Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: rr0d: rasta ring 0 debugger

  1. #1
    Serpilliere
    Guest

    rr0d: rasta ring 0 debugger

    Hi

    Little post to present you RR0D: the rasta ring0 debugger.

    Here is [another] ring0 debugger. Its goal is to be platform independant: It actually runs on win9X winXP linux* BSD*

    To achieve this goal, it s processor dependant: only x86 is supported. This debugger has the form of a driver and so can be dynamicly loaded/unloaded.

    There is plenty of things to do in order to make it usefull but it works
    It supports concole/x/framebuffer display, ps2 keyboard & mouse.
    Sources include in CVS.

    link:
    rr0d.droids-corp.org

    it has a rasta mode [very important.].

    Have Fun!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Rasta, Man?

    Where can I find it? In the rr0d folder of the CVS are a lot of files, but no zipped archive or similar...

    What license is it? Is it OpenSource?

  3. #3
    Serpilliere
    Guest
    RR0D is under GPL (or maybe in CeCil for futur (just for a french kiss))

    A cvs snap is on www.droids-corp.org/~serpilliere/rr0d.tgz

    To compile on nux:
    copy config.h.sample as config.h
    comment intel_style line (if got gcc)
    chose either frame buffer or AA (console) (i advise start with console: btw, it is for *real* console ie not frame buffer one...)
    copy either Makefile-linux (if got 24 ) or Makefile-26 as Makefile
    run Make
    insmod

    You can run a little example than trigger a div/0 or int 3
    read doc/source for keys

    I know, i sould do a *real* doc.
    note that rr0d is not completed so many bug, easy to detect, .... but its for fun!

    if it doesnt work, maybe you are not rasta/lucky

    Serpilliere
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    heya,

    i am running in unsigned int rasta_mode now the thing works just smooth! c00l! ! i saw it is based on deblin, or?

    btw i found a bug in da README on line 75:

    'As root, run 'insmod ./rr0d.o'. You have just loaded the module'

    misses the k in rr0d.ko

    i need to check the hotkey ...

    cheers, 0xf001

  5. #5
    Serpilliere
    Guest
    yep!

    Happy to meet a new rasta man on the boat
    rr0d was inspired by deblin yes: one day, i was looking around porn stuff on the web, and i discovered this ring0 debugger. It was quite crapy but the idea was there anyway. I decided to code rr0d just after, man. arf: rr0d is messy too.

    im happy it works for you: rr0d is not yet very userfriendly and there is still some completely *un-natural* tweaks to do in order to make it work. This can stop someone using rr0d and saying "oo my god: this stuff is a real piece of shit, hope the author will brun in hell. ok who's next?"

    for windows users, you need ddk sdk pdk and xp spk vc++ 14.6 dev platinium gold in order to *think* of a possible compilation. Once you got that, copy the Makefile-Xp as Makefile and just type build in a cmd.exe. -quite simple-

    oo btw, the readme was written during linux 2.4 rr0d development: so kernel modules ended by .o but there are other errors in the readme, dont giveup

    last news: rr0d handles tsd & general procetion fault so if an ap uses rdtsc to do timing mesure for anti tracing, rr0d "hooks" those rdtsc by general protection fault. then it can put anything in eax:edx as if the time was freezed.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    hi again!

    thanks for your explanations !

    And I l0VE your documentation!!! Especially I think you did the most serious and useful windows installation documentation EVER in the README hehehe

    and I think you definately made it into knoppix|RE which is intended to be released sooooon .... so pls hurry if you want any changes. The cool thing is so we take away the compilation etc hurdles from ppl who just wanna check da thing out and be a little rasta do you agree?

    oh also thx for the direct download link, not that webspiders are out of date but ...... thx!

    i know when c0ding everybody gets lazy at some time. some parts are interesting some not so much but need to be done. definately
    no bullshit rr0d! bah!

    thanks and keep rasta,

    0xf001

    PS: 2 last news: veery good! i must study the source a bit i think ....

  7. #7
    Serpilliere
    Guest
    yup!

    The knoppix idea sounds rasta good.

    The main problem i see is that rr0d is far from being the perfect debugger:
    -rr0d doesn't even think of hiding the eflag yet (gnarf)
    -rr0d doesn't even think of handling cli/sti during code tracing (gnarf²)
    -There is (oo my god) a buffer overflow in the command line [CAN-07-666-1337]
    -ok in fact there are buffer overflows everywhere.
    -the 'embedded' std[lib/io] smells like the blood in the little morning
    -the command line parser automat code is so messy that i suspect it from auto-mutating dynamicly ("It liiiiives againnn"). Hope it wont fertilize the stdio stuff
    -to finish with, i need to redraw a 32 bit perpixel font with antialiased & trilinear filtering but the M!cros0ft graphic suite (mspaint) seems to be a bit limitating. Moreover, the only thing my mspaint java plugin does is making the garbage collector vomit.

    I agree for the installation&compilation improvment. Maybe the best solution is to do a complete film which could be titled:
    "My life & how to install rr0d on a X86 sex machine step by step"

    But erf, im having good time porting nasm for ring0: i want a dynamik assembler in rr0d engine -sweet-. This was on my wish list. Another wish is having good time with twin sisters.
    But, NasM engine first.

    For the documentation, the french one is better from far but english language cannot handle philisophic idea evoked in the doc.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    rasta man,

    I am aware of the limits of rr0d. and even before you mentioned it - when i looked through the code i was a bit scared of the state machine you built for command parsing hahaha (i just say "adresse_tmp = 0xDEADFACE;" mhm)

    anyway i think the project at least can be presented and as it is GPL maybe some ppl will start improving it? i find it good for knoppix|RE as it is quite "small" compared to linice etc ... and it has rasta mode. of course. so you can study this work. to seriously use it as debugger it really is kinda too limited. it will be on CD as a goody cool you can dynamically load/unload it so it does not conflict with other debuggers.

    we can use knoppix|RE to present those tools like rr0d i think. when ppl can look at it how it really is quickly, maybe it will spread more. interested ppl could potentially start working on it.

    if i find some time (definately i want) then i would look at some things like kbd handling, implement a few commands - and maybe rewrite the state machine haha!

    ah and pls when you completed the film with the twin sisters just post it here into the off-topic section pls

    cheers, 0xf001

  9. #9
    Serpilliere
    Guest
    yip!

    Fiends of rr0d & rasta spirit lovers:
    A new wonderful system, based on metamorphic scripts allows rr0d users to have their dayly snapshot of rr0d cvs on: http://rr0d.droids-corp.org/rr0d_snapshot.tar.gz

    ok, in fact we dont have a clue of how scripts work. We taugth a monkey the way to tarball cvs shot. His name is "kiki" and he loves bananas & twin sisters.
    Kiki 's last job was to pass binaries's multi crypted layers by manual tracing, but he was tired of that. Hope data compression will pleased kiki in the futur.

    [no animal was hurt in this post.]

    RaStA them all, man

    Remote Serpilliere
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10

    rasta ring0 debugger f001ed :)

    hi friends and rastas,

    thanks for the daily download link man! first thing when I saw the rasta
    debugger was (besides not believing this could ever work and finding
    it rasta cool) to see how it works and play with it (mess the whole code up )!

    so it happened i immediately had to add a f001 mode to it

    it is of course only playing around, but i have attached the source - if somebody is interested he can ie run a diff to the snapshot source and so see quickly how to implement new commands. oldough this commands affect only the display.

    new commands are
    f001
    unf001

    to enter or leave f001 mode. f001 mode is animated btw
    [very very important]

    the rasta mode i changed also just for test purposes

    and the keyboared to qwertz - is configurable via #if 1, the french layout i had to fight with was too unrasta compatible for me i think

    when i surfed the code and i made some other changes which are a suggestion to change, and first steps to optimize the command.c

    1) command.c:
    - MAX_REG, MAX_CMD removed,
    changed table_command, table_reg to end with 0,
    changed chose_command() and chose_reg() to handle this

    2) command.c, video.c:
    - added commands f001 and unf001


    3) keyboard.c
    - added list of avail commands to helptext
    - switched to querty layout (via #if 1)

    ad 1) in order to make the code more flexible i removed the constants for the array lengths. a NULL terminates the arrays now as end indicator, so the for( i=0; i<MAX_CMD; i++) loops could be changed to while(table_command[i++]) loops.
    Next I would suggest to change the state parser. In steps. First I would do is use the "state" for the return code of parse_command() (same values as in switch(state)) so the constants like CMD_HELP etc ... can be used in keyboard.c as well and so all will be a lot easier i think ! If you agree I do that and send you a version with all those changes.

    ad 3) the keyboard can easily be switched back to french or any other layout - see keyboard.c

    playing with rr0d is big fun! thanks rasta man! I definately want to support you guys and rewrite ie the command parser as a first task and make it ultra rasta cool and dynamic OK?

    cheers, 0xf001
    Attached Files Attached Files

  11. #11

    rasta ring0 debugger f001ed :)

    ... and a screenshot of da f001 mode if you are too lazy to compile
    Attached Images Attached Images  

  12. #12
    Serpilliere
    Guest
    yap!

    Man, I think the rAsTa gods are pleased for your sacrifice. Last night at sleep time, i dream of another cool lookin' mode. Its now realized. Tx to you for da f001 mode. The ultimate thing could be a plasma rift effect with colors. [humm, i wish old school demo time] its possible, the video driver of rr0d is very flexible (nv!dia wanna use it in next 3D card generation).

    For the command line, you are welcome to update or redo the code from scratch. It can be only better than the actual one (huston , we got a problem: embended stdio got nacked.)
    I will have a look to the one you post, and update the cvs this week with it if you agree (or next one if i find twins).

    humm, just a question:
    is your console mode is undulated in native mode or is it a picture? if its native undulated, please, send your screen firmware source code.
    by the way did you notive your leds on your keyboard during rasta sessions? rr0d ownz your keyboard

    by the way i thought about porting lex&yacc to ring0 (in fact just some fget puts wrappers i think) to complete beautiful command line as:

    bpx @eax+0x4+ esi ,
    r ESI = dword ptr [EAX*0x1337+ EDX] + sp
    or even:
    search 0x1337BEEF L 0xCAFE "TwIn SisTeRS"

    but hey, do as you like, just keep in mind that EACH line of rr0d should be written in a rasta spirit. (this is part of rasta gpl) . No violence is allowed in the source

    OKI, i have just diffy & update cvs. The 0xf001 mode is now a native rr0d mode. Screen shoot on web site. (little update for X f001 mode, but im too lazy to look for every blue colors in 16/24/32 bit per pixel mode.:/ i guest the actua X result is a bit crapy)

    Serpilliere
    Last edited by Serpilliere; September 5th, 2005 at 13:46. Reason: update
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    wow! thx rasta man for incorporating da f001 mode and the screenshot/mentioning on your website hehehe

    i am just about to totally mess up command.c now. of course i take care the whole code will be a sign of peace, freedom, and rasta spirit

    i send you the changes when i feel the code is enough obfuscated

    ... and why not while messing around invent some new modes like plasma mode, or scrolling messages, or ... hehehe ....

    about the enhanced commands you mention .... good to think about that now ... while doing the parser. i try to make it flexible enough to handle this (simple calculations with "symbols"). why not use regexps for parsing hehehe

    peace, 0xf001

  14. #14
    Serpilliere
    Guest
    yyp!

    Just to introduce a warning in rr0d, so:
    /!\ Caution: if you put software breakpoint (or you step over a call), and the app quit and you didn't remove the breakpoint, it "seems" to be on the hard disk: if you hex edit the file at the bp place on the disk you will see a beautifell 0xCC. But in fact, this should be just an artefact (i say should because one day *it was a wednesday* my machine said me: hey man dyou hope i will boot with a piece of Gruyere instead of a lib?) in fact the file may be mapped in ram even if the app has ended. but if you reboot (so the file is no more in ram. YES! the big new is if you reboot your rasta machine, and you edit its ram, in most cases, things are regenerated again: this is the life cycle. And some win machine are very happy to have this full cycle again) the 0xCC is (or erf, may not be) not there anymore.

    The rasta god wont be pleased with destroyed lib.

    rasta'em all
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    hi!

    huch after plenty of other stuff - i finally came to work on the parser. it is almost finished hehe

    it now works with lexical scanning, is based on tokens and has an expression evaluator which handles COMPLETE ALGEBRAIC EXPRESSIONS regardless of how many bracket levels hehehe. so (2*eax+bp-(30*(esi+4))/(edx+4)) is absolutely peanuts for the parser hehehe

    i kept it outside the rr0d source tree, so i/you can apply it to any tool +hrhr+ like i will put it into a new coming disasembler as well *gggg*
    now i apply it onto the latest rr0d snapshot ...

    within the next 1-2 weeks the new rr0d parser should be fully integrated hehe

    cheers, 0xf001

    PS: what u say to my new design on http://home.pages.at/f001 ?

Similar Threads

  1. ring-3 error
    By MasterMind07 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: March 27th, 2007, 01:08
  2. ring(0) protection techonology!
    By muratselim in forum The Newbie Forum
    Replies: 1
    Last Post: December 30th, 2005, 17:57
  3. App better than ring-0?
    By Aquatic in forum The Newbie Forum
    Replies: 5
    Last Post: May 31st, 2004, 06:35
  4. Need to track 99% resource usage by cracked prog... ring 0
    By zambuka42 in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: May 6th, 2004, 17:03
  5. ASPR Hacking in user mode (ie. not ring 0!)
    By squidge in forum Malware Analysis and Unpacking Forum
    Replies: 39
    Last Post: March 16th, 2003, 08:19

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •