You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Below is the list of drivers checked during KDU development which are for some reason(s) did not get the opportunity to get into it.
AMI amifldrv64.sys - from BIOS flashing tool, based on MAPMEM. Disadvantage: driver is very old.
ASUS AsIO3.sys - from infamous EneTech dev who loves to copy-paste from Google.
Driver locked, unlocking rep for reference https://github.com/hfiref0x/AsIo3Unlock. Disadvantage is requirement to use AsusCertService application as zombie proxy for registering AsIO3 "trusted" application. Besides it is still the same WINIO just WHQL signed in Dec 2020.
ATI atillk64.sys - respective CVE ids: CVE-2019-7246, CVE-2020-12138. Disadvantages are: driver is very old and provides access to physical memory through MmMapIoSpace which limits it use.
DELL PC Doctror pcdsrvc_x64.sys - Driver locked, unlocking requires sending IOCTL with specific value as "key" 0xA1B2C3D4. Disadvantage is MmMapIoSpace.
miHoYo mhyprot2.sys driver - anti-cheat driver from Chinese game company. Itself a wormhole with functionality to read/write to the virtual memory of arbitrary processes and read arbitrary kernel memory. Driver is locked, unlocking code is available. Disadvantages: does not provide write access to kernel/physical memory, extensive size (>1 Mb).
Razer Synapse rzpnk.sys driver - respective CVE id: CVE-2017-14398. Despite having amazing features on board this driver doesn't allow physical memory access beyond 4Gb as it truncates addresses above. In general it is unusable for main KDU tasks.
Supermicro superbmc.sys driver - based on MAPMEM. Disadvantage: this driver has initialization bug which result in BSOD on it load at certain conditions.
VirtualBox vboxdrv.sys from Chinese APT which is different to original Turla group driver. While they utilize the same unpatched exploit of VBox 1.6-2.x it uses different driver and original exploit code need a little tweak to work with it. Disadvantages: driver is old, since 1.6 experience it is known that vboxdrv is exclusively bugged, implementing this will require a lot of additional code as it need different approach for code execution.
Some AMI BIOS flashing drivers based on WINIO, unfortunately they expect bus address to be 32 bit long.
Lalla NVME Pin driver - device driver from NVMECraft bundle. Contains MmMapIoSpace arbitrary read/write primitive, however due to driver bug it abuse is way too complicated.
Getac gtckmdfbs driver. Contain full set of wormhole features, however memory physical address is limited to ULONG limit.
and dozens I/O drivers based on WINIO and WinRing0 from various HW vendors.
The text was updated successfully, but these errors were encountered:
Below is the list of drivers checked during KDU development which are for some reason(s) did not get the opportunity to get into it.
AMI amifldrv64.sys - from BIOS flashing tool, based on MAPMEM. Disadvantage: driver is very old.
ASUS AsIO3.sys - from infamous EneTech dev who loves to copy-paste from Google.Driver locked, unlocking rep for reference https://github.com/hfiref0x/AsIo3Unlock. Disadvantage is requirement to use AsusCertService application as zombie proxy for registering AsIO3 "trusted" application. Besides it is still the same WINIO just WHQL signed in Dec 2020.
ATI atillk64.sys - respective CVE ids: CVE-2019-7246, CVE-2020-12138. Disadvantages are: driver is very old and provides access to physical memory through MmMapIoSpace which limits it use.
DELL PC Doctror pcdsrvc_x64.sys - Driver locked, unlocking requires sending IOCTL with specific value as "key" 0xA1B2C3D4. Disadvantage is MmMapIoSpace.GPU-Z gpu-z.sys driver - respective CVE id: CVE-2019-7245. Disadvantage is MmMapIoSpace.
miHoYo mhyprot2.sys driver - anti-cheat driver from Chinese game company. Itself a wormhole with functionality to read/write to the virtual memory of arbitrary processes and read arbitrary kernel memory. Driver is locked, unlocking code is available. Disadvantages: does not provide write access to kernel/physical memory, extensive size (>1 Mb).
Razer Synapse rzpnk.sys driver - respective CVE id: CVE-2017-14398. Despite having amazing features on board this driver doesn't allow physical memory access beyond 4Gb as it truncates addresses above. In general it is unusable for main KDU tasks.Supermicro superbmc.sys driver - based on MAPMEM. Disadvantage: this driver has initialization bug which result in BSOD on it load at certain conditions.
VirtualBox vboxdrv.sys from Chinese APT which is different to original Turla group driver. While they utilize the same unpatched exploit of VBox 1.6-2.x it uses different driver and original exploit code need a little tweak to work with it. Disadvantages: driver is old, since 1.6 experience it is known that vboxdrv is exclusively bugged, implementing this will require a lot of additional code as it need different approach for code execution.
Some AMI BIOS flashing drivers based on WINIO, unfortunately they expect bus address to be 32 bit long.
Lalla NVME Pin driver - device driver from NVMECraft bundle. Contains MmMapIoSpace arbitrary read/write primitive, however due to driver bug it abuse is way too complicated.
Getac gtckmdfbs driver. Contain full set of wormhole features, however memory physical address is limited to ULONG limit.
and dozens I/O drivers based on WINIO and WinRing0 from various HW vendors.
The text was updated successfully, but these errors were encountered: