Skip to content

fuqiuluo/ovo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
.github/workflows
.github/workflows
 
 
client-sdk
client-sdk
 
 
ovo
ovo
 
 
samples
samples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

OvO

A kernel driver module designed to provide portable hacking operations!

Rootkit operation of some kernel modules is provided for the kernel of android-aarch64, this is a learning project of mine, and some mistakes may be corrected in the future.

Inter-communication (supports multiple users)

By implementing a custom network protocol family, user space communication can be achieved both synchronously and asynchronously without relying on character devices or netlinks:

  • No filesystem operations required
  • Low overhead implementation without using kprobes for system call interception
  • Uses stable kernel interfaces for improved maintainability

Features

Module Base Address Acquisition (memory.h->get_module_base)

Provides an alternative method to get module base addresses without reading /proc/self/maps, which may be monitored by anti-cheat software.

Process Memory Operations

Virtual to Physical Address Translation (memory.h->vaddr_to_phy_addr)

Converts virtual addresses (VA) to physical addresses (PA) by:

  • Traversing page table hierarchy (PGD -> P4D -> PUD -> PMD -> PTE)
  • Handling page table folding and huge pages
  • Computing final physical address using page frame number and offset

Memory Read/Write Operations

Two implementations available:

  • memory.h->rw_process_memory: Custom implementation using page table traversal and physical address mapping
  • memory.h->access_process_vm_by_pid: Utilizes kernel's built-in access_process_vm function for direct process memory access

Root Privilege Escalation (kkit.h->mark_pid_root) (Deprecated)

A stealthy approach to elevate process privileges by:

  • Locating target process's task_struct
  • Creating new credentials with root uid/gid (0)
  • Directly modifying process credential pointer instead of using commit_creds()
  • Avoiding root uid visibility in ps command output

Fast Cross-Process Memory Remapping (process_vaddr_to_pfn, remap_process_memory)

An efficient approach for cross-process memory access by:

  • Converting source process virtual address to physical page frame number (PFN)
  • Directly remapping memory through page table manipulation
  • Bypassing traditional system calls and memory copy operations
  • Achieving 3ms per 100M operations vs 80ms/100k ops with traditional methods

Performance highlights:

  • Direct page table access without syscalls
  • 100M memory operations: ~3ms
  • Traditional approach (ioremap): 80ms for 100k operations
  • ~26,000x performance improvement over conventional methods

CI Support

About

Just a memory read-write driver for Android!

Topics

linux kernel-module memory rootkit cheat kernel-driver rootkit-kernel mmuhack

Resources

Readme

License

GPL-3.0 license
Activity

Stars

10 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Languages