Vulnerable Driver Research
Writeup
Static Analysis Automation for Hunting Vulnerable Kernel Drivers
Discovered Vulnerable Drivers
All give full control of the devices to non-admin users. The list in each file contains driver names, hashes, signer information, other arbitrary read/write vulnerabilities and so on.
- result_firmware.org
- Drivers with firmware access allowing arbitrary port I/O & memory mapped I/O
Tool
- ida_ioctl_propagate.py
- IDAPython script for automating static code analysis of x64 vulnerable drivers
- ioctl_batch.py
- Python wrapper script to run in IDA batch mode for triage
Note: The script will not work for x86 drivers.
You need the 3rd-party WDF type information (kmdf_re). Please clone with the submodule.
git clone --recurse-submodules https://github.com/TakahiroHaruyama/VDR.git
Exploit PoCs
The exploit PoCs are located in the PoCs directory.