Maurice's Notes
Blog
Low Level Computing
Low Level Computing
  • Operating Systems
    • General Operating Systems
      • OS Structure
      • Main Memory
        • Basic Hardware
        • Address Binding
        • Memory Address Register
      • Booting
        • MBR (Master Boot Record)
        • Global Descriptor Table
      • Direct Memory Access (DMA)
        • DMA
      • Processes
        • Basics
        • Process Scheduling
    • Linux Operating System
      • Linker Scripts
      • Position Independent Code/Executable
      • Relocation
      • Understanding PLT and GOT
    • Windows Operating System
      • Page 1
    • Real-Time Embedded Systems
      • Real-Time Scheduling
        • Cyclic Executive
  • Computer Architecture
    • Architecture Fundamentals
      • Introduction
      • Cache Basics
      • Cache Memory
      • A Few CPU Formulas
    • RISC Architectures
      • ARM
        • ARM Design Philosophy
        • RISC Review
        • Exceptions, Interrupts, & Vector Table
        • ARM Pipelines
        • ARM Registers
        • ARM Branch Instructions
        • ARM CSPR (Instructions)
        • ARM Data Processing Instructions
        • Load/Store Instructions
        • Profiling Cycle Counter
        • Compiler Optimizations
      • RISCV
    • CISC Architectures
    • Cache Coherency
      • Basic Introduction
      • Memory Sequential Consistency
  • Exploits
    • Walkthrough: Return-to-Libc
    • Access Physical Memory
  • Compilers & Runtime Systems
    • Introduction
      • Programming Language Basics
      • Static Scope
    • Syntax Translation
      • Syntax Defined
      • Parsing
    • Algorithms
      • FIRST FOLLOW (Top-Down) Parsing
      • Building a Recursive Descent Parser
      • Construction: Regular Expression -> NFA
Powered by GitBook
On this page
  • Motivation
  • Configure and Compile Linux Kernel

Was this helpful?

  1. Exploits

Access Physical Memory

PreviousWalkthrough: Return-to-LibcNextIntroduction

Last updated 9 months ago

Was this helpful?

Motivation

Recently, while studying the interrupt vector table and side-channel attacks, I hit a wall when attempting to access Physical memory. This page will serve as a guide for accessing Physical memory.

Configure and Compile Linux Kernel

Follow the instructions to being this process.

The important configurations are CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM. Set both to 'n' to remove restrictions and allow access to physical memory.

I will include the commands below to support persistence in the event previoulsy linked blog post is removed.

# list of steps

## Install dependencies
$ sudo apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev fakeroot
$ sudo apt install dwarves

# Download target Kernel Version
$ wget https://cdn.kernel.org/pub/linux/kernel/{VERSION_MAJOR}/linux-{VERSION_MINOR}.tar.xz
$ tar -xf linux-{VERSION_MINOR}.tar.gz

# Relocated Configuration File
$ cd linux-{VERSION_MINOR}
$ cp -v /boot/config-$(uname -r) .config

# Filter out existing Modules
$ make localmodconfig

# Disable and Set Config Lines
$ scripts/config --disable SYSTEM_TRUSTED_KEYS
$ scripts/config --disable SYSTEM_REVOCATION_KEYS
$ scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS ""
$ scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""

# Remove Physical Memory restrictions
$ sed -ri 's/CONFIG_STRICT_DEVMEM=y/CONFIG_STRICT_DEVMEM=n/g' .config
$ sed -ri 's/CONFIG_IO_STRICT_DEVMEM=y/CONFIG_IO_STRICT_DEVMEM=n/g' .config

# The above configurations may not be present in the configuration file.  If not,
# Simply add the lines to the .config file yourself.

# Compile
$ fakeroot make

# Compile using multiple CPU Cores
## The fakeroot command prints error messages.  Without fakeroot, you must type
## echo $? after an error 2, to get more information.
$ fakeroot make -j$(nproc)

# Verify Successful Compile
$ echo $?

# Installation
$ sudo make modules_install
$ sudo make install
$ sudo reboot

# Final Verification
$ uname -rs

outlined in this blog post