Skip to content

Commit

Permalink
chore(deps): update dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
0xricksanchez committed Jun 22, 2024
1 parent 250df18 commit acbf6ba
Show file tree
Hide file tree
Showing 7 changed files with 572 additions and 519 deletions.
128 changes: 65 additions & 63 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,97 +6,99 @@
[![Build Status: hadolint](https://img.shields.io/badge/hadolint-passing-brightgreen)](https://github.com/0xricksanchez/like-dbg/actions?query=workflow%3Ahadolint)
[![codecov](https://codecov.io/gh/0xricksanchez/like-dbg/branch/main/graph/badge.svg?token=SXF37MH4X6)](https://codecov.io/gh/0xricksanchez/like-dbg)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://tldrlegal.com/license/mit-license)
[![GitHub Release](https://img.shields.io/github/release/0xricksanchez/like-dbg.svg)](https://github.com/0xricksanchez/like-dbg/releases/)
[![GitHub Release](https://img.shields.io/github/release/0xricksanchez/like-dbg.svg)](https://github.com/0xricksanchez/like-dbg/releases/)

LIKE-DBG (*LI*nux-*KE*rnel-*D*e*B*u*G*ger) aims at automating the boring steps when trying to set up a Linux kernel debugging environment.
I set out to dive into kernel exploitation research and found existing solutions not usable enough.
Hence, this is an attempt at making all necessary pre-steps before one can even think about diving into research as painless and fun as possible.
All steps from building a kernel, running it inside an emulated environment, and attaching a debugger are transparently done inside docker containers to keep system requirements minimal.
Currently, there's a dedicated docker container for every of the following steps:

* Building the kernel
* Creating a root file system to use with the kernel
* Launching the kernel + file system as the *debuggee*
* Attaching to the kernel as a *debugger*
- Building the kernel
- Creating a root file system to use with the kernel
- Launching the kernel + file system as the _debuggee_
- Attaching to the kernel as a _debugger_

## Caveats

As this project is in its early stages, I expect things to change rapidly, while also introducing breaking changes along the way.
Major points to improve on are:

* Getting towards true multi-architecture support beyond `x86_64` and `arm64`
* Extend kernel builder to not only succeed in building recent™ kernels
* Add android kernel support
* Add (integration) tests
* Elevate the debugging experience even more
- Getting towards true multi-architecture support beyond `x86_64` and `arm64`
- Extend kernel builder to not only succeed in building recent™ kernels
- Add android kernel support
- Add (integration) tests
- Elevate the debugging experience even more

## Features

On the upside, despite its early stages, a couple of useful features are already present:

* General:
* Minimal host system requirements due to dockerization of every step
* An easy to grasp `configs/user.ini` config that allows highly customizable sessions
* Or provide different configurations for different debugging setups via the command-line!
* CTF runner that's specifically designed to handle Linux kernel exploitation challenges
* `ctf/misc` that houses some nifty scripts to aid in CTFs
* Code quality measures:
* [black](https://github.com/psf/black) formatter for python code
* [flake8](https://github.com/PyCQA/flake8) linter for all python code
* [shellcheck](https://github.com/koalaman/shellcheck) linter for shell scripts
* [hadolint](https://github.com/hadolint/hadolint) linter for the Dockerfiles
* Operating system agnostic, meaning it should run just fine on:
* Debian/Ubuntu
* Arch Linux/Manjaro
* Fedora
* Kernel builder:
* Multi-arch: `x86_64`, `arm64`
* Choose between `gcc` and `clang` to build the kernel
* Configuration modes:
* generic-mode,
* syzkaller-mode,
* custom-mode, or
* provide a usable kernel config
* Fine-granular version control to build from:
* Commit hash
* Release tag (e.g.: 5.10-rc)
* Major-Minor-Patch (e.g.: 5.10.77)
* Ability to automatically apply patch files
* Basic ability to add custom kernel modules
* Root file system builder:
* Powered by [debootstrap](https://wiki.debian.org/Debootstrap)
* Automatic generation of file system that matches the kernels architecture
* Ability to customize:
* wanted packages in the file system
* the Debian release version to base everything on
* Debuggee:
* Powered by [QEMU](https://github.com/qemu/qemu)
* Customization of QEMU runtime options from within the `configs/*.ini` files.
* Debugger:
* Powered by [GDB (multiarch)](https://sourceware.org/gdb/) with either
* [GEF](https://github.com/hugsy/gef) and [GEF-extras](https://github.com/hugsy/gef-extras), or
* [pwndbg](https://github.com/pwndbg/pwndbg)
* Allow users to specify GDB script in `io/scripts/gdb_script` to allow a scenario-tailored debugging experience
- General:
- Minimal host system requirements due to dockerization of every step
- An easy to grasp `configs/user.ini` config that allows highly customizable sessions
- Or provide different configurations for different debugging setups via the command-line!
- CTF runner that's specifically designed to handle Linux kernel exploitation challenges
- `ctf/misc` that houses some nifty scripts to aid in CTFs
- Code quality measures:
- [black](https://github.com/psf/black) formatter for python code
- [flake8](https://github.com/PyCQA/flake8) linter for all python code
- [shellcheck](https://github.com/koalaman/shellcheck) linter for shell scripts
- [hadolint](https://github.com/hadolint/hadolint) linter for the Dockerfiles
- Operating system agnostic, meaning it should run just fine on:
- Debian/Ubuntu
- Arch Linux/Manjaro
- Fedora
- Kernel builder:
- Multi-arch: `x86_64`, `arm64`
- Choose between `gcc` and `clang` to build the kernel
- Configuration modes:
- generic-mode,
- syzkaller-mode,
- custom-mode, or
- provide a usable kernel config
- Fine-granular version control to build from:
- Commit hash
- Release tag (e.g.: 5.10-rc)
- Major-Minor-Patch (e.g.: 5.10.77)
- Ability to automatically apply patch files
- Basic ability to add custom kernel modules
- Root file system builder:
- Powered by [debootstrap](https://wiki.debian.org/Debootstrap)
- Automatic generation of file system that matches the kernels architecture
- Ability to customize:
- wanted packages in the file system
- the Debian release version to base everything on
- Debuggee:
- Powered by [QEMU](https://github.com/qemu/qemu)
- Customization of QEMU runtime options from within the `configs/*.ini` files.
- Debugger:
- Powered by [GDB (multiarch)](https://sourceware.org/gdb/) with either
- [GEF](https://github.com/hugsy/gef) and [GEF-extras](https://github.com/hugsy/gef-extras), or
- [pwndbg](https://github.com/pwndbg/pwndbg)
- Allow users to specify GDB script in `io/scripts/gdb_script` to allow a scenario-tailored debugging experience

## Requirements

To get started, you have to ensure to have the following requirements set up in your system:

* `docker`
* `tmux`
* `python>=3.11`
* `poetry` # <https://python-poetry.org/docs/>
- `docker`
- `tmux`
- `python>=3.11`
- `poetry` # <https://python-poetry.org/docs/>

It is recommended to not run this as the `root` user, e.g. for testing purposes on a VPS.
It may work fine but in general I highly encourage creating a dedicated non-root user to put in the `docker` and `sudo` group!

**Note**: If you're using a custom TMUX config, make sure that your first pane starts at `0`!

### Optional

This section covers tools that are *not* required to run LIKE-DBG but are nice to have and assist heavily when debugging or writing an exploit.
This section covers tools that are _not_ required to run LIKE-DBG but are nice to have and assist heavily when debugging or writing an exploit.

* [musl-gcc](https://www.musl-libc.org/how.html)
* [ctags](https://github.com/universal-ctags/ctags)
* [ropr](https://github.com/Ben-Lichtman/ropr)
- [musl-gcc](https://www.musl-libc.org/how.html)
- [ctags](https://github.com/universal-ctags/ctags)
- [ropr](https://github.com/Ben-Lichtman/ropr)

## Setup

Expand Down Expand Up @@ -125,8 +127,8 @@ poetry shell

There exist 2 users for the automatically created filesystems:

* `root` with no password
* `user`:`user`
- `root` with no password
- `user`:`user`

This is intended so you can develop and exploit from either perspective easily.

Expand Down
Loading

0 comments on commit acbf6ba

Please sign in to comment.