Additional providers added

Gigabyte, ASUSTeK interfaces added; Razer interface added but not included; README update. (release candidate 1)
CollinKite · Feb 6, 2020 · 5b1a9ac · 5b1a9ac
1 parent 6b6a326
commit 5b1a9ac
Show file tree

Hide file tree

Showing 31 changed files with 1,788 additions and 81 deletions.
diff --git a/Bin/kdu.exe b/Bin/kdu.exe
diff --git a/Help/kdu3.png b/Help/kdu3.png
diff --git a/KDU.sha256 b/KDU.sha256
@@ -1,9 +1,10 @@
 6ce17d185826dc452c50b1908315ff151cd57319f11ab6eb337dbe180f111fd4 *Bin\dummy.sys
 eefc8b804938fa0976416ae18efa0e30e67b537e7ce50d94dba7022971d17f19 *Bin\dummy2.sys
-a119ec2873f0cf96c8156a5c8a7c98f5f6200a337756e4cad04eb1c63e035257 *Bin\kdu.exe
+6172213167b832856c03b319ebbeff32ba4c6d087658b946737a959c3ebde9c9 *Bin\kdu.exe
 06cf7aeac5256e35f45da73594faa704083f94809772c218e9cbf0c86c076438 *Bin\license.txt
 323d910f93683453d45239a0528d3c3cda7f2608fca864fd2a687184ffe129fe *Help\kdu1.png
 a1d7a51549914833a3414a93646952c25deabe072d8a271b54e10727f923b479 *Help\kdu2.png
+d2c38793dc0a55da29fd8336f397b9a9374690747d0d210d453f32c42cad9d84 *Help\kdu3.png
 98a5d939d5142b0e38172fe4756b98410cc53baaf649284e171e4db5eba1c9f6 *Source\KDU.sln
 9dfedec619c677089b2722762156f0751a2dffa0dc84b5666e5955fe6e27a63c *Source\Examples\BadRkDemo\main.c
 025318c76a2e7e6d4bd8e777aedcb1763e249bc9063b3be89b6d5175740190df *Source\Examples\BadRkDemo\main.h
@@ -24,40 +25,50 @@ d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\Example
 43ed54ded1bd812578d02b73d34725bbca25ca2cec6af9b9441518e9514d8f2a *Source\Examples\DummyDrv2\dummy\main.c
 103a979ec980d48e7c27199433b0ecbb1fdcdebf8ee96c84c8db2cae0aa4ced8 *Source\Examples\DummyDrv2\dummy\main.h
 10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\Examples\DummyDrv2\dummy\r3request.c
-c3137cefa51398df9ec158b5276ff29b2b050fb7d118ddac65ec74022966a208 *Source\Hamakaze\compess.cpp
+2534186517b1d27bc9935281d8c5aed6fa1c323ae50e6e3c97c0cde5c4b75258 *Source\Hamakaze\compess.cpp
 030d57b145614546ce398a280d956075474213f287a999ab44f81ddb557abfeb *Source\Hamakaze\compress.h
 1c1e8000d3ce2fc37dd29079de0ff40cfbcbe6ca6bd5968557efcf882ae243c4 *Source\Hamakaze\consts.h
 9db642f434f6d86bc854add9acac0624ebd4a6d2527ae39b176ee5df2c942c34 *Source\Hamakaze\drvmap.cpp
 2019a70984210f2a51a5ee4e248847d63f39a8938a149f2ada3d46aa0abd5dbb *Source\Hamakaze\drvmap.h
-d89bf1c5381f46fb4792ba7e853fb1efb6c6748cae22afdc56ebed466143c24c *Source\Hamakaze\global.h
+f8446ddf7e4f77beda5755bce50fe799e25a0121518b94cbd6a12595733c04b3 *Source\Hamakaze\global.h
 5a24f52c5c86d7d7da91bf5c06f151f9bb20ec715ca6c117b8f3e82f05a7fa80 *Source\Hamakaze\irp.h
-cf4cf57b92af52ffe39bd9641411ca644ab99d9d11945d148761a2abbc83eedc *Source\Hamakaze\KDU.vcxproj
-79202334215a2089164531a7a92e518d8eee2bfcda9b020a636f148e497c9c74 *Source\Hamakaze\KDU.vcxproj.filters
-9e06f1e57629b3a59dba86c9417bd265015a3caac461e87a178738f8875bff0e *Source\Hamakaze\KDU.vcxproj.user
-c572bb13d5af51dfd93ce948dd3e1c2d50926e226c25e0183378027deeb82a69 *Source\Hamakaze\kduprov.cpp
-dbc7ef1b828ef9f51ff79c274c9d619c0b651553b2e21645a2d1ee32bd8f8dd4 *Source\Hamakaze\kduprov.h
-13ff0720d43dab4f0532a11e032732a7b6db7fe94c86480c5d9ca6f9ef7183c9 *Source\Hamakaze\main.cpp
-9a4cae77f05ff282ec1ce1b3d59d1e614be2dd7920d13422260d702fe48ff1d3 *Source\Hamakaze\pagewalk.cpp
-badf02eed10b341e47c7f3d3592159fd66ac0433d8c0a48b44640ee021b5143f *Source\Hamakaze\pagewalk.h
-57dbc07833c37cf129d060eda82ef322bd45280f58f59ccacb2653276ab09578 *Source\Hamakaze\ps.cpp
+d0e7c96cfad25c8c2802d3ed08674b9eee887eabe2cf2c9c74f3b0cf3baaac6c *Source\Hamakaze\KDU.vcxproj
+440e56a8c2ed7b3af7be475200d139b92a5b3c464057f4667b55385417666f21 *Source\Hamakaze\KDU.vcxproj.filters
+548b2ca3c772769a4ed8dc4c49f59e1dfd4e1f6f8b9180e838abc1d1b2e1b43f *Source\Hamakaze\KDU.vcxproj.user
+e71b23bbc30faceb0278b313e74f43f25d29a6089ef728d1b0aa5c316f60dfdc *Source\Hamakaze\kduprov.cpp
+e3d9a2829a0547fef054df01f23f800da24382aef5299f41ba1f1c8b7bbcb378 *Source\Hamakaze\kduprov.h
+b597aeae6865312703d103987f29d81b41741f6eb1b65193f8546d9e10a41d3c *Source\Hamakaze\main.cpp
+49a93f1646df71a48bd8a17558691ea420bb86bf8a1b1129f627ab29298a3bd5 *Source\Hamakaze\pagewalk.cpp
+536f0abe8580072dd58d524ceeee33ae5bfb1c919739daf9d541cd05f1bbca5d *Source\Hamakaze\pagewalk.h
+4f48c6b97e236d05eb0f0f3704e461ed9c41dd9ff8bc777ba8d2e332cf27f9c0 *Source\Hamakaze\ps.cpp
 d413c012b1157c4f42b7b7bc8558c9a6efcaacae87855e90b3c187b179694625 *Source\Hamakaze\ps.h
-74284ca64f7d0accca20e5b924053e788abfd98be6727e1cfa802c3fcd07f49d *Source\Hamakaze\resource.h
-b92b0af5ae1222c0c109fdfbff4428ddb5e55d193204ffae984b90d963468604 *Source\Hamakaze\resource.rc
-e387fcdb1744f215650a21350799a22541b08add11e39ab232dc5700ed64bd25 *Source\Hamakaze\sup.cpp
-3f08f05e5b9660fa7cf358ebe8b41ef2684d11613e025c2fead8454676f2f2fd *Source\Hamakaze\sup.h
+ada1f01858d49dcf555ae42c18c88f5e0218b506931aedf1cf1d1e52b47326af *Source\Hamakaze\resource.h
+caca4b96b163457f5e45bd20fa8a017ddb3ad4ee26c2e5731a05f2e40414d131 *Source\Hamakaze\resource.rc
+d749763abe2191e3e2f93c2f18b18dcc11b1a7c7e3734c8107f656f4eb0afd14 *Source\Hamakaze\sup.cpp
+f09de1aaf4ee3b811fb6a221f10c702b8c49b17199f1ed73a3ac51827119b460 *Source\Hamakaze\sup.h
+67301c8708f49ae9aee2da4ce31dc8a2ee3f9c25ff8fb17f6b906c5711c1da11 *Source\Hamakaze\tests.cpp
+e9149f07beca9c705a89d1a48273f8d7d8413b62c96d463228e853769871de33 *Source\Hamakaze\tests.h
 e779b895304d6c623ac55db37b5616144dcbcf56f7a47da7660f12e36201ade0 *Source\Hamakaze\victim.cpp
 f26fc0e6c1267c30701d8d2cf137bd7a191ddbbd4bcff691cef98fd060cbebcb *Source\Hamakaze\victim.h
+fce521e579303ffe6322c265b129bb57e7d57b9b8db9fa401788df13593ea2d0 *Source\Hamakaze\drv\ATSZIO64.bin
+e929863625643e6d2989c591cd5b0f07533011e289c044241f08a3ab49c23994 *Source\Hamakaze\drv\gdrv.bin
 fe0048a958e0300b56b511cc0499984fc396d8dfa07c3f320a40a68ee3ee5298 *Source\Hamakaze\drv\iQVM64.bin
 0d9fd42f0f48dccc82f3034ab31b418218885ddfbc70d413bd4f585282af7d59 *Source\Hamakaze\drv\procexp.bin
 ec50ef5c4e71ea2352f8d7955b7fc27c8e6ab0b523644b8ff7030246380c634d *Source\Hamakaze\drv\rtcore64.bin
 53a7ce27591e040b63880a3dd326b8ba8c97a0fa34d5e2d32aba89a0147434f6 *Source\Hamakaze\hde\hde64.c
 e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\Hamakaze\hde\hde64.h
 f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30 *Source\Hamakaze\hde\pstdint.h
 b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Hamakaze\hde\table64.h
+5bb5f9cab81490527db512c38e7e9e06be6faf886d914b4b28b4f9dbce34f354 *Source\Hamakaze\idrv\atszio.cpp
+14853874821e94b36c4ab73ec3827a1c24a0e87c832f5c2dc48b3e691c072fd3 *Source\Hamakaze\idrv\atszio.h
+25cc5357f0d992d4975914ff304e85b8281f1b4f6193a28302e8aec1c731dc72 *Source\Hamakaze\idrv\gdrv.cpp
+ca98adb0dcb6da143c9f92a318330b6e5c9b5356d7c98dde86b90abde2238b73 *Source\Hamakaze\idrv\gdrv.h
 4bbb0d7f62f45a777ce4a301000b50a27e596a13761aff5b922a429a06ed450d *Source\Hamakaze\idrv\nal.cpp
-1214eec7d324c0b305782b151f3c4064c568c7ad26487df70cf4455640760ef4 *Source\Hamakaze\idrv\nal.h
+b6bc334bbbb596fa46dd3e3aca8050f567625a861d3cd688208cfd67bd582f80 *Source\Hamakaze\idrv\nal.h
 d3b41832142b78302fa8d24abe0a915c5044373fd28ac11012786e8eff20bf52 *Source\Hamakaze\idrv\rtcore.cpp
-6cd27d847effa04a4f42b3db552569007ed64b71edc965045e6cbb25655f519f *Source\Hamakaze\idrv\rtcore.h
+415623944767bff1bc57cc040b04cf353327cec556881420ed145b88d3188c6f *Source\Hamakaze\idrv\rtcore.h
+a0ed8a22c14b35bccd1ff0f45c8b23cad0f8c3af1d8e924caf4bfd63dfb02d89 *Source\Hamakaze\idrv\rzpnk.cpp
+36ec0baeec7b61dbd9936507fcf1bf5aefec08e96ffe3bcb4883785ea2d9a542 *Source\Hamakaze\idrv\rzpnk.h
 893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Hamakaze\minirtl\cmdline.c
 bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Hamakaze\minirtl\cmdline.h
 699258f2b140da030776ab418e46c6eab8ba99682677a756274fcb2402ad5c34 *Source\Hamakaze\minirtl\minirtl.h

diff --git a/README.md b/README.md
@@ -26,9 +26,9 @@ It features:
 * -list - list currently available providers.
 
 Example:
-+ kdu -ps 1337
++ kdu -ps 1234
 + kdu -map c:\driverless\mysuperhack.sys
-+ kdu -prv 1 -ps 1337
++ kdu -prv 1 -ps 1234
 + kdu -prv 1 -map c:\driverless\mysuperhack.sys
 
 Run on Windows 10 20H2 (precomplied version)
@@ -40,6 +40,10 @@ Compiled and run on Windows 8.1
 
 <img src="https://raw.githubusercontent.com/hfiref0x/kdu/master/Help/kdu2.png" width="600" />
 
+Run on Windows 7 SP1 fully patched (precomplied version)
+
+<img src="https://raw.githubusercontent.com/hfiref0x/kdu/master/Help/kdu3.png" width="600" />
+
 
 #### Limitations of -map command
 
@@ -78,7 +82,9 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 #### Currently Supported Providers
 
 + Intel Network Adapter Diagnostic Driver of version 1.03.0.7;
-+ RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below.
++ RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;
++ Gdrv driver from various Gigabyte TOOLS of undefined version;
++ ATSZIO64 driver from ASUSTeK WinFlash utility of various versions.
 
 More providers maybe added in the future.
 
@@ -106,6 +112,9 @@ Using this program might render your computer into BSOD. Compiled binary and sou
 * Unwinding RTCore, https://swapcontext.blogspot.com/2020/01/unwinding-rtcore.html
 * CVE-2019-16098, https://github.com/Barakat/CVE-2019-16098
 * CVE-2015-2291, https://www.exploit-db.com/exploits/36392
+* CVE-2018-19320, https://seclists.org/fulldisclosure/2018/Dec/39
+* ATSZIO64 headers and libs, https://github.com/DOGSHITD/SciDetectorApp/tree/master/DetectSciApp
+* ATSZIO64 ASUS Drivers Privilege Escalation, https://github.com/LimiQS/AsusDriversPrivEscala
 
 # Authors
 

diff --git a/Source/Hamakaze/KDU.vcxproj b/Source/Hamakaze/KDU.vcxproj
@@ -104,6 +104,8 @@
     <ClCompile Include="compess.cpp" />
     <ClCompile Include="drvmap.cpp" />
     <ClCompile Include="hde\hde64.c" />
+    <ClCompile Include="idrv\atszio.cpp" />
+    <ClCompile Include="idrv\gdrv.cpp" />
     <ClCompile Include="idrv\nal.cpp" />
     <ClCompile Include="idrv\rtcore.cpp" />
     <ClCompile Include="main.cpp" />
@@ -123,6 +125,7 @@
     <ClCompile Include="pagewalk.cpp" />
     <ClCompile Include="ps.cpp" />
     <ClCompile Include="sup.cpp" />
+    <ClCompile Include="tests.cpp" />
     <ClCompile Include="victim.cpp" />
   </ItemGroup>
   <ItemGroup>
@@ -131,6 +134,8 @@
     <ClInclude Include="drvmap.h" />
     <ClInclude Include="global.h" />
     <ClInclude Include="hde\hde64.h" />
+    <ClInclude Include="idrv\atszio.h" />
+    <ClInclude Include="idrv\gdrv.h" />
     <ClInclude Include="idrv\nal.h" />
     <ClInclude Include="idrv\rtcore.h" />
     <ClInclude Include="irp.h" />
@@ -144,6 +149,7 @@
     <ClInclude Include="ps.h" />
     <ClInclude Include="resource.h" />
     <ClInclude Include="sup.h" />
+    <ClInclude Include="tests.h" />
     <ClInclude Include="victim.h" />
   </ItemGroup>
   <ItemGroup>
@@ -154,6 +160,8 @@
     <Image Include="res\274.ico" />
   </ItemGroup>
   <ItemGroup>
+    <None Include="drv\ATSZIO64.bin" />
+    <None Include="drv\gdrv.bin" />
     <None Include="drv\iQVM64.bin" />
     <None Include="drv\procexp.bin" />
     <None Include="drv\RTCore64.bin" />

diff --git a/Source/Hamakaze/KDU.vcxproj.filters b/Source/Hamakaze/KDU.vcxproj.filters
@@ -93,6 +93,15 @@
     <ClCompile Include="minirtl\_filename.c">
       <Filter>minirtl</Filter>
     </ClCompile>
+    <ClCompile Include="idrv\gdrv.cpp">
+      <Filter>Source Files\idrv</Filter>
+    </ClCompile>
+    <ClCompile Include="tests.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="idrv\atszio.cpp">
+      <Filter>Source Files\idrv</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h">
@@ -152,6 +161,15 @@
     <ClInclude Include="minirtl\_filename.h">
       <Filter>minirtl</Filter>
     </ClInclude>
+    <ClInclude Include="idrv\gdrv.h">
+      <Filter>Source Files\idrv</Filter>
+    </ClInclude>
+    <ClInclude Include="tests.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="idrv\atszio.h">
+      <Filter>Source Files\idrv</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc">
@@ -176,5 +194,11 @@
     <None Include="drv\RTCore64.bin">
       <Filter>Resource Files</Filter>
     </None>
+    <None Include="drv\gdrv.bin">
+      <Filter>Resource Files</Filter>
+    </None>
+    <None Include="drv\ATSZIO64.bin">
+      <Filter>Resource Files</Filter>
+    </None>
   </ItemGroup>
 </Project>
diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-map c:\makeexe\temp\dummy.sys</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>
diff --git a/Source/Hamakaze/compess.cpp b/Source/Hamakaze/compess.cpp
@@ -57,7 +57,7 @@ PVOID KDUDecompressResource(
 
         SIZE_T newSize = (DWORD)doOutput.uSize;
         PVOID decomPtr = doOutput.lpStart;
-        
+
         if (supVerifyMappedImageMatchesChecksum(decomPtr,
             (ULONG)newSize))
         {
@@ -73,7 +73,8 @@ PVOID KDUDecompressResource(
 
         DeltaFree(doOutput.lpStart);
 
-    } else {
+    }
+    else {
         printf_s("[!] Error decompressing resource, GetLastError %lu\r\n", GetLastError());
     }
 

diff --git a/Source/Hamakaze/drv/ATSZIO64.bin b/Source/Hamakaze/drv/ATSZIO64.bin
diff --git a/Source/Hamakaze/drv/gdrv.bin b/Source/Hamakaze/drv/gdrv.bin
diff --git a/Source/Hamakaze/global.h b/Source/Hamakaze/global.h
@@ -60,3 +60,4 @@ extern "C" {
 #include "ps.h"
 #include "victim.h"
 #include "pagewalk.h"
+#include "tests.h"