Home

Awesome

fkrf: FreeBSD 12.0 port of KRF

This is a (hacked up) port of Trail of Bits' krf utility from Linux to FreeBSD 12.

All credit goes to ToB and William Woodruff for the design and development of the linux krf tool and for much of the code here in this port. Much of what I did was just copy/paste and then hack, I mean, fix it to work in FreeBSD. I highly recommend reading their github materials prior to using this.

The FreeBSD port was supported by Veracode where the author is a member of the Applied Research Group.

Currently as of the initial commit, this is incomplete in the number of syscalls supported. Numerous of the YAML specs are filled out, but no where complete. Further, I have removed numerous specs I was not planning to support...most of these are in the realm of security features such as MAC and Capabilities.

Note This code is not intended to be used in production and likely contains bugs that could be problematic from a stability and a security perspective. Take heed of this warning before utilizing this utility!

Note The author will likely spend minimal time updating/improving/ fixing any bugs, but is open to PRs. Especially for increased system call coverage.

Some Differences

Since it is for FreeBSD and this is kernel based there are clearly some implementation differences. I did not note what I changed in my hackfest that would differ from their implementation but I will try to list them below:

Setup for use

To test this setup (yes, please ignore my heavy handed root use here :P):


Build the faultable() module and load it (before krf.ko)
# cd src/krfsys
# make
# kldload ./krfsys.ko
# dmesg | grep faultable  (210 for my out of the box 12.0)

Build the main KRF module and load it
# cd ../module/codegen
# ruby codegen
# cd ..
# make
# kldload ./krf.ko

Build the userland utilities
# cd ../krfexec
# make
# cd ../krfctl
# make

Try it out with a test case... configure chdir and chmod to be faultable
# cd ../../examples
# clang -o rep_chdir rep_chdir.c
# ../src/krfctl/krfctl -F chdir,chown
# ../src/krfexec/krfexec <syscalloffaultable> ./rep_chdir

To clear the syscalls being intercepted:
# ../src/krfctl/krfctl -c

To Do's