Yonatan Goldschmidt Jongy

## required_glibc_version.py
import subprocess
import sys
from packaging.version import Version


def main(argv):
    if len(argv) != 2:
        print(f"usage: {argv[0]} <elf>")
        sys.exit(1)

## modversions.py
#!/usr/bin/env python3
import sys
import subprocess
import tempfile
import struct


def get_modversions(module):
    with tempfile.NamedTemporaryFile("rb") as tf:
        subprocess.check_call(["objcopy", "-O", "binary", "--only-section=__versions", module, tf.name])

## dis.py
import subprocess
import binascii
import tempfile

def dis(s):
    if not isinstance(s, bytes):
        s = binascii.unhexlify(s.replace(" ", "").strip())

    with tempfile.NamedTemporaryFile("wb") as f:
        f.write(s)

## terminal_history.txt
$ socat file:`tty`,raw,echo=0,escape=0xc tcp:10.0.2.3:9999,connect-timeout=0.5
MicroPython v1.12-165-g7f2a08834-dirty on 2020-12-07; Linux version 4.15.0-72-generic with x86_64
Type "help()" for more information.
>>>
>>>
>>>
>>>
>>> 5 + 5
10
>>>

## ps.py
from struct_access import container_of, partial_struct
from kernel_ffi import current

task_struct = partial_struct("task_struct")

p = task_struct(current())

# p.<TAB>

from struct_access import dump_struct

## ftrace.py
from kernel_ffi import KP_ARGS_MODIFY, callback, current, ftrace, kprobe

# create struct casters
tcphdr = partial_struct("tcphdr")
sk_buff = partial_struct("sk_buff")
net_protocol_s = partial_struct("net_protocol")


def swap16(n):
    n = n & 0xffff

## disable_urandom.py
from kernel_ffi import callback, current, str as s

task_struct = partial_struct("task_struct")
file_operations = partial_struct("file_operations")

real_urandom_read = urandom_read
no_random_progs = ["ssh-keygen"]

def my_urandom_read(filp, buf, count, ppos):
    # technically should take task lock for 'comm' but meh.

## db_auto_root.patch
This patches dropbear server to allow passwordless root logins, without checking /etc/passwd
and others. Useful if you just want to run dropbear and don't have a fully configured filesystem
with users.

diff -ruN dropbear-2019.78/common-session.c dropbear-2019.78_auto_root/common-session.c
--- dropbear-2019.78/common-session.c	2019-03-27 16:15:23.000000000 +0200
+++ dropbear-2019.78_auto_root/common-session.c	2019-12-30 12:08:49.051546574 +0200
@@ -616,15 +616,13 @@
 	if (ses.authstate.pw_passwd)
 		m_free(ses.authstate.pw_passwd);

## modinfo.py
#!/usr/bin/env python3
import sys
import subprocess
import tempfile


def get_modinfo(module):
    with tempfile.NamedTemporaryFile("r") as tf:
        subprocess.check_call(["objcopy", "-O", "binary", "--only-section=.modinfo", module, tf.name])
        modinfo = tf.read()

## open_hook.py
from kernel_ffi import kprobe, KP_ARGS_WATCH, str as s
from struct_access import partial_struct

filename = partial_struct("filename")

def do_filp_open_hook(dfd, fn):  # don't have to receive all args if you don't need
    print("do_filp_open: fd {} name {!r}".format(dfd, s(int(filename(fn).name))))

kp = kprobe("do_filp_open", KP_ARGS_WATCH, do_filp_open_hook)
	import subprocess
	import sys
	from packaging.version import Version


	def main(argv):
	if len(argv) != 2:
	print(f"usage: {argv[0]} <elf>")
	sys.exit(1)
	#!/usr/bin/env python3
	import sys
	import subprocess
	import tempfile
	import struct


	def get_modversions(module):
	with tempfile.NamedTemporaryFile("rb") as tf:
	subprocess.check_call(["objcopy", "-O", "binary", "--only-section=__versions", module, tf.name])
	import subprocess
	import binascii
	import tempfile

	def dis(s):
	if not isinstance(s, bytes):
	s = binascii.unhexlify(s.replace(" ", "").strip())

	with tempfile.NamedTemporaryFile("wb") as f:
	f.write(s)
	$ socat file:`tty`,raw,echo=0,escape=0xc tcp:10.0.2.3:9999,connect-timeout=0.5
	MicroPython v1.12-165-g7f2a08834-dirty on 2020-12-07; Linux version 4.15.0-72-generic with x86_64
	Type "help()" for more information.
	>>>
	>>>
	>>>
	>>>
	>>> 5 + 5
	10
	>>>
	from struct_access import container_of, partial_struct
	from kernel_ffi import current

	task_struct = partial_struct("task_struct")

	p = task_struct(current())

	# p.<TAB>

	from struct_access import dump_struct
	from kernel_ffi import KP_ARGS_MODIFY, callback, current, ftrace, kprobe

	# create struct casters
	tcphdr = partial_struct("tcphdr")
	sk_buff = partial_struct("sk_buff")
	net_protocol_s = partial_struct("net_protocol")


	def swap16(n):
	n = n & 0xffff
	from kernel_ffi import callback, current, str as s

	task_struct = partial_struct("task_struct")
	file_operations = partial_struct("file_operations")

	real_urandom_read = urandom_read
	no_random_progs = ["ssh-keygen"]

	def my_urandom_read(filp, buf, count, ppos):
	# technically should take task lock for 'comm' but meh.
	This patches dropbear server to allow passwordless root logins, without checking /etc/passwd
	and others. Useful if you just want to run dropbear and don't have a fully configured filesystem
	with users.

	diff -ruN dropbear-2019.78/common-session.c dropbear-2019.78_auto_root/common-session.c
	--- dropbear-2019.78/common-session.c 2019-03-27 16:15:23.000000000 +0200
	+++ dropbear-2019.78_auto_root/common-session.c 2019-12-30 12:08:49.051546574 +0200
	@@ -616,15 +616,13 @@
	if (ses.authstate.pw_passwd)
	m_free(ses.authstate.pw_passwd);
	from kernel_ffi import kprobe, KP_ARGS_WATCH, str as s
	from struct_access import partial_struct

	filename = partial_struct("filename")

	def do_filp_open_hook(dfd, fn): # don't have to receive all args if you don't need
	print("do_filp_open: fd {} name {!r}".format(dfd, s(int(filename(fn).name))))

	kp = kprobe("do_filp_open", KP_ARGS_WATCH, do_filp_open_hook)