Javier López

you just got kernelroll’d ;)

09 Nov 2011

Rickrollin in kernel space ☺, this hack will intercept any system call to open multimedia files and replace them with rickrolling.mp3 😉

To set it up in Ubuntu 10.04 you’ll need systemtap:

$ sudo apt-get install systemtap

Systemtap requires the kernel debug symbols who cannot be installed from the repositories in lucid, although they can be installed from http://ddebs.ubuntu.com/pool/main/l/linux/.

In this particular case I’ve installed the 2.6.32 kernel:

$ sudo dpkg -l|grep linux-image
  ii  linux-image-2.6.32-34-generic
$ uname -m
  x86_64

Therefore I’ll download the following files(~450MB):

$ wget http://ddebs.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-34-generic-dbgsym_2.6.32-34.77_amd64.ddeb
$ sudo dpkg -i linux-image-2.6.32-34-generic-dbgsym_2.6.32-34.77_amd64.ddeb

Upon completion, the hack can be enabled this way:

$ sudo stap -e 'probe kernel.function("do_filp_open")\
 { p = kernel_string($pathname); l=strlen(p); \
 ext = substr(p, l - 4, l); if (ext == ".mp3" || ext == ".ogg" \
 || ext == ".mp4") { system("mplayer /path/to/rirckroll.mp3"); }}'

If you’re curious about other stap user cases, take a look at the documentation:

• http://sources.redhat.com/systemtap/

Related Entries:

• 01 Jan 2012 » bash autocompletion
• 18 Mar 2013 » improve boot performance in Ubuntu Precise and above
• 19 Nov 2013 » simple pxe setup