User Controls

Navigation

Niggas in Space > Technophiliacs & Technophiles > Hey senpais, tell me a little about, firmware and/or driver development.

Hey senpais, tell me a little about, firmware and/or driver development.

  1. 2019-04-23 at 10:33 AM UTC
    #1
    Sophie Pedophile Tech Support
    I am not sure if anyone here has actual experience with these things but if you do i would really like to talk about the best ways of going about writing a driver. I recently set up a special development environment that i intend to use for working on firmware stuff, specifically for now, Windows Drivers.

    I went ahead and set the dev environment up as a windows box, with all the SDK/WDK, libraries, debugging tools, and whatnot Micro$oft offers to people that want learn more about this and get into this sort of thing. I got a load of documentation, i got a bunch of sample code, and i've been meaning to find an e-book that deals with this not only from a base OS "functionality" perspective but also delves more into the security aspect. Which is of course my main area of interest.

    Now, i can do some nifty tricks in Python with shellcode and the ctypes module that can emulate certain elements of a driver. But i don't expect to be able to use Python for more than that. I've slowly started to get more into the .NET languages, especially now that .NET core is supported on Linux, i really want to get good at it and maybe even switch over to C# as my main programming language, leaving Python/Ruby/Bash and PowerShell for scripting. I know DLL's can be written in C++ and C# if i recall, but more good old C, skills would probably come in handy here as well. The ultimate aim is to develop a kernel mode rootkit, that for all intents and purposes looks like a genuine driver and gets installed as a trojan through some "surface layer" app that might provide some utility to the user, enticing them to install it, along with the malware. I know how to write a proper windows installer with NSIS, and bind and encode multiple binary files for it or to it once the installer is compiled to binary as well. I know how to set up infrastructure for C2 and make sure it's secure.

    Now i really wanted to get you guys' opinion on the best way of going about writing a driver, that will work on Win10 as well. Since between 7 and 10 they changed up a lot of stuff regarding the OS security as it pertains to what drivers can and cannot do.
    Also, i would like to ask you if you have any resources on this topic, think, articles, forum posts, e-books and the like that you post them in here. I've got some good resources to trade in return as well, depending on what appeals and interests you.

    Anyway thanks guys, constructive criticism, advice, interesting related stuff you can think of, i welcome, and appreciate.
  2. 2019-04-24 at 12:10 AM UTC
    #2
    filtration African Astronaut
    This post has been edited by a bot I made to preserve my privacy.
  3. 2019-04-24 at 12:22 AM UTC
    #3
    Bueno motherfucker
  4. 2019-04-24 at 1:05 PM UTC
    #4
    Sophie Pedophile Tech Support
    Originally posted by filtration There's nothing special about a dll. It's just a non-executable portable program. Create a shared class, build and you'll have a dll, which can't be executed.


    namespace MyDll
    {
        public class CallEndUserAPrick
        {
              public static void main()
              {
                   System.Console.Write("You are a prick, love Sophie");
              }
        }
    }


    The point about me mentioning a DLL, is the fact that you can inject a DLL in much the same manner as someone would inject shell code to achieve some end or another.
  5. 2019-04-24 at 1:07 PM UTC
    #5
    Sophie Pedophile Tech Support
    Originally posted by Bueno Hmm, if you never used WinDbg, its kinda tricky, alot like GDB, it seems like once you get the handle for it, you will never go back to other debuggers lol. In case you didnt know, WinDbg can debug kernal level.

    Not sure if this would help lol:
    https://github.com/hacksysteam/HackSysExtremeVulnerableDriver

    Well i got WinDBG for the occasion, i liked GDB and i use EDB for Linux. EDB was based on GDB i do believe.

    Oh and that repo will be helpful for sure, gotta start somewhere.
Jump to Top