initial commitHEADmain

1 files changed, 46 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0ef76b0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# LOKI3
+
+This code was stolen from Phrack magazine. It is a 20+ year old backdoor
+for Linux, BSD, Solaris, ... which works over icmp.
+
+http://www.phrack.org/issues/49/6.html
+http://www.phrack.org/issues/51/6.html
+
+This code no longer compiled as of ~2016 I made it compile on modern
+systems with musl-gcc, so it will "just work".
+
+## Building
+
+### Install musl-gcc
+
+I use musl because the objects reusulting from static linking using
+gcc or clang do not work on older kernels.
+
+Installing is easy on Ubuntu 20.04:
+```
+apt install musl-tools
+```
+
+Cross compilers can be found here: https://musl.cc/
+
+### Building
+`make` will list the available targets.
+
+#### Linux
+`make linux`
+
+## Persistence
+
+If compiled with PERSISTENCE defined, lokid will install a SysV init
+script when SIGTERM is recieved. This signal is typically sent when
+the system is rebooted or the process is killed with `kill` or
+`killall` without specifying which signal to send (ex: kill -9 or kill
+-HUP send the SIGKILL and SIGHUP signals, respectively).
+
+When lokid is ran, it removes this persistence to avoid detection.
+
+## Process Masquerading
+
+This process masquerades itself as a kernel thread. See prochide.c for
+more details.
+