breaking through another side
play

Breaking Through Another Side Bypassing Firmware Security Boundaries - PowerPoint PPT Presentation

Dec 01, 2022 β€’188 likes β€’968 views

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard

  1. Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet

  2. Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard technology is based on our own analysis and reverse-engineering 1 . Even with our best intents it may be inaccurate or contains errors. 1 Actually ~5 months of passionate reverse-engineering nights in Portland and Toulouse πŸ˜‰ 2

  3. What are the Security Boundaries in HW world? Limitations of current Threat Model βœ“ Security boundaries for firmware update process βœ“ Dissecting an Embedded Controller EC internals and previous attacks βœ“ Why is EC not a security boundary? βœ“ Breaking Lenovo EC update process βœ“ Deep dive into Bios Guard BIOS Guard internals (include BG script) βœ“ EC and BIOS Guard relations βœ“ Attack scenarios from BIOS and EC βœ“ 3

  4. What are Security Boundaries in HW world?

  5. How many 3 rd -party chips in your laptop? ❑ TPM module Boot oot Gu Guard BIOS OS Guard TX TXT ❑ USB controller ❑ Embedded Controller (EC) Network CPU Micr croco code ACM ❑ Fingerprint Reader Manage gement Graphics Engi gine ❑ Touchpad ❑ and many others Sensors AMT UEFI FI Fi Firmwa ware Embedded Image ge BMC Controller (EC) PMU PMU SMC 5

  6. Hardware Security Boundaries Most of those chips are: ❑ Not under direct control from laptop vendors ❑ Involved in security features implementation ❑ Connected to UEFI firmware (BIOS) ❑ Considered to generate trusted I/O ❑ Mostly out of the supervision scope of the main CPU How can we trust anything that is not under our system control? 6

  7. HW/FW Security != sum of all Boundaries Embedded Controller TPM GPU UEFI System Firmware SSD/RAID Network PMU BMC 7

  8. In current threat model HW is trusted πŸ˜‰ @uffeu @qrs x https :// github.com/nccgroup/TPMGenie 8

  9. Intel Boot Guard TOCTOU from SPI flash @qrs @peterbjornx Authenticated once != trusted forever 9 https://edk2-docs.gitbooks.io/security-advisory/content/bootguard-toctou-vulnerability.html

  10. BMC is inside trusted boundaries UEFI firmware blindly trust all hardware But hardware can attack UEFI firmware πŸ˜‰ https://airbus-seclab.github.io/ilo/ZERONIGHTS2018-Slides-EN-Turning_your_BMC_into_a_revolving_door-perigaud-gazet-czarny.pdf 10

  11. Why EC got our attention? We were researching BIOS Guard implementation on P50. Surprisingly to us, we found some relations between EC and BIOS Guard (will be discussed later in details). 11

  12. Dissecting Embedded Controller Our target platforms: Lenovo P50 and T540p

  13. What is an Embedded Controller (EC)? ❑ Small 32-bit microcontroller, power every laptop ❑ Responsible for multiple things ❑ Power management and battery life control ❑ Thermal control sensors ❑ Keyboard controller and dispatcher ❑ Also involved in security features implementation ❑ Manufacturing mode locks ❑ Keeping secrets outside of BIOS and NVRAM ❑ Intel BIOS Guard implementation 13

  14. Lenovo ThinkPad EC CPU ❑ Microchip MEC16xx family ❑ MEC1653 for Lenovo P50 ❑ MEC1633 for Lenovo P540p ❑ ROM size 280k SPI PCH SPI Flash ❑ ARC-625D processor core ❑ Multi-device advanced I/O controller LPC/SMBUS ❑ Collection of logical devices: ❑ Keyboard Controller (8042) Embedded ❑ ACPI EC Channels (4 of them) SPI EC Flash Controller ❑ Embedded Flash Interface ❑ etc. 14

  15. Modern EC SoC 15 http://ww1.microchip.com/downloads/en/DeviceDoc/00002338A.pdf

  16. Mapping Embedded Controller Endpoints

  17. " Logical devices [...] are peripherals that are located on the MEC16xx and are accessible to the Host over the LPC bus ." Low Pin Count (LPC) interface from EC point of view: ❑ Is itself a Logical Device (LD) ❑ Logical Device Number 0xC (LDN) ❑ Used to expose other LDs on the LPC bus ❑ Configuration registers (BAR) in the range FF_3360h - FF_3384h 17

  18. Methodology From EC: ❑ Identify LPC BAR configuration code ❑ Recover logical device  IO ports mapping ❑ EC’s endpoints exposed to host From host: ❑ Find UEFI/BIOS  EC communications ❑ EDK2 EFI_CPU_IO2_PROTOCOL ❑ Lenovo’s EcIoDxe and EcIoSmm modules 18

  19. Recovered mapping ❑ LDN00 (MAILBOX_INTERFACE) 0x1610 ❑ LDN01 (KEYBOARD_CONTROLLER_8042) 0x0060-0x0064 ❑ LDN02 (ACPI_EC_0) 0x0062-0x0066 ❑ LDN03 (ACPI_EC_1) 0x1600-0x1604 ❑ LDN04 (ACPI_EC_2) 0x1630-0x1634 ❑ LDN05 (ACPI_EC_3) 0x1618 ❑ LDN07 (UART) 0x03F8 ❑ LDN0E (EMBEDDED_FLASH_INTERFACE) 0x1612-0x1616 ❑ LDN11 (EM_INTERFACE_0) 0x1640 ❑ LDN20 (BIOS_DEBUG_PORT_0) 0x1608 ❑ LDN21 (BIOS_DEBUG_PORT_1) 0x160A ❑ LDN30 (unknown) 0x15E0 19

  20. Attacking EC Update Process

  21. Previous very cool works Alexandre Gazet Β«Sticky finger & KBC Custom ShopΒ», Recon 2011 ❑ http://esec-lab.sogeti.com/static/publications/11-recon-stickyfingers_slides.pdf Matthew Chapman Unlocking my Lenovo laptop ❑ http://zmatt.net/unlocking-my-lenovo-laptop-part-1/ Hamish Coleman Infrastructure for examining and patching Thinkpad embedded controller firmware ❑ https://github.com/hamishcoleman/thinkpad-ec 21

  22. EC firmware update process On many platforms EC firmware not authenticated just flashed "as is" ❑ Typical EC programming is just read/write to HW port ❑ Verification is about integrity of flashed bytes ❑ Authentication mostly implemented outside of EC https://github.com/system76/ecflash 22 https://github.com/hughsie/fwupd/tree/master/plugins/superio

  23. The ways to gain persistence on EC ❑ Physical access (most of the cases JTAG on EC chip not disabled) ❑ EC Update Tool from OS (usually the same tool as BIOS update) ❑ BIOS EC update DXE driver can be called from SMM or DXE shellcode ❑ All EC image authentication is happening in BIOS, architectural problem with TOCTOU by design hard to avoid 23

  24. Impact of EC update auth bypass 24

  25. Lenovo Thinkpad EC update process ❑ Target system: Lenovo Thinkpad T540p and P50 ❑ P50 EC chip: MEC1653 ❑ Update tools from OS initiate EC update process ❑ BIOS responsible for flashing and authenticating the update image EcFwUpdateDxe (0C396FCA-6BDA-4A15-B6A3-A6FA4544BDB7) πŸ˜‰ 25

  26. Lenovo Thinkpad EC update header 26

  27. Lenovo Thinkpad EC update process OS Lenovo EcFwUpdateDxe (not SMM) Lenovo TDK update tool map EC update set NVRAM var image to memory LenovoEcfwUpdate BIOS 27

  28. Lenovo Thinkpad EC update process OS Lenovo EcFwUpdateDxe (not SMM) Lenovo TDK update tool map EC update set NVRAM var image to memory LenovoEcfwUpdate BIOS 28

  29. T540p EC can be exploited from OS by simple EC command sequence replay Host flash access not locked πŸ˜‰ 29

  30. Boot Guard saves the day? ❑ 4 th Intel Core generation ❑ Measure/verified boot ❑ β€œHardware root of trust” ❑ Boot Guard coverage in the hand of OEMs Locked in n Hardware CPU CPU Boot Gua Guard Rese Re set Rese set Micr icrocode ACM Vector Locked in n BIOS OS Secu cure Boot IBB OS OS Loader (DXE XE + + BDS) S) (SEC SEC + + PE PEI) 30 https://medium.com/@matrosov/bypass-intel-boot-guard-cc05edfca3a9

  31. So can we just patch the EcFwUpdateModule again on P50?

  32. Lenovo Thinkpad EC signature check ❑ EC update image mapped from OS update tool (TDK) ❑ Validate CRC16 checksum of EC image is correct ❑ Copy SecureFlash public key to EC related HOB ❑ Calculate RSA_verify(ECFW_signature, HOB_pulickey) ❑ IF signature correct: global sign_correct = TRUE; ❑ IF sign_correct == TRUE update EC firmware 32

  33. Lenovo Thinkpad EC signature check ❑ EC update image mapped from OS update tool (TDK) ❑ Validate CRC16 checksum of EC image is correct ❑ Copy SecureFlash public key to EC related HOB ❑ Calculate RSA_verify(ECFW_signature, HOB_pulickey) ❑ IF signature correct: global sign_correct = TRUE; ❑ IF sign_correct == TRUE update EC firmware 33

  34. Lenovo P50 EC signature check flow EcFwUpdateDxe check if correct signature continue flash EC update 34

  35. Now, can we do the same attack with newer P50 ?

  36. P50 try-harder On Thinkpad P50 and newer: ❑ Stronger coupling of security boundaries ❑ Boot Guard IBB hash coverage is better ❑ And… 36

  37. P50 try-harder Host flash access needs to be enabled by additional command to unlock πŸ˜‰ ❑ On the EC mem_conf_is_bg_auth check a status bit ❑ Set when the EC receives a magic value ❑ Shared secret between the BIOS and the EC 37

  38. P50 try-harder ❑ Shared secret sent from the BIOS Can we simply replay it? πŸ˜‰ 38

  39. P50 try-harder Nope, reduced window of opportunity with sanity check: ❑ EcFwUpdateModule sends a new command: 0xDF ❑ Lock the EC update in early BIOS ❑ Authentication no more possible on EC without reset 39

  40. Lenovo disclosure timeline ❑ 05/30 - Submit issue to Lenovo PSIRT ❑ 06/03 – Joint call with Lenovo PSIRT, answered questions and submit additional information ❑ 07/11 – CVE assigned for T540p report -> CVE-2019-6171 ❑ 08/08 - Today is happy Disclosure day! Lenovo Security Advisory: https://support.lenovo.com/solutions/LEN-27764 Special thanks to Beverly Miller Alvarez from Lenovo PSIRT for her help in disclosure process! 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views β€’ 21 slides
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem CRT-RSA CRT-RSA having Low Hamming

403 views β€’ 25 slides
Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi) 04/30/2020 Hardwear.io About Me Daniel Moghimi @danielmgmi Security Researcher PhD Student @ WPI Microarchitectural Security Side

926 views β€’ 69 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views β€’ 68 slides
Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD Breaking down iD 15% Rendering Painting 21% Javascript 64% HTML A sample of what iD is doing behind the scenes Breaking down JS 13% Draw Vector

426 views β€’ 27 slides
ALWAYS BY YOUR SIDE Always by your side. to prevent, control and mitigate all kinds of

ALWAYS BY YOUR SIDE Always by your side. to prevent, control and mitigate all kinds of

ALWAYS BY YOUR SIDE Always by your side. to prevent, control and mitigate all kinds of property damage 1 Always by your side. WATER FIRE CLIMATE All crucial for human life. At the same time posing an unpredictable threat to valuable

829 views β€’ 57 slides
THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING p.1/31 OUTLINE Introduction Higgs sector Tree-level masses EWSB and fine-tuning Supersymmetric spectrum Dark

361 views β€’ 34 slides
SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1

SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1

1 SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1 Side 2 Side 1 Side 3 Side 4 1 2 2 1 Side 3 3 2 1 Counter-clockwise convention 1 2 3 3 y s 2 2 x s 1 2 i i 1 N i 1 2 N i i

647 views β€’ 53 slides
PROFILE OF Always By Your Side. A WORLD LEADER 1 Always By Your Side. All crucial for human

PROFILE OF Always By Your Side. A WORLD LEADER 1 Always By Your Side. All crucial for human

PROFILE OF Always By Your Side. A WORLD LEADER 1 Always By Your Side. All crucial for human life. At the same time posing an unpredictable threat to valuable property. Water Fire Climate 2 Always By Your Side. Enter Polygon. We

678 views β€’ 48 slides
Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier

Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier

Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier with a Prenup) Easier with a Prenup) Gregory S. Gregory S. William Williams, , Esq. Esq. Carr rruthe uthers & rs & Roth, P.A.

170 views β€’ 6 slides
The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking

The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking

The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking The Law Lyrics There I was completely wasting, out of work and down All inside it's so frustrating as I drift from town to town Feel as though

269 views β€’ 10 slides
Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives

Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives

3/22/2012 Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives Understand and use the key steps in breaking bad news. Confirm and be able to use effective methods of communication in breaking

245 views β€’ 8 slides
SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet,

SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet,

SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet, Iliopoulos Spontaneous SUSY Breaking 0 | H | 0 > 0 implies that SUSY is broken. 2 D a D a , V = F i F i + g 2 find models where F i = 0

249 views β€’ 24 slides
Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan

Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan

Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan Salinger Institut fr Informatik Freie Universitt Berlin What is side-by-side prog.? Study setup And why are we interested?

667 views β€’ 40 slides
EAST SIDE! STRONG SIDE! 2018-2019 August 23, 2018 Trojan Pride Call: East Side Response:

EAST SIDE! STRONG SIDE! 2018-2019 August 23, 2018 Trojan Pride Call: East Side Response:

EAST SIDE! STRONG SIDE! 2018-2019 August 23, 2018 Trojan Pride Call: East Side Response: Strong Side WCPSS Core Beliefs #1- Every student is uniquely capable and deserves to be challenged and engaged in relevant, rigorous , and meaningful

1.11k views β€’ 31 slides
Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele

Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele

Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele Brown MOA Senior Citizens Advisory Commission Senior Housing Forum Loussac Library October 22, 2014 Our Goal: All Anchorage residents have

496 views β€’ 36 slides
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript Bypassing browser

1.1k views β€’ 48 slides
Our Favorite XSS Filters/IDS and how to Attack Them Most recent version of slides can be

Our Favorite XSS Filters/IDS and how to Attack Them Most recent version of slides can be

Our Favorite XSS Filters/IDS and how to Attack Them Most recent version of slides can be obtained from blackhats website or http://p42.us/favxss/ About Us About Us Eduardo Vela (sirdarckcat) http://sirdarckcat.net/

1.2k views β€’ 108 slides
Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views β€’ 44 slides
802 802.1 .1x NA x NAC C & B & BYPASS SS TECHNI CHNIQUES QUES Hack in Paris 2017

802 802.1 .1x NA x NAC C & B & BYPASS SS TECHNI CHNIQUES QUES Hack in Paris 2017

802 802.1 .1x NA x NAC C & B & BYPASS SS TECHNI CHNIQUES QUES Hack in Paris 2017 Valrian LEGRAND ABOUT o Valrian LEGRAND, Security consultant and Penetration Tester at Orange CyberDefense o Breaking things is my job o Why

765 views β€’ 27 slides
Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me David Johansson (@securitybits) Security consultant since 2007 Helping clients design and build secure software Security training Based in

821 views β€’ 25 slides
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar

Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar

Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging Production networks are

929 views β€’ 50 slides
antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at

antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at

Easy ways to bypass antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at GovCERT-Hungary (SSNS) Email: attila.marosi@gmail.com Web: http://marosi.hu Twitter: @0xmaro Why? All of us use

285 views β€’ 16 slides
PRAGUE-6 Trial Off-Pump Versus On-Pump Coronary Artery Bypass Graft Surgery in Patients With

PRAGUE-6 Trial Off-Pump Versus On-Pump Coronary Artery Bypass Graft Surgery in Patients With

PRAGUE-6 Trial Off-Pump Versus On-Pump Coronary Artery Bypass Graft Surgery in Patients With EuroSCORE 6 Jan Hlavicka, Zbynek Straka, Stepan Jelinek, Petr Budera, Tomas Vanek, Petr Widimsky Cardiocenter Royal Vineyards, Third

310 views β€’ 17 slides

More recommend