0
2020-11-21 14:23	adds initial system call table hooking functionality	deurzen	7	+42	-23
2020-11-21 13:58	initial hooks work	deurzen	10	+116	-14
2020-11-21 13:05	adds test rule	deurzen	2	+48	-9
2020-11-21 06:00	refactors code	deurzen	3	+55	-18
2020-11-21 05:58	updates make process	deurzen	1	+35	-10
2020-11-21 03:17	adds gitignore	deurzen	1	+13	-0
2020-11-20 15:59	adds initial hooks code	deurzen	2	+24	-0
2020-11-20 14:35	updates make process	deurzen	1	+14	-3
2020-11-20 11:34	implements solution to part 1	deurzen	3	+36	-24
2020-11-20 06:58	initial	deurzen	4	+144	-0

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs