{"id":27278896,"url":"https://github.com/sigseg5/kernkill","last_synced_at":"2025-04-11T17:19:58.843Z","repository":{"id":122918932,"uuid":"540779857","full_name":"sigseg5/kernKill","owner":"sigseg5","description":"Linux kernel module designed for emergency system management, enabling instant shutdown or process termination when a specified USB device is disconnected.","archived":false,"fork":false,"pushed_at":"2023-12-04T19:18:48.000Z","size":3692,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-11T17:19:54.345Z","etag":null,"topics":["demhack5","kernel-module","kernel-modules","linux","linux-kernel","privacy","security","usb"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sigseg5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-09-24T09:43:58.000Z","updated_at":"2024-10-17T17:08:31.000Z","dependencies_parsed_at":"2023-12-04T18:27:38.241Z","dependency_job_id":"d08d6fe5-9a7b-4b42-9ef8-b9b627ce6c61","html_url":"https://github.com/sigseg5/kernKill","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigseg5%2FkernKill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigseg5%2FkernKill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigseg5%2FkernKill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigseg5%2FkernKill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sigseg5","download_url":"https://codeload.github.com/sigseg5/kernKill/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248447609,"owners_count":21105140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["demhack5","kernel-module","kernel-modules","linux","linux-kernel","privacy","security","usb"],"created_at":"2025-04-11T17:19:58.219Z","updated_at":"2025-04-11T17:19:58.827Z","avatar_url":"https://github.com/sigseg5.png","language":"C","readme":"# kernKill\n\nkernKill is a work-in-progress Linux kernel loadable module designed for emergency system management. It's primary function is to enable immediate shutdown or termination specific processes when a specified USB device is removed from a machine running a compatible Linux operating system.\n\n## Warning about the USB Stack\n\nIt's important to be aware of the nuances and potential risks associated with the USB stack when using kernKill. Detailed information about these aspects is provided in the following sections.\n\n## Configuration process\n\nTo configure kernKill, you need to know some system information about your system's USB devices. You can gather this information using the following commands:\n\n```bash\n# List all connected USB devices\nlsusb\n\n# Display driver information for USB devices\nlsusb -t\n```\n\nYou'll need to note USB Vendor and Product IDs. Next you should set these as environment variables with `export ...` or pass IDs like `USB_PRODUCT_ID=0xXXXX USB_VENDOR_ID=XXXX ...`. If you don't pass any IDs, the default values from the [Makefile](/Makefile) will be used.\n\n## Building the module\n\n### About build modes\n\nThere are two modes:\n\n- `kill` (default) – in this mode, processes specified in [proc_list.h](/proc_list.h) are immediately killed from kernel space via SIGKILL.\n- `reboot` – in this mode, the kernel module will perform `emergency_restart()` exec from kernel space.\n\nkernKill is configurable via the [Makefile](/Makefile) included in the source code. By default, it operates in 'kill' mode, but you can switch to 'reboot' mode if necessary. Here's how to build in each mode:\n\n```bash\n# Building in 'kill' mode (default)\nUSB_PRODUCT_ID=0x5678 \\\n    USB_VENDOR_ID=0x1234 \\\n    make\n\n# Building in 'reboot' mode\nUSB_PRODUCT_ID=0x5678 \\\n    USB_VENDOR_ID=0x1234 \\\n    make MODE=reboot\n```\n\n## Installation guide\n\nTo install kernKill, run the provided script. This installation will also disable the `uas` and `usb-storage` drivers. This is to prevent the standard usb-storage stack from taking control of the USB device. In fact, it is enough to write a udev-rule to achieve feature parity with this kernel module. But that's boring, right? :)\n\n```bash\n./install.sh\n```\n\n## Uninstallation procedure\n\nTo uninstall kernKill and revert all changes made to your system, including re-enabling the `uas` and `usb-storage` drivers, use the following command:\n\n```bash\n./rollback.sh\n```\n\n## Debugging tips\n\nFor debugging, you can monitor kernel messages related to kernKill using:\n\n```bash\nsudo dmesg | grep kernKill\n```\n\n## Additional information\n\nNote: This module was developed during dem-hack5 and is currently not recommended for real-world use. It has been tested on the x86_64 architecture with the Linux kernel version `6.5.6-76060506-generic`. The module theoretically supports any x86/x86_64 machine with relatively modern linux kernel, but has not been extensively tested in different environments.\n\nAlways use caution and don't use it in a production environment.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigseg5%2Fkernkill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsigseg5%2Fkernkill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigseg5%2Fkernkill/lists"}