Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits

栏目: IT技术 · 发布时间: 4年前

内容简介:LKRG renders whole classes of kernel exploits ineffective, while making other exploits less reliable and more difficult to write; seeand. LKRG was developed by a security professional with reviews undertaken by other high profile security professionals; se

Introduction [ edit ]

L inux K ernel R untime G uard (LKRG) protects the kernel and can therefore improve the security of Linux desktop computers and Linux servers. LKRG isFreedom Software / Open Source.

LKRG renders whole classes of kernel exploits ineffective, while making other exploits less reliable and more difficult to write; seeand. LKRG was developed by a security professional with reviews undertaken by other high profile security professionals; see.

The focus of this wiki page is to provide simplified user documentation and easy installation of LKRG in Debian,Kicksecure, Qubes ,Whonix, and perhaps Debian-based Linux distributions. This is a lightweight software fork [archive] and no changes will be made to the core of LKRG. Packaging is only provided for Debian. Links to the official LKRG homepage [archive] and other original resources can be found.

Download [ edit ]

Type of Vulnerability Systems without LKRG Systems with LKRG versus malware un aware of LKRG Systems with LKRG versus malware specifically attempting to circumvent LKRG [bypass]
Kernel Read-Only Primitive Fail Safe Safe
Kernel Write-Only Primitive Fail Safe Safe
SWAPGS [archive] Bug Collective Fail Safe Safe
BadIRET [archive] Fail
SysRet [archive] Fail Safe Safe
Pop SS [archive] Fail Safe Safe
CVE-2017-6074 [archive] Fail
CVE-2017-5123 [archive] Fail
CVE-2017-1000112 [archive] Fail
Kernel Full Read/Write Primitive Fail Fail
User Space Vulnerability Fail Fail Fail
Dirty COW [archive] Fail Fail Fail
Malware / Trojan Horse [archive] in User Space Fail Fail Fail

LKRG Overview [ edit ]

This is only a very brief introduction, since LKRG technical details are not the focus of this chapter (see).

Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. As controversial as this concept is, LKRG attempts to post-detect and hopefully promptly respond to unauthorized modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection). For process credentials, LKRG attempts to detect the exploit and take action before the kernel would grant the process access (such as open a file) based on the unauthorized credentials.

The Linux Kernel Runtime Guard protects system by comparing hashes which are calculated from the most important kernel region / sections / structures with the internal database hashes. Additionally, special efforts have been made to individually protect all extensions of the kernel (modules). To make the project fully functional, the module should be initially loaded on a clean system – e.g. directly after installation or after booting clean system. At this moment it is possible to create a trusted database of hashes.

To learn more about LKRG, interested readers can:

Features [ edit ]

When the LKRG kernel module is configured and active, this provides a number of benefits:

  • Exploiting the Linux kernel becomes more difficult and very good vulnerabilities are required -- exploits require full read and write primitives and not every attack vector provides this. For instance, many vulnerabilities only give read or write primitives.There are some bugs which are never exploitable under LKRG, for example any ' SWAPGS [archive] ' bugs like BadIRET [archive] , SysRet [archive] and Pop SS [archive] .
  • LKRG defeats many pre-existing exploits of Linux kernel vulnerabilities.
  • LKRG will likely defeat many future exploits (including yet unknown vulnerabilities) that do not specifically attempt to bypass LKRG.
  • The primary aim is to detect the kernel exploitation process itself by identifying specific data corruption in the kernel. This means LKRG does not target any specific exploits, but instead tries to hunt down any exploitation process that is in progress.

In some cases malware might disable itself once LKRG is detected. In other words, LKRG might scare viruses to give up before they are even started. This is a known feature in some existing software to avoid detection and analysis. For example, the exploitation framework Metasploit [archive] already has code to check if LKRG is running and aborts in this case.Quote Metasploit pull request [archive] :

msf5 exploit(linux/local/bpf_sign_extension_priv_esc) > check

[+] System architecture x86_64 is supported
[+] Kernel version 4.4.0-89-generic appears to be vulnerable
[+] Kernel config has CONFIG_BPF_SYSCALL enabled
[+] Unprivileged BPF loading is permitted
[-] LKRG is installed
[*] The target is not exploitable.

Limitations [ edit ]

  • LKRG is bypassable by design [archive] , but this sometimes comes at the expense of more complicated and/or less reliable exploits.Very good (full read/write primitive) exploits are required before a bypass can be attempted as mentioned under.
  • Protections are afforded against attacks on the running kernel, but LKRG does not yet attempt to protect against a maliciously modified kernel at boot time.
  • LKRG protects the kernel, but does not protect user space [archive] . This means LKRG is incapable of stoppingmalware / viruses such as trojan horses [archive] .Nevertheless, LKRG is useful for protecting the host operating system or hardware, or preventing a virtual machine (VM) escape. For instance, before a VM escape can be attempted an exploit chain from user accountroot accountkernel access is often required.

Security [ edit ]

LKRG was created and reviewed by security professionals, see:Authorship and Reviews.

The cost of LKRG bypass is very high. 
LKRG current response to unauthorized process credentials is killing the process. This does defeat many exploits. 
LKRG testing on vulnerable distro kernels LKRG successfully detected certain pre-existing exploits of CVE-2014-9322 (BadIRET), CVE-2017-5123 (waitid(2) missing access_ok), CVE-2017-6074 (use-after-free in DCCP protocol). 

LKRG documentation provides a list of example kernel bugs [archive] that were foiled via the detection and killing of malicious processes:

On the other hand, LKRG is imperfect:

  • However, it wouldn't be expected to detect exploits of CVE-2016-5195 (Dirty COW) since those directly target the userspace even if via the kernel.
    
  • See also this demonstrated bypass [archive] .

The bypassable nature of LKRG is not a reason to avoid using it since it still eliminates whole classes of security vulnerabilities as mentioned in thechapter.

LKRG's current default mechanism to kernel integrity violations is merely reporting those in kernel messages; this obviously does not mitigate real attacks.However, the default setting at least allows attacks to be detected unless malware is specifically designed to filter out those log messages. Further, users that are willing to tolerate the risk of decreased system stability for better security hardening can opt-in to crashing the system rather than continuing to run a potentially malware-infected kernel.See.

Technical and other interested readers are recommended to watch the LKRG video presentation [archive] and consultsuch as the LKRG homepage to learn more about its security properties and design choices. These related discussions are also informative:

Known Issues [ edit ]

Performance Impact [ edit ]

No benchmarks have yet been performed, but it appears the performance penalty is around 2.5% for fully enabled LKRG.

LKRG Free vs LKRG Pro [ edit ]

Whonix ™ developer Patrick Schleizersaid [archive] :

Contacted upstream LKRG developers privately. To paraphrase: "We don’t oppose you packaging it. As long as LKRG exists, there will always be a free and libre version. There is no pro version yet. A hypothetical future pro version would not change that." In my words: "there won’t be a grsecurity alike situation where everything gets closed down". 

Quote LKRG wiki [archive] :

We will likely use GPLv2 at least for LKRG free. We might or might not use a different license for LKRG Pro, if we ever make it. 

Users who benefit from LKRG Free are encouraged to support its further development. However, at the time of writing they are not accepting donations:

We used to accept donations for LKRG via Patreon, but we currently don't. Some of our former supporters are listed in the PATREON file in LKRG distribution tarballs. 

Installation [ edit ]

Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Testers only!

Note : Users who require better security can Build the Linux Kernel Runtime Guard (LKRG) Debian Package from Source Code and verify software signatures before installation.

Logo Host Operating System Installation Instructions Note
Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Debian hosts Follow the instructions below to install from the Whonix ™ repository. Do not install LKRG on a Debian host if intending to run VirtualBox (such as Whonix ™) virtual machines (VMs) due to this known bug [archive] . LKRG can be installed inside VirtualBox guest VMs.
Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Non-Qubes-Whonix ™ Follow the installation instructions below. In Whonix ™, skip the following "Add Whonix ™ repository" step since it is already enabled by default.
Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Qubes OS [archive] Debian based VMs Follow these LKRG Qubes instructions .
Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Qubes-Whonix ™ Follow these LKRG Qubes-Whonix ™ instructions .
Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Other Linux distributions LKRG is available for most Linux distributions. Follow the installation instructions for non-Debian distributions on the official LKRG homepage [archive] .

Add Whonix ™ repository.

A) Download theSigning Key.

wget https://www.whonix.org/patrick.asc
wget https://www.whonix.org/patrick.asc

B) Optional: Check the Signing Key for better security.

C) Add Whonix's signing key.

sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg add ~/patrick.asc
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg add ~/patrick.asc

D) Add Whonix's APT repository.

echo "deb https://deb.whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
echo "deb https://deb.whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list

Install LKRG.

1. Update the package lists.

sudo apt-get update
sudo apt-get update

2. Install LKRG.

sudo apt-get install lkrg linux-headers-amd64
sudo apt-get install lkrg linux-headers-amd64

The LKRG installation is complete.

It is recommended to review optional hardening and other entries below, but this is not required.

Configuration [ edit ]

Note : All the possible configuration changes in this section are optional.

Legend:

CI
ED

Table: LKRG Configuration Options

Category Instructions
Basics All sysctl configuration options can be found here [archive] .
Block Module Loading Advanced users can block module functionality ( lkrg.block_modules ) with one of the following settings:
  • 0 - do NOT lock the kernel and allow to load kernel module
  • 1 - lock the kernel and do NOT allow to load kernel module

See also:module loading.

Current Configuration To view the current configuration, run.
sudo sysctl -a | grep lkrg
sudo sysctl -a | grep lkrg
Hardening - CI Panic - Crash Kernel when Code Integrity Violation It is possible to further improve the security provided by LKRG, but this can potentially lead to decreased system stability. Users that are willing to make this trade-off can opt-in to the following setting. LKRG developers have not enabled the following sysctl option by default since it can result in kernel panics and system crashes, or occasional false positives (integrity violations and/or exploits are detected when they don't really exist). See the LKRG homepage [archive]

. This might be the reason why LKRG developers did not yet enable kernel panic on CI failure by default.

Kernel panic on code integrity CI failure ( lkrg.ci_panic ) - two options are available:

  • 0 - do NOT crash the kernel on CI failure (default)
  • 1 - crash the kernel (call panic() ) on CI failure

The following command enables kernel panic on CI failure non-persistently until reboot.

sudo sysctl -w lkrg.force_run=1
sudo sysctl -w lkrg.force_run=1

The following procedure enables this feature persistently after reboot.

Open file /etc/sysctl.d/50_user.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive] . This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer tothis link.

sudoedit /etc/sysctl.d/50_user.conf
sudoedit /etc/sysctl.d/50_user.conf

Paste.

lkrg.ci_panic=1
lkrg.ci_panic=1

Save.

The procedure of enabling CI panic is complete.

Hardening - UMH Lock Better do not use for now. Breaks Whonix Firewall.
Hide LKRG Attempts to hide LKRG will not work because this feature is not yet functional; LKRG will still be detected.Another reason to keep LKRG visible is that malware might disable itself once LKRG is detected. In other words, LKRG might scare malware/viruses into giving up before even starting due to the potential threat of detection and analysis. For instance, the exploitation framework Metasploit already has code to check if LKRG is running and aborts in that case.

Usage [ edit ]

Once LKRG has been installed, little effort is required since it will protect the kernel without the user's knowledge and/or interaction. However, it is sensible to check that LKRG is running correctly and to monitor system logs for any suspicious entries. Check this entry at a later date for any additional recommendations.

To check systemd journal log for kernel messages by LKRG, run.

sudo journalctl -b | grep lkrg
sudo journalctl -b | grep lkrg

To keep watching systemd journal log for new LKRG messages, run.

sudo journalctl -b -f | grep lkrg
sudo journalctl -b -f | grep lkrg

While performing the commands above, it may be useful to open another console tab and manually run a LKRG integrity check.

sudo sysctl -w lkrg.force_run=1
sudo sysctl -w lkrg.force_run=1

At this stage a graphical user interface (GUI) is not provided that can proactively inform users who fail to analyze the systemd journal log for relevant LKRG messages. A GUI or popup notification might be developed later on --help is most welcome.

Authorship and Reviews [ edit ]

Table: LKRG Authorship and Reviews

Domain Notes
Developer LKRG was invented by Adam "pi3" Zabrocki in his spare time.Adam has an impressive professional record, including:
Professional Reviews A number of security experts have reviewed LKRG:
  • Alexander Peslyak aka "Solar Designer" has actively supported and challenged Adam Zabrocki during every step of LKRG's development.Alexander has impressive credentials as a security specialist; see footnote.
  • Brad Spengler (Spender), a developer of grsecurity [archive] , a security patch for the Linux kernel.
  • Rafal Wojtczuk, Security Architectin the Qubes OS core team.
  • The PaX [archive] Team.
Packaging

Patrick Schleizer, founder and lead developer ofWhonix ™ created the Debian packaging files with DKMS integration and thisthis wiki entry [archive] . This is a lightweight software fork [archive] homepage for LKRG, with a focus on easy installation, added user documentation, and integration withWhonix,Kicksecure, Debian, and other distributions. Core LKRG source code has not been reviewed, nor have any changes been made. The software fork source code can be found here [archive] .

Debugging [ edit ]

linux-image [ edit ]

dpkg -l | grep linux-image
dpkg -l | grep linux-image

Should include:

ii  linux-image-4.19.0-6-amd64                    4.19.67-2+deb10u2               amd64        Linux 4.19 for 64-bit PCs (signed)
ii  linux-image-amd64

linux-headers [ edit ]

dpkg -l | grep linux-head
dpkg -l | grep linux-head

Should include:

ii  linux-headers-4.19.0-6-amd64                  4.19.67-2+deb10u2               amd64        Header files for Linux 4.19.0-6-amd64
ii  linux-headers-4.19.0-6-common                 4.19.67-2+deb10u2               all          Common header files for Linux 4.19.0-6
ii  linux-headers-amd64

modinfo [ edit ]

sudo modinfo p_lkrg
sudo modinfo p_lkrg
filename:       /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko
license:        GPL v2
description:    pi3's Linux kernel Runtime Guard
author:         Adam 'pi3' Zabrocki (http://pi3.com.pl)
depends:        usbcore
retpoline:      Y
name:           p_lkrg
vermagic:       4.19.0-6-amd64 SMP mod_unload modversions 
parm:           p_init_log_level:Logging level init value [1 (alive) is default] (uint)

dkms status [ edit ]

sudo dkms status
sudo dkms status

Should include:

lkrg, 0.7, 4.19.0-6-amd64, x86_64: installed

Additional Resources [ edit ]

Forum Discussion [ edit ]

Upstream Resources [ edit ]

Upstream Mailing List Discussions [ edit ]

See Also [ edit ]

References [ edit ]

  1. Detecting CVE-2014-9322 (BadIRET) [archive]
  2. Detecting CVE-2017-6074 [archive]
  3. CVE-2017-1000112: memory corruption due to UFO to non-UFO path switch [archive]
  4. LKRG provides security through diversity in a similar fashion to running an uncommon operating system (kernel).
  5. https://www.openwall.com/lkrg/ [archive]
  6. https://openwall.info/wiki/p_lkrg/Main#What-is-LKRG [archive]
  7. https://www.youtube.com/watch?v=tOiPM692DOM [archive]
  8. At the fifty-third minute.
  9. https://www.openwall.com/lists/lkrg-users/2019/07/26/3 [archive]
  10. https://openwall.info/wiki/p_lkrg/Main#Examples [archive]
  11. https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/post/linux/kernel.rb#L235 [archive]
    cmd_exec('test -d /proc/sys/lkrg && echo true').to_s.strip.include? 'true'
  12. https://github.com/rapid7/metasploit-framework/pull/11085 [archive]
  13. https://www.openwall.com/lists/lkrg-users/2019/11/14/5 [archive]
  14. At the fifty-fifth minute.
  15. While in case of Dirty COW the LKRG "bypass" happened due to the nature of the bug and this being the way to exploit it, it's also a way for future exploits to bypass LKRG by similarly directly targeting userspace. It remains to be seen whether such exploits become common (unlikely unless LKRG or similar become popular?) and what (negative?) effect on their reliability this will have (for kernel vulnerabilities where directly targeting the userspace isn't essential and possibly not straightforward). 
    
  16. Running a kernel where integrity violations were detected.
  17. https://openwall.info/wiki/p_lkrg/Main#Donation [archive]
  18. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944476 [archive]
  19. make Linux Kernel Runtime Guard (LKRG) easily available in Qubes [archive]
  20. Only Intel and amd64 are supported at present, see: https://www.openwall.com/lists/lkrg-users/2018/07/31/3 [archive]
  21. Note that LKRG versioning is based on upstream's git master branch intention to remain in the "prerelease" stage. Quote Adam Zabrocki https://www.openwall.com/lists/lkrg-users/2019/11/11/1 [archive] We're trying to keep master branch stable and let's say in "prerelease" stage :)
  22. https://www.openwall.com/lists/lkrg-users/2019/02/19/1 [archive]
  23. Full lock down of the kernel's usermodehelper interface ( lkrg.umh_lock ). This might break things if your distro uses UMH to invoke any programs. Two options are available:
  24. sudo sysctl -w lkrg.hide=1
    lkrg.hide = 1
    
    user@debian-buster-standalone:~$ ls -la /proc/sys/lkrg
    total 0
    dr-xr-xr-x 1 root root 0 Nov 15 03:05 .
    dr-xr-xr-x 1 root root 0 Nov 15 03:04 ..
    -rw------- 1 root root 0 Nov 15 03:48 block_modules
    -rw------- 1 root root 0 Nov 15 03:48 ci_panic
    -rw------- 1 root root 0 Nov 15 04:18 clean_message
    -rw------- 1 root root 0 Nov 15 04:19 force_run
    -rw------- 1 root root 0 Nov 15 04:21 hide
    -rw------- 1 root root 0 Nov 15 03:48 log_level
    -rw------- 1 root root 0 Nov 15 03:48 random_events
    -rw------- 1 root root 0 Nov 15 04:02 smep_panic
    -rw------- 1 root root 0 Nov 15 03:48 timestamp
    -rw------- 1 root root 0 Nov 15 04:04 umh_lock
    
    user@debian-buster-standalone:~$ lsmod | grep lkrg
    usbcore               294912  1 p_lkrg
    
    user@debian-buster-standalone:~$ sudo sysctl -w  lkrg.hide=0
    lkrg.hide = 0
    
    user@debian-buster-standalone:~$ lsmod | grep lkrg
    p_lkrg                217088  -2
    usbcore               294912  1 p_lkrg
  25. Hiding ( lkrg.hide ) - if built with this optional feature included, LKRG can (un)hide itself from the module list ( but it can be detected regardless ):
  26. http://blog.pi3.com.pl [archive]
  27. https://www.openwall.com/lists/lkrg-users/2019/07/21/1 [archive]
  28. Quote wikipedia [archive] :
    Alexander Peslyak is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first heap-based buffer overflow exploitation technique as well as computer security protection techniques such as privilege separation for daemon processes. 
    Peslyak is the author of the widely popular password cracking tool John the Ripper. His code has also been used in various third-party operating systems, such as OpenBSD and Debian. 
    Peslyak has been the founder and leader of the Openwall Project since 1999. He is the founder of Openwall, Inc. and has been the CTO since 2003. He served as an advisory board member at the Open Source Computer Emergency Response Team (oCERT) from 2008 until oCERT's conclusion in August 2017. He also co-founded oss-security. 
    He has spoken at many international conferences, including FOSDEM and CanSecWest. He wrote the foreword to Michał Zalewski's 2005 book Silence on the Wire. 
    Alexander received the 2009 "Lifetime Achievement Award during the annual Pwnie Award at the Black Hat Security Conference. In 2015 Qualys acknowledged his help with the disclosure of a GNU C Library function buffer overflow (CVE-2015-0235). 
    
  29. https://github.com/omeg [archive]
  30. https://www.crunchbase.com/person/rafal-wojtczuk [archive]
  31. https://www.qubes-os.org/team/ [archive]
  32. PaX is a patch for the Linux kernel that implements least privilege protections for memory pages.

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

Follow : Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits

Donate : Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits

Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits

Share :|Facebook

Did you know that Whonix could provide protection against backdoors [archive] ? SeeVerifiable Builds [archive] . Help is wanted and welcomed.

Linux Kernel Runtime Guard (LKRG) – Kills Whole Classes of Kernel Exploits

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™ , thenEdit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive] . Unless otherwise noted, the content of this page iscopyrighted and licensed under the same Freedom Softwarelicense as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive] . Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive] .

Whonix ™ is produced independently from the Tor ® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to ourPrivacy Policy, Cookie Policy ,Terms of Service, andE-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. SeeImprint.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

The Dream Machine

The Dream Machine

M. Mitchell Waldrop / Penguin Books / 2002-8 / USD 16.00

While most people may not be familiar with the name J. C. R. Licklider, he was the guiding spirit behind the greatest revolution of the modern era. At a time when most computers were big, ponderous ma......一起来看看 《The Dream Machine》 这本书的介绍吧!

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具