Langsung ke konten utama

Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack On Apple Tree Devices

Posted yesteryear Gal Beniamini,

Earlier this twelvemonth nosotros performed research into Broadcom’s Wi-Fi stack. Due to the ubiquity of Broadcom’s stack, nosotros chose to conduct our prior enquiry through the lens of i affected position unit of measurement of products -- the Android ecosystem. To pigment a to a greater extent than consummate painting present of the terra firma of Wi-Fi safety inwards the mobile ecosystem, we’ve chosen to revisit the topic - this fourth dimension through the lens of Apple devices. In this enquiry we’ll perform a deeper dive into each of the affected components, uncovering novel onslaught surfaces, in addition to in conclusion create a total over-the-air exploit chain against iPhones, allowing consummate command over the target device.

Since there’s much Earth to cover, we’ve chosen to separate the enquiry into a three-part spider web log series. The showtime spider web log post service volition focus on exploring the Wi-Fi stack itself in addition to developing the necessary enquiry tools to explore it on the iPhone. In the 2nd spider web log post, we’ll perform enquiry into the Wi-Fi firmware, uncovering multiple vulnerabilities, in addition to prepare an exploit allowing attackers to execute arbitrary code on the Wi-Fi chip itself, requiring no user-interaction. Lastly, inwards the concluding spider web log post service we’ll explore the iPhone’s host isolation mechanisms, enquiry the ways inwards which the Wi-Fi chip interacts amongst the host, in addition to prepare a fully-fledged exploit allowing attackers to gain consummate command over the iOS nitty-gritty over-the-air, requiring no user interaction.

As we’ve mentioned before, Broadcom’s chips are introduce inwards a broad diverseness of devices - ranging from mobile phones to laptops (such every bit Chromebooks) in addition to fifty-fifty Wi-Fi routers. While we’ve chosen to focus our attending on the Apple ecosystem this fourth dimension around, it’s worth mentioning that the Wi-Fi firmware vulnerabilities presented inwards this enquiry comport on other devices every bit well. Additionally, every bit this enquiry deals amongst a different onslaught surface inwards the Wi-Fi firmware, the breadth of affected devices mightiness travel wider than that of our prior research.

More concretely, the Wi-Fi vulnerabilities presented inwards this enquiry comport on many devices inwards the Android ecosystem. For example, 2 of the vulnerabilities (#1, #2) comport on most of Samsung’s flagship devices, including the Milky Way S8, Milky Way S7 Edge in addition to Milky Way S7. Of the two, one vulnerability is also known to comport on Google devices such every bit the Nexus 6P, in addition to some models of Chromebooks. As for Apple’s ecosystem, spell this enquiry deals primarily amongst iPhones, other devices including Apple TV in addition to iWatch are similarly affected yesteryear our findings. The exact breadth of other affected devices has non been investigated further, but is assumed to travel wider.

We’d also similar to regime annotation that until hardware host isolation mechanisms are implemented across the Android ecosystem, every exploitable Wi-Fi firmware vulnerability direct results inwards consummate host takeover. In our previous enquiry nosotros identified the lack of host isolation mechanisms on 2 of the most prominent SoC platforms; Qualcomm’s Snapdragon 810 in addition to Samsung’s Exynos 8890. We are non aware of whatever advances inwards this regard, every bit of yet.

For the purpose of this research, we’ll demonstrate remote code execution on the iPhone seven (the most recent iDevice at the fourth dimension of this research), running iOS 10.2 (14C92). The vulnerabilities presented inwards this enquiry are introduce inwards iOS upward to (and including) version 10.3.3 (apart from #1, which was fixed inwards 10.3.3). Researchers wishing to port the provided enquiry tools in addition to exploits to other versions of iOS or to other iDevices would travel required to suit the referenced symbols.

Over the class of the spider web log post, we’ll get fleshing out a retention enquiry platform for iOS. Throughout this spider web log post service series, we’ll rely on the framework extensively, to both analyse in addition to explore components on the system, including the XNU kernel, hardware components, in addition to the Wi-Fi chipset itself.

The vulnerabilities affecting Apple devices remove hold been addressed inwards iOS 11. Similarly, those affecting Android remove hold been addressed inwards the September bulletin. Note that inside the Android ecosystem, OEMs comport the responsibleness for providing their ain Wi-Fi firmware images (partially due to their high score of customisation). Therefore the corresponding fixes should appear inwards the vendors’ ain bulletins, rather than Android’s safety bulletin.

Creating a Research Platform


Before nosotros tin forcefulness out get exploring, we’ll demand to lay downwards the groundwork first. Ideally, we’d similar to create our ain debugger -- allowing us to both inspect in addition to musical instrument the Wi-Fi firmware, thereby making exploration (and subsequent exploit development) much easier.

During our previous research into Broadcom’s Wi-Fi chip inside the context of the Android ecosystem, this trouble turned out to travel much to a greater extent than straight-forward than expected. Instead of having to create an entire enquiry environs from scratch, nosotros relied on several properties provided yesteryear the Android ecosystem to speed upward the evolution phase.

For starters, many Android devices allow developers to intentionally bypass their safety model, using “rooted” builds (such every bit userdebug). Flashing such a build onto a device allows us to freely explore in addition to interact amongst many components on the system. As the safety model is only bypassed explicitly, the odds of side-effects resulting from our enquiry affecting the system’s deportment are rather slim.

Additionally, Broadcom provides their ain debugging tools to the Android ecosystem, consisting of a command-line utility in addition to a dedicated laid of ioctls inside Broadcom’s device driver, bcmdhd. These tools allow sufficiently privileged users to interact amongst the Wi-Fi chip inwards a diverseness of ways, including the powerfulness to access the chip’s RAM direct -- an essential primitive when constructing a debugger. Basing our ain toolset on this platform allowed us to create a rather comfortable research environment.

Furthermore, Android utilises the Linux Kernel, which is licensed nether GPLv2. Therefore, the kernel’s source code, including that of the device drivers, is freely available. Reading through Broadcom’s device driver (bcmdhd) turned out to travel an invaluable resources -- sparing us some unnecessary reverse-engineering spell also allowing us to easily assess the ways inwards which the chip in addition to host interact amongst i another.

Lastly, some of the data sheets pertaining to the Wi-Fi SoCs used on Android devices were made publicly available yesteryear Cypress next their acquisition of Broadcom’s IoT business. While most of the information inwards the information sheets is irrelevant to our research, nosotros were able to gather a handful of useful clues regarding the architecture of the SoC itself.


Unfortunately, it appears nosotros remove hold no such luck this fourth dimension around!

First, Apple does non supply a “developer-mode” iPhone, nor is at that spot a machinery to selectively bypass the safety model. This agency that inwards fellowship to meaningfully explore the system, researchers are forced to subvert the device’s safety model (i.e., yesteryear jailbreaking). Consequently, exploring different components inside the device is made much to a greater extent than difficult.

Additionally, different the Android ecosystem, Apple has chosen to prepare their entire host-side stack “from scratch”. Most importantly, the iOS drivers used to interact amongst Broadcom’s chip are written yesteryear Apple, in addition to are non based on Broadcom’s FullMAC drivers (bcmdhd or brcmfmac). Other host-side utilities, such every bit Broadcom’s debugging toolchain, are so also non included.

That said, Apple did prepare their ain mechanisms for accessing in addition to debugging the chip. These capabilities are exposed via a laid of privileged ioctls embedded inwards the IO80211Family driver. While the interface itself is undocumented, reverse-engineering the corresponding components inwards both the IO80211Family in addition to AppleBCMWLANCore drivers reveals a rather powerful command channel, in addition to i which could perhaps travel used for the purposes of our research. Unfortunately, access to this interface requires additional entitlements, so preventing us from leveraging it (unless nosotros escalate our privileges).

Lastly, there’s no overlap betwixt the revisions of Wi-Fi chips used on Apple’s devices in addition to those used inwards the Android ecosystem. As we’ll reckon later on, this mightiness travel due to the fact that Apple-specific Wi-Fi chips contain Apple-specific features. Regardless, perhaps unsurprisingly, none of the corresponding information sheets for these SoCs remove hold been made available.


So… it appears we’ll remove hold to bargain amongst a proprietary chip, on a proprietary device running a proprietary operating system. We remove hold our piece of employment cutting out for us! That said, it’s non all doom in addition to gloom; instead of relying on all of the above, we’ll exactly demand to create our ain independent enquiry platform.

Acquiring the ROM?


Let’s start yesteryear analysing the SoC’s firmware in addition to loading it upward into a disassembler. As we’ve seen inwards the previous circular of research, the Wi-Fi firmware consists of a small-scale chunk of ROM containing most of the firmware’s information in addition to code, in addition to a larger blob of RAM housing all of the runtime information structures (such every bit the heap in addition to stack), every bit good every bit patches to the ROM’s code.

Since the RAM blob is loaded into the Wi-Fi chip during its initialisation yesteryear the host, it should travel accessible via the host’s root filesystem. Indeed, after downloading the iPhone’s firmware image, extracting the root filesystem in addition to searching for indicative strings, nosotros are greeted amongst the next result:


Great, so we’ve identified the firmware’s RAM. What’s more, it appears that the Wi-Fi chip embedded inwards the telephone is a BCM4355C0, a model which I haven’t come upward across inwards Android devices inwards the yesteryear (also, it curiously does non appear nether Broadcom’s website).

Regardless, having the RAM icon is all good in addition to good, but what nigh the ROM? After all, the bulk of the code is stored inwards the chip’s ROM. Even if nosotros were to settle for analysing the RAM alone, it’d travel extremely hard to reverse-engineer independently of the ROM every bit many of the functions inwards the one-time address information stored inwards the latter. Without knowing the ROM’s contents, or fifty-fifty its rudimentary layout, we’ll remove hold to resort to guesswork.

However, this is where nosotros come across a fleck of a snag! To extract the ROM we’ll demand to interact amongst the Wi-Fi chip itself... Whereas on Android nosotros could but exercise a “rooted” build to gain elevated privileges, in addition to so access the Wi-Fi SoC via Broadcom’s debugging utilities, at that spot are no comparable mechanisms on the iPhone. In that case, how volition nosotros interact amongst the chip in addition to ultimately extract its ROM?

We could opt for a hardware-based enquiry environment. Reviewing the information sheets for i of Broadcom’s Wi-Fi SoCs, BCM4339, reveals several interfaces through which the chip may travel debugged, including UART in addition to a JTAG interface.


That said, at that spot are several disadvantages to this approach. First, we’d demand to opened upward up the device, locate the required interfaces, in addition to brand sure that nosotros create non harm the telephone inwards the process. Moreover, requiring a such a setup for each enquiry device would effort us to incur important start-up overhead. Perhaps most importantly, relying on a hardware-based approach would restrict the amount of researchers who’d travel willing to utilise our enquiry platform -- both because hardware is a relatively specialised skill-set, in addition to since people mightiness (rightly) travel wary of causing harm to their ain devices.

So what nigh a completely software-based solution? After all, on Android devices nosotros were able to access the chip’s retention solely using software. Perhaps a similar solution would apply to Apple devices?

To respond this question, let’s describe our way through the Android components involved inwards the command menstruum for accessing the Wi-Fi chip’s retention from the host. The menstruum begins amongst a user issuing a retention access command via Broadcom’s debugging utility (“membytes”). This, inwards turn, triggers an ioctl to Broadcom’s driver, requesting the retention access operation. After some processing inside the driver, it performs the requested activity yesteryear direct accessing the chip’s tightly-coupled memory (TCM) from the kernel’s Virtual Address-Space (VAS).

Two Registers Walk Into a BAR


As we’re mostly interested inwards the latter part, let’s disregard the Android-specific components for at nowadays in addition to focus on the machinery inwards bcmdhd allowing TCM access from the host.

Reviewing the driver’s code allows us to larn inwards at relevant code flow. First, the driver enables the PCIe-connected Wi-Fi chip. Then, it accesses the PCIe Configuration Space to computer programme the Wi-Fi chip’s Base Address Registers (BARs). In keeping amongst the PCI standards, programming in addition to mapping inwards the BARs into the host’s address infinite exposes functionality direct from the Wi-Fi SoC to the host, such every bit IO-Space or Memory Space access. Taking a closer expression at Broadcom’s chips, they seem to supply 2 BARs inwards their configuration space; BAR0 in addition to BAR1.

BAR0 is used to map-in registers corresponding to the different cores on the Wi-Fi SoC, including the ARM processor running the firmware’s logic, in addition to to a greater extent than esoteric components such every bit the PCIe Gen 2 core on the Wi-Fi SoC. The cores themselves tin forcefulness out travel selected yesteryear accessing the PCIe configuration infinite i time again, in addition to programming the “BAR0 Window” register, directing it at the backplane address corresponding to the requested core.

BAR1, on the other hand, is used solely to map the Wi-Fi chip’s TCM into the host. Since Broadcom’s driver leverages the TCM access capability extensively, it maps-in BAR1 into the kernel’s virtual address infinite during the device’s initialisation, in addition to doesn’t unmap it until the device shuts down. Once the TCM is mapped into the kernel, all subsequent retention accesses to the chip’s TCM are performed yesteryear but modifying the mapped block inside the kernel’s VAS. Any write operations made to the memory-mapped block are automatically reflected to the Wi-Fi chip’s RAM.

This is all good in addition to good, but what nigh iOS? Since Apple develops their ain drivers for interacting amongst Broadcom’s chips, what holds truthful inwards Broadcom’s drivers doesn’t necessarily apply to Apple’s drivers. After all, nosotros could think of many different approaches to accessing the chip’s memory. For example, instead of mapping the entire TCM into the kernel’s memory, they mightiness elect to only map-in sure regions of the TCM, to map it only on-demand, or fifty-fifty to rely on different chip-access mechanisms altogether.

To larn to the bottom of this, we’ll demand to start reverse-engineering Apple’s drivers. This tin forcefulness out travel done yesteryear extracting the kernelcache from the iPhone’s firmware in addition to loading it into our favourite disassembler. After loading the kernel, nosotros straightaway come upward across 2 driver KEXTs related to Broadcom’s Wi-Fi chip; AppleBCMWLANCore in addition to AppleBCMWLANBusInterfacePCIe.

Spending some fourth dimension reverse-engineering the 2 drivers, it’s speedily evident what their corresponding roles are. AppleBCMWLANCore serves every bit a high-level driver, dealing mostly amongst configuring the Wi-Fi chip, treatment incoming events, in addition to chip-specific features such every bit offloading. In keeping amongst proficient blueprint practices, the driver is unaware of the interface through which the chip is connected, allowing it to focus solely on the logic required to interact amongst the chip. In contrast, AppleBCMWLANBusInterfacePCIe, serves a complementary role; it is a low-level driver tasked amongst treatment all the PCIe related communication protocols, dealing amongst MSI interrupts, in addition to by in addition to large everything interface-related.

We’ll revisit the 2 drivers to a greater extent than in-depth later on, but for at nowadays it’s sufficient to say that nosotros remove hold a relatively proficient thought where to start looking for a potential TCM mapping -- after all, every bit we’ve seen, the TCM access is performed yesteryear mapping the PCIe BARs. Therefore, it would stand upward to argue that such an performance would travel performed yesteryear AppleBCMWLANBusInterfacePCIe.

After reverse-engineering much of the driver, nosotros come upward across a grouping of suspicious-looking functions that appear similar candidates for TCM accessors. All the higher upward functions serve the same purpose -- accessing a memory-mapped buffer, differing from i some other only inwards the size of the give-and-take used (16, 32, or 64-bit). Anecdotally, the corresponding APIs for TCM access inwards the Android driver follow the same structure. What’s more, the higher upward functions all reference the string “Memory”... We mightiness travel onto something!

Kernel Function 0xFFFFFFF006D1D9F0

Cross-referencing our way upward the call-chain, it appears that all of the higher upward functions are methods pertaining to instances of a unmarried class, which incidentally bears the same call every bit that of the driver: AppleBCMWLANBusInterfacePCIe. Since several functions inwards the call-chain are virtual functions, nosotros tin forcefulness out locate the class’s VTable yesteryear searching for 64-bit words containing their addresses inside the kernelcache.


To avoid unnecessary confusion betwixt the object higher upward in addition to the driver, we’ll refer to the object for at nowadays on every bit the “PCIe object”, in addition to we’ll refer to the driver yesteryear its total name; “AppleBCMWLANBusInterfacePCIe”.

Kernel Memory Analysis Framework


Now that we’ve identified mechanisms inwards the nitty-gritty perhaps relating to the Wi-Fi chip’s TCM, our side yesteryear side class of activity is to somehow access them. Had nosotros been able to debug the iOS kernel, nosotros could remove hold but placed a breakpoint on the aforementioned retention access functions, recorded the location of the shared buffer, in addition to so used our debugger to freely access the buffer on our own. However, every bit it happens, iOS offers no such debugger. Indeed, having such a debugger would allow users to subvert the device’s safety model...

Instead, we’ll remove hold to create our nitty-gritty debugger!

Debuggers usually consist of 2 primary pieces of functionality:
  1. The powerfulness to modify the command menstruum of the computer programme (e.g., yesteryear inserting breakpoints)
  2. The powerfulness to inspect (and modify) the information beingness processed yesteryear the program

As it happens, modifying the kernel’s command menstruum on modern Apple devices (such every bit the iPhone 7) is far from trivial. These devices include a dedicated hardware gene -- Apple’s Memory Cache Controller (AMCC), designed to foreclose attackers from modifying the kernel’s code, fifty-fifty inwards the presence of total command over the nitty-gritty itself (i.e., EL1 code execution). While AMCC mightiness brand for an interesting enquiry target inwards its ain right, it’s non the primary focus of our enquiry at this time. Instead, we’ll remove hold to brand create amongst analysing in addition to modifying the data processed yesteryear the kernel.

To gain access to the kernel, we’ll showtime demand to exploit a privilege escalation vulnerability. Luckily, nosotros tin forcefulness out forgo all of the complexity involved inwards developing a functional nitty-gritty exploit, in addition to instead rely on some excellent work yesteryear Ian Beer.

Earlier this year, Ian developed a fully-functional exploit allowing nitty-gritty code execution from whatever sandboxed procedure on the system. Upon successful execution, Ian’s exploit provides 2 primitives - memory-read in addition to memory-write - allowing us to freely explore the kernel’s virtual address-space. Since the exploit was developed against iOS 10.2, we’ll demand exercise the same version on our target iPhone to utilise it.

To allow for increased flexibility, we’ll aim to blueprint our enquiry platform to travel modular; instead of tying the platform to a specific retention access mechanism, we’ll exercise Ian’s exploit every bit a “black-box”, only deferring retention accesses to the exploit’s primitives.

Moreover, it’s of import that whatever organisation nosotros build allows us to explore the device comfortably. Thinking nigh this for a moment, nosotros tin forcefulness out boil it downwards to a few basic requirements:
  1. The analysis should travel done on a developer-friendly machine, non on the iPhone
  2. The platform should travel scriptable in addition to easily extensible
  3. The platform should travel independent of the retention access machinery used

To foreclose whatever dependance on the retention access mechanism, we’ll implement a rudimentary command protocol, allowing clients to perform read or write operation, every bit good every bit offering an “execute” primitive for gadgets inside the kernel’s VAS. Next, we’ll insert a small-scale stub implementing this protocol into the exploit, allowing us to interface amongst the exploit every bit if it were a “black box”. As for the client, it tin forcefulness out travel executed on whatever machine, every bit long every bit it’s able to connect to the server stub in addition to communicate using the higher upward protocol.

A version of Ian Beer’s extra_recipe exploit amongst the aforementioned server stub tin forcefulness out travel institute on our põrnikas tracker, here.

Lastly, there’s the inquiry of the enquiry platform itself. For convenience sake, we’ve decided to prepare the framework every bit a laid of Python scripts, non different forensics frameworks such every bit Volatility. We’ll slow grow the framework every bit nosotros larn along, adding scripts for each novel information construction nosotros come upward across.

Since the iOS nitty-gritty relies heavily on dynamic dispatch, the powerfulness to explore the nitty-gritty inwards a shell-like interface allows us to easily resolve virtual telephone call upward targets yesteryear inspecting the virtual pointers inwards the corresponding objects. We’ll exercise this powerfulness extensively to assist our static analysis inwards position where the code is hard to untangle.

Over the class of our enquiry we’ll prepare several modules for the analysis framework, allowing interaction amongst objects inside the XNU kernel, parts of IOKit, hardware components, in addition to in conclusion the Wi-Fi chip itself.

Setting Up a Test Network


Moving on, we’ll demand to create a segregated assay network, consisting of the target iPhone, a unmarried MacBook (which we’ll exercise to interact amongst the iPhone), in addition to a Wi-Fi router.

As our retention analysis framework transmits information over the network, both the iPhone in addition to the MacBook must travel able to communicate amongst i another. Additionally, every bit we’re using Xcode to deploy the exploit from the MacBook to the iPhone, it’d travel advantageous if the assay network allowed both devices to access the meshing (so the developer profile could travel verified).

Lastly, nosotros require consummate command over all aspects of our Wi-Fi router. This is since the side yesteryear side component of our enquiry volition bargain extensively amongst the Wi-Fi layer. As such we’d similar to reserve the powerfulness to inject, modify in addition to drib frames inside our network -- primitives which may come upward inwards handy later on.

Putting the higher upward requirements together, nosotros larn inwards at the next basic topology:


In my ain lab setup, the role of the Wi-Fi router is fulfilled yesteryear my ThinkPad laptop, running Ubuntu 16.04. I’ve connected 2 SoftMAC TL-WN722N dongles, i for each interface (internal in addition to external). The internal network’s access-point is broadcast using hostapd, in addition to the external interface connects to the meshing using wpa_supplicant. Moreover, network-manager is disabled to foreclose interference amongst our configuration.

Note that it’s imperative that the dongle used to broadcast the internal network’s access-point is a SoftMAC device (and non FullMAC) -- this volition ensure that the MLME in addition to MAC layers are processed yesteryear the host’s software (i.e., yesteryear the Linux Kernel in addition to hostapd), allowing us to easily command the information transmitted over those layers.

The laptop is also minimally configured to perform IP forwarding in addition to to serve every bit a NAT, inwards fellowship to allow connections from the internal network out into the internet. In addition, I’ve laid upward both DNS in addition to DHCP servers, to foreclose the demand for whatever manual configuration. I also recommend setting upward DNS forwarding in addition to blocking Apple’s software-update domains inside your network (mesu.apple.com, appldnld.apple.com).

Depending on your piece of employment environment, it may travel the instance that many (or most) Wi-Fi channels are rather crowded, thereby reducing the signal character substantially. While dropping frames doesn’t ordinarily comport on our powerfulness to exercise the network (frames would but travel re-transmitted), it may for sure effort undesirable effects when attempting to run an over-the-air exploit (as re-transmissions may modify the firmware’s terra firma substantially).

Anecdotally, scanning for nearby networks closed to my desk revealed closed to threescore Wi-Fi networks, causing quite a fleck of vibrations (and frame loss). If yous encounter the same issue, yous tin forcefulness out boost your RSSI yesteryear edifice a small-scale cantenna in addition to connecting it to your dongle:


Finding the TCM


Using our assay network in addition to retention analysis platform, let’s start exploring the kernel’s VAS!

We’ll get the hunt yesteryear searching for the PCIe object inside the kernel. After all, nosotros know that finding the object volition allow us to locate the suspect TCM mapping, bringing us closer to our destination of developing a Wi-Fi firmware debugger. Since we’re unable to position breakpoints, we’ll demand to locate a “path” leading from a known retention location to that of the PCIe object.

So how volition nosotros position the PCIe object i time nosotros come upward across it? Well, spell the C++ standards create non explicitly specify how dynamic dispatch is implemented, most compilers tend to exercise the same ABI for this purpose -- the showtime give-and-take of every object containing virtual functions serves every bit a pointer to that object’s virtual tabular array (commonly referred to every bit the “virtual pointer” or “vptr”). By leveraging this niggling tidbit, nosotros tin forcefulness out build our ain object identification mechanism; but read the showtime give-and-take of each object nosotros come upward across, in addition to banking company check which virtual tabular array it corresponds to. Since we’ve already located the VTable corresponding to the PCIe object we’re after, all we’d demand to create is banking company check each object against that address.

Now that nosotros know how to position the object, nosotros tin forcefulness out get searching for it inside the kernel. But where should nosotros start? After all, the object could travel anywhere inwards the kernel’s VAS. Perhaps nosotros tin forcefulness out gain some to a greater extent than information yesteryear taking a expression at the the object’s constructor. For starters, doing so volition allow us to detect out which allocator is used to create the object; if we’re lucky, the object may travel allocated from a special puddle or stored inwards a static location.

Kernel Function 0xFFFFFFF006D34734

(OSObject’s “new” operator is a wrapper closed to kalloc - the XNU nitty-gritty allocator).

Looking at the code above, it appears that the PCIe object is not allocated from a special pool. Perhaps, instead, the object is addressable through information stored inwards the driver’s BSS or information segments? If so, so yesteryear next every “chain” of pointers originating inwards the higher upward segments, nosotros should travel able to locate a chain terminating at our desired object.

To assay out this hypothesis, let’s write a curt python script to perform a depth-first search for the object, starting inwards the driver’s BSS in addition to information segments. The script but iterates over each 64-bit give-and-take in addition to checks whether it appears to travel a valid nitty-gritty virtual address. If so, it recursively continues the search yesteryear next the pointer in addition to its neighbouring pointers (searching both forwards in addition to backwards), stopping only when the maximal search depth is reached (or the object is located).


After running the DFS in addition to next pointers upward to 10 levels deep, nosotros detect no matching chain. It appears that none of the objects inwards the BSS or information segments contain a (sufficiently short) pointer chain leading to our target object.

So how should nosotros proceed? Let’s choose a minute to consider what nosotros know nigh the object so far. First, the object is allocated using the XNU nitty-gritty allocator, kalloc. We also know the exact size of the resources allotment (3824 bytes). And, of course, nosotros remove hold a agency of identifying the object i time located. Perhaps nosotros could inspect the allocator itself to locate the object...

On the i hand, it’s alone possible that kalloc doesn’t maintain rail of in-use allocations. If so,  tracking downwards our object would travel rather difficult. On the other hand, if kalloc does remove hold a way of identifying yesteryear allocations, nosotros tin forcefulness out parse its information structures in addition to follow the same logic to position our object. To larn to the bottom of this, let’s download the XNU source code corresponding to this version of iOS, in addition to read through kalloc’s implementation.

After spending some fourth dimension familiarising ourselves amongst kalloc’s implementation, nosotros tin forcefulness out sketch a high-level stance of the allocator’s implementation. Since kalloc is a “zone allocator”, each allocated object is assigned a part from which it is drawn. Individual regions are represented yesteryear the zone_t structure, which holds all of the metadata pertaining to the zone.

The allocator’s performance tin forcefulness out travel roughly separate into 2 phases: identifying the corresponding zone for each allocation, in addition to carving the resources allotment from the zone. The identification procedure itself takes on 3 distinct flows, depending on the size of the requested allocation. Once the target zone is identified, the resources allotment procedure proceeds identically for all 3 flows.

So how are the allocations themselves performed? During zones’ lifetimes, they must maintain rail of the their internal metadata, including the zone’s size, the number of stored elements in addition to many other bits in addition to pieces. More importantly, however, the zone must rail the terra firma of the retention pages assigned to it. During the kernel’s lifetime, many objects are allocated in addition to later on freed, causing the different zones’ pages to fill upward up or vacate. If each resources allotment triggered an iteration over all possible pages spell searching for vacancies, kalloc would travel quite inefficient. Instead, this is tackled yesteryear keeping rail of several queues, each denoting the terra firma of the retention pages assigned to the zone.

Among the queues stored inwards each zone are 2 queues of exceptional involvement to us:
  • The “intermediate” queue - contains pages amongst both vacancies in addition to allocated objects.
  • The “all used” queue -  contains pages amongst no vacancies (only filled amongst objects).

Putting it all together, nosotros tin forcefulness out position allocated objects inwards kalloc yesteryear but next the same mechanisms every bit those used yesteryear the allocator to locate the target zone. Once nosotros detect the matching zone, we’ll parse its queues to locate each resources allotment made inside the zone, stopping only when nosotros reach our target object.

Finally, nosotros tin forcefulness out packet all of the higher upward into a module inwards our analysis framework. The module allows us to either manually iterate over zones’ queues, or to locate objects yesteryear their virtual table (optionally accepting the resources allotment size to speedily locate the relevant zone).

Using our novel kalloc module, nosotros tin forcefulness out search for the PCIe object using the VTable address nosotros institute before on. After doing so, nosotros are in conclusion greeted amongst a positive outcome -- the object is successfully located inside the kernel’s VAS! Next, we’ll but follow the same steps nosotros identified inwards the retention accessors analysed before on, inwards fellowship to extract the location of the suspected TCM mapping inside the kernel.

Since the TCM mapping provides a stance into the Wi-Fi chip’s RAM, we’d naturally await it to get amongst the same values every bit those nosotros had identified inwards the RAM file extracted from the firmware. Let’s assay in addition to read out some of the values from the buffer in addition to reckon whether it matches the RAM dump:


Great! So we’ve in conclusion institute the TCM. This brings us i measuring closer to acquiring the ROM, in addition to to edifice a enquiry environs for the Wi-Fi SoC.

Acquiring the ROM


The TCM mapping provides a stance into the Wi-Fi chip’s RAM. While accessing the RAM is undoubtedly useful (as it allows us to gain visibility into the runtime structures used yesteryear the chip, such every bit the heap’s state), it does non allow us to direct access the chip’s ROM. So why did nosotros larn to all of this effort to get with? Well, spell so far nosotros remove hold only used the mapped TCM buffer to read the Wi-Fi SoC’s RAM, recollect that the same mapping also allows us to freely write to it -- whatever information written to the memory-mapped buffer is automatically reflected dorsum to the Wi-Fi SoC’s RAM.

Therefore, nosotros tin forcefulness out leverage our newly acquired write access to the chip’s RAM inwards fellowship to modify the chip’s behaviour. Perhaps most importantly, nosotros tin forcefulness out insert hooks into RAM-resident functions inwards the firmware, in addition to direct their menstruum towards our ain code chunks. As we’ve already built a patching infrastructure inwards the previous spider web log posts, nosotros tin forcefulness out comprise the same code every bit a module inwards our analysis framework!

Doing so allows us to supply a convenient interface through which nosotros but select a target RAM business office in addition to supply a corresponding assembly stub, in addition to the framework so proceeds to patch the business office on our behalf, direct it into our shellcode to execute our claw (and emulate the original prologue), in addition to in conclusion render dorsum to the original function. The shellcode stub itself is written into the top of the heap’s largest costless chunk, allowing us to avoid overwriting whatever of import information structures inwards the RAM.


Building on this technique, let’s insert a claw into a commonly invoked RAM business office (such the the chip’s “ioctl” handler). Once invoked, our claw volition but re-create small-scale “windows” of the ROM into predetermined regions inwards RAM. Note that since the RAM is only slightly larger than the ROM, nosotros cannot leak the entire ROM inwards i go, so we’ll remove hold to resort to this iterative approach instead. Once a ROM chunk is copied, our shellcode stub signals completion, effort the host to later on extract the leaked ROM contents in addition to notify the stub that the side yesteryear side chunk of ROM may travel leaked.


Indeed, after inserting the claw in addition to running the scheme detailed above, nosotros are in conclusion presented amongst a consummate re-create of the chip’s ROM. Now nosotros tin forcefulness out in conclusion motion on to analysing the firmware image!

To properly charge the firmware into a disassembler, we’ll demand to locate the ROM in addition to RAM’s loading addresses, every bit good every bit their respective sizes. As we’ve seen inwards the past, the chip’s ROM is mapped at address null in addition to spans several KBs. The RAM, on the other hand, is ordinarily mapped at a fixed, higher address.

There are multiple ways inwards which the RAM’s loading address tin forcefulness out travel deduced. First, the RAM blob analysed previously embeds its ain loading address at a fixed offset. We tin forcefulness out verify the address’s validity yesteryear attempting to charge the RAM at this offset inwards a disassembler in addition to observing that all the branches resolve correctly. Alternately, nosotros tin forcefulness out extract the loading address from the PCIe object nosotros identified before inwards the kernel, every bit it contains both attributes every bit fields inwards the object.

Regardless, all of the higher upward methods yield the same outcome -- the RAM is loaded at address 0x160000, in addition to is 0xE0000 bytes long:


Building a Wi-Fi Firmware Debugger


Having extracted the ROM in addition to achieved TCM access capabilities, nosotros tin forcefulness out also build a module to allow us to easily interact amongst the Wi-Fi chip. This module volition human activity every bit a debugger of sorts for the Wi-Fi firmware, allowing us to gain total read/write capabilities to the Wi-Fi firmware, every bit good every bit providing several primal debugging features.

Among the features introduce inwards our debugger are the abilities to inspect the heap’s freelist, execute assembly code chunks direct on the firmware, in addition to fifty-fifty hook RAM-resident functions.

In the side yesteryear side spider web log post service we’ll proceed expanding the functionality provided yesteryear this module every bit nosotros larn along, resulting inwards a to a greater extent than consummate enquiry framework.

Wrapping Up


In this spider web log post service we’ve performed our initial investigation into the Wi-Fi stack on Apple’s mobile devices. Using a privileged enquiry platform to poke closed to the kernel, nosotros managed to locate the Wi-Fi firmware’s TCM mapping inwards the host, in addition to to extract the Wi-Fi chip’s ROM for farther analysis. We also started fleshing out our enquiry platform inside the iOS kernel, allowing us to build our real ain Wi-Fi firmware debugger, every bit good several modules for parsing the kernel’s structures -- useful tools for the side yesteryear side stage of our research!

In the side yesteryear side spider web log post, we’ll exercise our firmware debugger inwards fellowship to proceed our exploration of the Wi-Fi chip introduce on the iPhone 7. We’ll perform a deep dive into the firmware, uncovering multiple vulnerabilities in addition to prepare an over-the-air exploit for i of them, allowing us to gain total command over the Wi-Fi SoC.
Label:

Komentar

Posting Komentar

Postingan populer dari blog ini

Chrome Bone Exploit: 1 Byte Overflow As Well As Symlinks

The next article is an invitee weblog post from an external researcher (i.e. the writer is non a or Google researcher). This post is most a Chrome OS exploit I reported to Chrome VRP inward September. The folks were squeamish to allow me do a invitee post most it, therefore hither goes. The study includes a detailed writeup , therefore this post volition have got less detail. 1 byte overflow inward a DNS library In Apr I constitute a TCP port listening on localhost inward Chrome OS. It was an HTTP proxy built into shill, the Chrome OS network manager. The proxy has at nowadays been removed equally component of a fix, but its source tin give notice nonetheless move seen from an one-time revision: shill/http_proxy.cc . The code is unproblematic in addition to doesn’t seem to incorporate whatever obvious exploitable bugs, although it is real liberal inward what it accepts equally incoming HTTP. It calls into the c-ares library for resolving DNS. There was a possible 1 byte ov...
Posting Komentar
Baca selengkapnya

Exception-Oriented Exploitation On Ios

Posted past times Ian Beer, This postal service covers the regain in addition to exploitation of CVE-2017-2370 , a heap buffer overflow inwards the mach_voucher_extract_attr_recipe_trap mach trap. It covers the bug, the evolution of an exploitation technique which involves repeatedly in addition to deliberately crashing in addition to how to build alive meat introspection features using onetime meat exploits. It’s a trap! Alongside a large number of BSD syscalls (like ioctl, mmap, execve in addition to so on) XNU also has a pocket-sized number of extra syscalls supporting the MACH side of the meat called mach traps. Mach trap syscall numbers start at 0x1000000. Here’s a snippet from the syscall_sw.c file where the trap tabular array is defined: /* 12 */ MACH_TRAP(_kernelrpc_mach_vm_deallocate_trap, 3, 5, munge_wll), /* xiii */ MACH_TRAP(kern_invalid, 0, 0, NULL), /* xiv */ MACH_TRAP(_kernelrpc_mach_vm_protect_trap, 5, 7, munge_wllww), Most of the mach traps a...
Posting Komentar
Baca selengkapnya

Lifting The (Hyper) Visor: Bypassing Samsung’S Real-Time Total Protection

Posted yesteryear Gal Beniamini, Traditionally, the operating system’s total is the concluding security boundary standing betwixt an assaulter together with total command over a target system. As such, additional aid must hold upwards taken inwards lodge to ensure the integrity of the kernel. First, when a organization boots, the integrity of its primal components, including that of the operating system’s kernel, must hold upwards verified. This is achieved on Android yesteryear the verified kicking chain . However, only booting an authenticated total is insufficient—what most maintaining the integrity of the total spell the organization is executing? Imagine a scenario where an assaulter is able to abide by together with exploit a vulnerability inwards the operating system’s kernel. Using such a vulnerability, the assaulter may endeavor to subvert the integrity of the total itself, either yesteryear modifying the contents of its code, or yesteryear introducing novel attacker-co...
Posting Komentar
Baca selengkapnya