[Keygen VRED Professional 2016 32 Bits Ingles
Virginie Fayad
Initially I was going to write the next instalment of the Linternals: Virtual Memory series after getting back from HITB2022SIN, but after a number of offline and online conversations it seems like this could help a number of you out, so let's give it a go!
My aim for this post is to provide some insights into getting into Linux kernel vulnerability research and exploit development (VRED), although I'm sure some of this will be transferable to similar areas.[1]
Sounds fairly straightforward, right? Well, much like the process of writing a kernel exploit, diving into this can also open-ended and confusing. There are many approaches and a wealth of resources out there, with no clearly defined path to follow.
Is this post going to pave that clearly defined path? Probably not. We all learn in different ways, have different experiences, motivations and goals. Hopefully, however, I can help demystify this topic a bit for you and give you the tools necessary to pave the right path for you.
As I mentioned above, linux vred is a complex and constantly evolving topic. So as you might imagine, trying to write an accessible, usable introduction to this topic has it's own challenges. But we gotta try!
The first thing I want to cover is mindset. Yeah, I get it, sounds wishy-washy and inactionable, but I think it will help to talk a bit about some useful mindset tips for approaching work like this and avoiding burnout.
Then I'll move onto talking about approaches you can take to begin your journey down the rabbit hole that is linux vred and hone your skills. Again, worth highlighting here that these are just suggestions from my experiences and are non-exhaustive.
I'll briefly touch on my workflow and some of the tooling I find useful, again this is really personal preference, but may be helpful as a starting point. Plus I always find it interesting to hear what cool tools and workflows other people use!
Whatever your motivation, it's important to go into this with the understanding that this is a long journey, you (probably) won't be pwning kernels overnight! In fact, you'll never understand everything. There will be many "failures" and hurdles along the way.
But that's okay! Actually, it's more than okay, that means you're (probably) doing it right! Though, I'd be lying if I said this cycle of learning and "failure" with the occasional success wasn't a magnet for burnout and motivational humps.
In terms of managing these humps, try where possible to prioritise working on things you enjoy and are interested in. Not only will it be better for your mental health, but you'll also likely find yourself more productive.
Due to the open-ended and exploratory nature of vred, you're not gonna have a good time trying to innovate and seek out solutions if you're completely unmotivated to do so. For the same reason, having some structure and milestones associated with tasks also helps prevent feelings of aimless drifting or getting overwhelmed.
Like I said though, these humps aren't always avoidable and are managed differently by different people, so I won't pretend to know the answers. For example, a common recommendation, and one I use, is to remember to context switch!
If you've been bashing your head against the keyboard for some months, neck-deep in C source code trying to find a particular primitive, sometimes it can help to take a pause. Go write that Python tool you've been meaning to. No, you won't forget everything. In fact, you may come back with a fresh perspective and clear mind.
Trust me, I've been guilty of it many a time. You're just starting out and trying a kernel CTF and you just want to get that flag to prove you can do it, right? So you Google some techniques and you copy and paste some code, tweak some stuff and keep iterating until you get it.
But as Emerson said, "It's not the destination, it's the journey". More important than popping the shell, is understanding how you popped it. The former may be a win here, but it's that deeper understanding which will net you future wins.
Be curious! Ask questions! Take your time. If you don't quite understand this technique you've seen, spend some time playing around with it until you do. If something isn't working, spend some time getting to the root cause rather than jumping straight to another approach.
Being able to persevere in the face of regular hurdles and dead-ends is key. An important aspect of this is defining "success" and "failure". I've thrown the F word around a few times so far, and been mindful to put it in quotes.
Just because you've spent months searching for a bug in a kernel module and come up with nothing, doesn't mean you've failed. During that time you've likely deepened your understanding of the kernel, improved your workflow, come up with tooling etc.
It's also worth noting, the flip side of this is knowing when to call it quits. Later in in the workflow section, I talk about having a gameplan for approaching vred tasks. Such that when you've exhausted your gameplan, you know it's time to move on.
In the beginning, you may come into this field finding things extremely daunting and overwhelming. After all, the kernel is huge and complicated and there's so many super smart people out there publishing some amazing work!
For many of us, this feeling never goes away. Myself included! I recently did my first conference talk at HITB2022SIN, and I was anxious for weeks in the build up despite the topic being something I worked on for months and was super familiar with.
So this section is just to reassure that if you feel this, it's okay, you're not alone! While this is common, try not to let it get on top of you! My main advice here would be that the only person you should be comparing yourself with is yourself a year or so ago[1] :)
The flip side to this, of course, is that I think it's good to maintain a level of humility. This is a field that is constantly evolving and you'll never know it all. Furthermore, due to the complexity of some this stuff, you might not have a complete understanding. This is all okay, just be open, and happy even, to adjust that understanding.
As has been a running theme here, there's many different approaches to get stuck into this and we all approach learning in different ways. I've tried to provide a variety of options here, though this is far from an exhaustive list.
Feel free to experiment, mix-and-match and see what works best for you! To throw in my 10 cents: I have found hands-on projects by far the best method to develop a working understanding of new stuff, supplementing this with some reading.
Not sure what else to say about this, other than that the hardest part here is curating and finding these readings. Contributors can vary from hobbyists, professional research and academic research - all being hosted in different places by different people.
Beyond the customary "use Twitter" for your infosec needs, I've also included a link in the resources below to a great repo called Linux Kernel Exploitation maintained by @andreyknvl which contains a pretty thorough list of reading materials.
Coming into this, the amount of materials out there may be overwhelming. I'd just suggest starting with stuff immediately relevant to what you're working on/interested in. E.g. if you want to try write a local priv esc, then read some recent LPE write-ups.
Also remember curiosity and perseverance. Some/most/all of this stuff may be utter gibberish at first, and that's fine. Especially with VRED write-ups, each bug and exploit will have it's own specific nuances which will be foreign to even experienced folks reading them for the first time.
If you're more of a visual learner, the options are a bit more limited but not non-existent. Besides my GIFs and occasional diagrams, there is a reasonable amount of recorded conference talks available on YouTube.
Again, the problem here becomes trying to find which conferences to checkout for content, because some of these may not index well and may not have a tonne of views. In the Resources section below, I'll include a list of con channels to get you started.
I'm sure there's probably some great content creators out there pumping out videos, but as that's not my preferred media I'm afraid I can't help much there. If you know of any I can plug here who make vids on Linternals / VRED then @ me pls.
By getting some hands on, you're able to put into practice the techniques and understanding you've gained from your research. Furthermore, sometimes the best way to understand something in the kernel is to get in the debugger and take a peak yourself.
As a result, I'll include some ideas and starting points for potential projects here. You'll find the more you get into things, the more ideas you'll have for your own tooling or experiments as you go on:
Now onto the less glamorous, but just as fundamental part: workflow. I appreciate this is highly preference based, so this is more for reference and because I also find it interesting to hear about other people's workflows.
Your workflow is something that will likely constantly evolve, refined over an iterative process of discovering new tools and deeper understanding of your own preferences, strengths and weaknesses. Don't be afraid to try new things! :)
For my IDE, I use "a configuration framework for GNU Emacs" called Doom. It's very easy to setup (and tweak) and the default settings are pretty good. I actually found this project thanks to a great talk, "Kernel Hacking Like It's 2020" by Russell Currey.
Another cornerstone of my workflow is virtualisation. Whenever I'm writing up a new exploit or doing some testing, I'll be spinning up a representative target VM[1]. My tool of choice here is QEMU; I find it to be lightweight and very flexible (and it's free and open-source!).
The last part of the tooling trifecta for me: the debugger. Perhaps unsurprisingly I'm regularly neck-deep in gdb[2]. Despite being quite literally older than me, it still holds up. That said, addons like hugys's GEF (GDB Enhanced Features) makes life easier.
795a8134c1