out-of-tree kernel {module, exploit} development tool

dump_stack() 9e1d71d1b2 Bump changelog version		1 week ago
.github/workflows	GitHub Actions: convert case	2 months ago
config	Support custom docker commands	2 months ago
docs	Fix spelling	3 months ago
examples	Fix spelling	3 months ago
qemu	Fix spelling	3 months ago
tools	Add policykit-1 to rootfs	2 months ago
.gitignore	Remove snap support	11 months ago
.travis.yml	Travis-CI: xenial -> bionic	3 months ago
CHANGELOG.md	Bump changelog version	1 week ago
LICENSE	Change license to GNU AGPLv3	1 year ago
README.md	Fix link to Travis-CI	2 months ago
db.go	Refactor [2]	3 months ago
debug.go	Fix spelling	3 months ago
gen.go	Move upstream to code.dumpstack.io	9 months ago
go.mod	Generate markdown table statistics for tag	3 months ago
go.sum	Generate markdown table statistics for tag	3 months ago
images.config.go	Remove bootstrap, download images on-demand	3 months ago
images.go	Remove bootstrap, download images on-demand	3 months ago
kernel.go	Avoid slow mirrors	2 months ago
kernel_linux.go	Exclude host kernel generation for macOS	2 months ago
kernel_macos.go	Exclude host kernel generation for macOS	2 months ago
log.go	Refactor	3 months ago
main.go	Add flag for verbose output	1 week ago
pack.go	Add flag for verbose output	1 week ago
pew.go	Add flag for verbose output	1 week ago
pew_test.go	Use go timers for kill docker by timeout, fixes #12	11 months ago

out-of-tree

out-of-tree kernel {module, exploit} development tool

out-of-tree is for automating some routine actions for creating development environments for debugging kernel modules and exploits, generating reliability statistics for exploits, and also provides the ability to easily integrate into CI (Continuous Integration).

Requirements

Qemu, docker and golang is required.

Also do not forget to set GOPATH and PATH e.g.:

$ echo 'export GOPATH=$HOME' >> ~/.bashrc
$ echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
$ source ~/.bashrc

Gentoo

# emerge app-emulation/qemu app-emulation/docker dev-lang/go

macOS

$ brew install go qemu
$ brew cask install docker

Fedora

$ sudo dnf install go qemu moby-engine

Also check out docker post-installation steps.

Build from source

$ go get -u code.dumpstack.io/tools/out-of-tree

Then you can check it on kernel module example:

$ cd $GOPATH/src/code.dumpstack.io/tools/out-of-tree/examples/kernel-module
$ out-of-tree kernel autogen # generate kernels based on .out-of-tree.toml
$ out-of-tree pew

Examples

Run by absolute path

$ out-of-tree --path /path/to/exploit/directory pew

Test only with one kernel:

$ out-of-tree pew --kernel='Ubuntu:4.10.0-30-generic'

Run debug environment:

$ out-of-tree debug --kernel='Ubuntu:4.10.0-30-generic'

Test binary module/exploit with implicit defined test ($BINARY_test)

$ out-of-tree pew --binary /path/to/exploit

Test binary module/exploit with explicit defined test

$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test

Guess work kernels:

$ out-of-tree pew --guess

Use custom kernels config

$ out-of-tree --kernels /path/to/kernels.toml pew

Generate all kernels

$ out-of-tree kernel genall --distro Ubuntu --ver 16.04

Troubleshooting

If anything happens that you cannot solve -- just remove $HOME/.out-of-tree.

But it’ll be better if you’ll write the bug report.

Development

Read Qemu API.

Generate images

$ cd $GOPATH/src/code.dumpstack.io/tools/out-of-tree/tools/qemu-debian-img/
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1404.img -e RELEASE=trusty -t gen-ubuntu1804-image
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1604.img -e RELEASE=xenial -t gen-ubuntu1804-image

README.md