It’s debatable just how useful Secure Boot is for end users, but now there’s yet another issue with Secure Boot, or more specifically, a trio of signed bootloaders. Researchers at Eclypsium have identified problems in the Eurosoft, CryptoPro, and New Horizon bootloaders. In the first two cases, a way-too-flexible UEFI shell allows raw memory access. A startup script doesn’t have to be signed, and can easily manipulate the boot process at will. The last issue is in the New Horizon Datasys product, which disables any signature checking for the rest of the boot process — while still reporting that secure boot is enabled. It’s unclear if this requires a config option, or is just totally broken by default.
The real issue is that if malware or an attacker can get write access to the EFI partition, one of these signed bootloaders can be added to the boot chain, along with some nasty payload, and the OS that eventually gets booted still sees Secure Boot enabled. It’s the perfect vehicle for really stealthy infections, similar to CosmicStrand, the malicious firmware we covered a few weeks ago.
Online gambling. Just like gambling in a casino, the house pretty much always wins, by design. But also like a real casino, there are some clever techniques like counting cards at Blackjack, that is just enough to shift the odds back into your favor. In that case, you keep track of how many big and small cards have been played, and adjust your bet accordingly. NCC Group looked into a “Big Six” online casino game — this one is a bit different from most online gambling, as there is a real person serving as the croupier. The Croupier spins the wheel that determines the outcome of the bets placed. Humans have something in common with computers, in that we’re both intrinsically terrible at producing good randomness.
They started by collecting data, and then analyzed it for notable patterns. A spread of over 7000 rounds of the game were crunched, and what popped out was a correlation between the position of the wheel just before betting was closed, and the winning number. Put simply, the croupier had a tendency to spin the wheel with the same force each time. A little computer vision and scripted betting, and they had a winning combination. How much winning? Just over a 20% return on investment after 1000 rounds.
Attack on Titan
The team at Quarkslab have something of a fascination with the Titan M, Google’s security chip on their Pixel phones. Among its other functions, the Titan provides a secure enclave for secrets. It communicates with the phone’s main processor over SPI, and has all the expected security features and mitigations to keep secrets safe. Well, almost all of them. The simple design of this dedicated processor also means that it doesn’t have any of the complex memory corruption protections that a more complicated processor might. It’s also simple enough that the memory layout is rather static.
Quarkslab’s first attack was to use their nosclient to send arbitrary messages to the Titan — black box fuzzing. Think of this as throwing spaghetti of all sizes up against the virtual wall to see if any stick, or rather crash. It’s definitely a worthwhile technique, and sometimes it’s all that’s available, but you usually cannot reach the more interesting code paths this way. These guys really know their way around the Titan M, so went with a different approach, emulating parts of the firmware, and fuzzing the emulated device. It’s tricky to pull off, and there are limitations as your emulation usually isn’t going to perfectly match the real hardware, but the advantage is that you can get at code paths that would be really difficult to randomly land on with fuzzing alone.
And find a bug they did. By sending an
0x01 can be written to a not-entirely-arbitrary out-of-bounds location. By including multiple tags in the request, this can be done several times in a fell swoop. It was a very limited, but solid, start. They key was to overwrite a pointer used by a different routine, the Keymaster request handler. The pointer was to where incoming requests would be copied to, and thus the attack starts to take shape. Use the one-byte primitive to poison the keymaster, then send a request that gets written to this new location. Through experimentation, they discovered that they could send 556 arbitrary bytes, followed by a memory address, and execution would jump to that address. It took a bit of doing, but with some Return Oriented Programming, this was enough to read memory from anywhere on the chip and send it back over the SPI bus to their client. The June security round-up from Google includes the fix for this very clever vulnerability.
KASLR Bypass on MacOS
One of the mitigations missing in the Titan M is Kernel Address Space Layout Randomization, but KASLR is quite present in MacOS, making kernel-level exploits that much harder to pull off. Or it should, except there’s a pretty big hole in the MacOS KASLR by design. That feature is hibernation, or more accurately, waking up from hibernation. There is a
__HIB kernel segment that is always mapped to the same address, and gets called as part of wakeup. Part of this segment is the
dblmap memory block, which actually gets mapped twice onto the virtual memory space. It is used, among other things, in the userspace/kernelspace context switch. Because of its availablity in usermode, it is vulnerable to reading through a Meltdown attack, and the pointers there give away the “slide” value — the KASLR base address. Even on a Meltdown-proof CPU, the
__HIB sector has some other uses. There’s lots more in the post, and it’s not likely to get fixed soon, so if MacOS exploitation is your thing, have fun!
If XNU hacking is above your pay-grade, like it is mine, then this tool might be more our speed.
wftis is a new tool that pulls from multiple sources, and acts like a revved up iteration of
whois. It pulls information from Virustotal, Passivetotal, and IPWhois to get data on the given domain name. If a weird domain shows up in your logs, wtfis might be the tool to turn to. It does require API keys for the first two services, but should work just fine on their free tier.
And finally, the weirdest bit of Internet lore I’ve come across recently. Many thanks to [mtxyz] on Discord for pointing out CVE-2022-38392, an old problem that’s just now coming to light. A laptop OEM discovered that the music video for Rhythm Nation would reliably cause their laptops to crash. Even weirder, playing the song on one laptop would make a nearby laptop crash as well. It was eventually discovered that the 5400 RPM hard drive shipped in those laptops had a resonant frequency that was energized by the song, leading to a temporary failure. The solution was a hard-coded frequency filter to pull out that frequency. Sounds a bit like shouting at hard drives in the data center. Enjoy: