Pwning ARM Debug Components for Sec-Related Stuff ...conference.hitb.org/hitbsecconf2017ams/materials/D2T4 - Muhama… · Pwning ARM Debug Components for Sec-Related Stu (HardBlare

Pwning ARM Debug Components for

Sec-Related Stuff (HardBlare project)

HITB COMMSEC

Muhammad Abdul WAHAB, Pascal COTRET

April 14, 2017

CentraleSupelec

Who am I ?

2nd year PhD Student at CentraleSuplec

E-mail: [email protected]

HardBlare project1 funded by CominLabs and Brittany region

1www.hardblare.cominlabs.ueb.eu

0

www.hardblare.cominlabs.ueb.eu

Outline

Outline

Motivation

ARM CoreSight components

Software Security

Conclusion

1

Motivation

Software Security

SoC = Hardcore CPU + FPGA (+ Peripherals)

Figure 1: Zynq SoC

Source: Xilinx 2

www.xilinx.com

Software Security

SoC = Hardcore CPU + FPGA (+ Peripherals)

Figure 1: Zynq SoC

Source: Xilinx 2

www.xilinx.com

Dynamic Information Flow Tracking (DIFT)

Information flow

Information flow is the transfer of information from an information

container c1 to c2 in a given process P.

c1 −→P

c2

Example

int a, b, w, x;

a = 11;

b = 5;

w = a * 2;

x = b + 1;

3

Dynamic Information Flow Tracking (DIFT)

Information flow

Information flow is the transfer of information from an information

container c1 to c2 in a given process P.

c1 −→P

c2

Example

int a, b, w, x;

a = 11;

b = 5;

w = a * 2;

x = b + 1; 3

DIFT: Dynamic Information Flow Tracking

Principle

• We attach labels called tags to such containers and specify an

information flow policy, i.e. relations between tags

• At runtime, we propagate tags to reflect information flows

that occur and detect any policy violation

4


Principle

• We attach labels called tags to such containers and specify an

information flow policy, i.e. relations between tags

• At runtime, we propagate tags to reflect information flows

that occur and detect any policy violation

4

DIFT Example: Memory corruption

Attacker overwrites return address and takes control

int idx = tainted_input; //stdin (> BUFFER SIZE)

buffer[idx] = x; // buffer overflow

set r1 ← &tainted input

load r2 ← M[r1]

add r4 ← r2 + r3

store M[r4] ← r5

T Data

r1:&input

r2:idx=input

r3:&buffer

r4:&buffer+idx

r5:x

T Data

Return Address

int buffer[Size]

5






load r2 ← M[r1]

add r4 ← r2 + r3

store M[r4] ← r5

T Data

r1:&input

r2:idx=input

r3:&buffer

r4:&buffer+idx

r5:x

T Data

Return Address

int buffer[Size]

5






load r2 ← M[r1]

add r4 ← r2 + r3

store M[r4] ← r5

T Data

r1:&input

r2:idx=input

r3:&buffer

r4:&buffer+idx

r5:x

T Data

Return Address

int buffer[Size]

5






load r2 ← M[r1]

add r4 ← r2 + r3

store M[r4] ← r5

T Data

r1:&input

r2:idx=input

r3:&buffer

r4:&buffer+idx

r5:x

T Data

Return Address

int buffer[Size]

5






load r2 ← M[r1]

add r4 ← r2 + r3

store M[r4] ← r5

T Data

r1:&input

r2:idx=input

r3:&buffer

r4:&buffer+idx

r5:x

T Data

Return Address

int buffer[Size]

5


DIFT principle

1. DIFT taints data from untrusted sources

• Extra tag bit per word marks if untrusted

2. Propagate taint during program execution

• Operations with tainted data produce tainted results

3. Check for unsafe uses of tainted data

Motivation

• Protection from low-level and high-level threats

• Program understanding

• Software testing and debugging

6


DIFT principle

1. DIFT taints data from untrusted sources

• Extra tag bit per word marks if untrusted

2. Propagate taint during program execution

• Operations with tainted data produce tainted results

3. Check for unsafe uses of tainted data

Motivation

• Protection from low-level and high-level threats

• Program understanding

• Software testing and debugging

6

DIFT - overview

Constraints

• Zedboard : Zynq SoC

• ARM Cortex-A9 dual core CPU

• Programmable Logic

• Linux OS

Main Goal: DIFT implementation

• How to recover information about each CPU instruction ?

7

ARM CoreSight components

Coresight components

A set of IP blocks providing HW-assisted system tracing

Figure 2: ARM Coresight components in Zynq SoC

Source: ARM CoreSight components TRM

8

http://infocenter.arm.com/help/topic/com.arm.doc.ddi0314h/DDI0314H_coresight_components_trm.pdf


A set of IP blocks providing HW-assisted system tracing

Figure 2: ARM Coresight components in Zynq SoC

Source: ARM CoreSight components TRM 8

http://infocenter.arm.com/help/topic/com.arm.doc.ddi0314h/DDI0314H_coresight_components_trm.pdf


Features

• Trace Filter (all code or

regions of code)

• Branch Broadcast

• Context ID comparator

• CycleAccurate tracing

• Timestamping

ELF Header

Program header table

Section 1

Section 2

...

...

Section n

Section header table

9


Features


regions of code)




• Timestamping

(i) MOV PC, LR

(ii) ADD R1, R2, R3

(iii) B 0x8084

9


Features


regions of code)




• Timestamping

(i) MOV PC, LR

(ii) ADD R1, R2, R3

(iii) B 0x8084

9

Trace generation

Address Instruction Trace, if any, with explanation

0x1000 MOV -

0x1004 ADD -

0x1008 B 0x1100 Direct branch taken. E atom generated.

0x1104 LDR -

0x110C CMP -

0x1110 BNE 0x1104 Direct branch taken. E atom generated.

0x1104 LDR -

0x1108 ADD -

0x110C CMP -

0x1110 BNE 0x1444 Direct branch not taken. N atom generated.

10

Trace generation


0x1000 MOV -

0x1004 ADD -


0x1104 LDR -

0x110C CMP -


0x1104 LDR -

0x1108 ADD -

0x110C CMP -


10

Trace generation


0x1000 MOV -

0x1004 ADD -


0x1104 LDR -

0x110C CMP -


0x1104 LDR -

0x1108 ADD -

0x110C CMP -


10

Configuration of CoreSight components

Fun fact: Unlocking CoreSight components

Write 0xC5ACCE55 to Lock Access Register

LeetSpeak of CSACCESS (CoreSight Access) ! î

1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e

2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/

3 # Con f i gu r e PTM components

4 echo 20 > mode

5 echo 1 > a d d r i d x

6 echo 0 > add r a c c t yp e



9 echo 8638 8684 > add r r ange

10 # Enable S ink (ETB or TPIU)

11 echo 1 > f8803000 . t p i u / e n a b l e s i n k

12 #echo 1 > f8801000 . e tb / e n a b l e s i n k

13 # Enable Source

14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e

15 # Launch Program

16 . / a p p l i c a t i o n . e l f

17 # Recover t r a c e

18 . / r e c o v e r t r a c e f p g a . e l f

19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n

Listing 1: Coresight configuration

11





4 echo 20 > mode









13 # Enable Source


15 # Launch Program

16 . / a p p l i c a t i o n . e l f





11





4 echo 20 > mode









13 # Enable Source


15 # Launch Program

16 . / a p p l i c a t i o n . e l f





11





4 echo 20 > mode









13 # Enable Source


15 # Launch Program

16 . / a p p l i c a t i o n . e l f





11





4 echo 20 > mode









13 # Enable Source


15 # Launch Program

16 . / a p p l i c a t i o n . e l f





11





4 echo 20 > mode









13 # Enable Source


15 # Launch Program

16 . / a p p l i c a t i o n . e l f





11

Example Trace

Code Source

1 i n t i ;

2 f o r ( i = 0 ; i < 10 ; i++)

Assembly

8638 for loop:

. . .

b 8654:

. . .

866c: bcc 8654

Trace

00 00 00 00 00 80 08 38 86 00

00 21 2a 2a 2a 2a 2a 2a 2a 2a

2a 2a 86 01 00 00 00 00 00 00

00 00

Decoded Trace

A-sync

Address 00008638, (I-sync

Context 00000000, IB 21)

Address 00008654, Branch

Address packet (x 10)

12

Example Trace

Code Source

1 i n t i ;

2 f o r ( i = 0 ; i < 10 ; i++)

Assembly

8638 for loop:

. . .

b 8654:

. . .

866c: bcc 8654

Trace

00 00 00 00 00 80 08 38 86 00

00 21 2a 2a 2a 2a 2a 2a 2a 2a

2a 2a 86 01 00 00 00 00 00 00

00 00

Decoded Trace

A-sync


Context 00000000, IB 21)



12

Example Trace

Code Source

1 i n t i ;

2 f o r ( i = 0 ; i < 10 ; i++)

Assembly

8638 for loop:

. . .

b 8654:

. . .

866c: bcc 8654

Trace

00 00 00 00 00 80 08 38 86 00

00 21 2a 2a 2a 2a 2a 2a 2a 2a

2a 2a 86 01 00 00 00 00 00 00

00 00

Decoded Trace

A-sync


Context 00000000, IB 21)



12

Example Trace

Code Source

1 i n t i ;

2 f o r ( i = 0 ; i < 10 ; i++)

Assembly

8638 for loop:

. . .

b 8654:

. . .

866c: bcc 8654

Trace

00 00 00 00 00 80 08 38 86 00

00 21 2a 2a 2a 2a 2a 2a 2a 2a

2a 2a 86 01 00 00 00 00 00 00

00 00

Decoded Trace

A-sync


Context 00000000, IB 21)



12

Example Trace

Figure 3: Control Flow Graph

Decoded Trace

A-sync


Context 00000000, IB 21)



13

CoreSight components - Performance overhead

choleski crc dft fir lu matrixnbody radix wht0

1,000

2,00079

5 935

208

13

2,65

9

2,33

9

1,05

7

1,16

0

6

794 93

5

208

12

2,65

7

2,34

0

1,05

3

1,15

9

6

Ave

rage

exec

uti

onti

me

(inµ

s)

trace disabled trace enabled

14

CoreSight components - Summary

Brief overview

• Trace .text section

• Recover all branch

addresses

• Reconstruct CFG of the

application

• PTM Non-intrusive

15


Brief overview



addresses


application


15


Brief overview



addresses


application


15


Brief overview



addresses


application


15

Software Security

DIFT


• CFG reconstruction on the FPGA

• What happens inside each basic block ?

Static code analysis

Example Instructions Output of static analysis

sub r0, r1, r2 r0 = r1 + r2

mov r3, r0 r3 = r0

str r1, [PC, #4] @Mem(PC+4) = r1

16

DIFT






sub r0, r1, r2 r0 = r1 + r2

mov r3, r0 r3 = r0

str r1, [PC, #4] @Mem(PC+4) = r1

16

DIFT






sub r0, r1, r2 r0 = r1 + r2

mov r3, r0 r3 = r0

str r1, [PC, #4] @Mem(PC+4) = r1

16

Overall architecture

ARM Cortex-A9

CPU 0

CoreSight Components PFT Decoder AXI BRAM

DIFT Coprocessor

Processing System (PS) Programmable Logic (PL)EMIOinterface

TRF

Config

interrupt

AXI GP

64 MB 32 MB

DDRMemory

(used by Linux OS)Tag

dependenciesTag space

32 MB

Heap and Stack (DIFT coproc.)

17

DIFT example: Data Leakage Prevention (DLP)

char buffer[20];

FILE *fs;

if(geteuid() != 0){ // user

fs = fopen("welcome", "r"); //public

if(!fs) exit (1);

} else { // root

fs = fopen("passwd", "r"); //secret

if(!fs) exit(1);

}

fread(buffer, 1, sizeof(buffer), fs);

fclose(fs);

printf("Buffer Value: %s \n", buffer);

18

DIFT example

1 root@zedboard−h a r d b l a r e : ca t welcome

2 WELCOME

3 root@zedboard−h a r d b l a r e : ca t passwd

4 MDP

5 root@zedboard−h a r d b l a r e : . / u s e c a s e

6 Bu f f e r Value : MDP

7 root@zedboard−h a r d b l a r e : sudo −u no rma l u s e r . / u s e c a s e

8 Bu f f e r Value : WELCOME

19

DIFT example


2 WELCOME


4 MDP





19

DIFT example


2 WELCOME


4 MDP





19

DIFT example

1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e

2 CPU1 : shutdown

3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed

4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed

5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed

6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed


8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d

9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d

10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d

11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d

20

DIFT example


2 CPU1 : shutdown










20

DIFT example


2 CPU1 : shutdown










20

DIFT example


2 CPU1 : shutdown










20

DIFT example


2 CPU1 : shutdown










20

DIFT example

1 /dev/mem opened .

2 Memory mapped at add r e s s 0 xb6 f f c 000 .

3 10508 1038 c 10520 10554 10560 10578 1057 c 10398 10594

105 a4

21

DIFT example

ARM Cortex-A9

CPU 0

CoreSight Components PFT Decoder AXI BRAM

DIFT Coprocessor

Processing System (PS) Programmable Logic (PL)EMIOinterface

TRF

Config

interrupt

AXI GP

64 MB 32 MB

DDRMemory

(used by Linux OS)Tag

dependenciesTag space

32 MB

Heap and Stack (DIFT coproc.)

22

DIFT example

1 root@zedboard−h a r d b l a r e :

2 t r a c e = 10508

3 t r a c e = 10554

4 t r a c e = 10578

5 t r a c e = 1057 c

6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0

8 tag ( r1 ) = 1

9 tag ( r2 ) = 0

10 tag ( r3 ) = 1

11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗

23

DIFT example


2 t r a c e = 10508

3 t r a c e = 10554

4 t r a c e = 10578

5 t r a c e = 1057 c

6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0

8 tag ( r1 ) = 1

9 tag ( r2 ) = 0

10 tag ( r3 ) = 1

11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗

23

DIFT example


2 t r a c e = 10508

3 t r a c e = 10554

4 t r a c e = 10578

5 t r a c e = 1057 c

6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0

8 tag ( r1 ) = 1

9 tag ( r2 ) = 0

10 tag ( r3 ) = 1

11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗

23

Preventing ROP attacks2

• On each function call,

copy the return address

into a special stack (called

shadow stack)

• On each function return,

compare LR register value

with one stored in shadow

stack

• Obtained with decoded

trace

• Dedicated component on

FPGA

2Yongje Lee et al. “Towards a Practical Solution to Detect Code Reuse

Attacks on ARM Mobile Devices”. In: HASP ’15. 2015.

24

Preventing ROP attacks2

• On each function call,

copy the return address

into a special stack (called

shadow stack)

• On each function return,

compare LR register value

with one stored in shadow

stack

• Obtained with decoded

trace

• Dedicated component on

FPGA

2Yongje Lee et al. “Towards a Practical Solution to Detect Code Reuse

Attacks on ARM Mobile Devices”. In: HASP ’15. 2015.

24

Software security - Summary

Brief overview

• Dynamic InformationFlow Tracking (DIFT)

• Overflows

• Data Leakage

Prevention

• SQL injection

• Code Reuse Attacks

• ROP

• JOP

25

Software security - Summary

Brief overview

• Dynamic InformationFlow Tracking (DIFT)

• Overflows

• Data Leakage

Prevention

• SQL injection

• Code Reuse Attacks

• ROP

• JOP

25

Conclusion

Conclusion

Take away

• CoreSight PTM allows to obtain runtime information

(Program Flow)

• Non-intrusive tracing → Negligible performance overhead

• Improve software security

Future perspectives

• Possible to take use of other debug components for security

• Intel Processor Trace

• STM (TI)

26

Conclusion

Take away

• CoreSight PTM allows to obtain runtime information

(Program Flow)

• Non-intrusive tracing → Negligible performance overhead

• Improve software security

Future perspectives

• Possible to take use of other debug components for security

• Intel Processor Trace

• STM (TI)

26

Acknowledgments

Thanks to

• CominLabs3 and Brittany Region

• Pascal COTRET

• Mounir NASR ALLAH

• My PhD supervisors

3http://www.cominlabs.ueb.eu/

27

http://www.cominlabs.ueb.eu/

Thank you !

Any questions ?

27

Bibliography

2004 2006 2008 2010 2012 2014 2016

Secure

Progr

amExe

cutio

nvia

DIF

T, Suhet

Al.

RAKSHA, Dal

ton

etAl.

FlexiT

aint,

Venka

tara

man

i etAl.

Off-c

ore

RAKSHA, Kannan

etAl.

FlexCor

e,D

eng

etAl.

HARMO

NI,D

eng

etAl.

PAU, Heoet

Al.

Documents

Pwning ARM Debug Components for Sec-Related Stuff ...conference.hitb.org/hitbsecconf2017ams/materials/D2T4 - Muhama… · Pwning ARM Debug Components for Sec-Related Stu (HardBlare