wolfgang ettlinger stefan viehböck
TRANSCRIPT
Wolfgang EttlingerStefan Viehböck
BSidesViennaNinjaCon 11
Students at Upper Austria University of Applied Sciences▪ Campus Hagenberg▪ Secure Information Systems
2Volker Christian
History Idea Implementation Windows boot process Advantages Disadvantages Countermeasures
3
AKA boot (sector) viruses MBR viruses
Execution after BIOS before OS
Really old technology
4
Brain (1986) Stoned (1987) … eEye BootRoot (2005) Vboot Kit (2007) Vboot Kit 2 (2009) Stoned Bootkit (2009) TDL4/Alureon (2010/11)
5
INT 13h hook
BIOS Interrupt Handler
read from drive
Bootloader Code (real mode)
MOV AH, 02h
INT 13h
…
6
INT 13h hook
Interrupt Hook
patch memory
BIOS Interrupt Handler
read from drive
Bootloader Code (real mode)
MOV AH, 02h
INT 13h
…
7
Only way of retaining execution is hook No execution after Kernel boot BIOS interrupts not used any more patching of OS components for persistence▪ Kernel▪ (Boot) Drivers
Pattern matching fails if pattern is between two sectors
Detection?8
Use functionality of a multiprocessor system 1st CPU runs OS 2nd CPU modifies code/data in memory
9
1. Disable SMP2. Find a location to be executed from
10
11
12
OS shouldn’t overwrite code/data Find memory region that OS doesn’t use Use CPU cache as code storage Decrease available memory of OS by manipulating OS code easy to implement
Solution: Manipulate Boot‐Parameters (decrease memory by a few MB) Copy code to the end of physical memory
13
OS doesn’t initialize secondary CPUs (APs) Our code resides at the end of physical memory – invisible to the OS
A secondary CPU still executes code has access to physical memory
14
Bootkit relies on a “race‐condition” “Evil Core” has to disable SMP code before it is executed
15
16
17
18
T1 > T2 T1: Time needed to load remaining sectors T2: Time needed to check for Entry Point and to insert an infinite loop (0xEB,0xFE) T1 > T2 is very likely
19
Infinite loop at entry point CPU0 waits Time to make all patches needed Insert an infinite loop where the next code block is called (e.g. winload.exe –Ntoskrnl.exe)
Restore entry point
20
21
void ec_waitFor( char* search,size_t searchlen,OS_MEM* position);
OS_MEM* ec_searchFor( char* search,size_t searchlen);
OS_MEM* ec_searchFor_exact( char* search,size_t searchlen);
22
void ec_move_from_os( OS_MEM* source,char* destination,size_t len);
void ec_move_to_os( char* source,OS_MEM* destination,size_t len);
void ec_halt_cpu0( OS_MEM* position,short* instruction_backup);
void ec_resume_cpu0( OS_MEM* position,short* instruction_backup);
23
Supports Windows XP (32 Bit) Windows 7 (32/64 Bit) TrueCrypt Pre‐boot‐Authentication
Disables SMP/decreases available memory Survives complete boot process! Fun post‐boot patching
24
Objective get from BIOS to running Kernel
Roughly same for Windows Vista Windows Server 2008 Windows 7
32 Bit/64 Bit versions25
BIOS loads first sector of HDD (MBR) executes it
Master Boot Record (MBR) locates bootable partition loads and executes Volume Boot Record
26
Volume Boot Record (VBR) AKA partition boot sector, $boot first sector of \boot\ partition loads and executes Bootmgr
27
Bootmgr on \boot\ partition consists of 16 and 32‐bit part 16‐bit part ▪ checks Bootmgr integrity▪ unpacks 32‐bit part to 0x401000▪ sets up protected mode and executes 32‐bit part
28
Bootmgr 32‐bit part (PE file)▪ loads Boot Configuration Data (BCD)▪ successor of boot.ini▪ registry hive
▪ enforces some BCD options▪ enables paging▪ loads and executes %SystemRoot%\System32\Winload.exeand passes BCD to it
29
Winload.exe loads %SystemRoot%\System32\Config\SYSTEMHKEY_LOCAL_MACHINE\System▪ loads Drivers with Start Type “Boot” (0x0)
parses BCD▪ enforces some BCD options
createsLOADER_PARAMETER_BLOCK
loads Kernel + Kernel dependencies executes Kernel
30
not focus of this talk
31
typedef struct _LOADER_PARAMETER_BLOCK{…
CHAR * LoadOptions;…} LOADER_PARAMETER_BLOCK, *PLOADER_PARAMETER_BLOCK;
calculates checksums of critical Kernel structures/components SSDT (System Service Descriptor Table) GDT (Global Descriptor Table) IDT (Interrupt Descriptor Table) System images (ntoskrnl.exe, ndis.sys, hal.dll) Processor MSRs (syscall)
Kills OS if checksums don’t match (BSOD) Papers by skape/Skywing
Evil Core makes changes to Kernel Mode Code before PatchGuard initialization no detection
32
Checks if executable has valid digital signature uses hardcoded CAs
Used for Drivers Kernel Kernel dependencies
Enforced by Winload.exe Kernel (ci.dll)
“Evil Core” can disable Code Integrity checks
must be signed in 64 Bit versions
33
34
Places 2 strings in memory: “2ndProcessorTextSearch #!?&$%#...”
Waits for 2nd core to find strings (writes '\0' to string)
2nd core has position of both strings Shell can communicate with 2nd core (2 strings: input and output)
35
36
TrueCrypt Pre‐boot‐Authentication During boot TrueCrypt places struct BootArguments at 0x90010
Contains pre‐boot authentication passphrase Check for TC signature “TRUE\x11#Ef” at 0x90010
If present, copy passphrase from 0x90026 “Evil Core” copies passphrase to Shell memory
37
Searches relevant code of binary image “msv1_0.dll” in memorybool msv1_0!MsvpPasswordValidate
Replace with code that accepts all passwords No authentication for Winlogon.exe RUNAS local Network Shares ...
38
Windows accessibility option “Sticky Keys” 5x shift makes Winlogon.exe run sethc.exe
Patch Winlogon.exe to run cmd.exe to (always) run it with its own privileges (SYSTEM)
5x shift for SYSTEM shell
39
IDA Pro RE Patches
VMware RE▪ *.vmem files are useful
Testing▪ VMware GDB stub and GDB
Plop Boot Manager▪ booting from USB flash drive in VMware
40
It’s demo time!
41
Relatively easy to implement Control of physical memory throughout OS runtime No external device needed (cf. DMA attacks via IEEE 1394/PCI)
Interaction with I/O‐devices
▪ keyboard▪ mouse▪ network card▪ …
BUSesfurther research needed
42
One core missing Visible to user▪ patch Kernel to report +1 core
Decreased performance▪ give up the “Evil Core” after patching Kernelall cores available and Kernel patched
43
No knowledge of mappingphysical address virtual address reconstruction of the translation layer possible (Page Tables)
Swapping “Evil Core” can only patch data currently residing in physical memory
44
Obfuscation Checksum/cryptographic signature checks Code obfuscation (make RE more difficult)
Restrictions in BIOS setup only boot from HDD
Physical security Evil Maid attack
Disk Encryption with TPM
45
TPM collects data about the running system (including MBR, hardware configuration)
Stores that information (hashed) into a Platform Configuration Register (PCR)
With TPM_Seal the cryptographic key can be bound to a PCR‐Value
TPM_Unseal would fail, if the PCR is incorrect
46
Windows BitLocker▪ Windows Enterprise/Ultimate only
Sophos SafeGuard McAfee Endpoint Encryption TrueCrypt▪ no intention to support it
Linux eCryptfs tpmcrypt (alpha) trustedgrub + cryptsetup
commercial
47
48
Mail: wolfgang.ettlinger nosp@m gmail.com sviehboeck nosp@m gmail.com
Twitter: @ettisan @sviehb
49
50
Windows Internals, Fifth Edition Assessment of Windows Vista Kernel‐Mode Security (Symantec)
http://www.symantec.com/avcenter/reference/Windows_Vista_Kernel_Mode_Security.pdf eEye BootRoot (Slides) http://www.blackhat.com/presentations/bh‐usa‐05/bh‐us‐05‐
soeder.pdf Bypassing PatchGuard on Windows x64: http://www.uninformed.org/?v=3&a=3 Subverting PatchGuard Version 2: http://www.uninformed.org/?v=6&a=1 PatchGuard Reloaded : http://www.uninformed.org/?v=8&a=5 A quick insight into the Driver Signature Enforcement:
http://j00ru.vexillium.org/?p=377&lang=en Subverting Windows 7 x64 Kernel with DMA attacks:
http://esec‐lab.sogeti.com/dotclear/public/publications/10‐hitbamsterdam‐dmaattacks.pdf TPM Command Reference (Trusted Computing Group):
http://www.trustedcomputinggroup.org/files/static_page_files/72C33D71‐1A4B‐B294‐D02C7DF86630BE7C/TPM%20Main‐Part%203%20Commands_v1.2_rev116_01032011.pdf
TrueCrypt TPM statement http://www.truecrypt.org/faq#tpm
51