|
1 | 1 | # kernKill |
2 | | -Repo for DemHack-5 |
| 2 | + |
| 3 | +kernKill is a work-in-progress Linux kernel loadable module designed for emergency system management. It's primary function is to enable immediate shutdown or termination specific processes when a specified USB device is removed from a machine running a compatible Linux operating system. |
| 4 | + |
| 5 | +## Warning about the USB Stack |
| 6 | + |
| 7 | +It's important to be aware of the nuances and potential risks associated with the USB stack when using kernKill. Detailed information about these aspects is provided in the following sections. |
| 8 | + |
| 9 | +## Configuration process |
| 10 | + |
| 11 | +To configure kernKill, you need to know some system information about your system's USB devices. You can gather this information using the following commands: |
| 12 | + |
| 13 | +```bash |
| 14 | +# List all connected USB devices |
| 15 | +lsusb |
| 16 | + |
| 17 | +# Display driver information for USB devices |
| 18 | +lsusb -t |
| 19 | +``` |
| 20 | + |
| 21 | +You'll need to note USB Vendor and Product IDs. Next you should set these as environment variables with `export ...` or pass IDs like `USB_PRODUCT_ID=0xXXXX USB_VENDOR_ID=XXXX ...`. If you don't pass any IDs, the default values from the [Makefile](/Makefile) will be used. |
| 22 | + |
| 23 | +## Building the module |
| 24 | + |
| 25 | +### About build modes |
| 26 | + |
| 27 | +There are two modes: |
| 28 | + |
| 29 | +- `kill` (default) – in this mode, processes specified in [proc_list.h](/proc_list.h) are immediately killed from kernel space via SIGKILL. |
| 30 | +- `reboot` – in this mode, the kernel module will perform `emergency_restart()` exec from kernel space. |
| 31 | + |
| 32 | +kernKill is configurable via the [Makefile](/Makefile) included in the source code. By default, it operates in 'kill' mode, but you can switch to 'reboot' mode if necessary. Here's how to build in each mode: |
| 33 | + |
| 34 | +```bash |
| 35 | +# Building in 'kill' mode (default) |
| 36 | +USB_PRODUCT_ID=0x5678 \ |
| 37 | + USB_VENDOR_ID=0x1234 \ |
| 38 | + make |
| 39 | + |
| 40 | +# Building in 'reboot' mode |
| 41 | +USB_PRODUCT_ID=0x5678 \ |
| 42 | + USB_VENDOR_ID=0x1234 \ |
| 43 | + make MODE=reboot |
| 44 | +``` |
| 45 | + |
| 46 | +## Installation guide |
| 47 | + |
| 48 | +To install kernKill, run the provided script. This installation will also disable the `uas` and `usb-storage` drivers. This is to prevent the standard usb-storage stack from taking control of the USB device. In fact, it is enough to write a udev-rule to achieve feature parity with this kernel module. But that's boring, right? :) |
| 49 | + |
| 50 | +```bash |
| 51 | +./install.sh |
| 52 | +``` |
| 53 | + |
| 54 | +## Uninstallation procedure |
| 55 | + |
| 56 | +To uninstall kernKill and revert all changes made to your system, including re-enabling the `uas` and `usb-storage` drivers, use the following command: |
| 57 | + |
| 58 | +```bash |
| 59 | +./rollback.sh |
| 60 | +``` |
| 61 | + |
| 62 | +## Debugging tips |
| 63 | + |
| 64 | +For debugging, you can monitor kernel messages related to kernKill using: |
| 65 | + |
| 66 | +```bash |
| 67 | +sudo dmesg | grep kernKill |
| 68 | +``` |
| 69 | + |
| 70 | +## Additional information |
| 71 | + |
| 72 | +Note: This module was developed during dem-hack5 and is currently not recommended for real-world use. It has been tested on the x86_64 architecture with the Linux kernel version `6.5.6-76060506-generic`. The module theoretically supports any x86/x86_64 machine with relatively modern linux kernel, but has not been extensively tested in different environments. |
| 73 | + |
| 74 | +Always use caution and don't use it in a production environment. |
0 commit comments