Join OICQ Group: 943577597

Kernel Driver Development Kit: Ylarod/ddk

• CFI Bypass - Automatically patch kernel CFI check functions to disable Control Flow Integrity protection
• Kprobe Blacklist Disable - Clear kprobe blacklist to allow hooking protected kernel functions (kernel 6.1+)

• Virtual Address Translation - Software page table walking for virtual to physical address translation
• Hardware Address Translation - Using ARM64 AT instruction for faster and more accurate translation
• PTE Direct Mapping - Create mappings directly in page tables bypassing VMA, supports stealth mode
• Page Table Walk - Traverse complete process page tables and dump to dmesg

• Physical Memory R/W - Direct access via phys_to_virt, up to 50MB per operation
• ioremap R/W - Support multiple memory types (Normal/Device/Write-Through, etc.)

• Find Process - Locate process PID by name
• Liveness Check - Check if process is alive
• Privilege Escalation - Elevate current process to root
• Get Module Base - Query module load address in target process
• Hide Process - Set process invisible flag
• Hide Module - Hide kernel module from system

• DMA Buffer Export - Export process memory as dma-buf fd for zero-copy sharing
• Page Info Query - Retrieve page flags/refcount/mapcount information
• Debug Info - Get kernel structures like TTBR0/task_struct/mm_struct/pgd
• Custom Protocol Family - Socket-based userspace communication interface
• Remote Thread Creation - Create new thread in target process (not implemented yet)

DDK (Kernel Driver Development Kit) provides a containerized build environment with pre-configured kernel sources.

• Docker installed and running
• DDK tool installed

sudo curl -fsSL https://raw.githubusercontent.com/Ylarod/ddk/main/scripts/ddk -o /usr/local/bin/ddk
sudo chmod +x /usr/local/bin/ddk

The build script supports multiple commands and options (supports Chinese/English based on system locale):

Commands:

./scripts/build-ddk.sh build [target]    # Build kernel module
./scripts/build-ddk.sh clean [target]    # Clean build artifacts
./scripts/build-ddk.sh compdb [target]   # Generate compile_commands.json for IDE
./scripts/build-ddk.sh list              # List installed DDK images

Build Examples:

# Build with default target (android12-5.10)
./scripts/build-ddk.sh build

# Build for specific target
./scripts/build-ddk.sh build android14-6.1

# Build with stripped debug symbols (smaller file size)
./scripts/build-ddk.sh build -t android14-6.1 --strip

# Clean build artifacts
./scripts/build-ddk.sh clean android12-5.10

# Generate compile_commands.json for IDE support
./scripts/build-ddk.sh compdb

Available targets: Check DDK Container Versions

Note: On some systems, Docker requires root privileges. If you encounter permission errors, run the script with sudo.

Pre-built kernel modules are available from GitHub Actions CI builds:

1. Go to Actions tab
2. Select the latest successful workflow run
3. Download the build artifact for your kernel version

If you have your own Android kernel source tree:

# Set kernel source path
export KERNEL_SRC=/path/to/android/kernel/source

# Build the module
make

# Clean build artifacts
make clean

Note: Manual builds are only tested on kernel 6.1. No guarantees on other versions.

Click me for the connection guide.

• Diamorphine
• kernel-inline-hook-framework