scumjr / the-sea-watcher

Implementation of the SMM rootkit "The Watcher"

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

The Sea Watcher

Implementation of The Watcher, a SMM rootkit:

This is a (dirty) proof-of-concept.

Files

  • hijack_vdso.c: SMM payload hijacking VDSO
  • payload.s: shellcode written to VDSO by hijack_vdso.c
  • seabios/: SMM backdoor, applied against SeaBIOS
  • shellcode.rb: metasm script to compile hijack_vdso.c
  • smm-trigger-local.c: trigger the execution of the SMM payload from a local account
  • smm-trigger-remote.py: trigger the execution of the SMM payload from the network
  • trigger_smi.c
  • vdso-test/: stuff to test VDSO shellcodes

About

Implementation of the SMM rootkit "The Watcher"


Languages

Language:C 71.3%Language:Assembly 9.0%Language:Python 9.0%Language:Makefile 6.7%Language:Ruby 4.1%