Dashboard Articles Playground Discussions More
Follow

Just got Hacked by a Kernel-Level Rootkit

Time Void [Chronon]
6 years ago | edited 6 years ago

-1

So yeah, i was on a sunny day, when i used my dummy hard disk to download the crack of Nier:Automata by Baldman, adding random tracker ro the torrent to speed up the process and damn, i got a rootkit (long story of how i could know i get infected). Luckily it’s just kernel level and i was using a dummy hard disk (as usual when i want to download a cracked app). I reformatted the Hard disk to make sure it got terminated.

So I warn you, DO NOT add additional tracker when you want to download this crack, since it’s popular i think it would be usefull to post it here. Or to be safe, Do not download the crack at all and buy it legimately.

Thanks!

 
##;6986 VPDSICV
5replies
3voices
204views
f0rk [HackingGuy]
6 years ago

0

Hey @Chronon, still got a copy?

I’d love to reverse it with some other people if you guys are interested :) It would probly be a great learning experience.

 

There’s no place like 127.0.0.1

Time Void [Chronon]
6 years ago

0

@HackingGuy unfortunately no. I have formatted all the content of my dummy harddisk. And it would take a lot of time for me to downlpad it again, since it was 44GB.

And looks like you have some experience with this kind of thing. Is there anyway for me to detect and remove a kernel-level rootkit? Since it blends in with the OS, I have no idea what to do besides wiping it up. Yeah I am inexperienced with this thing.

Thanks

 
##;6986 VPDSICV
b1nary
6 years ago

0

lol nothing new about cracks infected with rootkits , its even funny to see how some people even re-infect a crack after someone release it and starts distributing as a “v2.0” crack or some shit like that..

but im curious about how you found it … kernel level rootkit is kind of hard to detect

Time Void [Chronon]
6 years ago

0

@b1nary well, to recognize it, it’s not a really big thing. But, for my computer detect it, if i want to remove it, is something I would call, almost impossible without wiping the harddisk. That’s why I am always doing a research on how I can eliminate this kind of rootkit, if not, how to detect it. It’s already a really huge deal just to detect it. Atleast for me. You have any idea about it?

 
##;6986 VPDSICV
f0rk [HackingGuy]
6 years ago

0

http://www.faqs.org/docs/kernel/x204.html
http://es.tldp.org/Presentaciones/200211hispalinux/rusty/seminar.html
https://info.fs.tum.de/images/2/21/2011-01-19-kernel-hacking.pdf
https://w3.cs.jmu.edu/kirkpams/550-f12/papers/linux_rootkit.pdf
http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html
http://iacoma.cs.uiuc.edu/~nakano/dd/drivertut3.html#IntrotoDevDrv

:)

 

There’s no place like 127.0.0.1

You must be logged in to reply to this discussion. Login
1 of 6

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss