README.md

out-of-tree

out-of-tree kernel {module, exploit} development tool

Installation

Read Qemu API.

Generate images

$ cd $GOPATH/src/github.com/jollheef/out-of-tree/tools/qemu-debian-img/
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1404.img -e RELEASE=trusty -t gen-ubuntu1804-image
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1604.img -e RELEASE=xenial -t gen-ubuntu1804-image

Generate kernels

cd $GOPATH/src/github.com/jollheef/out-of-tree/tools/kernel-factory
./bootstrap.sh # more than 6-8 hours for all kernels

"I just want to see how it works"

If you already have Go, Qemu and Docker installed, there's cross-platform installation checklist:

$ go get github.com/jollheef/out-of-tree
$ cd $GOPATH/src/github.com/jollheef/out-of-tree/tools/qemu-debian-img/
$ ./bootstrap.sh
$ docker run --privileged -v $(pwd):/shared -e IMAGE=/shared/ubuntu1604.img -e RELEASE=xenial -t gen-ubuntu1804-image
$ cd ../kernel-factory
$ rm -rf {Debian,CentOS,Ubuntu/{14.04,18.04}} # speed up :)
$ ./bootstrap.sh
$ # wait several hours...
$ export OUT_OF_TREE_KCFG=$GOPATH/src/github.com/jollheef/out-of-tree/tools/kernel-factory/output/kernels.toml
$ cd ../../examples/kernel-exploit
$ # test kernel exploit
$ out-of-tree pew
$ cd ../kernel-module
$ # test kernel module
$ out-of-tree pew

Examples

Run by absolute path

$ out-of-tree --path /path/to/exploit/directory pew

Test only with one kernel:

$ out-of-tree pew --kernel='Ubuntu:4.10.0-30-generic'

Test binary module/exploit with implicit defined test ($BINARY_test)

$ out-of-tree pew --binary /path/to/exploit

Test binary module/exploit with explicit defined test

$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test

Guess work kernels:

$ out-of-tree pew --guess

Use custom kernels config

$ out-of-tree --kernels /path/to/kernels.toml pew