scumjr / the-sea-watcher Public

Notifications You must be signed in to change notification settings
Fork 44
Star 122

Implementation of the SMM rootkit "The Watcher"

122 stars 44 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
seabios		seabios
vdso-test		vdso-test
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
hijack_vdso.c		hijack_vdso.c
payload.s		payload.s
shellcode.rb		shellcode.rb
smm-trigger-local.c		smm-trigger-local.c
smm-trigger-remote.py		smm-trigger-remote.py
trigger_smi.c		trigger_smi.c

Repository files navigation

The Sea Watcher

Implementation of The Watcher, a SMM rootkit:

This is a (dirty) proof-of-concept.

Files

hijack_vdso.c: SMM payload hijacking VDSO
payload.s: shellcode written to VDSO by hijack_vdso.c
seabios/: SMM backdoor, applied against SeaBIOS
shellcode.rb: metasm script to compile hijack_vdso.c
smm-trigger-local.c: trigger the execution of the SMM payload from a local account
smm-trigger-remote.py: trigger the execution of the SMM payload from the network
trigger_smi.c
vdso-test/: stuff to test VDSO shellcodes

About

Implementation of the SMM rootkit "The Watcher"

Report repository

Releases

No releases published

Packages

No packages published

Languages