Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BrianPerry
Employee
Employee

sk164752 - Installing DOOM on Gaia

Hello everyone, I work at one of the Checkpoint TACs. We had a little internal contest to see if we could get doom running on a Checkpoint firewall for fun. I managed to get it done and just finished the SK. Feel free to take a look at sk164752 for how it was done. It is general access so anyone should be able to view it.

 

Needless to say do not try this in production, you are increasing the attack surface of the operating system significantly by doing so.

 

Edit: It looks like management decided to make the SK internal, sorry guys.

Edit2: They did ok it to be posted on checkmates though, Please see below.

 

Symptoms

  • You want to run linux applications on Gaia.

  • You need to defeat the minions of hell.

Solution

Please note this procedure is not supported and not secure

Under no circumstances should this be done in a production environment

This is a proof of concept and for fun

Pre-requisites

  • An R80.30 Gateway running the 3.10 kernel as per sk152652

  • A bootable Ubuntu Live image - link

  • More spare time than sense

Installing a Debian chroot

  • Boot the R80.30 3.10 gateway from the Ubuntu Live Image

  • Ensure the live OS has an internet connection

  • Once booted installed debootstrap

    • sudo apt update    

    • sudo apt install debootstrap

  • Create a working environment and mount the Gaia file system

    • mkdir /home/ubuntu/installdir

    • sudo mount /dev/mapper/vg_splat-lv_current /home/ubuntu/installerdir

  • We will be installing Debian Jessie in the chroot, this is because Jessie runs Kernel 3.16 which is very close to the gaia Kernel 3.10. This will help ensure things run smoother.

  • Create the chroot environment, if you choose another chroot OS be sure to change the path

    • sudo mkdir /home/ubuntu/installdir/chroot

    • sudo mkdir /home/ubuntu/installdir/chroot/jessie

  • Use the following command to install Jessie this may take some time

    • sudo debootstrap --include locales --arch amd64 jessie /home/ubuntu/installdir/chroot/jessie

  • Once complete reboot and remove the Ubuntu installation media

Prepare the Chroot

  • To allow the chroot to properly communicate with the hardware of the machine we need to bind several mount points in the chroot, since this needs to be done at every boot I will provide a script below that binds these mounts. I placed this in the home directory of the admin user for ease of use.

Start of script

#!/bin/bash

mount --bind /proc /chroot/jessie/proc

mount --bind /sys /chroot/jessie/sys

mount --bind /dev /chroot/jessie/dev

mount --bind /dev/pts /chroot/jessie/dev/pts

End of script

  • Give the script the privileges it needs to run and run it

    • chmod 755 /home/admin/jessie.sh

    • cd /home/admin

    • ./jessie.sh

  • Create the default root users home directory

    • mkdir /chroot/jessie/home/admin

      • optionally you may bind the existing gaia /home/admin directory to the chroot by adding the below line to the script

      • mount --bind /home/admin /chroot/jessie/home/admin

  • Enter the chroot

    • chroot /chroot/jessie

Configure the Chroot

  • Set the dns server by adding a dns server of your preference to /etc/resolv.conf with vi

    • add "nameserver $IPgoesHere" to the file

  • Install vim because vi is terrible, the default repositories should be able to do this.

    • apt update

    • apt install vim

  • add the gaia hostname to /etc/hosts see below for an example, my hostname is DOOM

    • The first line of /etc/hosts should appear similar below but with your hostname127.0.0.1 localhost DOOM

  • add a complete list of jessie repositories to /etc/apt/sources.list by matching the contents below using vim

Start of sources.list

deb http://httpredir.debian.org/debian jessie main non-free contrib

deb-src http://httpredir.debian.org/debian jessie main non-free contrib

deb http://security.debian.org/debian-security jessie/updates main contrib non-free

deb-src http://security.debian.org/debian-security jessie/updates main contrib non-free

End of sources.list

  • Update the repository list using "apt update"

Create a non-root user

  • Install sudo

    • apt install sudo

  • create a new non-root user (in this case doom)

    • adduser doom

    • follow the prompts to set the password

  • Add the new user to the sudo group

    • usermod -aG sudo doom

 

Installing the desktop

  • Ensure the debian software selection with the following command

    • tasksel

  • Using the arrow keys and space bar select "Debian Desktop Environment" & "Xfce"

  • Use tab to select OK and enter to continue.

  • Wait for the needed packages to install (this will take several minutes)

  • You will be prompted to select your keyboard layout during this process, do so.

  • Once complete you will be back at the terminal

  • Installing the desktop will have overwritten /etc/resolv.conf

    • reset the dns server by adding a dns server of your preference to /etc/resolv.conf with vim

    • add "nameserver $IPgoesHere" to the file

  • Installing the desktop may have overwritten the hostname inside the chroot

    • test the hostname to see if its changed by using the hostname command

    • if it has changed, change it back by using the hostname command example below

    • hostname DOOM

    • make sure to edit the /etc/hostname file to match so it survives reboot

  • Install xrdp

    • apt install xrdp

  • exit the chroot (just type exit in the terminal)

  • add the following line to the jessie.sh script

    • chroot /chroot/jessie /etc/init.d/xrdp restart

    • This will ensure xrdp is started properly when spawning the chroot

  • Ensure that your firewall policy is either unloaded (fw unloadlocal) or add firewall rules that allow port 3389

  • re-add the full repository list as per the "Configure the Chroot" section, ensure you "apt update"

 

Login to the GUI and install DOOM

  • RDP to an ip of the gateway that is reachable

  • Use the default sesman-Xvnc module

  • Provide the username and password (do not log in with root use the non-root user we created earlier)

  • If all went well you should see the desktop

  • Open a terminal and install DOOM

    • sudo apt-get install doom-wad-shareware prboom

  • Start DOOM

    • /usr/games/prboom

Doom running on a Gaia firewall, note the xfce4 and xrdp processes running in attached screenshot.

 

 

 

16 Replies
Danny
Champion Champion
Champion

🙂 I also suggest psDooM (screenshots) as process manager for every firewall.

ss1

BrianPerry
Employee
Employee

I did not know psDooM was a thing! That's amazing, now you can kill -99 that pesky process (double barrel kill -9?)
Kurtis_Lanovaz
Employee
Employee

We need to modify psDoom to show the connection table instead of pid's.

 

 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @BrianPerry @Danny 

I would like DOOM or better GTA as Smart Colsolen plugin not as GAIA plugin😂.
You guys are the best! 👍

sc3.jpg

After this article you can also make  SK164752 public.

I hope no one read this comment from me.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
PhoneBoy
Admin
Admin

The geek version of Will it Blend is most definitely Does it Run DOOM?
Mark_Mitchell
Advisor

That is amazing! Definitely going to give this a go. 😄 with the free time that I don't have. 😉

Chris_Atkinson
Employee Employee
Employee

Gets my early vote for CheckMates contribution of the year 😉

CCSM R77/R80/ELITE
0 Kudos
_Val_
Admin
Admin

Oh boy...

0 Kudos
_Val_
Admin
Admin

@BrianPerry , the solution article you mentioned is internal. You are mentioning it in the public space though. Just saying

0 Kudos
Danny
Champion Champion
Champion

When @BrianPerry mentioned the sk it was indeed public. May I post a screen shot?

This was a one-of-a-kind moment sitting on my Mac, checking the SecureKnowledge RSS feed and realizing what just happened. DOOM officially made it onto Check Point GAiA, after it has been ported to printers, watches and almost everything else.

0 Kudos
_Val_
Admin
Admin

Sure, @Danny 

0 Kudos
Danny
Champion Champion
Champion

doom_on_gaia.png

_Val_
Admin
Admin

lol 🙂

0 Kudos
BrianPerry
Employee
Employee

It was originally general, management decided they didn't want it general due to it being not supported out right. They did give me the go ahead to add it to the checkmates post. So no worries there.

0 Kudos
Steve_Vandegaer
Contributor

Using 

iddad, idkfq,... for play?

0 Kudos
Thomas_Rossmann
Explorer

Is there also a LAN support for a multiplayer session included?
Of course for after business hours only. 😉

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events