Replace Text Read or Written by Any Program with eBPF
This program will replace all text in the file that matches 'input' with 'replace' text. There are many use cases for this, such as:
Hiding the kernel module 'joydev' to avoid detection by tools like 'lsmod':
Spoofing the MAC address of the 'eth0' interface:
Malware performing anti-sandbox checks may look for MAC addresses as an indication of whether it is running in a virtual machine or sandbox, rather than on a "real" machine.
Note: The lengths of 'input' and 'replace' must be the same to avoid introducing NULL characters in the middle of the text block. To input a newline character at a bash prompt, use
$'\n', for example