SpoofUname: The Definitive Tool for Kernel-Level System Spoofing

Ever needed to test how your software behaves on a different kernel version or system architecture, but didn't have a spare machine or VM handy? Maybe you're working on compatibility layers, writing security research tools, or just curious about how deep system identification really goes. SpoofUname tackles this niche but powerful need head-on.

Most userland tools that try to fake system info are just that—superficial. They change what an application sees, but the kernel itself still knows the truth. SpoofUname goes deeper, offering a more permanent and convincing illusion by patching the kernel's own data structures.

What It Does

SpoofUname is a kernel module that modifies the fundamental system identification data returned by the uname system call. By patching the kernel's uts_namespace structure, it can spoof the system name, kernel version, release, machine architecture, and domain name. This makes the changes visible to the entire system and all processes, not just a single application or shell session.

Why It's Cool

The clever part is in its approach. Instead of intercepting system calls in userland (which can be detected or bypassed), SpoofUname directly modifies the source data those calls reference. This makes the spoofing incredibly effective for testing software that performs deep system checks, or for creating consistent sandboxed environments that appear to be entirely different systems.

It's also surprisingly simple in its implementation. The module works by locating the init_uts_ns symbol—the kernel's global namespace structure—and overwriting its relevant string fields. When you load the module with parameters like sysname="Linux" version="#99", the kernel itself starts reporting that altered data.

Potential use cases include:

• Security research and vulnerability testing across "different" kernel versions.
• Developing and debugging cross-platform software on a single machine.
• Creating isolated development or testing environments that perfectly mimic a target system's kernel identity.

How to Try It

Important: This requires building and loading a kernel module, which needs root privileges and a matching kernel build environment. Use with caution, ideally in a virtual machine.

# 1. Clone the repository
git clone https://github.com/YangQi0408/SpoofUname
cd SpoofUname

# 2. Build the module (you'll need kernel headers installed)
make

# 3. Load the module with your desired parameters
sudo insmod spoof_uname.ko sysname="MyLinux" nodename="spoofed" release="6.9.0" version="#1 SMP Spoofed" machine="x86_64"

# 4. Verify the changes
uname -a

Check the project's README for detailed build requirements, parameter explanations, and the command to revert changes (sudo rmmod spoof_uname).

Final Thoughts

SpoofUname is a sharp, focused tool that does one thing exceptionally well. It's not for everyday use, but for developers and researchers in specific scenarios, it's a powerful trick to have up your sleeve. It demonstrates how a relatively small amount of kernel code can have a system-wide effect, which is always a fascinating concept. If you've ever been frustrated by superficial uname spoofing scripts, this project offers the definitive, kernel-level solution.

@githubprojects