GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → marcinguy → dr_checker_4_linux

marcinguy / dr_checker_4_linux

Licence: BSD-2-Clause license
Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel

Programming Languages

Makefile
30231 projects
C++
36643 projects - #6 most used programming language
CMake
9771 projects
python
139335 projects - #7 most used programming language

Labels

kernelkernel-modulellvmkernel-drivervulnerability-detectionvulnerability-scannerssast

Projects that are alternatives of or similar to dr checker 4 linux

Dr checker
DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers
Stars: ✭ 251 (+638.24%)
Mutual labels:  kernel, llvm, vulnerability-detection, vulnerability-scanners
kernel-syslog
📝 Kernel module that can be used as a replacement for syslog, logger or logwrapper
Stars: ✭ 37 (+8.82%)
Mutual labels:  kernel, kernel-module
pfSense-pkg-WireGuard
This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.
Stars: ✭ 194 (+470.59%)
Mutual labels:  kernel, kernel-module
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+1988.24%)
Mutual labels:  kernel, vulnerability-detection
Saucerframe
python3批量poc检测工具
Stars: ✭ 242 (+611.76%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
meta-quectel-community
Yocto Layer which provides basic support for Quectel wireless modules
Stars: ✭ 25 (-26.47%)
Mutual labels:  kernel-module, kernel-driver
Difuze
Fuzzer for Linux Kernel Drivers
Stars: ✭ 285 (+738.24%)
Mutual labels:  kernel, vulnerability-detection
Detexploit
OSS Vulnerability Scanner for Windows Platform
Stars: ✭ 146 (+329.41%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
nrf24
nrf24l01 linux device driver
Stars: ✭ 20 (-41.18%)
Mutual labels:  kernel-module, kernel-driver
Proton Clang
Proton Clang toolchains builds in the form of a continuously updating Git repository. Clone with --depth=1.
Stars: ✭ 126 (+270.59%)
Mutual labels:  kernel, llvm
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+438.24%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
MixewayScanner
Mixeway Scanner is Spring Boot application which aggregate integration with number of OpenSource Vulnerability scanners - both SAST and DAST types
Stars: ✭ 15 (-55.88%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+6679.41%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
KMAC
Some usefull info when reverse engineering Kernel Mode Anti-Cheat
Stars: ✭ 31 (-8.82%)
Mutual labels:  kernel, kernel-driver
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+376.47%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
execmon
Advanced process execution monitoring utility for linux (procmon like)
Stars: ✭ 77 (+126.47%)
Mutual labels:  kernel, kernel-module
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+208.82%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (+235.29%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
Bsodsurvivor
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
Stars: ✭ 122 (+258.82%)
Mutual labels:  kernel, llvm
aparoid
Static and dynamic Android application security analysis
Stars: ✭ 62 (+82.35%)
Mutual labels:  vulnerability-detection, vulnerability-scanners
View All Similar Projects ➔

dr_checker_4_linux

Port to check Linux Kernel of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" (https://github.com/ucsb-seclab/dr_checker) also to newer Clang/LLVM (original was Clang/LLVM 3.8)

Abstract

While kernel drivers have long been know to poses huge security risks, due to their privileged access and lower code quality, bug-finding tools for drivers are still greatly lacking both in quantity and effectiveness. This is because the pointer-heavy code in these drivers present some of the hardest challenges to static analysis, and their tight coupling with the hardware make dynamic analysis infeasible in most cases. In this work, we present DR. CHECKER, a soundy (i.e., mostly sound) bug-finding tool for Linux kernel drivers that is based on well-known program analysis techniques. We are able to overcome many of the inherent limitations of static analysis by scoping our analysis to only the most bug-prone parts of the kernel (i.e., the drivers), and by only sacrificing soundness in very few cases to ensure that our technique is both scalable and precise. DR. CHECKER is a fully-automated static analysis tool capable of performing general bug finding using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. To demonstrate the scalability and efficacy of DR.CHECKER, we analyzed the drivers of nine production Linux kernels (3.1 million LOC), where it correctly identified 158 critical zero-day bugs with an overall precision of 78%.

Results for Linux 5.3.1

Results for Linux 5.13.9

Setup

Tested on Ubuntu 20.04

Clone the repo.

Make sure you have Clang/LLVM 10 installed (newer Clang/LLVM will not work)

Ubuntu:

apt install clang-10 sparse

Make sure all the binaries have correct paths i.e /usr/bin/llvm-link (linked to /usr/bin/llvm-link-10), /usr/bin/opt (/usr/bin/opt-10) etc.

Debug when needed.

No need to run setup_drchecker.py, you can skip it. For other instructions refer to the original Dr. Checker repo.

Sample run

In Kernel source

make  CC=clang-10 HOSTCC=clang-10 allyesconfig
make V=1 CC=clang-10 HOSTCC=clang-10 > makeout.txt 2>&1

Then

python ../dr_checker/helper_scripts/runner_scripts/run_all.py -l /laptop/media/mk/4e3f0810-c5e8-4a7f-a629-2800a1356ebd/linux-5.3.1/bitout -a 5 -m /laptop/media/mk/4e3f0810-c5e8-4a7f-a629-2800a1356ebd/linux-5.3.1/makeout.txt -g clang-10 -n 2 -o /laptop/media/mk/4e3f0810-c5e8-4a7f-a629-2800a1356ebd/linux-5.3.1/ -k /laptop/media/mk/4e3f0810-c5e8-4a7f-a629-2800a1356ebd/linux-5.3.1/ -f /laptop/media/mk/4e3f0810-c5e8-4a7f-a629-2800a1356ebd/linux-5.3.1/result

Results

5.3.1 results with code and filenames in kernel-5.3.1/resultspp

5.13.9 results with code and filenames in kernel-5.13.9/resultspp

Triage

Obviously, there are many results that need to be triaged. Feel free to send me kudos and/or Dr. Checker team if you will get a CVE/vuln out of it.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].