https://github.com/airbus-seclab/crashos

A tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations.
https://github.com/airbus-seclab/crashos

Last synced: 7 months ago
JSON representation

A tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations.

• Host: GitHub
• URL: https://github.com/airbus-seclab/crashos
• Owner: airbus-seclab
• License: gpl-2.0
• Created: 2017-01-27T12:04:12.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-08-28T05:59:09.000Z (almost 3 years ago)
• Last Synced: 2024-12-11T14:22:47.194Z (7 months ago)
• Language: C
• Homepage:
• Size: 2.15 MB
• Stars: 183
• Watchers: 23
• Forks: 24
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# What is CrashOS?

CrashOS is a tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations. 

CrashOS is a minimalist Operating System which aims to lead to hypervisor crashs, hence its name. 

You can launch existing tests or implement your owns and observe hypervisor behaviour towards this unusual kernel.

![](https://github.com/airbus-seclab/crashos/blob/master/docs/crashos.gif)

The core of CrashOS provides the following OS features: 

- the Boot entry;

- the memory management (segmentation and paging);

- the interrupt and exception handling;

- the I/O communication.

A default kernel configuration is available but this set of features allows to entirely reconfigure the kernel as you desire.

Note : CrashOS is a work in progress. Please report any issue [here](https://github.com/airbus-seclab/crashos/issues).

# Hardware and software requirements

CrashOS only works on Intel x86 hardware architecture, requires `gcc-multilib` (to be compiled under x86-64) and GRUB to boot. The kernel is multiboot compliant.

# Installation (ie. VMWare)

To install CrashOS, first compile the project with the main Makefile. It will create the 32-bits executable `test.bin`.

`.../crashos$ make`

Then install `test.bin` on the provided VMWare disk image to test it under VMWare hypervisor. You need `vmware-mount`command line tool and the ability to mount `ext2` filesystems.

`.../crashos$ sudo make install`

# Usage

Use the script [create_new_test_directory.py](https://github.com/airbus-seclab/crashos/blob/master/tools/create_new_test_directory.py) to create a new directory containing your test. 

It will create the local Makefile, a log file to store the test logs, a text file to describe the test and the test file filled with the test template.

    /crashos/tools$ python create_new_test_directory.py myowntest

    Directory myowntest created

    /crashos/tools$ cd ..

    /crashos$ ls src/myowntest/

    Makefile  myowntest.c  myowntest.log  myowntest.txt

In CrashOS, each test needs to define a specific kernel configuration. Thus, each test must contain:

- an "init" function: it saves the current kernel configuration and defines the configuration with which we want to work;

- the "test" function;

- a "restore" function: it recovers the old kernel configuration.

A test template is available [here](https://github.com/airbus-seclab/crashos/blob/master/templates/test_template.txt).

To init the kernel, some default functions are available ([init.h](https://github.com/airbus-seclab/crashos/blob/master/src/core/init.h) and [init.c](https://github.com/airbus-seclab/crashos/blob/master/src/core/init.c)):

|       Function        |                         Description                             |                                                           

|-----------------------|-----------------------------------------------------------------|

|init_work_mem() 		    | Initialize the mem_info struct to define the available physical memory |

|init_segmentation(...)	| Initialize the GDT (Global Descriptor Table) with the following entries and update gdtr and segment selectors |

|init_paging(...) 		  | Initialize the PGD with the first 4MB in Identity Mapping, update CR3 and CR4 and enable the paging in CR0    |

|init_interrupts(...) 	| Initialize the IDT (Interrupt Descriptor Table) with the following entries (32 first entries for exceptions)  |     

Others functions allow the developer to modify the default system parameters and to define his own configuration. The following command line generates a a code documentation for all functions available in CrashOS:

    `.../crashos$ make doc`

It will create a html documentation in doxygen_documentation/html/index.html.

Specify, in the main [Makefile](https://github.com/airbus-seclab/crashos/blob/master/Makefile), the list of tests you want to launch:

    

    ...

    TESTS :=  test_repo1 test_repo2 

    ...

Then, rebuild the project.

    `.../crashos$ make`

# License

CrashOS is released under [GPLv2](https://github.com/airbus-seclab/crashos/blob/master/LICENSE.md).

# References

- [ISSRE 2017 Slides](https://github.com/airbus-seclab/airbus-seclab.github.io/blob/master/crashos/ISSRE2017-CrashOS-Gantet.pdf)

- [SSTIC 2017 Article (French)](https://github.com/airbus-seclab/airbus-seclab.github.io/blob/master/crashos/SSTIC2017-Article-crashos-gantet.pdf)

- [SSTIC 2017 Slides (French)](https://github.com/airbus-seclab/airbus-seclab.github.io/blob/master/crashos/SSTIC2017-Slides-crashos-gantet.pdf)