Skip to content

flyrain/osmem_md5

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

osmem_md5

OSMEM_MD5

Memory based OS fingerprinting

Minix

Minix is different from the others, so we have different code for Minix. See details in ./minix.org

Qemu Tool For UFO And IDT Approaches

compilation

./configure --target-list=i386-softmmu --disable-strip --disable-werror --enable-sdl --prefix=`pwd`
make -j8

usage

  • qemu start

./qemu ~/qemu/minix3.2.0.qcow2 -m 256 --monitor stdio

  • UFO Approach

sign_guest_ufo

  • IDT Approach

sign_guest

UFO Approach

minix3.1.5

CPU:     rip 0x000000000000a6df  rflags 0x0000000000001246
         cr0 0x0000000080010011     cr2 0x0000000019012000
         cr3 0x000000000f94e000     cr4 0x0000000000000090
         dr0 0x0000000000000000     dr1 0x0000000000000000
         dr2 0x0000000000000000     dr3 0x0000000000000000
         dr6 0x00000000ffff0ff0     dr7 0x0000000000000400
          cs 0x00000030 (0x0000000000001000 + 0x0000e5ab)
          ds 0x00000018 (0x0000000000010000 + 0x18feffff)
          es 0x00000018 (0x0000000000010000 + 0x18feffff)
          fs 0x0000000d (0x0000000000010000 + 0x18feffff)
          gs 0x0000000d (0x0000000000010000 + 0x18feffff)
          ss 0x00000018 (0x0000000000010000 + 0x18feffff)
          tr 0x00000050 (0x0000000000017b94 + 0x00000067)
        ldtr 0x00000058 (0x0000000000018140 + 0x00000027)
        itdr            (0x0000000000017570 + 0x000003bf)
        gdtr            (0x0000000000017c00 + 0x00000397)
 sysenter cs 0x00000000  eip 0x0000000000000000  esp 0x0000000000000000
        efer 0x0000000000000000

minix3.1.7

CPU:     rip 0x000000000000c386  rflags 0x0000000000000286
          cr0 0x000000008001003b     cr2 0x0000000019007000
          cr3 0x000000000ff26000     cr4 0x0000000000000690
          dr0 0x0000000000000000     dr1 0x0000000000000000
          dr2 0x0000000000000000     dr3 0x0000000000000000
          dr6 0x00000000ffff0ff0     dr7 0x0000000000000400
           cs 0x00000030 (0x0000000000001000 + 0x00013623)
           ds 0x00000018 (0x0000000000015000 + 0x18feafff)
           es 0x00000018 (0x0000000000015000 + 0x18feafff)
           fs 0x00000000 (0x0000000000000000 + 0x00000000)
           gs 0x00000000 (0x0000000000000000 + 0x00000000)
           ss 0x00000018 (0x0000000000015000 + 0x18feafff)
           tr 0x00000040 (0x000000000007086c + 0x00000067)
         ldtr 0x00000130 (0x0000000000026fe8 + 0x00000027)
         itdr            (0x000000000001ee64 + 0x000007ff)
         gdtr            (0x000000000001f8d0 + 0x00000867)
  sysenter cs 0x00000000  eip 0x0000000000000000  esp 0x0000000000000000
         efer 0x0000000000000000

minix3.1.8

CPU: rip 0x000000000000c8be rflags 0x0000000000000286 cr0 0x000000008001003b cr2 0x0000000019015000 cr3 0x000000000ff7b000 cr4 0x0000000000000690 dr0 0x0000000000000000 dr1 0x0000000000000000 dr2 0x0000000000000000 dr3 0x0000000000000000 dr6 0x00000000ffff0ff0 dr7 0x0000000000000400 cs 0x00000030 (0x0000000000100000 + 0x000178df) ds 0x00000018 (0x0000000000118000 + 0x18ee7fff) es 0x00000018 (0x0000000000118000 + 0x18ee7fff) fs 0x00000000 (0x0000000000000000 + 0x00000000) gs 0x00000000 (0x0000000000000000 + 0x00000000) ss 0x00000018 (0x0000000000118000 + 0x18ee7fff) tr 0x00000040 (0x0000000000176d50 + 0x00000067) ldtr 0x00000138 (0x000000000012d1c0 + 0x00000027) itdr (0x0000000000124e30 + 0x000007ff) gdtr (0x00000000001206d4 + 0x00000867) sysenter cs 0x00000000 eip 0x0000000000000000 esp 0x0000000000000000 efer 0x0000000000000000

minix3.2.0

CPU: rip 0x000000000020bc52 rflags 0x0000000000000206 cr0 0x000000008001003b cr2 0x00000000210daff8 cr3 0x000000000fee1000 cr4 0x0000000000000690 dr0 0x0000000000000000 dr1 0x0000000000000000 dr2 0x0000000000000000 dr3 0x0000000000000000 dr6 0x00000000ffff0ff0 dr7 0x0000000000000400 cs 0x00000030 (0x0000000000000000 + 0x00218fff) ds 0x00000018 (0x0000000000000000 + 0x02bfffff) es 0x00000018 (0x0000000000000000 + 0x02bfffff) fs 0x00000000 (0x0000000000000000 + 0x00000000) gs 0x00000000 (0x0000000000000000 + 0x00000000) ss 0x00000018 (0x0000000000000000 + 0x02bfffff) tr 0x00000040 (0x00000000002791a0 + 0x00000067) ldtr 0x00000130 (0x00000000002309ec + 0x0000000f) itdr (0x0000000000228690 + 0x000007ff) gdtr (0x000000000021eed0 + 0x0000086f) sysenter cs 0x00000000 eip 0x0000000000000000 esp 0x0000000000000000 efer 0x0000000000000000

minix3.2.1

CPU: rip 0x00000000f041c042 rflags 0x0000000000000282 cr0 0x000000008001003b cr2 0x00000000080e6ff8 cr3 0x000000000056d000 cr4 0x0000000000000690 dr0 0x0000000000000000 dr1 0x0000000000000000 dr2 0x0000000000000000 dr3 0x0000000000000000 dr6 0x00000000ffff0ff0 dr7 0x0000000000000400 cs 0x00000008 (0x0000000000000000 + 0xffffffff) ds 0x00000023 (0x0000000000000000 + 0xffffffff) es 0x00000023 (0x0000000000000000 + 0xffffffff) fs 0x00000023 (0x0000000000000000 + 0xffffffff) gs 0x00000023 (0x0000000000000000 + 0xffffffff) ss 0x00000010 (0x0000000000000000 + 0xffffffff) tr 0x00000030 (0x00000000f045c0b0 + 0x00000067) ldtr 0x00000028 (0x0000000000000000 + 0xffffffff) itdr (0x00000000f045c118 + 0x000007ff) gdtr (0x00000000f045c078 + 0x00000037) sysenter cs 0x00000008 eip 0x00000000f0419b00 esp 0x00000000f043bff8 efer 0x0000000000000000

linux-3.12.0

CPU: rip 0x00000000c0109c0d rflags 0x0000000000200246 cr0 0x000000008005003b cr2 0x0000000009ba4008 cr3 0x000000001995f000 cr4 0x0000000000000690 dr0 0x0000000000000000 dr1 0x0000000000000000 dr2 0x0000000000000000 dr3 0x0000000000000000 dr6 0x0000000000000000 dr7 0x0000000000000000 cs 0x00000060 (0x0000000000000000 + 0xffffffff) ds 0x0000007b (0x0000000000000000 + 0xffffffff) es 0x0000007b (0x0000000000000000 + 0xffffffff) fs 0x000000d8 (0x000000001f248000 + 0xffffffff) gs 0x000000e0 (0x00000000dfbf2340 + 0x00000018) ss 0x00000068 (0x0000000000000000 + 0xffffffff) tr 0x00000080 (0x00000000dfbf01c0 + 0x0000206b) ldtr 0x00000000 (0x0000000000000000 + 0x00000000) itdr (0x00000000fffba000 + 0x000007ff) gdtr (0x00000000dfbeb000 + 0x000000ff) sysenter cs 0x00000060 eip 0x00000000c0665c10 esp 0x00000000dfbf2340 efer 0x0000000000000000

IDT Approach

minix3.2.1

IDT base = 0xf045c118 and IDT Limit = 7ff Time taken = 0.010000 Total Valid entries found = 39 Signature = 82716921702dcf094b0aa7afc8a49e7506089759b777f0733da7124a3d52d5aafef5089a763a42f47138aa7009bf6eecae8a680001ee7f030b4ca07cbb9a62eb

minix3.2.0

IDT base = 0x00228690 and IDT Limit = 7ff Time taken = 0.000000 Total Valid entries found = 37 Signature = 9141595ed7583024cc6fb5b4bc2fa0ee42a3f28aa4f72d50fd0da94379f38543ecafc822abc2cd0c1822df3ffeb2c988af28ed1e20840365bf8b7506bc007d09

minix3.1.8

IDT base = 0x00124e30 and IDT Limit = 7ff Time taken = 0.000000 Total Valid entries found = 37 Signature = 5fe9879e377b72524fb6598d8b37f4ea442f6fd07830ec01540c7fe130b99ba0a48e3b3682b99c4108451d12c63a122f3f6ce13a481c8407344412a7a870fce5

minix3.1.7

IDT base = 0x0001ee64 and IDT Limit = 7ff Time taken = 0.000000 Total Valid entries found = 37 Signature = abdac064f1c07a73722cf4ada07cb821c8178635f0cbb24b99342b4f15f97a6863b74ffe4e54c73fe1bfb8ec3c9ec092d4feb16f16b3799c475992b1b3d254e1

minix3.1.5

IDT base = 0x00017570 and IDT Limit = 3bf Time taken = 0.000000 Total Valid entries found = 80 Signature = 1a9da036b568a3edd5e799e10ddfba2cd00b2eb4e1b4c2ab41e9bc1476b3a9d7ac66e7255d4e2b8462e902052cd7f008d60601c9756f4a99c88a225a929b614e

linux-3.12.0

IDT base = 0xfffba000 and IDT Limit = 7ff INT num: 8, Invalid address: 0x00000000

Time taken = 0.000000

Total Valid entries found = 255 Signature = abf738e099d4eb2c306778a16bdd562d7510eaeb19b415cf9a3cf382caa39d9d2bbedbde392a2fe42c9b258a7dab497af0a804dac0e2411471d9ecbf65344c3a

About

os signature with memory

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages