Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (8.3%) to scientific vocabulary
Keywords
Repository
Forget Ring3. Run EVERYTHING in Ring0!
Basic Info
Statistics
- Stars: 3
- Watchers: 2
- Forks: 4
- Open Issues: 0
- Releases: 6
Topics
Metadata Files
README.md
Linux kernel DANGER
This project modified the Linux kernel that make Usermode running in Ring0!
DISCLAIMER I know it is STUPID to mention this {
0. This kernel is NOT "stable" or "secure"
1. Use it entirely at your OWN RISK. I take NO responsibility
}, But I worry about someone doing something STUPID!
Omoshiroi Code Files
Headers
arch/x86/include/uapi/asm/processor-flags.h - CPU Flags, like CR0, CR4
arch/x86/include/asm/segment.h - Segment Descriptors Definitions
arch/x86/include/asm/pgtable_types.h - Page Table Templates
arch/x86/include/uapi/asm/setup.h - My Hack Functions
arch/x86/include/asm/ptrace.h - Usermode/Kernelmode Partterns
arch/x86/include/asm/desc.h - xDT Definitions
Sources
init/main.c - Kernel Entry Point
arch/x86/kernel/cpu/common.c - Init some CPU Features
arch/x86/kernel/setup.c - Early Boot Kernel Setup
arch/x86/kernel/head_64.S - Early CPU Setup
arch/x86/kernel/head64.c - Early CPU Setup
arch/x86/kernel/process_64.c - Start Usermode Threads
arch/x86/entry/entry_64.S - idt/syscall/sysret
arch/x86/entry/common.c - syscall
arch/x86/kernel/idt.c - IDT Setup
arch/x86/kernel/signal_64.c - Signal Handling
arch/x86/mm/fault.c - Page Fault Handler
fs/exec.c - Start ELF Binaries from Kernel
kernel/sched/core.c - Scheduler
kernel/time/hrtimer.c - syscall_nanosleep
Build & Run on Ubuntu 24.04
apt update
apt install -y build-essential libncurses-dev bison flex libssl-dev libelf-dev bc dwarves git
cp /boot/config-$(uname -r) .config
make menuconfig
Then, disable CONFIG_SYSTEM_TRUSTED_KEYS and BTF
``` -> Cryptographic API (CRYPTO [=y]) -> Certificates for signature checking -> Provide system-wide ring of trusted keys (SYSTEMTRUSTEDKEYRING) -> Additional X.509 keys for default system keyring (SYSTEMTRUSTEDKEYS [=])
-> Enable loadable module support (MODULES [=y]) -> Module signature verification (MODULESIG [=y]) -> Require modules to be validly signed (MODULESIGFORCE [=n]) -> Automatically sign all modules (MODULESIG_ALL [=n])
-> Kernel hacking -> Compile-time checks and compiler options -> Generate BTF typeinfo (DEBUGINFOBTF [=n]) ```
Then you can
make localmodconfig
make -j24
make modules_install
make install
update-grub
Or, get the vmlinuz and initrd, and then using QEMU to boot the kernel.
qemu-system-x86_64 -kernel vmlinuz -initrd initrd.img -append "root=/dev/ram0 console=ttyS0" -m 512M -serial stdio
x64 Hacking Status
- ~~Disable CR0 Write Protection~~ (You can do this in your ELF!)
- ~~Disable PTI~~
- ~~Disable SMEP/SMAP~~ (Removed _USR in Page Table!)
- ~~Disable Alternatives~~
- [x] Hack the user GDT to Ring 0
- [x] Hack User Segment Descriptors to Ring 0
- [x] Hack User Page Table Templates to Ring 0
- [x] Adjust IST to FORCE Interrupt Stack always available (Most interrupts/exceptions will use #DF stack, then Manually carry stack back if from Kernel-Mode)
- [x] Replace
sysretqwithiretq - [x]
/mini_shellsuccessfully run in Ring 0 - [x] Much orignal ELFs can run in Ring 0 !!!
- [x] Hack
nanosleepto save energy
Tested on
- [x] QEMUDangerx86,
qemu-system-x86_64 -kernel vmlinuz -initrd initrd.img -append "root=/dev/ram0 console=ttyS0" -m 512M -serial stdio,/mini_shellis a usermode ELF running in Ring0 - [x] Physical PC, Intel Core 2 Duo
- [ ] Hyper-V, Not Working...Maybe Hyper-V ignored IST at non-#DF conditions?
Acknowledgements
Microsoft Student Ambassadorsprogram of Azure 150$ credits (to build the kernel)- The computation was carried out using the computer resource offered under the category of ****** by Research Institute for Information Technology, Kyushu University. (to build the kernel)
Owner
- Name: SuperHacker UEFI
- Login: UEFI-code
- Kind: user
- Repositories: 108
- Profile: https://github.com/UEFI-code
Microsoft Learn Student Ambassador | Bionic Researcher | Software Engineer | BISTU
GitHub Events
Total
- Create event: 15
- Issues event: 1
- Release event: 11
- Watch event: 2
- Delete event: 9
- Push event: 56
- Fork event: 3
Last Year
- Create event: 15
- Issues event: 1
- Release event: 11
- Watch event: 2
- Delete event: 9
- Push event: 56
- Fork event: 3
Issues and Pull Requests
Last synced: 9 months ago
All Time
- Total issues: 1
- Total pull requests: 0
- Average time to close issues: less than a minute
- Average time to close pull requests: N/A
- Total issue authors: 1
- Total pull request authors: 0
- Average comments per issue: 0.0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 1
- Pull requests: 0
- Average time to close issues: less than a minute
- Average time to close pull requests: N/A
- Issue authors: 1
- Pull request authors: 0
- Average comments per issue: 0.0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- UEFI-code (1)
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- Sphinx ==2.4.4
- jinja2 <3.1
- PyYAML ==6.
- jsonschema ==4.