m0leCon 2020 Quals

Author: Sajjad Arshad

m0leCon/2020/Quals/babyk/babyk.c

@@ -0,0 +1,68 @@
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/init.h>
+#include <linux/kernel.h>   
+#include <linux/proc_fs.h>
+#include <asm/uaccess.h>
+#define BUFSIZE  100
+
+static int leetness=20;
+module_param(leetness,int,0660);
+
+static struct proc_dir_entry *ent;
+
+static ssize_t babywrite(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) 
+{
+	int num, c, m;
+
+	char buf[BUFSIZE];
+
+	// if(*ppos > 0 || count > BUFSIZE)
+		// return -EFAULT;
+
+	if(raw_copy_from_user(buf, ubuf, count))
+		return -EFAULT;
+
+	num = sscanf(buf,"%d",&m);
+
+	if(num != 1)
+		return -EFAULT;
+
+	leetness = m;
+
+	c = strlen(buf);
+	printk("LEETNESS SCORE: %d", leetness);
+
+	*ppos = c;
+
+	return c;
+}
+
+static ssize_t babyread(struct file *file, char __user *ubuf,size_t count, loff_t *ppos) 
+{
+	printk("READ NOT IMPLEMENTED YET");
+	return 0;
+}
+
+static struct file_operations myops = 
+{
+	.owner = THIS_MODULE,
+	.read = babyread,
+	.write = babywrite,
+};
+
+static int baby_init(void)
+{
+	ent=proc_create("babydev",0660,NULL,&myops);
+	printk(KERN_ALERT "Baby initialized!");
+    return 0;
+}
+
+static void baby_cleanup(void)
+{
+	proc_remove(ent);
+	printk(KERN_WARNING "BYE!");
+}
+
+module_init(baby_init);
+module_exit(baby_cleanup);

m0leCon/2020/Quals/babyk/bzImage

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+random_string=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+real_hash=$(echo -n $random_string | md5sum | cut -d" " -f1)
+
+echo "MD5 for $random_string if you may! "
+read -t 15 computed_hash
+
+if [ $? -ne 0 ] || [ $real_hash != $computed_hash ]; then
+	echo "NOPE"
+	exit 1
+else
+timeout --foreground 300 qemu-system-x86_64 \
+	-m 64M \
+	-kernel /home/pwn/bzImage \
+	-nographic \
+	-append "root=/dev/ram rw oops=panic panic=1 console=ttyS0 quiet nokaslr" \
+	-initrd /home/pwn/initramfs.cpio \
+	-monitor /dev/null
+fi