LIKE-DBG (LInux-KErnel-DeBuGger) aims at automating the boring steps when trying to set up a Linux kernel debugging environment. I set out to dive into kernel exploitation research and found existing solutions not usable enough. Hence, this is an attempt at making all necessary pre-steps before one can even think about diving into research as painless and fun as possible. All steps from building a kernel, running it inside an emulated environment, and attaching a debugger are transparently done inside docker containers to keep system requirements minimal. Currently, there's a dedicated docker container for every of the following steps:
- Building the kernel
- Creating a root file system to use with the kernel
- Launching the kernel + file system as the debuggee
- Attaching to the kernel as a debugger
As this project is in its early stages, I expect things to change rapidly, while also introducing breaking changes along the way. Major points to improve on are:
- Getting towards true multi-architecture support beyond
x86_64
andarm64
- Extend kernel builder to not only succeed in building recent™ kernels
- Add android kernel support
- Add (integration) tests
- Elevate the debugging experience even more
On the upside, despite its early stages, a couple of useful features are already present:
- General:
- Minimal host system requirements due to dockerization of every step
- A single config (
config.ini
) to allow free customization - CTF runner that's specifically designed to handle Linux kernel exploitation challenges
- Code linters:
- black for all python code
- shellcheck for shell scripts
- hadolint for the Dockerfiles
- Code formatter:
- flake8 for all python code
- Kernel builder:
- Multi-arch:
x86_64
,arm64
- Choose between
gcc
andclang
to build the kernel - Configuration modes:
- generic-mode
- syzkaller-mode
- custom-mode
- Fine-granular version control to build from:
- Commit hash
- Release tag (e.g.: 5.10-rc)
- Major-Minor-Patch (e.g.: 5.10.77)
- Ability to automatically apply patch files
- Multi-arch:
- Root file system builder:
- Powered by debootstrap
- Automatic generation of file system that matches the kernels architecture
- Ability to customize:
- wanted packages in the file system
- the Debian release version to base everything on
- Debuggee:
- Powered by QEMU
- Customization of QEMU runtime options from within the
config.ini
:
- Debugger:
- Powered by GDB (multiarch) + GEF and GEF-extras
- Allow users to specify GDB script in
io/scripts/gdb_script
to allow a scenario-tailored debugging experience
To get started, you have to ensure to have the following requirements set up in your system:
docker
tmux
python>=3.9
venv
Fine-tuning the kernel debugging experience is one of the goals of this project.
Currently, all tunable options are exposed in the config.ini
.
Some fields are recommended to not be altered as they're mainly for development reasons.
However, all the ones to customize the environment to your needs should be self-explanatory as all of them are labeled with a brief comment.
Once you're set with the configuration, the usage depends on your scenario.
tmux -f .tmux.conf
python3 -m venv .like-dbg
source .like-dbg/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt
# If you want to build a Linux kernel image from scratch for a specific version to debug, go ahead and run:
./start_kgdb.py
# If you want to try a CTF challenge where you were given a compressed Linux Image and a root filesystem try:
./start_kgdb.py --ctf --env <Image> <RootFS>
As a first-time user, you will see a lot of docker building messages race across the screen. In the end, your experience should look similar to this:
The python code should be quite readable, so feel free to extend the project with your own ideas. All PRs are very much welcome :)! Otherwise, feel free to create a feature-request issue or head over to the discussions page to brainstorm some cool new features!
PS: If you want to provide a logo, feel free to do so.