0

Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)

Github repo
Main metrics

Github stars Tracking Chart

Diamorphine

Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x

Features

  • When loaded, the module starts invisible;

  • Hide/unhide any process by sending a signal 31;

  • Sending a signal 63(to any pid) makes the module become (in)visible;

  • Sending a signal 64(to any pid) makes the given user become root;

  • Files or directories starting with the MAGIC_PREFIX become invisible;

  • Source: https://github.com/m0nad/Diamorphine

Install

Verify if the kernel is 2.6.x/3.x/4.x

uname -r

Clone the repository

git clone https://github.com/m0nad/Diamorphine

Enter the folder

cd Diamorphine

Compile

make

Load the module(as root)

insmod diamorphine.ko

Uninstall

The module starts invisible, to remove you need to make it visible

kill -63 0

Then remove the module(as root)

rmmod diamorphine

References

Wikipedia Rootkit
https://en.wikipedia.org/wiki/Rootkit

Linux Device Drivers
http://lwn.net/Kernel/LDD3/

LKM HACKING
https://www.thc.org/papers/LKM_HACKING.html

Memset's blog
http://memset.wordpress.com/

Linux on-the-fly kernel patching without LKM
http://phrack.org/issues/58/7.html

WRITING A SIMPLE ROOTKIT FOR LINUX
https://web.archive.org/web/20160620231623/http://big-daddy.fr/repository/Documentation/Hacking/Security/Malware/Rootkits/writing-rootkit.txt

Linux Cross Reference
http://lxr.free-electrons.com/

Main metrics

Overview
Name With Ownerm0nad/Diamorphine
Primary LanguageC
Program languageMakefile (Language Count: 2)
Platform
License:Other
所有者活动
Created At2013-11-06 22:38:47
Pushed At2023-09-20 10:56:06
Last Commit At2023-09-20 12:56:06
Release Count0
用户参与
Stargazers Count2k
Watchers Count55
Fork Count460
Commits Count50
Has Issues Enabled
Issues Count36
Issue Open Count9
Pull Requests Count4
Pull Requests Open Count1
Pull Requests Close Count6
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private