Join OICQ Group: 943577597
Kernel Driver Development Kit: Ylarod/ddk
- CFI Bypass - Automatically patch kernel CFI check functions to disable Control Flow Integrity protection
- Kprobe Blacklist Disable - Clear kprobe blacklist to allow hooking protected kernel functions (kernel 6.1+)
- Virtual Address Translation - Software page table walking for virtual to physical address translation
- Hardware Address Translation - Using ARM64 AT instruction for faster and more accurate translation
- PTE Direct Mapping - Create mappings directly in page tables bypassing VMA, supports stealth mode
- Page Table Walk - Traverse complete process page tables and dump to dmesg
- Physical Memory R/W - Direct access via phys_to_virt, up to 50MB per operation
- ioremap R/W - Support multiple memory types (Normal/Device/Write-Through, etc.)
- Find Process - Locate process PID by name
- Liveness Check - Check if process is alive
- Privilege Escalation - Elevate current process to root
- Get Module Base - Query module load address in target process
- Hide Process - Set process invisible flag
- Hide Module - Hide kernel module from system
- DMA Buffer Export - Export process memory as dma-buf fd for zero-copy sharing
- Page Info Query - Retrieve page flags/refcount/mapcount information
- Debug Info - Get kernel structures like TTBR0/task_struct/mm_struct/pgd
- Custom Protocol Family - Socket-based userspace communication interface
- Remote Thread Creation - Create new thread in target process (not implemented yet)
DDK (Kernel Driver Development Kit) provides a containerized build environment with pre-configured kernel sources.
- Docker installed and running
- DDK tool installed
sudo curl -fsSL https://raw.githubusercontent.com/Ylarod/ddk/main/scripts/ddk -o /usr/local/bin/ddk
sudo chmod +x /usr/local/bin/ddkThe build script supports multiple commands and options (supports Chinese/English based on system locale):
Commands:
./scripts/build-ddk.sh build [target] # Build kernel module
./scripts/build-ddk.sh clean [target] # Clean build artifacts
./scripts/build-ddk.sh compdb [target] # Generate compile_commands.json for IDE
./scripts/build-ddk.sh list # List installed DDK imagesBuild Examples:
# Build with default target (android12-5.10)
./scripts/build-ddk.sh build
# Build for specific target
./scripts/build-ddk.sh build android14-6.1
# Build with stripped debug symbols (smaller file size)
./scripts/build-ddk.sh build -t android14-6.1 --strip
# Clean build artifacts
./scripts/build-ddk.sh clean android12-5.10
# Generate compile_commands.json for IDE support
./scripts/build-ddk.sh compdbAvailable targets: Check DDK Container Versions
Note: On some systems, Docker requires root privileges. If you encounter permission errors, run the script with sudo.
Pre-built kernel modules are available from GitHub Actions CI builds:
- Go to Actions tab
- Select the latest successful workflow run
- Download the build artifact for your kernel version
If you have your own Android kernel source tree:
# Set kernel source path
export KERNEL_SRC=/path/to/android/kernel/source
# Build the module
make
# Clean build artifacts
make cleanNote: Manual builds are only tested on kernel 6.1. No guarantees on other versions.
Click me for the connection guide.
