/VDR

Vulnerable driver research tool, result and exploit PoCs

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Vulnerable Driver Research

Writeup

Static Analysis Automation for Hunting Vulnerable Kernel Drivers

Discovered Vulnerable Drivers

All give full control of the devices to non-admin users. The list in each file contains driver names, hashes, signer information, other arbitrary read/write vulnerabilities and so on.

result_firmware.org
Drivers with firmware access allowing arbitrary port I/O & memory mapped I/O

Tool

ida_ioctl_propagate.py
IDAPython script for automating static code analysis of x64 vulnerable drivers
ioctl_batch.py
Python wrapper script to run in IDA batch mode for triage

Note: The script will not work for x86 drivers.

You need the 3rd-party WDF type information (kmdf_re). Please clone with the submodule.

git clone --recurse-submodules https://github.com/TakahiroHaruyama/VDR.git

Exploit PoCs

The exploit PoCs are located in the PoCs directory.

Reference