Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Crucial Ballstix MOD Utility is a software product for customization and controlling gaming systems such as LED colors, patterns, memory temperature and several other things. Since this does some major display changes, this driver on Windows has very high privileges. The service uses the MODAPI.sys driver, which is open source. T

All of the vulnerabilities relate to insecure IOCTLs for the driver being exposed. One of IOCTLs allows for the direct writing to IO ports. This allows for the writing to the harddrive directly, which theoretically is just game over.

Another issue was the ability to map physical memory to virtual memory. This gives a Write-What-Where primitive for the kernel. Again, a really simple exploit to pull off.

Computers have model-specific registers (MSRs) that are used for CPU info. By being able to read/write to MSRs, The _LSTAR register is used to transition from user-mode to kernel-mode. By playing with this register, we can direct what happens after a syscall, which gives us code execution in ring-0. Again, game over.

This post had many strange/interesting exploit primitives, such as the port writing and MSR register setting. Sometimes, we have to be real creative in writing our exploits.