0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/156 Thanks! 1 00:00:12,680 --> 00:00:15,049 So then let me introduce Mr. Patrick 2 00:00:15,050 --> 00:00:18,109 Stewart, he is security researcher 3 00:00:18,110 --> 00:00:20,269 at Tubulin, and he talks today 4 00:00:20,270 --> 00:00:22,199 about the UM 5 00:00:23,330 --> 00:00:25,519 about placing malware in 6 00:00:25,520 --> 00:00:28,369 the Intel AMTI 7 00:00:28,370 --> 00:00:30,919 chips, which are in all modern 8 00:00:30,920 --> 00:00:33,109 into based computers that 9 00:00:33,110 --> 00:00:35,449 have been produced in the last five, 10 00:00:35,450 --> 00:00:37,129 six or seven years. 11 00:00:37,130 --> 00:00:39,109 And please give a warm round of applause 12 00:00:39,110 --> 00:00:40,280 to Mr. Patrick Stewart. 13 00:00:46,910 --> 00:00:49,129 Yeah, welcome to my talk 14 00:00:49,130 --> 00:00:51,109 about resistance, stealthy, remote 15 00:00:51,110 --> 00:00:52,969 controlled, dedicated hardware. 16 00:00:52,970 --> 00:00:55,069 All of them. You also see a second 17 00:00:55,070 --> 00:00:56,969 name on the TARDIS night healer. 18 00:00:56,970 --> 00:00:59,359 This trough, that means that everything 19 00:00:59,360 --> 00:01:00,889 that I will be presenting in the next 20 00:01:00,890 --> 00:01:03,049 hour is joint work what I did 21 00:01:03,050 --> 00:01:04,050 together of Huey. 22 00:01:05,030 --> 00:01:06,030 OK. 23 00:01:07,640 --> 00:01:10,189 A prominent example for 24 00:01:10,190 --> 00:01:12,379 resistance. The Femara is a 25 00:01:12,380 --> 00:01:14,659 rootkit, and the question is now why 26 00:01:14,660 --> 00:01:17,269 not just deploying 27 00:01:17,270 --> 00:01:18,979 a rootkit and userspace to attack a 28 00:01:18,980 --> 00:01:20,389 computer platform? 29 00:01:20,390 --> 00:01:22,669 Well, the point is that 30 00:01:22,670 --> 00:01:24,679 countermeasures applied in a more 31 00:01:24,680 --> 00:01:26,569 privileged layer here, and the current 32 00:01:26,570 --> 00:01:29,209 layer are more powerful, 33 00:01:29,210 --> 00:01:31,459 and that enables 34 00:01:33,620 --> 00:01:36,109 the defense not to reveal 35 00:01:36,110 --> 00:01:38,179 root kits that are applied in 36 00:01:38,180 --> 00:01:39,529 the user space. 37 00:01:39,530 --> 00:01:41,689 But it didn't take so long that 38 00:01:41,690 --> 00:01:44,089 the modern developers also 39 00:01:44,090 --> 00:01:46,369 recognized that the kernel space 40 00:01:46,370 --> 00:01:48,829 is more powerful, and that's why 41 00:01:48,830 --> 00:01:50,959 malware developers developed malware for 42 00:01:50,960 --> 00:01:52,549 the current space. 43 00:01:52,550 --> 00:01:55,009 And this resulted 44 00:01:55,010 --> 00:01:57,649 that the countermeasures 45 00:01:57,650 --> 00:01:59,809 moved to the hypervisor layer 46 00:01:59,810 --> 00:02:02,329 or to the virtual machine monitor layer. 47 00:02:02,330 --> 00:02:04,489 That's a layer. But can the privilege the 48 00:02:04,490 --> 00:02:06,649 operating system kernel to be 49 00:02:06,650 --> 00:02:08,929 able to host several operating 50 00:02:08,930 --> 00:02:10,999 systems in parallel 51 00:02:11,000 --> 00:02:13,219 on the same computer hardware? 52 00:02:13,220 --> 00:02:15,649 But guess what happens next? 53 00:02:15,650 --> 00:02:18,049 Also, the rootkits 54 00:02:18,050 --> 00:02:19,879 move to the hypo azalea. 55 00:02:19,880 --> 00:02:22,219 Prominent example is a blue 56 00:02:22,220 --> 00:02:24,679 pill or separate, and 57 00:02:24,680 --> 00:02:27,139 we can continue this arms race 58 00:02:27,140 --> 00:02:28,609 to the system management mode. 59 00:02:28,610 --> 00:02:31,219 That's the most privileged 60 00:02:31,220 --> 00:02:34,159 host processor mode on Intel platforms 61 00:02:34,160 --> 00:02:35,300 until we reach 62 00:02:36,680 --> 00:02:39,049 platform peripherals and 63 00:02:39,050 --> 00:02:41,329 platform peripherals 64 00:02:41,330 --> 00:02:43,459 are the focus of of 65 00:02:43,460 --> 00:02:46,039 our mother, but I will be presenting 66 00:02:46,040 --> 00:02:47,040 the next minutes 67 00:02:48,710 --> 00:02:51,589 when we talk about peripherals, we mean 68 00:02:51,590 --> 00:02:53,659 network interface cards, for example, or 69 00:02:53,660 --> 00:02:56,329 the video card or special 70 00:02:56,330 --> 00:02:58,669 microcontrollers that 71 00:02:58,670 --> 00:03:01,219 are somewhere in the chipset. 72 00:03:01,220 --> 00:03:03,799 And the point of peripherals 73 00:03:03,800 --> 00:03:06,049 is that they actually 74 00:03:06,050 --> 00:03:09,199 provide an own execution environment 75 00:03:09,200 --> 00:03:11,809 that means and on processor 76 00:03:11,810 --> 00:03:14,509 own RAM, and they can 77 00:03:14,510 --> 00:03:16,669 access the runtime memory 78 00:03:16,670 --> 00:03:19,039 of the host via a mechanism called direct 79 00:03:19,040 --> 00:03:20,869 memory access. 80 00:03:20,870 --> 00:03:23,329 And the good point for the attacker is 81 00:03:23,330 --> 00:03:25,939 that these environments are unconsidered 82 00:03:25,940 --> 00:03:28,159 by antivirus software, for 83 00:03:28,160 --> 00:03:29,539 example. 84 00:03:29,540 --> 00:03:31,879 And at this point, the 85 00:03:31,880 --> 00:03:33,859 anti-malware community has a problem 86 00:03:33,860 --> 00:03:36,139 because there is no more, more 87 00:03:36,140 --> 00:03:38,599 privileged layer that can be exploited 88 00:03:38,600 --> 00:03:40,069 for countermeasures. 89 00:03:40,070 --> 00:03:42,379 And that's why we 90 00:03:42,380 --> 00:03:44,289 did our research with peripherals, 91 00:03:45,320 --> 00:03:46,320 OK? 92 00:03:47,840 --> 00:03:49,909 This is an overview of the rest 93 00:03:49,910 --> 00:03:52,009 of my talk in the first 94 00:03:52,010 --> 00:03:52,939 part. 95 00:03:52,940 --> 00:03:55,099 I will present you a DMA 96 00:03:55,100 --> 00:03:56,449 based keystroke logger. 97 00:03:56,450 --> 00:03:58,129 Let me call Dega and charge. 98 00:04:00,110 --> 00:04:02,329 In the second part of my talk, I 99 00:04:02,330 --> 00:04:04,579 will present you an hour of bent 100 00:04:04,580 --> 00:04:06,979 network channel that is somehow isolated 101 00:04:06,980 --> 00:04:09,319 from the host system, and we explore 102 00:04:09,320 --> 00:04:12,469 that channel to stealthily exfiltrate 103 00:04:12,470 --> 00:04:14,569 captured keystroke to an external 104 00:04:14,570 --> 00:04:15,570 platform. 105 00:04:16,430 --> 00:04:18,499 And in the third part, we 106 00:04:18,500 --> 00:04:20,479 also did some research with a covert 107 00:04:20,480 --> 00:04:21,799 network channel because they are 108 00:04:21,800 --> 00:04:24,709 different. Network channels only 109 00:04:24,710 --> 00:04:27,049 stealthily fall off of the host system, 110 00:04:27,050 --> 00:04:29,419 but other systems that are monitoring 111 00:04:29,420 --> 00:04:30,979 the network can, of course, reveal the 112 00:04:30,980 --> 00:04:32,899 network packets sent by our keystroke 113 00:04:32,900 --> 00:04:34,009 logger. 114 00:04:34,010 --> 00:04:36,259 OK, now let's come 115 00:04:36,260 --> 00:04:38,689 to our DMA based 116 00:04:38,690 --> 00:04:39,690 keystroke logger. 117 00:04:40,970 --> 00:04:41,869 What is going? 118 00:04:41,870 --> 00:04:44,149 Some days ago, I was asked if 119 00:04:44,150 --> 00:04:45,979 Dagar has something to do with the Dego 120 00:04:45,980 --> 00:04:46,980 complex. 121 00:04:47,720 --> 00:04:50,149 The Dagar complex is a base 122 00:04:50,150 --> 00:04:53,029 of for US intelligence organizations 123 00:04:53,030 --> 00:04:55,579 that is operated on behalf of the NSA 124 00:04:55,580 --> 00:04:57,709 here in Germany and Darmstadt, to be more 125 00:04:57,710 --> 00:04:59,569 precise. 126 00:04:59,570 --> 00:05:02,299 And of course, one could think that 127 00:05:02,300 --> 00:05:04,819 keystroke logger is somehow related 128 00:05:04,820 --> 00:05:07,699 to surveillance attacks, 129 00:05:07,700 --> 00:05:09,769 but be assured the danger of it I will 130 00:05:09,770 --> 00:05:12,019 be presenting here is not related 131 00:05:12,020 --> 00:05:13,879 to the Dagar complex. 132 00:05:13,880 --> 00:05:15,949 So our our US actually part of 133 00:05:15,950 --> 00:05:18,529 an academic research project. 134 00:05:18,530 --> 00:05:20,989 It's written in C and AG for assembly. 135 00:05:20,990 --> 00:05:23,629 I will later explain why after an 136 00:05:23,630 --> 00:05:26,059 assembly, and it's 137 00:05:26,060 --> 00:05:28,459 actually not only a keystroke 138 00:05:28,460 --> 00:05:31,699 logger anymore, the updated 139 00:05:31,700 --> 00:05:33,829 Dega and I would later 140 00:05:33,830 --> 00:05:35,329 explain the updates. 141 00:05:35,330 --> 00:05:37,429 Of course, they can access the host 142 00:05:37,430 --> 00:05:39,529 runtime memory via DMA reads 143 00:05:39,530 --> 00:05:40,549 and writes. 144 00:05:40,550 --> 00:05:42,559 It uses the Adelaide, a network channel, 145 00:05:42,560 --> 00:05:44,629 and we can attack 32 146 00:05:44,630 --> 00:05:46,249 bit and 64. 147 00:05:46,250 --> 00:05:47,779 Orbit operating systems. 148 00:05:49,010 --> 00:05:51,469 So here on this slide, you see 149 00:05:51,470 --> 00:05:53,599 more detail to view of our 150 00:05:53,600 --> 00:05:55,869 tech environment, and what you see 151 00:05:55,870 --> 00:05:56,870 here is actually 152 00:05:58,070 --> 00:06:01,039 an Intel based Q30 five chipset. 153 00:06:01,040 --> 00:06:03,199 You see the memory controller, also 154 00:06:03,200 --> 00:06:05,509 known as Northbridge and the input 155 00:06:05,510 --> 00:06:06,949 output controller, also known as 156 00:06:06,950 --> 00:06:08,119 Southbridge. 157 00:06:08,120 --> 00:06:10,309 And our device that 158 00:06:10,310 --> 00:06:12,139 we explored to implement Dega is the 159 00:06:12,140 --> 00:06:14,569 so-called manageability engine, 160 00:06:14,570 --> 00:06:16,489 also known as management engine. 161 00:06:16,490 --> 00:06:19,699 And this device is incorporated 162 00:06:19,700 --> 00:06:21,649 into the memory controller. 163 00:06:21,650 --> 00:06:24,279 It consists of an arc for processor, 164 00:06:24,280 --> 00:06:25,909 and that's why we implemented some parts 165 00:06:25,910 --> 00:06:28,849 of Dega using ARC for assembly, 166 00:06:28,850 --> 00:06:31,099 and that processor is a 32 167 00:06:31,100 --> 00:06:34,159 bit risk processor. 168 00:06:34,160 --> 00:06:36,079 And it's not x86 compatible. 169 00:06:37,430 --> 00:06:39,379 The management engine also consists of 170 00:06:39,380 --> 00:06:41,629 some setup, some room 171 00:06:41,630 --> 00:06:44,059 for the put up code and, of course, 172 00:06:44,060 --> 00:06:45,079 a DMA engine. 173 00:06:46,100 --> 00:06:48,589 So for runtime 174 00:06:48,590 --> 00:06:50,419 data, for runtime code and data, 175 00:06:52,430 --> 00:06:54,559 the management engine uses some 176 00:06:54,560 --> 00:06:56,719 isolated part of the normal 177 00:06:56,720 --> 00:06:59,179 deram chip and the chipset 178 00:06:59,180 --> 00:07:01,069 and forces that only the management 179 00:07:01,070 --> 00:07:03,499 engine can access that part of 180 00:07:03,500 --> 00:07:04,669 the normal DRM. 181 00:07:04,670 --> 00:07:06,709 That means the operating system, your 182 00:07:06,710 --> 00:07:09,379 Windows, your Linux cannot access 183 00:07:09,380 --> 00:07:11,509 that part of the memory. 184 00:07:11,510 --> 00:07:13,969 So then he and the southbridge 185 00:07:13,970 --> 00:07:16,159 you have four out of 10 Channel 186 00:07:16,160 --> 00:07:18,379 Retrieval Data Explorer to exfiltrate our 187 00:07:18,380 --> 00:07:20,719 keystroke codes, and 188 00:07:20,720 --> 00:07:22,879 the management engine 189 00:07:22,880 --> 00:07:25,969 is used to execute some firmware. 190 00:07:25,970 --> 00:07:28,179 The firmware is based on the Threat 191 00:07:28,180 --> 00:07:30,769 X Real-Time Operating System 192 00:07:30,770 --> 00:07:32,659 and firmware, which can be executed on 193 00:07:32,660 --> 00:07:35,029 the management engine is, for example, 194 00:07:35,030 --> 00:07:37,849 Intel's active management technology. 195 00:07:37,850 --> 00:07:39,289 On the right hand side, you see an 196 00:07:39,290 --> 00:07:41,599 administrator tool that uses the Intel 197 00:07:41,600 --> 00:07:44,299 Active Management Technology to remotely 198 00:07:44,300 --> 00:07:46,369 boot into the bios of 199 00:07:46,370 --> 00:07:47,899 the target system. 200 00:07:47,900 --> 00:07:50,239 And as you can see here, 201 00:07:50,240 --> 00:07:52,489 the the actual operating system 202 00:07:52,490 --> 00:07:54,109 and the networks think of the operating 203 00:07:54,110 --> 00:07:56,299 system is not up and running if you boot 204 00:07:56,300 --> 00:07:57,349 into the bios. 205 00:07:57,350 --> 00:07:59,749 That means that this administration 206 00:07:59,750 --> 00:08:01,459 tool is quite quite powerful. 207 00:08:03,260 --> 00:08:05,930 Into its active management technology 208 00:08:07,040 --> 00:08:09,679 is mainly deployed 209 00:08:09,680 --> 00:08:12,109 on business computers. 210 00:08:12,110 --> 00:08:14,269 On other platforms, 211 00:08:14,270 --> 00:08:16,489 you find other firms such 212 00:08:16,490 --> 00:08:18,949 as Intel's Identity Protection Technology 213 00:08:18,950 --> 00:08:20,989 or anti-theft. 214 00:08:20,990 --> 00:08:23,329 OK, here's some more background 215 00:08:23,330 --> 00:08:24,330 information. 216 00:08:25,370 --> 00:08:27,619 First of all, you should know that 217 00:08:27,620 --> 00:08:29,929 there are actually two generations 218 00:08:29,930 --> 00:08:31,079 of the management engine. 219 00:08:31,080 --> 00:08:33,199 The first generation is 220 00:08:33,200 --> 00:08:35,658 based on the ARC tangent, A4 processor 221 00:08:35,659 --> 00:08:37,879 or in short, four, and the second 222 00:08:37,880 --> 00:08:40,189 generation is based on the outcompeted 223 00:08:40,190 --> 00:08:41,190 architecture. 224 00:08:43,130 --> 00:08:45,439 We use the first generation for 225 00:08:45,440 --> 00:08:47,599 Dego, but there's also 226 00:08:47,600 --> 00:08:50,509 some research related to 227 00:08:50,510 --> 00:08:53,029 to the second generation available. 228 00:08:53,030 --> 00:08:55,249 You should have a look at 229 00:08:55,250 --> 00:08:57,409 Igor's Gonski slides 230 00:08:57,410 --> 00:08:59,509 to talk rootkit in your 231 00:08:59,510 --> 00:09:01,420 laptop and 232 00:09:02,810 --> 00:09:05,299 that he published the first results 233 00:09:05,300 --> 00:09:07,039 regarding the second generation. 234 00:09:07,040 --> 00:09:09,169 And there's also 235 00:09:09,170 --> 00:09:11,869 another relatively new project 236 00:09:11,870 --> 00:09:14,029 that is related to the management engine, 237 00:09:14,030 --> 00:09:16,279 and that project wants 238 00:09:16,280 --> 00:09:18,289 to deploy free software 239 00:09:20,360 --> 00:09:22,139 on the management engine. 240 00:09:22,140 --> 00:09:24,949 And the goal is to to actually deploy 241 00:09:24,950 --> 00:09:27,409 and replacement compatible 242 00:09:27,410 --> 00:09:29,929 with the core boot from them. 243 00:09:29,930 --> 00:09:31,759 If you are more interested in that 244 00:09:31,760 --> 00:09:33,889 project, then you can visit 245 00:09:33,890 --> 00:09:36,079 the web page of Project That page 246 00:09:36,080 --> 00:09:38,719 into repro web page. 247 00:09:38,720 --> 00:09:40,939 Or if you want to talk with 248 00:09:40,940 --> 00:09:43,729 these guys face to face, just visit 249 00:09:43,730 --> 00:09:45,799 the assembly here at the Congress. 250 00:09:46,970 --> 00:09:47,970 Okay. 251 00:09:49,280 --> 00:09:51,439 Another point is, or another 252 00:09:51,440 --> 00:09:52,610 important point is 253 00:09:53,630 --> 00:09:55,999 that the management engine 254 00:09:56,000 --> 00:09:58,129 had actually a predecessor, 255 00:09:58,130 --> 00:10:00,469 and maybe you remember a 256 00:10:00,470 --> 00:10:02,509 Super Nintendo video game from the 257 00:10:02,510 --> 00:10:03,669 beginning of the 90s. 258 00:10:04,940 --> 00:10:06,499 That's a screenshot on the right hand 259 00:10:06,500 --> 00:10:07,789 side. 260 00:10:07,790 --> 00:10:10,279 The game is called starring and attached, 261 00:10:10,280 --> 00:10:12,379 had amazing computer graphics for that 262 00:10:12,380 --> 00:10:14,509 time and to implement such 263 00:10:14,510 --> 00:10:15,709 kind of graphics. 264 00:10:15,710 --> 00:10:18,049 The cartridge that you had to plug 265 00:10:18,050 --> 00:10:19,939 into your Super Nintendo had an 266 00:10:19,940 --> 00:10:22,039 additional chip that was called the Mario 267 00:10:22,040 --> 00:10:24,349 Chip, and that Mario 268 00:10:24,350 --> 00:10:26,569 Chip was later renamed 269 00:10:26,570 --> 00:10:29,389 to super effects and 270 00:10:29,390 --> 00:10:31,549 again later it was renamed to 271 00:10:31,550 --> 00:10:33,769 ARG because it was a predecessor 272 00:10:33,770 --> 00:10:35,449 of the ARC technology. 273 00:10:35,450 --> 00:10:37,729 What we have nowadays and our entire 274 00:10:37,730 --> 00:10:39,979 platforms and 275 00:10:39,980 --> 00:10:42,649 the main character of the styling 276 00:10:42,650 --> 00:10:44,869 game was called Star Fox 277 00:10:44,870 --> 00:10:45,870 and. 278 00:10:46,700 --> 00:10:49,339 Staff wonks use the art technology 279 00:10:49,340 --> 00:10:51,499 to, of course, rescue 280 00:10:51,500 --> 00:10:53,719 the universe, and this clearly 281 00:10:53,720 --> 00:10:55,789 demonstrates or also demonstrates how 282 00:10:55,790 --> 00:10:58,159 powerful the art technology 283 00:10:58,160 --> 00:11:00,229 actually is and. 284 00:11:05,880 --> 00:11:08,089 Do. Do we know what what happened to 285 00:11:08,090 --> 00:11:09,149 Star Fox? 286 00:11:09,150 --> 00:11:10,399 I don't know. 287 00:11:10,400 --> 00:11:12,769 And neither us into and 288 00:11:12,770 --> 00:11:14,869 that's why into this, 289 00:11:14,870 --> 00:11:17,459 um, completely alone 290 00:11:17,460 --> 00:11:19,639 responsible for making 291 00:11:19,640 --> 00:11:23,029 the environment bulletproof. 292 00:11:23,030 --> 00:11:25,459 And they do so by applying 293 00:11:25,460 --> 00:11:27,259 a bunch of security mechanisms. 294 00:11:27,260 --> 00:11:29,359 For example, they use signed 295 00:11:29,360 --> 00:11:31,459 firmware images, and they also 296 00:11:31,460 --> 00:11:33,829 apply a measured launch mechanism. 297 00:11:33,830 --> 00:11:36,169 That means before the firmware 298 00:11:36,170 --> 00:11:37,939 gets executed, the hash value is still 299 00:11:37,940 --> 00:11:39,979 rife and that hash value is compared with 300 00:11:39,980 --> 00:11:42,139 a well known reference 301 00:11:42,140 --> 00:11:44,239 value and for the lock in 302 00:11:44,240 --> 00:11:45,920 or remote locking in capabilities. 303 00:11:46,970 --> 00:11:49,249 And there are also some excess control 304 00:11:49,250 --> 00:11:51,139 mechanisms in place. 305 00:11:51,140 --> 00:11:53,299 So the question is now how do we 306 00:11:53,300 --> 00:11:55,189 infiltrate the target platform of our 307 00:11:55,190 --> 00:11:57,289 data? Yeah, we just 308 00:11:57,290 --> 00:11:59,929 use a known exploit that was 309 00:11:59,930 --> 00:12:02,909 covered by the invisible things lab guys. 310 00:12:02,910 --> 00:12:04,879 And if you are also interested in this 311 00:12:04,880 --> 00:12:07,159 kind of research, you should check 312 00:12:07,160 --> 00:12:09,889 their slides from the Black Hat 2009 313 00:12:09,890 --> 00:12:11,989 conference. I think because 314 00:12:11,990 --> 00:12:14,299 it's a very good starting point. 315 00:12:14,300 --> 00:12:15,300 OK. 316 00:12:15,890 --> 00:12:18,289 Back to Dega I want to actually 317 00:12:18,290 --> 00:12:21,439 target is the keyboard buffer. 318 00:12:21,440 --> 00:12:23,599 Um, because we want to capture keystroke 319 00:12:23,600 --> 00:12:25,699 codes and the 320 00:12:25,700 --> 00:12:28,069 operating system loads a driver 321 00:12:28,070 --> 00:12:30,379 for the keyboard. And then that driver, 322 00:12:30,380 --> 00:12:32,959 you can find the keyboard 323 00:12:32,960 --> 00:12:33,919 buffer. 324 00:12:33,920 --> 00:12:36,079 So now let's dig into the kernel 325 00:12:36,080 --> 00:12:38,929 memory to find the keyboard buffer. 326 00:12:38,930 --> 00:12:41,119 We implemented 327 00:12:41,120 --> 00:12:43,339 two search strategies one for 328 00:12:43,340 --> 00:12:45,469 Linux targets and the other one 329 00:12:45,470 --> 00:12:47,169 for wellness targets. 330 00:12:47,170 --> 00:12:48,170 You see 331 00:12:49,430 --> 00:12:52,429 the strategy for our Linux targets. 332 00:12:52,430 --> 00:12:54,499 What we try to do is we try 333 00:12:54,500 --> 00:12:56,989 to find two 334 00:12:56,990 --> 00:12:58,009 memory snapshots. 335 00:12:58,010 --> 00:12:59,839 The first one is called USP Request 336 00:12:59,840 --> 00:13:01,729 Block, and the other one is called use 337 00:13:01,730 --> 00:13:03,619 wise and. 338 00:13:05,360 --> 00:13:06,710 We check if 339 00:13:08,780 --> 00:13:11,239 the pointer is aligned 340 00:13:11,240 --> 00:13:14,119 to zero x 400 341 00:13:14,120 --> 00:13:16,189 and if another feel 342 00:13:16,190 --> 00:13:18,709 it's called transfer DMA, 343 00:13:18,710 --> 00:13:21,769 it's a nine to zero x 20, 344 00:13:21,770 --> 00:13:23,989 and the transfer DMA field 345 00:13:23,990 --> 00:13:26,269 actually represents the keyboard buffer 346 00:13:27,470 --> 00:13:29,149 or the physical address of the keyboard 347 00:13:29,150 --> 00:13:31,459 buffer. And if both conditions 348 00:13:31,460 --> 00:13:33,559 are true, we follow the point 349 00:13:33,560 --> 00:13:34,560 on two of the. 350 00:13:35,440 --> 00:13:37,989 You the device structure 351 00:13:37,990 --> 00:13:40,029 to check the product string because you 352 00:13:40,030 --> 00:13:42,999 have more than just one USB device 353 00:13:43,000 --> 00:13:44,769 plucked to your computer. 354 00:13:44,770 --> 00:13:47,229 And if the product string contains 355 00:13:47,230 --> 00:13:49,449 some strings, USB and keyboard, 356 00:13:49,450 --> 00:13:51,999 then we know that we found 357 00:13:52,000 --> 00:13:54,159 the correct structure for the USB 358 00:13:54,160 --> 00:13:55,569 keyboard. 359 00:13:55,570 --> 00:13:58,359 The last final check is that we 360 00:13:58,360 --> 00:14:00,459 look into the keyboard of this 361 00:14:00,460 --> 00:14:03,339 any garbage, okay, 362 00:14:03,340 --> 00:14:05,970 to be able to follow the pointer. 363 00:14:07,210 --> 00:14:09,399 You have to note that 364 00:14:09,400 --> 00:14:11,860 the atenco that uses the DMA engine 365 00:14:13,120 --> 00:14:15,489 works with physical memory addresses, but 366 00:14:15,490 --> 00:14:17,379 the operating system actually works with 367 00:14:17,380 --> 00:14:19,059 virtual memory addresses, and you have to 368 00:14:19,060 --> 00:14:20,979 found a way to map the virtual memory 369 00:14:20,980 --> 00:14:22,809 addresses to physical ones. 370 00:14:24,010 --> 00:14:25,869 And the Linux that is actually quite 371 00:14:25,870 --> 00:14:28,479 simple you have to subtract 372 00:14:28,480 --> 00:14:30,669 a constant offset for 373 00:14:30,670 --> 00:14:33,849 32 bit Linux systems, it's 374 00:14:33,850 --> 00:14:36,009 zero XY, zero zero zero and so 375 00:14:36,010 --> 00:14:38,349 on. And for 64 bit 376 00:14:38,350 --> 00:14:40,449 Linux operating systems, you can 377 00:14:40,450 --> 00:14:42,759 just look up the offsets 378 00:14:42,760 --> 00:14:44,339 in the documentation. 379 00:14:44,340 --> 00:14:46,449 The MDOT text 380 00:14:46,450 --> 00:14:48,609 file consists a table that is 381 00:14:48,610 --> 00:14:50,349 visualized on the right hand side, and 382 00:14:50,350 --> 00:14:52,509 then you can just pick the correct 383 00:14:52,510 --> 00:14:54,099 offset that you have to subtract to 384 00:14:54,100 --> 00:14:55,100 follow your point on. 385 00:14:56,110 --> 00:14:58,569 OK. That was the 386 00:14:58,570 --> 00:15:00,579 strategy for Linux. 387 00:15:00,580 --> 00:15:03,169 Now let's come to Windows. 388 00:15:03,170 --> 00:15:05,289 Um, for Windows, everything gets 389 00:15:05,290 --> 00:15:07,059 more complicated. 390 00:15:07,060 --> 00:15:09,249 First of all, because 391 00:15:09,250 --> 00:15:11,769 of you now, 392 00:15:11,770 --> 00:15:13,809 you haven't had any access to the source 393 00:15:13,810 --> 00:15:16,449 code source code, of course. 394 00:15:16,450 --> 00:15:18,939 And we had to to to reverse 395 00:15:18,940 --> 00:15:21,099 engineer a lot of things using 396 00:15:21,100 --> 00:15:23,259 IDE approach. The Windows debugger and 397 00:15:23,260 --> 00:15:26,049 also debug symbols provided by Microsoft. 398 00:15:26,050 --> 00:15:28,179 And another point is that if you want to 399 00:15:28,180 --> 00:15:30,609 follow point us, 400 00:15:30,610 --> 00:15:33,249 you cannot just subtract offsets 401 00:15:33,250 --> 00:15:35,029 and the windows. You have to work with 402 00:15:35,030 --> 00:15:37,239 the page tables that are also 403 00:15:37,240 --> 00:15:39,129 used by the operating system. 404 00:15:39,130 --> 00:15:41,469 So that means you had to find the page 405 00:15:41,470 --> 00:15:43,539 tables and the runtime memory of 406 00:15:43,540 --> 00:15:44,889 the operating system. 407 00:15:44,890 --> 00:15:47,619 And we also had to to implement 408 00:15:47,620 --> 00:15:49,119 a page table for us. 409 00:15:49,120 --> 00:15:51,069 I rhythm and dig up. 410 00:15:51,070 --> 00:15:53,109 This is what we did. 411 00:15:53,110 --> 00:15:55,209 And still we had 412 00:15:55,210 --> 00:15:57,969 to find the keyboard boyfriend. 413 00:15:57,970 --> 00:16:00,189 And after hours and hours 414 00:16:00,190 --> 00:16:02,409 using Ida and Co, we came up 415 00:16:02,410 --> 00:16:05,319 with the following search path. 416 00:16:05,320 --> 00:16:07,239 He figured out what a good starting point 417 00:16:07,240 --> 00:16:09,669 is a so-called K I initial 418 00:16:09,670 --> 00:16:12,009 picture structure k i 419 00:16:12,010 --> 00:16:14,109 means kernel image PCR 420 00:16:14,110 --> 00:16:17,049 means process or control region, 421 00:16:17,050 --> 00:16:19,329 and that structure, 422 00:16:19,330 --> 00:16:21,429 uh, led us 423 00:16:21,430 --> 00:16:24,159 to another structure called 424 00:16:24,160 --> 00:16:26,979 debug a data block. 425 00:16:26,980 --> 00:16:29,139 And that led us to 426 00:16:29,140 --> 00:16:31,839 the next structure called Object 427 00:16:31,840 --> 00:16:33,669 Manager Namespace Directory. 428 00:16:33,670 --> 00:16:36,249 And that namespace directory 429 00:16:36,250 --> 00:16:38,679 contains a UM 430 00:16:38,680 --> 00:16:42,159 object directory driver 431 00:16:42,160 --> 00:16:43,389 and that 432 00:16:45,310 --> 00:16:47,529 includes the keyboard 433 00:16:47,530 --> 00:16:49,599 human input device driver. 434 00:16:49,600 --> 00:16:51,789 That means the device driver for the USB 435 00:16:51,790 --> 00:16:52,959 keyboard. 436 00:16:52,960 --> 00:16:54,970 Um, that? 437 00:16:55,980 --> 00:16:59,079 In turn, contains a device object, 438 00:16:59,080 --> 00:17:00,939 and the device object contains a device 439 00:17:00,940 --> 00:17:02,949 extension, and the device extension 440 00:17:02,950 --> 00:17:05,019 finally contains the keystroke 441 00:17:05,020 --> 00:17:07,118 code performed by 442 00:17:07,119 --> 00:17:09,339 the way, the figure here is simplified. 443 00:17:13,760 --> 00:17:14,760 And. 444 00:17:17,099 --> 00:17:19,289 One one point are still missing on 445 00:17:19,290 --> 00:17:20,249 the slide. 446 00:17:20,250 --> 00:17:22,229 So far, we don't know how to find the 447 00:17:22,230 --> 00:17:24,358 starting point, the initial picture 448 00:17:24,359 --> 00:17:25,889 structure. 449 00:17:25,890 --> 00:17:28,589 And this is explained on this slide. 450 00:17:28,590 --> 00:17:29,590 We analyzed 451 00:17:30,900 --> 00:17:32,879 the boots process, the witness boot up 452 00:17:32,880 --> 00:17:35,399 process, and we figured out that the 453 00:17:35,400 --> 00:17:36,930 VIN load executable 454 00:17:38,010 --> 00:17:39,510 calls a function 455 00:17:40,650 --> 00:17:41,699 of the load. 456 00:17:41,700 --> 00:17:44,129 All modules function, and that function 457 00:17:44,130 --> 00:17:46,289 allocates a memory buffer for two 458 00:17:46,290 --> 00:17:48,569 images for the hardware section image 459 00:17:48,570 --> 00:17:50,069 and the kernel image. 460 00:17:50,070 --> 00:17:52,169 But the function also applies 461 00:17:52,170 --> 00:17:54,779 some editors randomization. 462 00:17:54,780 --> 00:17:56,549 That means the function determines which 463 00:17:56,550 --> 00:17:59,309 inmates get a load at first. 464 00:17:59,310 --> 00:18:01,439 And in a second step, 465 00:18:01,440 --> 00:18:03,689 it also determines the target address of 466 00:18:03,690 --> 00:18:06,869 the of the images that means 467 00:18:06,870 --> 00:18:08,909 or the function uses of five but 468 00:18:08,910 --> 00:18:11,099 randomization seed and five, but 469 00:18:11,100 --> 00:18:13,199 means 32 470 00:18:14,430 --> 00:18:16,949 target addresses per load order. 471 00:18:16,950 --> 00:18:19,229 And that finally means for us to find 472 00:18:19,230 --> 00:18:21,329 the K I initial PCR 473 00:18:21,330 --> 00:18:22,979 structure that is part of the kernel 474 00:18:22,980 --> 00:18:25,229 image. We had to scan 475 00:18:25,230 --> 00:18:27,959 64 addresses 476 00:18:27,960 --> 00:18:30,059 and this is what we actually do. 477 00:18:30,060 --> 00:18:32,489 The figure we scanned 64 addresses 478 00:18:32,490 --> 00:18:34,619 and applies signature scan to be 479 00:18:34,620 --> 00:18:36,719 sure that we found the initial PCR 480 00:18:36,720 --> 00:18:38,799 structure to find the initial 481 00:18:38,800 --> 00:18:40,409 PCR structure. 482 00:18:40,410 --> 00:18:42,000 OK. This was 483 00:18:43,140 --> 00:18:44,140 where. 484 00:18:44,670 --> 00:18:46,409 Now let's come back to our tech 485 00:18:46,410 --> 00:18:48,479 environment if we really want to 486 00:18:48,480 --> 00:18:50,759 implement that stuff. 487 00:18:50,760 --> 00:18:53,519 We have to control certain 488 00:18:53,520 --> 00:18:54,899 features. 489 00:18:54,900 --> 00:18:56,999 First of all, we want to read from 490 00:18:57,000 --> 00:18:58,229 the runtime memory. 491 00:18:58,230 --> 00:19:00,299 That means we need to know 492 00:19:00,300 --> 00:19:02,659 how to use a DMA engine to to 493 00:19:02,660 --> 00:19:04,139 to read from the runtime memory. 494 00:19:04,140 --> 00:19:06,269 This was actually quite simple due to 495 00:19:06,270 --> 00:19:07,270 previous work. 496 00:19:08,190 --> 00:19:10,559 Um, we just had to change 497 00:19:10,560 --> 00:19:11,639 to bits. 498 00:19:11,640 --> 00:19:14,219 But we also wanted to use the out-of-band 499 00:19:14,220 --> 00:19:16,439 feature to incorporate it in 500 00:19:16,440 --> 00:19:18,539 Southbridge to exfiltrate captured 501 00:19:18,540 --> 00:19:20,099 keystroke codes. 502 00:19:20,100 --> 00:19:22,559 And for doing 503 00:19:22,560 --> 00:19:24,839 so, we had to change 504 00:19:24,840 --> 00:19:25,829 and to bits. 505 00:19:25,830 --> 00:19:27,809 We had to do some more reverse 506 00:19:27,810 --> 00:19:29,309 engineering. 507 00:19:29,310 --> 00:19:31,529 So this brings me to the second 508 00:19:31,530 --> 00:19:33,809 part the out of Bent 509 00:19:33,810 --> 00:19:34,810 Network channel. 510 00:19:36,060 --> 00:19:38,159 We know that the AMTI 511 00:19:38,160 --> 00:19:40,229 firmware runs a web server for 512 00:19:40,230 --> 00:19:42,509 the administrator to remotely log in 513 00:19:42,510 --> 00:19:45,099 to the platform to do some administration 514 00:19:45,100 --> 00:19:46,109 stuff. 515 00:19:46,110 --> 00:19:48,209 And we know that when the 516 00:19:48,210 --> 00:19:50,579 administrator sends a request 517 00:19:50,580 --> 00:19:53,519 that the web server will send a reply 518 00:19:53,520 --> 00:19:55,769 and the code 519 00:19:55,770 --> 00:19:57,959 that is responsible for 520 00:19:57,960 --> 00:20:00,299 sending the reply is actually 521 00:20:00,300 --> 00:20:02,849 the code that we want to isolate. 522 00:20:02,850 --> 00:20:04,979 Um, because we 523 00:20:04,980 --> 00:20:06,449 want to exploit it. 524 00:20:06,450 --> 00:20:08,429 And the best thing to do so is, 525 00:20:09,450 --> 00:20:11,669 um, using 526 00:20:11,670 --> 00:20:13,409 a developer bot, as shown here, for 527 00:20:13,410 --> 00:20:15,359 example, on the left hand side, because 528 00:20:15,360 --> 00:20:17,759 you can turn it around and you will find 529 00:20:17,760 --> 00:20:20,039 a nice interface where you can 530 00:20:20,040 --> 00:20:21,930 connect debugging hardware 531 00:20:23,280 --> 00:20:24,959 to do some programing with the 532 00:20:24,960 --> 00:20:26,849 manageability engine. 533 00:20:26,850 --> 00:20:28,919 Unfortunately, if you don't 534 00:20:28,920 --> 00:20:31,019 work for Inter or for one of 535 00:20:31,020 --> 00:20:32,579 its business partners and you don't have 536 00:20:32,580 --> 00:20:34,859 any access to such to it. 537 00:20:34,860 --> 00:20:37,049 And that's why we had to develop our 538 00:20:37,050 --> 00:20:39,329 own research tools 539 00:20:39,330 --> 00:20:42,749 and for Linux reported 540 00:20:42,750 --> 00:20:45,269 the exploit to a character 541 00:20:45,270 --> 00:20:46,619 device driver. 542 00:20:46,620 --> 00:20:48,300 This just because, 543 00:20:49,350 --> 00:20:51,479 yeah, it's more comfortable if you 544 00:20:51,480 --> 00:20:53,579 want to use one on command line 545 00:20:53,580 --> 00:20:56,039 tools such as x64 546 00:20:56,040 --> 00:20:58,289 example, we can use SSD to 547 00:20:58,290 --> 00:21:00,569 access the AMTI runtime 548 00:21:00,570 --> 00:21:01,829 memory. 549 00:21:01,830 --> 00:21:05,099 Another tool is our AMTI 550 00:21:05,100 --> 00:21:07,289 memory monitor that you can 551 00:21:07,290 --> 00:21:09,629 also use to look into the M.2 552 00:21:09,630 --> 00:21:11,789 runtime memory, 553 00:21:11,790 --> 00:21:14,429 but it also highlights 554 00:21:14,430 --> 00:21:16,529 changes in the runtime 555 00:21:16,530 --> 00:21:18,689 memory that you won't see if 556 00:21:18,690 --> 00:21:21,179 you just use x64 example. 557 00:21:21,180 --> 00:21:23,759 So but the most important tool 558 00:21:23,760 --> 00:21:26,039 is our aim 559 00:21:26,040 --> 00:21:27,809 breakpoint her Batuu. 560 00:21:27,810 --> 00:21:29,939 That's a tool that dumps 561 00:21:29,940 --> 00:21:32,339 the whole empty runtime memory 562 00:21:32,340 --> 00:21:33,539 on the fly. 563 00:21:33,540 --> 00:21:36,339 Disassembled on the fly represents 564 00:21:36,340 --> 00:21:38,699 a disassembly to the user, 565 00:21:38,700 --> 00:21:41,039 and the user can choose a 566 00:21:41,040 --> 00:21:43,859 location to set a breakpoint. 567 00:21:43,860 --> 00:21:46,799 And this tool 568 00:21:46,800 --> 00:21:49,319 is actually the two of used to 569 00:21:49,320 --> 00:21:51,269 isolate the code for sending network 570 00:21:51,270 --> 00:21:53,819 packets, and 571 00:21:53,820 --> 00:21:56,249 we started to send replies to the empty 572 00:21:56,250 --> 00:21:58,229 net web server. 573 00:21:58,230 --> 00:22:00,929 But then we figured out that 574 00:22:00,930 --> 00:22:03,269 they are just happened too much 575 00:22:03,270 --> 00:22:05,519 and this was actually a better 576 00:22:05,520 --> 00:22:06,539 strategy. 577 00:22:06,540 --> 00:22:08,699 But more or less by by 578 00:22:08,700 --> 00:22:11,039 chance, we figured out that 579 00:22:11,040 --> 00:22:13,199 when we plug in the network cable 580 00:22:13,200 --> 00:22:16,009 into the network can't empty. 581 00:22:16,010 --> 00:22:18,259 Sends exactly one network packet, 582 00:22:18,260 --> 00:22:20,569 a DHC packet. 583 00:22:20,570 --> 00:22:22,669 And this is what we 584 00:22:22,670 --> 00:22:25,549 eventually explore to find the the 585 00:22:25,550 --> 00:22:27,619 network could be set a 586 00:22:27,620 --> 00:22:28,759 break point. 587 00:22:28,760 --> 00:22:30,109 Then we plugged in the cable. 588 00:22:30,110 --> 00:22:31,729 We checked off. The breakpoint was 589 00:22:31,730 --> 00:22:33,589 triggered, if not to set a new breakpoint 590 00:22:33,590 --> 00:22:35,209 plugged into the probe again and so on 591 00:22:35,210 --> 00:22:36,109 and so on. 592 00:22:36,110 --> 00:22:38,389 And finally, we were able to 593 00:22:38,390 --> 00:22:39,959 to isolate the code. 594 00:22:39,960 --> 00:22:42,049 What you see here on the left hand 595 00:22:42,050 --> 00:22:44,179 side and there's a code red, 596 00:22:44,180 --> 00:22:46,399 you need to send a network package. 597 00:22:46,400 --> 00:22:49,609 On the right hand side, you see the 598 00:22:49,610 --> 00:22:52,039 the empty ring buffer 599 00:22:52,040 --> 00:22:54,259 that is used to to 600 00:22:54,260 --> 00:22:56,479 or for the outgoing network packets. 601 00:22:56,480 --> 00:22:58,669 And with that knowledge, you can 602 00:22:58,670 --> 00:23:00,709 prepare a network packet, copy it into 603 00:23:00,710 --> 00:23:02,479 the ring buffer and then triggers a code 604 00:23:02,480 --> 00:23:05,179 on the right hand side and then your 605 00:23:05,180 --> 00:23:07,549 packet ascend to an external platform. 606 00:23:08,690 --> 00:23:10,759 And this is what I would like to 607 00:23:10,760 --> 00:23:12,919 demonstrate with 608 00:23:12,920 --> 00:23:13,920 a demo video. 609 00:23:16,500 --> 00:23:18,809 What you see here is 610 00:23:18,810 --> 00:23:21,149 the target platform on the left hand side 611 00:23:21,150 --> 00:23:22,949 and the external attack, a platform on 612 00:23:22,950 --> 00:23:23,950 the right hand side. 613 00:23:27,000 --> 00:23:29,640 We take a 64bit. 614 00:23:30,960 --> 00:23:31,960 System here. 615 00:23:35,670 --> 00:23:37,199 You know, just to show you where it's 616 00:23:38,700 --> 00:23:40,680 really two different machines. 617 00:23:43,870 --> 00:23:45,790 Both platforms run Wireshark. 618 00:23:47,760 --> 00:23:49,979 The attacker platform also runs the empty 619 00:23:49,980 --> 00:23:51,449 web interface, this is just to 620 00:23:51,450 --> 00:23:53,519 demonstrate that the anti-farmer are 621 00:23:53,520 --> 00:23:55,469 still up and running, even if it's 622 00:23:55,470 --> 00:23:58,049 infiltrated with dega and 623 00:23:58,050 --> 00:23:59,849 on the button on the right hand side, 624 00:23:59,850 --> 00:24:02,759 just a keystroke code mapping 625 00:24:02,760 --> 00:24:03,760 application. 626 00:24:05,400 --> 00:24:06,400 OK. 627 00:24:10,220 --> 00:24:12,919 So at first, I demonstrate 628 00:24:12,920 --> 00:24:15,229 that the firm was up and running, I asked 629 00:24:15,230 --> 00:24:16,730 for the processor information. 630 00:24:18,040 --> 00:24:20,299 Of course, until processor Intel 631 00:24:20,300 --> 00:24:21,769 platform. 632 00:24:21,770 --> 00:24:24,049 So then I infiltrate 633 00:24:24,050 --> 00:24:26,539 data of the target platform 634 00:24:26,540 --> 00:24:27,799 with some zero day. 635 00:24:31,590 --> 00:24:33,899 And if Ortega has 636 00:24:33,900 --> 00:24:36,419 found the key buffer, it sends an initial 637 00:24:36,420 --> 00:24:38,909 package to the attacker, 638 00:24:38,910 --> 00:24:41,189 this is what you see in the wires. 639 00:24:41,190 --> 00:24:42,899 Shock instance on the right hand side 640 00:24:42,900 --> 00:24:45,029 because the Wireshark instance on the 641 00:24:45,030 --> 00:24:47,639 left hand side is unable 642 00:24:47,640 --> 00:24:48,640 to see the packet. 643 00:24:53,770 --> 00:24:55,659 So let's check the firmware. 644 00:24:56,790 --> 00:24:57,839 It's also working. 645 00:25:04,740 --> 00:25:07,260 So now I try to. 646 00:25:10,610 --> 00:25:12,439 Exfiltrate some keystroke quotes. 647 00:25:12,440 --> 00:25:15,729 You see that on the right hand side. 648 00:25:15,730 --> 00:25:18,099 We got some packets with keystroke 649 00:25:18,100 --> 00:25:20,439 codes. This is the end to keystroke 650 00:25:20,440 --> 00:25:21,440 code. 651 00:25:22,040 --> 00:25:24,169 Here's a key release 652 00:25:24,170 --> 00:25:25,170 code. 653 00:25:31,330 --> 00:25:32,349 Wait, wait, wait, wait, wait. 654 00:25:33,730 --> 00:25:35,859 So now I'm entering a pseudo command. 655 00:25:41,730 --> 00:25:43,799 And as you can see, on the right hand 656 00:25:43,800 --> 00:25:46,499 side, the captured 657 00:25:46,500 --> 00:25:48,869 keystroke codes are translated 658 00:25:48,870 --> 00:25:51,089 into my standard password that is Secret 659 00:25:51,090 --> 00:25:52,090 100. 660 00:25:56,570 --> 00:25:58,759 So that is what I actually 661 00:25:58,760 --> 00:25:59,760 wanted to show you. 662 00:26:08,840 --> 00:26:09,840 OK. 663 00:26:10,410 --> 00:26:12,929 But this was 664 00:26:12,930 --> 00:26:15,329 or is not enough, we 665 00:26:15,330 --> 00:26:17,879 up there to dig out a bit because 666 00:26:17,880 --> 00:26:20,099 we find if you can use the 667 00:26:20,100 --> 00:26:21,899 out-of-band channel to exfiltrate 668 00:26:21,900 --> 00:26:24,179 information, you could also 669 00:26:24,180 --> 00:26:26,789 use the channel to to update 670 00:26:26,790 --> 00:26:28,859 dig us a tech behavior. 671 00:26:28,860 --> 00:26:30,239 And we did it the following 672 00:26:30,240 --> 00:26:31,529 configuration. 673 00:26:31,530 --> 00:26:33,749 We know that the empty firmware 674 00:26:33,750 --> 00:26:34,889 has several threats. 675 00:26:34,890 --> 00:26:37,079 One threat is 676 00:26:37,080 --> 00:26:38,080 for danger. 677 00:26:38,670 --> 00:26:41,219 And in that threat, we have still some 678 00:26:41,220 --> 00:26:43,769 space for a new attack coach. 679 00:26:43,770 --> 00:26:45,929 And another threat and threat is 680 00:26:45,930 --> 00:26:48,959 responsible for incoming network packets. 681 00:26:48,960 --> 00:26:50,220 And this is 682 00:26:51,510 --> 00:26:52,920 a threat that we want to hook, 683 00:26:54,090 --> 00:26:56,159 and the hook 684 00:26:56,160 --> 00:26:58,229 is actually responsible 685 00:26:58,230 --> 00:27:00,539 for analyzing incoming network packets 686 00:27:00,540 --> 00:27:02,699 for a new attack code. 687 00:27:02,700 --> 00:27:05,549 And if new attack code is identified, 688 00:27:05,550 --> 00:27:07,289 we hope to extract the 689 00:27:08,670 --> 00:27:10,769 new attack code and copies it to two 690 00:27:10,770 --> 00:27:11,759 Dega. 691 00:27:11,760 --> 00:27:14,009 And if the last packet of new attack 692 00:27:14,010 --> 00:27:16,859 could, as received a flag a set, 693 00:27:16,860 --> 00:27:18,929 if tiger sees that the flag is 694 00:27:18,930 --> 00:27:21,839 set, it jumps to the new attack code 695 00:27:21,840 --> 00:27:25,109 and afterwards it returns 696 00:27:25,110 --> 00:27:26,789 to the monitoring mode. 697 00:27:26,790 --> 00:27:28,859 He and our example it's 698 00:27:28,860 --> 00:27:30,689 a privilege escalation attack, which we 699 00:27:30,690 --> 00:27:32,489 uploaded today. 700 00:27:32,490 --> 00:27:34,829 But the question is now 701 00:27:34,830 --> 00:27:36,719 how to find the code that is responsible 702 00:27:36,720 --> 00:27:38,399 for handling incoming network packets. 703 00:27:38,400 --> 00:27:40,499 So far, we only know of a code that is 704 00:27:40,500 --> 00:27:43,229 responsible for outgoing network packets 705 00:27:43,230 --> 00:27:45,449 and to do so. 706 00:27:45,450 --> 00:27:47,849 We developed a new research 707 00:27:47,850 --> 00:27:50,369 tool that is a bit more complicated, 708 00:27:50,370 --> 00:27:52,619 but it has much, much more features. 709 00:27:52,620 --> 00:27:53,640 It's a witness to it. 710 00:27:54,930 --> 00:27:56,999 You can set conditional break points, for 711 00:27:57,000 --> 00:27:59,129 example. You can also dump the register 712 00:27:59,130 --> 00:28:00,899 content and the memory. 713 00:28:00,900 --> 00:28:03,119 You can emulate some some firmware 714 00:28:03,120 --> 00:28:04,710 parts and firmware parts. 715 00:28:05,910 --> 00:28:08,129 But the most important feature of our new 716 00:28:08,130 --> 00:28:10,259 tool is the Trace 717 00:28:10,260 --> 00:28:12,389 Lock feature, so we are able 718 00:28:12,390 --> 00:28:13,979 to record trace logs. 719 00:28:13,980 --> 00:28:16,379 We can record the instructions 720 00:28:16,380 --> 00:28:19,139 with a code, including the 721 00:28:19,140 --> 00:28:21,329 relevant register content. 722 00:28:21,330 --> 00:28:23,459 And this tool 723 00:28:23,460 --> 00:28:25,529 actually revealed as the code, which 724 00:28:25,530 --> 00:28:27,629 is responsible for incoming network 725 00:28:27,630 --> 00:28:28,949 packets. 726 00:28:28,950 --> 00:28:31,499 This is what you see here 727 00:28:31,500 --> 00:28:32,819 or what you exactly. 728 00:28:32,820 --> 00:28:35,879 See here is a memo copy code 729 00:28:35,880 --> 00:28:38,219 and the registers are there 730 00:28:38,220 --> 00:28:40,349 are one or two contain the 731 00:28:40,350 --> 00:28:42,719 parameters for the copy code. 732 00:28:42,720 --> 00:28:44,849 That means the destination and 733 00:28:44,850 --> 00:28:47,219 the source address and number of bytes 734 00:28:47,220 --> 00:28:48,659 to be copied. 735 00:28:48,660 --> 00:28:50,849 Um, this is our 736 00:28:50,850 --> 00:28:53,039 main hook of our trace tool. 737 00:28:53,040 --> 00:28:55,649 It's not important at the moment. 738 00:28:55,650 --> 00:28:57,809 And here you can see 739 00:28:57,810 --> 00:29:00,509 that the MEM copy function copies 740 00:29:00,510 --> 00:29:02,819 byte per byte and the bytes 741 00:29:02,820 --> 00:29:05,759 with a copy to the 742 00:29:05,760 --> 00:29:07,979 OR is the Mac address 743 00:29:07,980 --> 00:29:10,319 of the destination platform. 744 00:29:10,320 --> 00:29:12,779 And what we do now is 745 00:29:12,780 --> 00:29:14,879 we just place our hook 746 00:29:14,880 --> 00:29:17,069 just before the 747 00:29:17,070 --> 00:29:19,410 incoming packet is copied to 748 00:29:20,520 --> 00:29:22,230 the actual empty environment. 749 00:29:24,540 --> 00:29:27,059 So now 750 00:29:27,060 --> 00:29:29,429 you know that we found the 751 00:29:29,430 --> 00:29:31,679 court to tool to examine 752 00:29:31,680 --> 00:29:33,420 incoming packets, but you don't know 753 00:29:34,740 --> 00:29:37,139 how we realized the privilege escalation 754 00:29:37,140 --> 00:29:38,140 attack. 755 00:29:38,580 --> 00:29:41,489 And the first thing we do is we check 756 00:29:41,490 --> 00:29:44,159 the kernel version. 757 00:29:44,160 --> 00:29:45,569 If we know of a kernel version, 758 00:29:47,130 --> 00:29:49,049 then we can derive 759 00:29:50,160 --> 00:29:52,529 certain addresses and offsets 760 00:29:52,530 --> 00:29:53,969 and size of structures. 761 00:29:53,970 --> 00:29:56,039 And what we want to do is we want 762 00:29:56,040 --> 00:29:58,289 to find four in the task structure 763 00:29:58,290 --> 00:30:00,599 be caught in a task as a first task, 764 00:30:00,600 --> 00:30:02,399 which is executed on a little system. 765 00:30:02,400 --> 00:30:05,429 And this task runs for full privileges. 766 00:30:05,430 --> 00:30:07,829 And the structure also contains 767 00:30:07,830 --> 00:30:09,959 a task list of all tasks executed on 768 00:30:09,960 --> 00:30:12,379 the system. And we use the task 769 00:30:12,380 --> 00:30:15,389 to find the the targeted task 770 00:30:15,390 --> 00:30:17,489 where we want to have more 771 00:30:17,490 --> 00:30:18,749 privileges. 772 00:30:18,750 --> 00:30:21,089 And what we actually do is we 773 00:30:21,090 --> 00:30:23,429 copy the root privileges 774 00:30:23,430 --> 00:30:25,529 from the entire structure to our 775 00:30:25,530 --> 00:30:26,639 target task structure. 776 00:30:27,670 --> 00:30:29,769 And this is what we 777 00:30:29,770 --> 00:30:32,259 implemented and see the 778 00:30:32,260 --> 00:30:34,509 resulting binaries called DMA 779 00:30:34,510 --> 00:30:36,069 a proof of concept remote privilege 780 00:30:36,070 --> 00:30:38,739 escalation not afforded Earth. 781 00:30:38,740 --> 00:30:41,229 And we send this binary 782 00:30:41,230 --> 00:30:43,299 wire to record keeping 783 00:30:43,300 --> 00:30:45,309 to the AMTI environment. 784 00:30:45,310 --> 00:30:48,069 We just use Ping three 785 00:30:48,070 --> 00:30:49,070 four 786 00:30:50,770 --> 00:30:52,030 to keep things simple. 787 00:30:53,320 --> 00:30:55,809 The tool is able to send almost 788 00:30:55,810 --> 00:30:58,149 arbitrary TCP IP packets 789 00:30:58,150 --> 00:30:59,559 to network hosts. 790 00:31:00,580 --> 00:31:02,709 So, OK, now we know 791 00:31:02,710 --> 00:31:05,229 that we can also control 792 00:31:05,230 --> 00:31:07,509 incoming network packets and 793 00:31:07,510 --> 00:31:09,279 we can also implement the privilege 794 00:31:09,280 --> 00:31:10,390 escalation attack. 795 00:31:11,500 --> 00:31:13,329 It's time for the next all right 796 00:31:14,830 --> 00:31:15,830 for the. 797 00:31:18,380 --> 00:31:20,509 Here again, you see the target 798 00:31:20,510 --> 00:31:22,819 platform on the right hand side 799 00:31:22,820 --> 00:31:24,409 left inside and the external tech 800 00:31:24,410 --> 00:31:26,689 platform on the left hand side, both 801 00:31:26,690 --> 00:31:28,879 platforms run Wireshark 802 00:31:28,880 --> 00:31:29,880 again. 803 00:31:31,780 --> 00:31:33,219 The target platform was already 804 00:31:33,220 --> 00:31:34,220 infiltrated. 805 00:31:35,970 --> 00:31:38,609 We also run the AMTI 806 00:31:38,610 --> 00:31:40,799 Web interface to convince 807 00:31:40,800 --> 00:31:42,539 you that the film was still up and 808 00:31:42,540 --> 00:31:43,739 running. 809 00:31:43,740 --> 00:31:46,469 Who also runs the Keystone Code mapping 810 00:31:46,470 --> 00:31:47,470 command line to a. 811 00:31:50,200 --> 00:31:52,419 And we also run a 812 00:31:52,420 --> 00:31:54,609 such h command to remotely log 813 00:31:54,610 --> 00:31:55,930 into the target platform. 814 00:31:57,740 --> 00:31:59,059 So, OK now. 815 00:32:02,320 --> 00:32:04,449 To show you that us already up 816 00:32:04,450 --> 00:32:06,879 and running, I use an editor 817 00:32:06,880 --> 00:32:08,619 to type that goes running. 818 00:32:14,180 --> 00:32:15,380 So no big deal. 819 00:32:21,390 --> 00:32:24,209 So and then I look 820 00:32:24,210 --> 00:32:26,549 into the target platform. 821 00:32:28,030 --> 00:32:30,310 Using my standard password secured 100 822 00:32:32,080 --> 00:32:34,299 sonar on the 823 00:32:34,300 --> 00:32:35,849 tile platform. 824 00:32:35,850 --> 00:32:37,569 Yeah, let's check if it's really the 825 00:32:37,570 --> 00:32:39,789 target platform and is I check, who 826 00:32:39,790 --> 00:32:41,319 am I? 827 00:32:41,320 --> 00:32:43,690 As you can see, I'm Patrick X.. 828 00:32:46,130 --> 00:32:47,450 But that's not enough. 829 00:32:49,030 --> 00:32:50,290 That's why I. 830 00:32:51,720 --> 00:32:53,310 Oh, yeah. OK, I check it first. 831 00:32:54,460 --> 00:32:57,159 If I can execute privileged commands, 832 00:32:57,160 --> 00:32:59,529 I obviously cannot because 833 00:32:59,530 --> 00:33:00,530 I am not rude. 834 00:33:02,070 --> 00:33:04,140 But I would like to be rude. 835 00:33:06,030 --> 00:33:08,129 That's why I send 836 00:33:08,130 --> 00:33:10,560 the privilege escalation attack. 837 00:33:11,570 --> 00:33:12,890 To the target platform. 838 00:33:15,750 --> 00:33:17,999 Then I can check again, 839 00:33:18,000 --> 00:33:19,000 who am I? 840 00:33:20,640 --> 00:33:21,640 Now I'm route. 841 00:33:30,780 --> 00:33:32,969 And now I'm sure they should be able 842 00:33:32,970 --> 00:33:35,489 to execute privileged 843 00:33:35,490 --> 00:33:36,490 commands. 844 00:33:37,860 --> 00:33:39,299 Yeah. Also works. 845 00:33:42,890 --> 00:33:45,019 I think there should also be a last 846 00:33:45,020 --> 00:33:46,459 check of the film is 847 00:33:47,480 --> 00:33:48,480 up and running it. 848 00:33:50,430 --> 00:33:51,430 Yeah, it is. 849 00:33:53,580 --> 00:33:54,580 OK. 850 00:33:56,900 --> 00:33:57,900 So. 851 00:33:59,690 --> 00:34:02,289 Now you saw our 852 00:34:02,290 --> 00:34:05,659 hour of bent network channel features, 853 00:34:05,660 --> 00:34:08,569 but you also saw that external platforms 854 00:34:08,570 --> 00:34:10,819 can also see all the traffic 855 00:34:10,820 --> 00:34:12,979 that is generated by dig up. 856 00:34:12,980 --> 00:34:15,049 And that's why we also did 857 00:34:15,050 --> 00:34:16,050 some research 858 00:34:17,179 --> 00:34:19,879 related to a Koch network channel 859 00:34:19,880 --> 00:34:21,769 and the cohort network channel that we 860 00:34:21,770 --> 00:34:24,499 implement that is based on a so-called 861 00:34:24,500 --> 00:34:25,789 JADA. 862 00:34:25,790 --> 00:34:27,888 We got the idea from an academic 863 00:34:27,889 --> 00:34:30,269 paper called Kibbutz and Kilwa 864 00:34:30,270 --> 00:34:32,329 Chemnitz, and 865 00:34:32,330 --> 00:34:34,849 the authors of that paper used 866 00:34:34,850 --> 00:34:37,428 an additional device, but the 867 00:34:37,429 --> 00:34:39,589 wanted to award an additional 868 00:34:39,590 --> 00:34:41,899 device. And that's why 869 00:34:41,900 --> 00:34:44,479 we implemented the jitterbug using 870 00:34:44,480 --> 00:34:46,609 also Intel AMD and Intel 871 00:34:46,610 --> 00:34:48,860 AMD environment and. 872 00:34:50,050 --> 00:34:52,149 We use the following set up we 873 00:34:52,150 --> 00:34:54,339 have the Intel AMD 874 00:34:54,340 --> 00:34:56,049 machine on the left hand side. 875 00:34:56,050 --> 00:34:57,639 On the right hand side is the 876 00:34:57,640 --> 00:35:00,099 administrator platform and in between 877 00:35:00,100 --> 00:35:01,929 somewhere and the network is via take 878 00:35:01,930 --> 00:35:04,209 over, take our platform and the data 879 00:35:04,210 --> 00:35:06,100 back works as follows as follows. 880 00:35:07,870 --> 00:35:10,509 Information are encoded by slightly 881 00:35:10,510 --> 00:35:12,999 delaying outgoing network packets, 882 00:35:13,000 --> 00:35:15,339 and the attacker can measure 883 00:35:15,340 --> 00:35:17,739 the entire arrival times of the 884 00:35:17,740 --> 00:35:20,499 network packets to 885 00:35:20,500 --> 00:35:23,349 decode the leaked information. 886 00:35:23,350 --> 00:35:26,529 So that means that the deployed 887 00:35:26,530 --> 00:35:28,210 member of the MTA environment 888 00:35:29,410 --> 00:35:32,289 to slightly delay network packets 889 00:35:32,290 --> 00:35:34,809 and the attacker can 890 00:35:34,810 --> 00:35:37,359 decode the network packet 891 00:35:37,360 --> 00:35:39,039 arrival times to to get the leaked 892 00:35:39,040 --> 00:35:40,040 information. 893 00:35:41,590 --> 00:35:44,019 Obviously, the bentworth of 894 00:35:44,020 --> 00:35:46,179 the network channel decreases, but it's 895 00:35:46,180 --> 00:35:48,489 still enough to leak passwords. 896 00:35:50,710 --> 00:35:52,839 And another advantage is 897 00:35:52,840 --> 00:35:55,299 that it doesn't matter if the 898 00:35:55,300 --> 00:35:57,969 outgoing network traffic is encrypted 899 00:35:57,970 --> 00:36:00,519 or not because you just use 900 00:36:00,520 --> 00:36:02,019 the packets. 901 00:36:02,020 --> 00:36:03,369 OK. 902 00:36:03,370 --> 00:36:05,589 And in our set up, we 903 00:36:05,590 --> 00:36:07,749 will wait until the administrator 904 00:36:07,750 --> 00:36:09,999 initiates a new administration session 905 00:36:10,000 --> 00:36:11,229 with the target platform. 906 00:36:11,230 --> 00:36:13,360 And if the administrator 907 00:36:16,990 --> 00:36:20,229 did so, we can exfiltrate 908 00:36:20,230 --> 00:36:22,329 our password roughly capture 909 00:36:22,330 --> 00:36:23,589 to stagger. 910 00:36:23,590 --> 00:36:24,849 OK. 911 00:36:24,850 --> 00:36:27,099 To do so, we also require 912 00:36:27,100 --> 00:36:29,109 some features of the manageability 913 00:36:29,110 --> 00:36:30,849 engine. The first one is we need to 914 00:36:30,850 --> 00:36:33,759 control outgoing network packets. 915 00:36:33,760 --> 00:36:35,289 This is what we already did. 916 00:36:35,290 --> 00:36:36,729 So no big deal. 917 00:36:36,730 --> 00:36:38,889 But another point is that we 918 00:36:38,890 --> 00:36:41,709 also need, um 919 00:36:41,710 --> 00:36:44,079 yeah, we need to measure time to be able 920 00:36:44,080 --> 00:36:46,269 to delay outgoing 921 00:36:46,270 --> 00:36:48,130 network packets and. 922 00:36:49,380 --> 00:36:52,349 We found a time that is 923 00:36:52,350 --> 00:36:55,139 related to MMT using our 924 00:36:55,140 --> 00:36:57,479 trace look to it, and we figured 925 00:36:57,480 --> 00:36:59,849 out that we can access a timer 926 00:36:59,850 --> 00:37:02,669 at a special register at 927 00:37:02,670 --> 00:37:04,409 zero x 811, 928 00:37:06,450 --> 00:37:08,219 and this timer has a resolution of 929 00:37:08,220 --> 00:37:10,529 approximately nine hundred ninety six 930 00:37:10,530 --> 00:37:12,629 thousand five hundred hats 931 00:37:12,630 --> 00:37:14,159 and. 932 00:37:14,160 --> 00:37:16,289 This is good enough to slightly delay 933 00:37:16,290 --> 00:37:18,509 or little pickets, and then a third 934 00:37:18,510 --> 00:37:20,609 point is that we have to 935 00:37:20,610 --> 00:37:22,739 know which traffic we actually 936 00:37:22,740 --> 00:37:24,959 can delay 937 00:37:24,960 --> 00:37:27,119 because the delays must look like 938 00:37:27,120 --> 00:37:29,340 random noise too to 939 00:37:31,410 --> 00:37:33,749 all the other 940 00:37:33,750 --> 00:37:35,309 monitors present in the network 941 00:37:36,990 --> 00:37:39,449 before I demonstrate this in my last 942 00:37:39,450 --> 00:37:41,939 video. Just a 943 00:37:41,940 --> 00:37:44,669 short overview of the execution stages 944 00:37:44,670 --> 00:37:46,769 of the jitterbug base diagram 945 00:37:46,770 --> 00:37:49,199 in the first phase. 946 00:37:49,200 --> 00:37:50,909 If you find the keyboard by far, this 947 00:37:50,910 --> 00:37:54,179 takes approximately 100 milliseconds, 948 00:37:54,180 --> 00:37:56,909 and in the second phase, 949 00:37:56,910 --> 00:37:58,859 we wait for user input. 950 00:37:58,860 --> 00:38:01,439 We wait for 951 00:38:01,440 --> 00:38:02,369 a look in them. 952 00:38:02,370 --> 00:38:04,919 And after once we capture the passport 953 00:38:04,920 --> 00:38:07,889 and the first phase, we wait 954 00:38:07,890 --> 00:38:10,019 that the administrator triggers 955 00:38:10,020 --> 00:38:12,069 a session to be able to leak the 956 00:38:12,070 --> 00:38:14,310 passwords to the jitterbug receiver. 957 00:38:15,480 --> 00:38:16,949 OK. Um 958 00:38:18,030 --> 00:38:19,079 yeah. 959 00:38:19,080 --> 00:38:20,099 The movie three. 960 00:38:22,900 --> 00:38:24,940 Here you see the attack, a platform. 961 00:38:27,020 --> 00:38:28,020 And. 962 00:38:28,890 --> 00:38:31,979 We start the jitterbug receiver. 963 00:38:31,980 --> 00:38:33,389 It shows a network adapter. 964 00:38:34,700 --> 00:38:36,949 And we use a pattern to define 965 00:38:38,720 --> 00:38:40,940 rotating timing when no. 966 00:38:42,880 --> 00:38:45,039 This is just to to, um, 967 00:38:45,040 --> 00:38:46,900 introduce more randomness. 968 00:38:48,040 --> 00:38:50,169 There's also a terminal with some 969 00:38:50,170 --> 00:38:51,170 statistics. 970 00:38:52,710 --> 00:38:54,809 There you see the decoded bits 971 00:38:54,810 --> 00:38:57,569 and the distribution in the window and 972 00:38:57,570 --> 00:38:59,949 frame start sequence to synchronize 973 00:38:59,950 --> 00:39:00,950 and then receiver. 974 00:39:02,040 --> 00:39:03,040 So now. 975 00:39:04,500 --> 00:39:06,719 We start a 976 00:39:06,720 --> 00:39:08,999 administrator session 977 00:39:09,000 --> 00:39:10,500 and you can see that 978 00:39:11,730 --> 00:39:13,469 the receiver receives something. 979 00:39:16,830 --> 00:39:17,830 But. 980 00:39:18,930 --> 00:39:20,760 It's actually correct. 981 00:39:21,950 --> 00:39:24,439 Because we haven't captured the password 982 00:39:24,440 --> 00:39:25,819 so far. 983 00:39:25,820 --> 00:39:26,820 So now we. 984 00:39:27,900 --> 00:39:30,979 Are on the target platform, 985 00:39:30,980 --> 00:39:32,059 the reuse, 986 00:39:33,080 --> 00:39:35,239 the exploit that we also use 987 00:39:35,240 --> 00:39:36,240 before. 988 00:39:37,920 --> 00:39:40,919 So you see nothing because we 989 00:39:40,920 --> 00:39:41,969 want to be stuffy. 990 00:39:44,260 --> 00:39:46,029 To convince you that we really 991 00:39:46,030 --> 00:39:47,979 infiltrated the platform, you can start. 992 00:39:49,460 --> 00:39:51,559 The driver again, and you see 993 00:39:51,560 --> 00:39:53,779 that low key, so global is removed. 994 00:39:53,780 --> 00:39:56,209 So now we infiltrate the platform 995 00:39:56,210 --> 00:39:58,429 again and we found the keyboard 996 00:39:58,430 --> 00:39:59,430 buffer. 997 00:40:02,540 --> 00:40:05,149 And now we wait for user input. 998 00:40:05,150 --> 00:40:07,219 This is the submission 999 00:40:07,220 --> 00:40:09,739 system of the 44 coin conference 1000 00:40:09,740 --> 00:40:12,259 where I gave this talk the first time. 1001 00:40:12,260 --> 00:40:14,209 By the way, we did not change the 1002 00:40:14,210 --> 00:40:15,210 password. 1003 00:40:18,210 --> 00:40:19,210 So you can. 1004 00:40:21,130 --> 00:40:23,619 Check if the person still works in a few 1005 00:40:23,620 --> 00:40:24,620 seconds. 1006 00:40:26,120 --> 00:40:28,279 So the password is kept shut, and now 1007 00:40:28,280 --> 00:40:30,859 the administrator initiates 1008 00:40:30,860 --> 00:40:31,860 a new session. 1009 00:40:36,670 --> 00:40:37,960 And now you can see. 1010 00:40:39,450 --> 00:40:41,999 That it passed more slowly, 1011 00:40:42,000 --> 00:40:45,029 but it comes is 1012 00:40:45,030 --> 00:40:46,030 revealed. 1013 00:40:49,200 --> 00:40:50,309 It takes some time. 1014 00:40:51,470 --> 00:40:54,079 So I told you before the benefit of the 1015 00:40:54,080 --> 00:40:56,390 jitterbug based channel isn't that high? 1016 00:41:03,430 --> 00:41:04,430 So. 1017 00:41:05,610 --> 00:41:07,919 Now we got the complete password, 1018 00:41:09,360 --> 00:41:12,149 and fortunately, there are also 1019 00:41:12,150 --> 00:41:13,620 other administrator tools. 1020 00:41:15,770 --> 00:41:17,899 That enabled 1021 00:41:17,900 --> 00:41:20,329 us to exfiltrate the passport 1022 00:41:20,330 --> 00:41:21,330 a bit faster. 1023 00:41:22,310 --> 00:41:24,379 You just have to remotely log in using 1024 00:41:24,380 --> 00:41:25,380 the tool and. 1025 00:41:26,560 --> 00:41:30,009 Than the already got the password. 1026 00:41:30,010 --> 00:41:32,349 So now let's check if the password 1027 00:41:32,350 --> 00:41:33,699 is the correct one. 1028 00:41:55,150 --> 00:41:56,710 And of course, it is so. 1029 00:41:59,750 --> 00:42:01,729 But I was stunned at the video, sorry. 1030 00:42:13,540 --> 00:42:14,540 OK. 1031 00:42:16,970 --> 00:42:19,249 So some final remarks, 1032 00:42:19,250 --> 00:42:20,899 and if you talk 1033 00:42:22,070 --> 00:42:24,169 about a we also have to talk 1034 00:42:24,170 --> 00:42:27,139 about countermeasures and 1035 00:42:27,140 --> 00:42:29,449 a countermeasure that is proposed quite 1036 00:42:29,450 --> 00:42:32,389 often when talking about Air Texas 1037 00:42:32,390 --> 00:42:34,519 and Input Output 1038 00:42:34,520 --> 00:42:36,919 Memory Management Unit into 1039 00:42:36,920 --> 00:42:40,069 also implemented a Input-Output 1040 00:42:40,070 --> 00:42:42,229 memory management unit in the courts, 1041 00:42:42,230 --> 00:42:43,760 the technology until 1042 00:42:44,960 --> 00:42:47,329 we deem virtualization 1043 00:42:47,330 --> 00:42:49,849 technology for directed ill. 1044 00:42:49,850 --> 00:42:52,099 But this technology also has some some 1045 00:42:52,100 --> 00:42:53,089 issues. 1046 00:42:53,090 --> 00:42:54,950 It was demonstrated that 1047 00:42:56,150 --> 00:42:58,879 the aim of you can be tricked, 1048 00:42:58,880 --> 00:43:01,039 among other things, also with a dramatic. 1049 00:43:02,390 --> 00:43:03,439 And there are other issues. 1050 00:43:03,440 --> 00:43:05,599 For example, the Windows operating system 1051 00:43:05,600 --> 00:43:08,989 doesn't include a driver for the iPhone. 1052 00:43:08,990 --> 00:43:10,699 There are also some academic 1053 00:43:10,700 --> 00:43:12,469 countermeasures. 1054 00:43:12,470 --> 00:43:15,259 But I actually wanted to point you to 1055 00:43:15,260 --> 00:43:17,569 Peter O'Toole Tong target he gave 1056 00:43:17,570 --> 00:43:18,949 two days ago. 1057 00:43:18,950 --> 00:43:21,109 And he proposes to 1058 00:43:21,110 --> 00:43:23,269 harden the hardware and to chose a good 1059 00:43:23,270 --> 00:43:25,489 bios. And of course, Peter proposes 1060 00:43:25,490 --> 00:43:27,649 to use Corbould as a It's 1061 00:43:27,650 --> 00:43:29,239 a good bios. 1062 00:43:29,240 --> 00:43:31,339 He should definitely have a look at 1063 00:43:31,340 --> 00:43:33,590 his slides or at his talk. 1064 00:43:35,710 --> 00:43:37,819 So and now I 1065 00:43:37,820 --> 00:43:39,829 would like to shortly conclude 1066 00:43:42,320 --> 00:43:44,359 this figure here represents our 1067 00:43:44,360 --> 00:43:46,639 conclusion because if 1068 00:43:46,640 --> 00:43:48,859 you want to 1069 00:43:48,860 --> 00:43:51,319 implement a keystroke logger like 1070 00:43:51,320 --> 00:43:53,089 Dagar, you have to reach certain 1071 00:43:53,090 --> 00:43:55,199 milestones and what 1072 00:43:55,200 --> 00:43:57,289 you see is importance estimated 1073 00:43:57,290 --> 00:43:58,849 by you and me of the milestones. 1074 00:44:00,350 --> 00:44:02,629 The importance is not related 1075 00:44:02,630 --> 00:44:05,059 to the effort we had to put in 1076 00:44:05,060 --> 00:44:06,710 to reaching the milestone. 1077 00:44:07,880 --> 00:44:10,189 Of course, the most important milestone 1078 00:44:10,190 --> 00:44:11,190 is infiltration. 1079 00:44:13,310 --> 00:44:15,499 Here we were lucky we could re-use 1080 00:44:15,500 --> 00:44:17,659 and exploit that was provided 1081 00:44:17,660 --> 00:44:19,969 by the other guys. 1082 00:44:19,970 --> 00:44:22,249 Then we had to to find some 1083 00:44:22,250 --> 00:44:24,439 valuable information of the host runtime. 1084 00:44:24,440 --> 00:44:26,719 Memory in our case was a keyboard 1085 00:44:26,720 --> 00:44:28,939 buffer, but you could also search for 1086 00:44:28,940 --> 00:44:31,039 other valuable data, such as 1087 00:44:31,040 --> 00:44:32,989 cryptographic keys, online banking 1088 00:44:32,990 --> 00:44:34,040 credentials or, 1089 00:44:35,300 --> 00:44:37,010 I don't know, the Skype session key. 1090 00:44:38,360 --> 00:44:40,579 And of course, if you found 1091 00:44:40,580 --> 00:44:42,799 valuable data, you also want to be able 1092 00:44:42,800 --> 00:44:44,899 to exfiltrate that data 1093 00:44:44,900 --> 00:44:46,519 to an external platform. 1094 00:44:46,520 --> 00:44:48,709 That's why we say 1095 00:44:48,710 --> 00:44:51,769 network access is also quite important. 1096 00:44:51,770 --> 00:44:53,869 And in the case of our 1097 00:44:53,870 --> 00:44:55,010 jetpack based 1098 00:44:57,380 --> 00:44:59,419 Taraba based covert network channel, we 1099 00:44:59,420 --> 00:45:01,549 also need to figure out how 1100 00:45:01,550 --> 00:45:03,499 we can reliably measure time. 1101 00:45:04,880 --> 00:45:07,069 And this is what you 1102 00:45:07,070 --> 00:45:08,809 have to do if you want to implement 1103 00:45:09,920 --> 00:45:12,519 persistent stuff fully remote control, 1104 00:45:12,520 --> 00:45:15,469 dedicated hardware malware. 1105 00:45:15,470 --> 00:45:16,470 That's it for my sites. 1106 00:45:27,690 --> 00:45:30,509 Yes, thank you very much, Patrick. 1107 00:45:30,510 --> 00:45:32,579 If you leave during the Q&A session, 1108 00:45:32,580 --> 00:45:35,039 please do so quietly. 1109 00:45:35,040 --> 00:45:37,229 And if you leave, please take 1110 00:45:37,230 --> 00:45:39,539 with you all your trash 1111 00:45:39,540 --> 00:45:41,309 and all your other belongings. 1112 00:45:41,310 --> 00:45:43,289 So we will have time for your questions 1113 00:45:43,290 --> 00:45:45,569 and other questions from the internet. 1114 00:45:45,570 --> 00:45:46,589 Yes, I have one. 1115 00:45:47,790 --> 00:45:50,249 So on notebooks, you can 1116 00:45:50,250 --> 00:45:52,260 disable this entire aim to you. 1117 00:45:53,430 --> 00:45:55,589 Some bios to say that you can disable it 1118 00:45:55,590 --> 00:45:57,029 permanently. 1119 00:45:57,030 --> 00:45:58,709 But how can I verify that? 1120 00:46:00,670 --> 00:46:01,929 Unfortunately, you can't. 1121 00:46:03,700 --> 00:46:05,859 So on our board, we also tried to 1122 00:46:05,860 --> 00:46:08,049 disable AMTI. 1123 00:46:08,050 --> 00:46:10,359 Why are bios functions? 1124 00:46:10,360 --> 00:46:12,519 And we did so, and then we use 1125 00:46:12,520 --> 00:46:15,729 our AMD memory monitor to 1126 00:46:15,730 --> 00:46:17,529 check if it's really turned off. 1127 00:46:17,530 --> 00:46:18,909 But it wasn't. 1128 00:46:18,910 --> 00:46:20,709 It was still working. 1129 00:46:20,710 --> 00:46:22,599 I think Peter Sugo mentioned at his talk 1130 00:46:22,600 --> 00:46:25,209 that he completely wiped bios, 1131 00:46:25,210 --> 00:46:27,429 overwriting it with zeros and still 1132 00:46:27,430 --> 00:46:28,449 started sending some 1133 00:46:28,450 --> 00:46:30,609 stuff off the good bios 1134 00:46:30,610 --> 00:46:31,610 code. 1135 00:46:32,590 --> 00:46:34,210 So the follow up on that one? 1136 00:46:35,350 --> 00:46:38,319 Can you do that somehow by measuring, 1137 00:46:38,320 --> 00:46:40,510 yeah, power consumption? 1138 00:46:42,610 --> 00:46:44,139 We actually tried it. 1139 00:46:44,140 --> 00:46:46,239 But this is 1140 00:46:46,240 --> 00:46:48,549 a kind of anomaly detection, 1141 00:46:48,550 --> 00:46:50,619 and it can't 1142 00:46:50,620 --> 00:46:53,169 be sure what what the user will be doing 1143 00:46:53,170 --> 00:46:55,449 and yeah, what 1144 00:46:55,450 --> 00:46:56,919 the users will be doing with this 1145 00:46:56,920 --> 00:46:59,499 computer. And it's quite difficult 1146 00:46:59,500 --> 00:47:01,569 to to 1147 00:47:01,570 --> 00:47:04,149 determine what is correct behavior 1148 00:47:04,150 --> 00:47:05,499 and what is the wrong behavior. 1149 00:47:05,500 --> 00:47:07,139 And it was, I think, called consumption. 1150 00:47:09,100 --> 00:47:11,979 I propose a countermeasure where I 1151 00:47:11,980 --> 00:47:14,529 measure the memory accesses 1152 00:47:14,530 --> 00:47:16,899 using certain performance counters. 1153 00:47:16,900 --> 00:47:19,360 Maybe that is a correct approach. 1154 00:47:21,370 --> 00:47:23,289 OK, we have a question from microphone 1155 00:47:23,290 --> 00:47:24,290 number eight. 1156 00:47:25,880 --> 00:47:27,979 But at the moment, you'll still 1157 00:47:27,980 --> 00:47:30,679 need to execute the exploit 1158 00:47:30,680 --> 00:47:33,109 locally on the attack system. 1159 00:47:33,110 --> 00:47:35,389 Have you tried to find remote 1160 00:47:35,390 --> 00:47:37,489 exploits into the management engine? 1161 00:47:39,130 --> 00:47:41,899 Um, we 1162 00:47:41,900 --> 00:47:44,029 did not try so far. 1163 00:47:44,030 --> 00:47:46,189 But of course, that would 1164 00:47:46,190 --> 00:47:48,349 be much, much nicer to 1165 00:47:48,350 --> 00:47:50,239 have a remote exploit. 1166 00:47:50,240 --> 00:47:52,579 And as I said, until Mty runs 1167 00:47:52,580 --> 00:47:54,719 a web server. So most probably 1168 00:47:54,720 --> 00:47:57,109 you will or you can find a vulnerability, 1169 00:47:57,110 --> 00:47:58,789 but we didn't so far. 1170 00:47:58,790 --> 00:47:59,929 Okay, thanks. 1171 00:47:59,930 --> 00:48:02,029 Yeah. OK, one question from microphone 1172 00:48:02,030 --> 00:48:02,959 number two. 1173 00:48:02,960 --> 00:48:04,969 Yeah. Two questions, actually. 1174 00:48:04,970 --> 00:48:07,249 First of all, uh, well, 1175 00:48:07,250 --> 00:48:08,629 what's really the prevalence of those 1176 00:48:08,630 --> 00:48:10,759 devices? This is only on servers is 1177 00:48:10,760 --> 00:48:13,459 on desktops and the second one, 1178 00:48:13,460 --> 00:48:15,320 does it actually do anything useful? 1179 00:48:16,790 --> 00:48:18,709 It seems like a huge attack surface, so 1180 00:48:18,710 --> 00:48:20,089 you really want to remove it? 1181 00:48:20,090 --> 00:48:21,889 Or does it actually do something you 1182 00:48:21,890 --> 00:48:22,249 would want 1183 00:48:22,250 --> 00:48:24,799 to think for for companies 1184 00:48:24,800 --> 00:48:27,079 where you have 1185 00:48:27,080 --> 00:48:29,449 a bunch of computer platforms that 1186 00:48:29,450 --> 00:48:30,450 can crash? 1187 00:48:31,430 --> 00:48:33,859 It's actually a useful tool this empty 1188 00:48:33,860 --> 00:48:36,439 because the administrator can remotely 1189 00:48:36,440 --> 00:48:38,599 reinstall the operating system, for 1190 00:48:38,600 --> 00:48:40,039 example. 1191 00:48:40,040 --> 00:48:42,439 Um, what was the first question? 1192 00:48:42,440 --> 00:48:44,449 Is it only on servers or is it on 1193 00:48:44,450 --> 00:48:45,450 desktops or? 1194 00:48:46,260 --> 00:48:48,719 Um, on servers you actually have, 1195 00:48:48,720 --> 00:48:51,679 uh, similar, um, 1196 00:48:51,680 --> 00:48:53,559 similar solutions. 1197 00:48:53,560 --> 00:48:55,669 Um, this is for desktop and 1198 00:48:55,670 --> 00:48:58,369 for desktop and laptop systems. 1199 00:48:58,370 --> 00:49:01,189 So you have something like the base 1200 00:49:01,190 --> 00:49:02,699 for management, control 1201 00:49:02,700 --> 00:49:04,279 or stuff like that. 1202 00:49:04,280 --> 00:49:05,749 Okay, thanks. 1203 00:49:05,750 --> 00:49:06,750 You're welcome. 1204 00:49:07,430 --> 00:49:09,049 Okay, next question from microphone 1205 00:49:09,050 --> 00:49:10,050 number two. 1206 00:49:10,760 --> 00:49:11,899 Yep. 1207 00:49:11,900 --> 00:49:13,789 Yeah, maybe I was missing it, but I'm 1208 00:49:13,790 --> 00:49:15,799 kind of not seeing like any kind of 1209 00:49:15,800 --> 00:49:16,849 persistence there. 1210 00:49:16,850 --> 00:49:19,129 So I again, like 1211 00:49:19,130 --> 00:49:21,619 maybe clarify what what exactly 1212 00:49:21,620 --> 00:49:23,570 you exploit locally, 1213 00:49:25,280 --> 00:49:27,289 what you exploit while remotely, which is 1214 00:49:27,290 --> 00:49:28,439 like nothing, I think. 1215 00:49:28,440 --> 00:49:30,529 And what changes 1216 00:49:30,530 --> 00:49:32,749 to the systems do you actually do to 1217 00:49:32,750 --> 00:49:34,279 after it's switched off, plugged in 1218 00:49:34,280 --> 00:49:37,079 another network so that it's still there? 1219 00:49:37,080 --> 00:49:39,349 OK, yeah, I forgot to 1220 00:49:39,350 --> 00:49:42,319 to mention how we get the persistency. 1221 00:49:42,320 --> 00:49:43,320 Um? 1222 00:49:48,420 --> 00:49:50,519 OK. AMTI is so powerful 1223 00:49:50,520 --> 00:49:52,949 that you can turn off the platform 1224 00:49:52,950 --> 00:49:55,139 or you can can put the 1225 00:49:55,140 --> 00:49:57,329 platform in standby mode and is 1226 00:49:57,330 --> 00:49:59,219 still up and running, even if you power 1227 00:49:59,220 --> 00:50:00,449 off the platform. 1228 00:50:00,450 --> 00:50:02,609 It's only required that the platform is 1229 00:50:02,610 --> 00:50:04,769 plugged into a power source. 1230 00:50:04,770 --> 00:50:07,139 And if we infiltrate 1231 00:50:07,140 --> 00:50:09,239 the target platform and we shut down 1232 00:50:09,240 --> 00:50:11,959 the system as usual, AMTI 1233 00:50:11,960 --> 00:50:13,619 our Dega is still up and running 1234 00:50:13,620 --> 00:50:15,749 together. And if you turn 1235 00:50:15,750 --> 00:50:17,810 on the platform again, um, 1236 00:50:19,080 --> 00:50:20,499 also Dega is up and running. 1237 00:50:20,500 --> 00:50:22,679 We tested this with the platform 1238 00:50:22,680 --> 00:50:24,149 encryption mechanism. 1239 00:50:24,150 --> 00:50:26,349 Um, the filename 1240 00:50:26,350 --> 00:50:27,569 system. 1241 00:50:27,570 --> 00:50:30,089 He infiltrated the platform 1242 00:50:30,090 --> 00:50:31,049 during runtime. 1243 00:50:31,050 --> 00:50:32,639 Then we turned off the platform, turned 1244 00:50:32,640 --> 00:50:34,679 it on again. We had to type in the 1245 00:50:34,680 --> 00:50:36,329 heartless encryption password and we got 1246 00:50:36,330 --> 00:50:38,159 it so completely. 1247 00:50:38,160 --> 00:50:40,089 Removing the pop lock or having a 1248 00:50:40,090 --> 00:50:41,789 completely dead battery would actually 1249 00:50:41,790 --> 00:50:42,790 remove it. 1250 00:50:43,650 --> 00:50:45,839 Have to remove the power block 1251 00:50:45,840 --> 00:50:47,179 and the battery. 1252 00:50:47,180 --> 00:50:48,180 OK. 1253 00:50:50,520 --> 00:50:52,619 So now the question from number two. 1254 00:50:52,620 --> 00:50:55,409 Yeah, I actually want to know if you 1255 00:50:55,410 --> 00:50:57,389 experienced any difference between host 1256 00:50:57,390 --> 00:50:59,849 based provisioning management engines 1257 00:50:59,850 --> 00:51:01,420 and I 1258 00:51:02,670 --> 00:51:05,339 don't know the other name right now. 1259 00:51:05,340 --> 00:51:07,409 So the one this whole space provision in, 1260 00:51:07,410 --> 00:51:09,509 I think the other one is something 1261 00:51:09,510 --> 00:51:12,239 like enterprise provisions, 1262 00:51:12,240 --> 00:51:14,999 which overrides the config all the time 1263 00:51:15,000 --> 00:51:17,459 when and management service contacted. 1264 00:51:17,460 --> 00:51:19,919 So do you expect any difference in 1265 00:51:19,920 --> 00:51:21,629 your expectations? 1266 00:51:21,630 --> 00:51:22,630 Um. 1267 00:51:24,220 --> 00:51:26,319 I don't really got a question or 1268 00:51:26,320 --> 00:51:27,320 your point. 1269 00:51:27,870 --> 00:51:28,870 Sorry. 1270 00:51:31,410 --> 00:51:33,929 So to use interactivity, 1271 00:51:33,930 --> 00:51:36,509 you have to provision the chip 1272 00:51:36,510 --> 00:51:38,789 by default is enabled but not used, and 1273 00:51:38,790 --> 00:51:40,809 you have to provision it to to enable. 1274 00:51:40,810 --> 00:51:43,259 Yeah, there are two 1275 00:51:43,260 --> 00:51:45,599 methods in the actual version right now, 1276 00:51:45,600 --> 00:51:47,549 though so whole space provisioned which 1277 00:51:47,550 --> 00:51:49,799 you do on the house, on the operating 1278 00:51:49,800 --> 00:51:51,919 system. Yeah. In the enterprise 1279 00:51:51,920 --> 00:51:54,479 space. So for example, 1280 00:51:54,480 --> 00:51:56,819 why the system boots you plug in and USB 1281 00:51:56,820 --> 00:51:59,429 stick and the system gets provisioned 1282 00:51:59,430 --> 00:52:01,529 and configured it contacts. 1283 00:52:01,530 --> 00:52:03,659 And so for example, in you 1284 00:52:03,660 --> 00:52:05,969 send certificate to 1285 00:52:05,970 --> 00:52:07,889 do the whole configuration it overrides. 1286 00:52:07,890 --> 00:52:08,819 It's all at the time. 1287 00:52:08,820 --> 00:52:10,889 It contacts the 1288 00:52:10,890 --> 00:52:12,210 enterprise server, for example, 1289 00:52:13,380 --> 00:52:15,409 on your exploit to you. 1290 00:52:15,410 --> 00:52:17,969 What method methods do you use 1291 00:52:17,970 --> 00:52:20,819 to prove it? Provision of these chips 1292 00:52:20,820 --> 00:52:21,999 into management engine? 1293 00:52:23,460 --> 00:52:25,529 And I don't have any 1294 00:52:25,530 --> 00:52:28,050 experience of the provisions, but. 1295 00:52:29,550 --> 00:52:32,369 I know that certain 1296 00:52:32,370 --> 00:52:34,619 systems are delivered to the customer 1297 00:52:34,620 --> 00:52:37,169 that are already somehow provisioned 1298 00:52:37,170 --> 00:52:38,310 because we are 1299 00:52:39,630 --> 00:52:41,849 already asking for a provisioning server 1300 00:52:41,850 --> 00:52:42,989 at least. 1301 00:52:42,990 --> 00:52:44,279 So that means they are at least 1302 00:52:44,280 --> 00:52:46,019 configured to ask for the provision 1303 00:52:46,020 --> 00:52:47,009 server. 1304 00:52:47,010 --> 00:52:49,079 Um, I don't know 1305 00:52:49,080 --> 00:52:50,080 if this is. 1306 00:52:51,750 --> 00:52:53,790 Useful for any exports so far. 1307 00:52:58,220 --> 00:53:00,019 OK, one question from microphone number 1308 00:53:00,020 --> 00:53:00,949 three. 1309 00:53:00,950 --> 00:53:02,780 Yeah, I can mention that. 1310 00:53:05,390 --> 00:53:07,159 It's actually for a remote deployment. 1311 00:53:07,160 --> 00:53:09,319 That's one of the selling points of 1312 00:53:09,320 --> 00:53:10,909 the manufacturer can ship the laptop 1313 00:53:10,910 --> 00:53:13,459 directly to a user. 1314 00:53:13,460 --> 00:53:15,079 Yeah. The company can then 1315 00:53:16,850 --> 00:53:18,379 push their software. 1316 00:53:18,380 --> 00:53:20,059 But I had a question. 1317 00:53:20,060 --> 00:53:22,309 This has been in laptops 1318 00:53:22,310 --> 00:53:24,649 since 2011. 1319 00:53:24,650 --> 00:53:26,839 Do you know how many laptops 1320 00:53:26,840 --> 00:53:28,479 have been shipped? 1321 00:53:28,480 --> 00:53:30,889 How do you know how many laptops 1322 00:53:30,890 --> 00:53:33,229 have been shipped with this lovely 1323 00:53:33,230 --> 00:53:34,230 feature? 1324 00:53:35,180 --> 00:53:36,950 I think all business laptops. 1325 00:53:37,970 --> 00:53:39,400 Yeah, but 1326 00:53:40,550 --> 00:53:42,319 I don't know if you can ask a 1327 00:53:42,320 --> 00:53:43,489 manufacturer to 1328 00:53:44,660 --> 00:53:45,769 leave it out. I don't know. 1329 00:53:47,170 --> 00:53:48,819 OK, one more question from microphone 1330 00:53:48,820 --> 00:53:49,539 number two, 1331 00:53:49,540 --> 00:53:51,099 especially on laptops. 1332 00:53:51,100 --> 00:53:53,139 Yeah, the keyboard is usually connected 1333 00:53:53,140 --> 00:53:55,209 using PCs to do support 1334 00:53:55,210 --> 00:53:56,769 that, too. 1335 00:53:56,770 --> 00:53:59,079 Um, the Windows version is also 1336 00:53:59,080 --> 00:54:01,209 able to find the driver object for 1337 00:54:01,210 --> 00:54:02,409 the peers to keyboards 1338 00:54:03,700 --> 00:54:05,409 and the Linux. We didn't implement it, 1339 00:54:05,410 --> 00:54:07,479 but at the end of 1340 00:54:07,480 --> 00:54:09,879 the day, it doesn't matter which keyboard 1341 00:54:09,880 --> 00:54:11,649 offer, you have to find, right? 1342 00:54:11,650 --> 00:54:12,609 Yeah, true. 1343 00:54:12,610 --> 00:54:13,610 Thanks. 1344 00:54:14,620 --> 00:54:16,719 OK. Then again, the warm round of 1345 00:54:16,720 --> 00:54:18,070 applause to Mr. Steven. 1346 00:54:23,810 --> 00:54:26,089 And please, when you leave, take 1347 00:54:26,090 --> 00:54:27,559 all your trash with you. 1348 00:54:27,560 --> 00:54:30,109 We don't like collecting your trash and 1349 00:54:30,110 --> 00:54:32,269 we will be back for the next talk later.