Langsung ke konten utama

Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack On Apple Tree Devices

Posted past times Gal Beniamini,

Earlier this yr nosotros performed research into Broadcom’s Wi-Fi stack. Due to the ubiquity of Broadcom’s stack, nosotros chose to conduct our prior enquiry through the lens of 1 affected theater unit of measurement of products -- the Android ecosystem. To pigment a to a greater extent than consummate motion painting of the Blue Planet of Wi-Fi safety inward the mobile ecosystem, we’ve chosen to revisit the topic - this fourth dimension through the lens of Apple devices. In this enquiry we’ll perform a deeper dive into each of the affected components, discovery novel onslaught surfaces, together with finally build a total over-the-air exploit chain against iPhones, allowing consummate command over the target device.

Since there’s much Blue Planet to cover, we’ve chosen to separate the enquiry into a three-part weblog series. The root weblog postal service volition focus on exploring the Wi-Fi stack itself together with developing the necessary enquiry tools to explore it on the iPhone. In the 2nd weblog post, we’ll perform enquiry into the Wi-Fi firmware, discovery multiple vulnerabilities, together with educate an exploit allowing attackers to execute arbitrary code on the Wi-Fi chip itself, requiring no user-interaction. Lastly, inward the lastly weblog postal service we’ll explore the iPhone’s host isolation mechanisms, enquiry the ways inward which the Wi-Fi chip interacts alongside the host, together with educate a fully-fledged exploit allowing attackers to gain consummate command over the iOS nitty-gritty over-the-air, requiring no user interaction.

As we’ve mentioned before, Broadcom’s chips are acquaint inward a broad diversity of devices - ranging from mobile phones to laptops (such equally Chromebooks) together with fifty-fifty Wi-Fi routers. While we’ve chosen to focus our attending on the Apple ecosystem this fourth dimension around, it’s worth mentioning that the Wi-Fi firmware vulnerabilities presented inward this enquiry impact other devices equally well. Additionally, equally this enquiry deals alongside a different onslaught surface inward the Wi-Fi firmware, the breadth of affected devices powerfulness live wider than that of our prior research.

More concretely, the Wi-Fi vulnerabilities presented inward this enquiry impact many devices inward the Android ecosystem. For example, 2 of the vulnerabilities (#1, #2) impact most of Samsung’s flagship devices, including the Milky Way S8, Milky Way S7 Edge together with Milky Way S7. Of the two, one vulnerability is also known to impact Google devices such equally the Nexus 6P, together with some models of Chromebooks. As for Apple’s ecosystem, piece this enquiry deals primarily alongside iPhones, other devices including Apple TV together with iWatch are similarly affected past times our findings. The exact breadth of other affected devices has non been investigated further, but is assumed to live wider.

We’d also similar to banking company complaint that until hardware host isolation mechanisms are implemented across the Android ecosystem, every exploitable Wi-Fi firmware vulnerability straight results inward consummate host takeover. In our previous enquiry nosotros identified the lack of host isolation mechanisms on 2 of the most prominent SoC platforms; Qualcomm’s Snapdragon 810 together with Samsung’s Exynos 8890. We are non aware of whatever advances inward this regard, equally of yet.

For the purpose of this research, we’ll demonstrate remote code execution on the iPhone seven (the most recent iDevice at the fourth dimension of this research), running iOS 10.2 (14C92). The vulnerabilities presented inward this enquiry are acquaint inward iOS upwardly to (and including) version 10.3.3 (apart from #1, which was fixed inward 10.3.3). Researchers wishing to port the provided enquiry tools together with exploits to other versions of iOS or to other iDevices would live required to conform the referenced symbols.

Over the class of the weblog post, we’ll get down fleshing out a retentivity enquiry platform for iOS. Throughout this weblog postal service series, we’ll rely on the framework extensively, to both analyse together with explore components on the system, including the XNU kernel, hardware components, together with the Wi-Fi chipset itself.

The vulnerabilities affecting Apple devices receive got been addressed inward iOS 11. Similarly, those affecting Android receive got been addressed inward the September bulletin. Note that inside the Android ecosystem, OEMs conduct the responsibleness for providing their ain Wi-Fi firmware images (partially due to their high marking of customisation). Therefore the corresponding fixes should appear inward the vendors’ ain bulletins, rather than Android’s safety bulletin.

Creating a Research Platform


Before nosotros tin get down exploring, we’ll demand to lay downward the groundwork first. Ideally, we’d similar to do our ain debugger -- allowing us to both inspect together with musical instrument the Wi-Fi firmware, thereby making exploration (and subsequent exploit development) much easier.

During our previous research into Broadcom’s Wi-Fi chip inside the context of the Android ecosystem, this chore turned out to live much to a greater extent than straight-forward than expected. Instead of having to do an entire enquiry environs from scratch, nosotros relied on several properties provided past times the Android ecosystem to speed upwardly the evolution phase.

For starters, many Android devices allow developers to intentionally bypass their safety model, using “rooted” builds (such equally userdebug). Flashing such a build onto a device allows us to freely explore together with interact alongside many components on the system. As the safety model is only bypassed explicitly, the odds of side-effects resulting from our enquiry affecting the system’s behavior are rather slim.

Additionally, Broadcom provides their ain debugging tools to the Android ecosystem, consisting of a command-line utility together with a dedicated laid of ioctls inside Broadcom’s device driver, bcmdhd. These tools allow sufficiently privileged users to interact alongside the Wi-Fi chip inward a diversity of ways, including the powerfulness to access the chip’s RAM straight -- an essential primitive when constructing a debugger. Basing our ain toolset on this platform allowed us to do a rather comfortable research environment.

Furthermore, Android utilises the Linux Kernel, which is licensed nether GPLv2. Therefore, the kernel’s source code, including that of the device drivers, is freely available. Reading through Broadcom’s device driver (bcmdhd) turned out to live an invaluable resources -- sparing us some unnecessary reverse-engineering piece also allowing us to easily assess the ways inward which the chip together with host interact alongside 1 another.

Lastly, some of the data sheets pertaining to the Wi-Fi SoCs used on Android devices were made publicly available past times Cypress next their acquisition of Broadcom’s IoT business. While most of the information inward the information sheets is irrelevant to our research, nosotros were able to gather a handful of useful clues regarding the architecture of the SoC itself.


Unfortunately, it appears nosotros receive got no such luck this fourth dimension around!

First, Apple does non render a “developer-mode” iPhone, nor is at that topographic point a machinery to selectively bypass the safety model. This agency that inward guild to meaningfully explore the system, researchers are forced to subvert the device’s safety model (i.e., past times jailbreaking). Consequently, exploring different components inside the device is made much to a greater extent than difficult.

Additionally, dissimilar the Android ecosystem, Apple has chosen to educate their entire host-side stack “from scratch”. Most importantly, the iOS drivers used to interact alongside Broadcom’s chip are written past times Apple, together with are non based on Broadcom’s FullMAC drivers (bcmdhd or brcmfmac). Other host-side utilities, such equally Broadcom’s debugging toolchain, are hence also non included.

That said, Apple did educate their ain mechanisms for accessing together with debugging the chip. These capabilities are exposed via a laid of privileged ioctls embedded inward the IO80211Family driver. While the interface itself is undocumented, reverse-engineering the corresponding components inward both the IO80211Family together with AppleBCMWLANCore drivers reveals a rather powerful command channel, together with 1 which could perchance live used for the purposes of our research. Unfortunately, access to this interface requires additional entitlements, hence preventing us from leveraging it (unless nosotros escalate our privileges).

Lastly, there’s no overlap betwixt the revisions of Wi-Fi chips used on Apple’s devices together with those used inward the Android ecosystem. As we’ll reckon later on, this powerfulness live due to the fact that Apple-specific Wi-Fi chips contain Apple-specific features. Regardless, perhaps unsurprisingly, none of the corresponding information sheets for these SoCs receive got been made available.


So… it appears we’ll receive got to bargain alongside a proprietary chip, on a proprietary device running a proprietary operating system. We receive got our piece of employment cutting out for us! That said, it’s non all doom together with gloom; instead of relying on all of the above, we’ll precisely demand to do our ain independent enquiry platform.

Acquiring the ROM?


Let’s start past times analysing the SoC’s firmware together with loading it upwardly into a disassembler. As we’ve seen inward the previous circular of research, the Wi-Fi firmware consists of a small-scale chunk of ROM containing most of the firmware’s information together with code, together with a larger blob of RAM housing all of the runtime information structures (such equally the heap together with stack), equally good equally patches to the ROM’s code.

Since the RAM blob is loaded into the Wi-Fi chip during its initialisation past times the host, it should live accessible via the host’s root filesystem. Indeed, after downloading the iPhone’s firmware image, extracting the root filesystem together with searching for indicative strings, nosotros are greeted alongside the next result:


Great, so we’ve identified the firmware’s RAM. What’s more, it appears that the Wi-Fi chip embedded inward the telephone is a BCM4355C0, a model which I haven’t come upwardly across inward Android devices inward the past times (also, it curiously does non appear nether Broadcom’s website).

Regardless, having the RAM icon is all good together with good, but what virtually the ROM? After all, the bulk of the code is stored inward the chip’s ROM. Even if nosotros were to settle for analysing the RAM alone, it’d live extremely hard to reverse-engineer independently of the ROM equally many of the functions inward the old address information stored inward the latter. Without knowing the ROM’s contents, or fifty-fifty its rudimentary layout, we’ll receive got to resort to guesswork.

However, this is where nosotros run across a flake of a snag! To extract the ROM we’ll demand to interact alongside the Wi-Fi chip itself... Whereas on Android nosotros could only usage a “rooted” build to gain elevated privileges, together with so access the Wi-Fi SoC via Broadcom’s debugging utilities, at that topographic point are no comparable mechanisms on the iPhone. In that case, how volition nosotros interact alongside the chip together with ultimately extract its ROM?

We could opt for a hardware-based enquiry environment. Reviewing the information sheets for 1 of Broadcom’s Wi-Fi SoCs, BCM4339, reveals several interfaces through which the chip may live debugged, including UART together with a JTAG interface.


That said, at that topographic point are several disadvantages to this approach. First, we’d demand to opened upwardly up the device, locate the required interfaces, together with brand sure that nosotros do non impairment the telephone inward the process. Moreover, requiring a such a setup for each enquiry device would drive us to incur important start-up overhead. Perhaps most importantly, relying on a hardware-based approach would limit the amount of researchers who’d live willing to utilise our enquiry platform -- both because hardware is a relatively specialised skill-set, together with since people powerfulness (rightly) live wary of causing impairment to their ain devices.

So what virtually a completely software-based solution? After all, on Android devices nosotros were able to access the chip’s retentivity solely using software. Perhaps a similar solution would apply to Apple devices?

To respond this question, let’s draw our way through the Android components involved inward the command menstruation for accessing the Wi-Fi chip’s retentivity from the host. The menstruation begins alongside a user issuing a retentivity access command via Broadcom’s debugging utility (“membytes”). This, inward turn, triggers an ioctl to Broadcom’s driver, requesting the retentivity access operation. After some processing inside the driver, it performs the requested activeness past times straight accessing the chip’s tightly-coupled memory (TCM) from the kernel’s Virtual Address-Space (VAS).

Two Registers Walk Into a BAR


As we’re mostly interested inward the latter part, let’s disregard the Android-specific components for at nowadays together with focus on the machinery inward bcmdhd allowing TCM access from the host.

Reviewing the driver’s code allows us to brand it at relevant code flow. First, the driver enables the PCIe-connected Wi-Fi chip. Then, it accesses the PCIe Configuration Space to computer program the Wi-Fi chip’s Base Address Registers (BARs). In keeping alongside the PCI standards, programming together with mapping inward the BARs into the host’s address infinite exposes functionality straight from the Wi-Fi SoC to the host, such equally IO-Space or Memory Space access. Taking a closer facial expression at Broadcom’s chips, they seem to render 2 BARs inward their configuration space; BAR0 together with BAR1.

BAR0 is used to map-in registers corresponding to the different cores on the Wi-Fi SoC, including the ARM processor running the firmware’s logic, together with to a greater extent than esoteric components such equally the PCIe Gen 2 core on the Wi-Fi SoC. The cores themselves tin live selected past times accessing the PCIe configuration infinite 1 time again, together with programming the “BAR0 Window” register, directing it at the backplane address corresponding to the requested core.

BAR1, on the other hand, is used solely to map the Wi-Fi chip’s TCM into the host. Since Broadcom’s driver leverages the TCM access capability extensively, it maps-in BAR1 into the kernel’s virtual address infinite during the device’s initialisation, together with doesn’t unmap it until the device shuts down. Once the TCM is mapped into the kernel, all subsequent retentivity accesses to the chip’s TCM are performed past times only modifying the mapped block inside the kernel’s VAS. Any write operations made to the memory-mapped block are automatically reflected to the Wi-Fi chip’s RAM.

This is all good together with good, but what virtually iOS? Since Apple develops their ain drivers for interacting alongside Broadcom’s chips, what holds truthful inward Broadcom’s drivers doesn’t necessarily apply to Apple’s drivers. After all, nosotros could think of many different approaches to accessing the chip’s memory. For example, instead of mapping the entire TCM into the kernel’s memory, they powerfulness elect to only map-in sure regions of the TCM, to map it only on-demand, or fifty-fifty to rely on different chip-access mechanisms altogether.

To larn to the bottom of this, we’ll demand to start reverse-engineering Apple’s drivers. This tin live done past times extracting the kernelcache from the iPhone’s firmware together with loading it into our favourite disassembler. After loading the kernel, nosotros straight off come upwardly across 2 driver KEXTs related to Broadcom’s Wi-Fi chip; AppleBCMWLANCore together with AppleBCMWLANBusInterfacePCIe.

Spending some fourth dimension reverse-engineering the 2 drivers, it’s speedily evident what their corresponding roles are. AppleBCMWLANCore serves equally a high-level driver, dealing mostly alongside configuring the Wi-Fi chip, treatment incoming events, together with chip-specific features such equally offloading. In keeping alongside skilful blueprint practices, the driver is unaware of the interface through which the chip is connected, allowing it to focus solely on the logic required to interact alongside the chip. In contrast, AppleBCMWLANBusInterfacePCIe, serves a complementary role; it is a low-level driver tasked alongside treatment all the PCIe related communication protocols, dealing alongside MSI interrupts, together with to a greater extent than oft than non everything interface-related.

We’ll revisit the 2 drivers to a greater extent than in-depth later on, but for at nowadays it’s sufficient to say that nosotros receive got a relatively skilful thought where to start looking for a potential TCM mapping -- after all, equally we’ve seen, the TCM access is performed past times mapping the PCIe BARs. Therefore, it would stand upwardly to argue that such an performance would live performed past times AppleBCMWLANBusInterfacePCIe.

After reverse-engineering much of the driver, nosotros come upwardly across a grouping of suspicious-looking functions that appear similar candidates for TCM accessors. All the higher upwardly functions serve the same purpose -- accessing a memory-mapped buffer, differing from 1 some other only inward the size of the give-and-take used (16, 32, or 64-bit). Anecdotally, the corresponding APIs for TCM access inward the Android driver follow the same structure. What’s more, the higher upwardly functions all reference the string “Memory”... We powerfulness live onto something!

Kernel Function 0xFFFFFFF006D1D9F0

Cross-referencing our way upwardly the call-chain, it appears that all of the higher upwardly functions are methods pertaining to instances of a unmarried class, which incidentally bears the same call equally that of the driver: AppleBCMWLANBusInterfacePCIe. Since several functions inward the call-chain are virtual functions, nosotros tin locate the class’s VTable past times searching for 64-bit words containing their addresses inside the kernelcache.


To avoid unnecessary confusion betwixt the object higher upwardly together with the driver, we’ll refer to the object for at nowadays on equally the “PCIe object”, together with we’ll refer to the driver past times its total name; “AppleBCMWLANBusInterfacePCIe”.

Kernel Memory Analysis Framework


Now that we’ve identified mechanisms inward the nitty-gritty perchance relating to the Wi-Fi chip’s TCM, our side past times side class of activeness is to somehow access them. Had nosotros been able to debug the iOS kernel, nosotros could receive got only placed a breakpoint on the aforementioned retentivity access functions, recorded the location of the shared buffer, together with so used our debugger to freely access the buffer on our own. However, equally it happens, iOS offers no such debugger. Indeed, having such a debugger would allow users to subvert the device’s safety model...

Instead, we’ll receive got to do our nitty-gritty debugger!

Debuggers usually consist of 2 principal pieces of functionality:
  1. The powerfulness to modify the command menstruation of the computer program (e.g., past times inserting breakpoints)
  2. The powerfulness to inspect (and modify) the information beingness processed past times the program

As it happens, modifying the kernel’s command menstruation on modern Apple devices (such equally the iPhone 7) is far from trivial. These devices include a dedicated hardware gene -- Apple’s Memory Cache Controller (AMCC), designed to forestall attackers from modifying the kernel’s code, fifty-fifty inward the presence of total command over the nitty-gritty itself (i.e., EL1 code execution). While AMCC powerfulness brand for an interesting enquiry target inward its ain right, it’s non the principal focus of our enquiry at this time. Instead, we’ll receive got to brand do alongside analysing together with modifying the data processed past times the kernel.

To gain access to the kernel, we’ll root demand to exploit a privilege escalation vulnerability. Luckily, nosotros tin forgo all of the complexity involved inward developing a functional nitty-gritty exploit, together with instead rely on some excellent work past times Ian Beer.

Earlier this year, Ian developed a fully-functional exploit allowing nitty-gritty code execution from whatever sandboxed procedure on the system. Upon successful execution, Ian’s exploit provides 2 primitives - memory-read together with memory-write - allowing us to freely explore the kernel’s virtual address-space. Since the exploit was developed against iOS 10.2, we’ll demand usage the same version on our target iPhone to utilise it.

To allow for increased flexibility, we’ll aim to blueprint our enquiry platform to live modular; instead of tying the platform to a specific retentivity access mechanism, we’ll usage Ian’s exploit equally a “black-box”, only deferring retentivity accesses to the exploit’s primitives.

Moreover, it’s of import that whatever organisation nosotros build allows us to explore the device comfortably. Thinking virtually this for a moment, nosotros tin boil it downward to a few basic requirements:
  1. The analysis should live done on a developer-friendly machine, non on the iPhone
  2. The platform should live scriptable together with easily extensible
  3. The platform should live independent of the retentivity access machinery used

To forestall whatever dependance on the retentivity access mechanism, we’ll implement a rudimentary command protocol, allowing clients to perform read or write operation, equally good equally offering an “execute” primitive for gadgets inside the kernel’s VAS. Next, we’ll insert a small-scale stub implementing this protocol into the exploit, allowing us to interface alongside the exploit equally if it were a “black box”. As for the client, it tin live executed on whatever machine, equally long equally it’s able to connect to the server stub together with communicate using the higher upwardly protocol.

A version of Ian Beer’s extra_recipe exploit alongside the aforementioned server stub tin live flora on our põrnikas tracker, here.

Lastly, there’s the enquiry of the enquiry platform itself. For convenience sake, we’ve decided to educate the framework equally a laid of Python scripts, non dissimilar forensics frameworks such equally Volatility. We’ll piece of cake grow the framework equally nosotros become along, adding scripts for each novel information construction nosotros come upwardly across.

Since the iOS nitty-gritty relies heavily on dynamic dispatch, the powerfulness to explore the nitty-gritty inward a shell-like interface allows us to easily resolve virtual telephone phone targets past times inspecting the virtual pointers inward the corresponding objects. We’ll usage this powerfulness extensively to assist our static analysis inward house where the code is hard to untangle.

Over the class of our enquiry we’ll educate several modules for the analysis framework, allowing interaction alongside objects inside the XNU kernel, parts of IOKit, hardware components, together with finally the Wi-Fi chip itself.

Setting Up a Test Network


Moving on, we’ll demand to do a segregated examine network, consisting of the target iPhone, a unmarried MacBook (which we’ll usage to interact alongside the iPhone), together with a Wi-Fi router.

As our retentivity analysis framework transmits information over the network, both the iPhone together with the MacBook must live able to communicate alongside 1 another. Additionally, equally we’re using Xcode to deploy the exploit from the MacBook to the iPhone, it’d live advantageous if the examine network allowed both devices to access the meshwork (so the developer profile could live verified).

Lastly, nosotros require consummate command over all aspects of our Wi-Fi router. This is since the side past times side constituent of our enquiry volition bargain extensively alongside the Wi-Fi layer. As such we’d similar to reserve the powerfulness to inject, modify together with drib frames inside our network -- primitives which may come upwardly inward handy later on.

Putting the higher upwardly requirements together, nosotros brand it at the next basic topology:


In my ain lab setup, the role of the Wi-Fi router is fulfilled past times my ThinkPad laptop, running Ubuntu 16.04. I’ve connected 2 SoftMAC TL-WN722N dongles, 1 for each interface (internal together with external). The internal network’s access-point is broadcast using hostapd, together with the external interface connects to the meshwork using wpa_supplicant. Moreover, network-manager is disabled to forestall interference alongside our configuration.

Note that it’s imperative that the dongle used to broadcast the internal network’s access-point is a SoftMAC device (and non FullMAC) -- this volition ensure that the MLME together with MAC layers are processed past times the host’s software (i.e., past times the Linux Kernel together with hostapd), allowing us to easily command the information transmitted over those layers.

The laptop is also minimally configured to perform IP forwarding together with to serve equally a NAT, inward guild to allow connections from the internal network out into the internet. In addition, I’ve laid upwardly both DNS together with DHCP servers, to forestall the demand for whatever manual configuration. I also recommend setting upwardly DNS forwarding together with blocking Apple’s software-update domains inside your network (mesu.apple.com, appldnld.apple.com).

Depending on your piece of employment environment, it may live the instance that many (or most) Wi-Fi channels are rather crowded, thereby reducing the signal character substantially. While dropping frames doesn’t usually impact our powerfulness to usage the network (frames would only live re-transmitted), it may sure drive undesirable effects when attempting to run an over-the-air exploit (as re-transmissions may alteration the firmware’s Blue Planet substantially).

Anecdotally, scanning for nearby networks closed to my desk revealed closed to lx Wi-Fi networks, causing quite a flake of vibrations (and frame loss). If you lot encounter the same issue, you lot tin boost your RSSI past times edifice a small-scale cantenna together with connecting it to your dongle:


Finding the TCM


Using our examine network together with retentivity analysis platform, let’s start exploring the kernel’s VAS!

We’ll get down the hunt past times searching for the PCIe object inside the kernel. After all, nosotros know that finding the object volition allow us to locate the suspect TCM mapping, bringing us closer to our finish of developing a Wi-Fi firmware debugger. Since we’re unable to house breakpoints, we’ll demand to locate a “path” leading from a known retentivity location to that of the PCIe object.

So how volition nosotros position the PCIe object 1 time nosotros come upwardly across it? Well, piece the C++ standards do non explicitly specify how dynamic dispatch is implemented, most compilers tend to usage the same ABI for this purpose -- the root give-and-take of every object containing virtual functions serves equally a pointer to that object’s virtual tabular array (commonly referred to equally the “virtual pointer” or “vptr”). By leveraging this piddling tidbit, nosotros tin build our ain object identification mechanism; only read the root give-and-take of each object nosotros come upwardly across, together with banking company check which virtual tabular array it corresponds to. Since we’ve already located the VTable corresponding to the PCIe object we’re after, all we’d demand to do is banking company check each object against that address.

Now that nosotros know how to position the object, nosotros tin get down searching for it inside the kernel. But where should nosotros start? After all, the object could live anywhere inward the kernel’s VAS. Perhaps nosotros tin gain some to a greater extent than information past times taking a facial expression at the the object’s constructor. For starters, doing so volition allow us to detect out which allocator is used to do the object; if we’re lucky, the object may live allocated from a special puddle or stored inward a static location.

Kernel Function 0xFFFFFFF006D34734

(OSObject’s “new” operator is a wrapper closed to kalloc - the XNU nitty-gritty allocator).

Looking at the code above, it appears that the PCIe object is not allocated from a special pool. Perhaps, instead, the object is addressable through information stored inward the driver’s BSS or information segments? If so, so past times next every “chain” of pointers originating inward the higher upwardly segments, nosotros should live able to locate a chain terminating at our desired object.

To examine out this hypothesis, let’s write a brusk python script to perform a depth-first search for the object, starting inward the driver’s BSS together with information segments. The script only iterates over each 64-bit give-and-take together with checks whether it appears to live a valid nitty-gritty virtual address. If so, it recursively continues the search past times next the pointer together with its neighbouring pointers (searching both forwards together with backwards), stopping only when the maximal search depth is reached (or the object is located).


After running the DFS together with next pointers upwardly to 10 levels deep, nosotros detect no matching chain. It appears that none of the objects inward the BSS or information segments contain a (sufficiently short) pointer chain leading to our target object.

So how should nosotros proceed? Let’s select a minute to consider what nosotros know virtually the object so far. First, the object is allocated using the XNU nitty-gritty allocator, kalloc. We also know the exact size of the allotment (3824 bytes). And, of course, nosotros receive got a agency of identifying the object 1 time located. Perhaps nosotros could inspect the allocator itself to locate the object...

On the 1 hand, it’s only possible that kalloc doesn’t maintain rail of in-use allocations. If so,  tracking downward our object would live rather difficult. On the other hand, if kalloc does receive got a way of identifying past times allocations, nosotros tin parse its information structures together with follow the same logic to position our object. To larn to the bottom of this, let’s download the XNU source code corresponding to this version of iOS, together with read through kalloc’s implementation.

After spending some fourth dimension familiarising ourselves alongside kalloc’s implementation, nosotros tin sketch a high-level persuasion of the allocator’s implementation. Since kalloc is a “zone allocator”, each allocated object is assigned a part from which it is drawn. Individual regions are represented past times the zone_t structure, which holds all of the metadata pertaining to the zone.

The allocator’s performance tin live roughly separate into 2 phases: identifying the corresponding zone for each allocation, together with carving the allotment from the zone. The identification procedure itself takes on 3 distinct flows, depending on the size of the requested allocation. Once the target zone is identified, the allotment procedure proceeds identically for all 3 flows.

So how are the allocations themselves performed? During zones’ lifetimes, they must maintain rail of the their internal metadata, including the zone’s size, the number of stored elements together with many other bits together with pieces. More importantly, however, the zone must rail the Blue Planet of the retentivity pages assigned to it. During the kernel’s lifetime, many objects are allocated together with after freed, causing the different zones’ pages to fill upwardly up or vacate. If each allotment triggered an iteration over all possible pages piece searching for vacancies, kalloc would live quite inefficient. Instead, this is tackled past times keeping rail of several queues, each denoting the Blue Planet of the retentivity pages assigned to the zone.

Among the queues stored inward each zone are 2 queues of especial involvement to us:
  • The “intermediate” queue - contains pages alongside both vacancies together with allocated objects.
  • The “all used” queue -  contains pages alongside no vacancies (only filled alongside objects).

Putting it all together, nosotros tin position allocated objects inward kalloc past times only next the same mechanisms equally those used past times the allocator to locate the target zone. Once nosotros detect the matching zone, we’ll parse its queues to locate each allotment made inside the zone, stopping only when nosotros compass our target object.

Finally, nosotros tin bundle all of the higher upwardly into a module inward our analysis framework. The module allows us to either manually iterate over zones’ queues, or to locate objects past times their virtual table (optionally accepting the allotment size to speedily locate the relevant zone).

Using our novel kalloc module, nosotros tin search for the PCIe object using the VTable address nosotros flora before on. After doing so, nosotros are finally greeted alongside a positive resultant -- the object is successfully located inside the kernel’s VAS! Next, we’ll only follow the same steps nosotros identified inward the retentivity accessors analysed before on, inward guild to extract the location of the suspected TCM mapping inside the kernel.

Since the TCM mapping provides a persuasion into the Wi-Fi chip’s RAM, we’d naturally await it to get down alongside the same values equally those nosotros had identified inward the RAM file extracted from the firmware. Let’s attempt together with read out some of the values from the buffer together with reckon whether it matches the RAM dump:


Great! So we’ve finally flora the TCM. This brings us 1 mensuration closer to acquiring the ROM, together with to edifice a enquiry environs for the Wi-Fi SoC.

Acquiring the ROM


The TCM mapping provides a persuasion into the Wi-Fi chip’s RAM. While accessing the RAM is undoubtedly useful (as it allows us to gain visibility into the runtime structures used past times the chip, such equally the heap’s state), it does non allow us to straight access the chip’s ROM. So why did nosotros become to all of this travail to get down with? Well, piece hence far nosotros receive got only used the mapped TCM buffer to read the Wi-Fi SoC’s RAM, retrieve that the same mapping also allows us to freely write to it -- whatever information written to the memory-mapped buffer is automatically reflected dorsum to the Wi-Fi SoC’s RAM.

Therefore, nosotros tin leverage our newly acquired write access to the chip’s RAM inward guild to modify the chip’s behaviour. Perhaps most importantly, nosotros tin insert hooks into RAM-resident functions inward the firmware, together with direct their menstruation towards our ain code chunks. As we’ve already built a patching infrastructure inward the previous weblog posts, nosotros tin comprise the same code equally a module inward our analysis framework!

Doing so allows us to render a convenient interface through which nosotros only select a target RAM business office together with render a corresponding assembly stub, together with the framework so proceeds to patch the business office on our behalf, direct it into our shellcode to execute our claw (and emulate the original prologue), together with finally render dorsum to the original function. The shellcode stub itself is written into the top of the heap’s largest costless chunk, allowing us to avoid overwriting whatever of import information structures inward the RAM.


Building on this technique, let’s insert a claw into a commonly invoked RAM business office (such the the chip’s “ioctl” handler). Once invoked, our claw volition only re-create small-scale “windows” of the ROM into predetermined regions inward RAM. Note that since the RAM is only slightly larger than the ROM, nosotros cannot leak the entire ROM inward 1 go, so we’ll receive got to resort to this iterative approach instead. Once a ROM chunk is copied, our shellcode stub signals completion, drive the host to after extract the leaked ROM contents together with notify the stub that the side past times side chunk of ROM may live leaked.


Indeed, after inserting the claw together with running the scheme detailed above, nosotros are finally presented alongside a consummate re-create of the chip’s ROM. Now nosotros tin finally motility on to analysing the firmware image!

To properly charge the firmware into a disassembler, we’ll demand to locate the ROM together with RAM’s loading addresses, equally good equally their respective sizes. As we’ve seen inward the past, the chip’s ROM is mapped at address null together with spans several KBs. The RAM, on the other hand, is usually mapped at a fixed, higher address.

There are multiple ways inward which the RAM’s loading address tin live deduced. First, the RAM blob analysed previously embeds its ain loading address at a fixed offset. We tin verify the address’s validity past times attempting to charge the RAM at this offset inward a disassembler together with observing that all the branches resolve correctly. Alternately, nosotros tin extract the loading address from the PCIe object nosotros identified before inward the kernel, equally it contains both attributes equally fields inward the object.

Regardless, all of the higher upwardly methods yield the same resultant -- the RAM is loaded at address 0x160000, together with is 0xE0000 bytes long:


Building a Wi-Fi Firmware Debugger


Having extracted the ROM together with achieved TCM access capabilities, nosotros tin also build a module to allow us to easily interact alongside the Wi-Fi chip. This module volition human activeness equally a debugger of sorts for the Wi-Fi firmware, allowing us to gain total read/write capabilities to the Wi-Fi firmware, equally good equally providing several primal debugging features.

Among the features acquaint inward our debugger are the abilities to inspect the heap’s freelist, execute assembly code chunks straight on the firmware, together with fifty-fifty hook RAM-resident functions.

In the side past times side weblog postal service we’ll maintain expanding the functionality provided past times this module equally nosotros become along, resulting inward a to a greater extent than consummate enquiry framework.

Wrapping Up


In this weblog postal service we’ve performed our initial investigation into the Wi-Fi stack on Apple’s mobile devices. Using a privileged enquiry platform to poke closed to the kernel, nosotros managed to locate the Wi-Fi firmware’s TCM mapping inward the host, together with to extract the Wi-Fi chip’s ROM for farther analysis. We also started fleshing out our enquiry platform inside the iOS kernel, allowing us to build our really ain Wi-Fi firmware debugger, equally good several modules for parsing the kernel’s structures -- useful tools for the side past times side stage of our research!

In the side past times side weblog post, we’ll usage our firmware debugger inward guild to maintain our exploration of the Wi-Fi chip acquaint on the iPhone 7. We’ll perform a deep dive into the firmware, discovery multiple vulnerabilities together with educate an over-the-air exploit for 1 of them, allowing us to gain total command over the Wi-Fi SoC.
Label:

Komentar

Posting Komentar

Postingan populer dari blog ini

Exception-Oriented Exploitation On Ios

Posted past times Ian Beer, This postal service covers the regain in addition to exploitation of CVE-2017-2370 , a heap buffer overflow inwards the mach_voucher_extract_attr_recipe_trap mach trap. It covers the bug, the evolution of an exploitation technique which involves repeatedly in addition to deliberately crashing in addition to how to build alive meat introspection features using onetime meat exploits. It’s a trap! Alongside a large number of BSD syscalls (like ioctl, mmap, execve in addition to so on) XNU also has a pocket-sized number of extra syscalls supporting the MACH side of the meat called mach traps. Mach trap syscall numbers start at 0x1000000. Here’s a snippet from the syscall_sw.c file where the trap tabular array is defined: /* 12 */ MACH_TRAP(_kernelrpc_mach_vm_deallocate_trap, 3, 5, munge_wll), /* xiii */ MACH_TRAP(kern_invalid, 0, 0, NULL), /* xiv */ MACH_TRAP(_kernelrpc_mach_vm_protect_trap, 5, 7, munge_wllww), Most of the mach traps a
Posting Komentar
Baca selengkapnya

Lifting The (Hyper) Visor: Bypassing Samsung’S Real-Time Total Protection

Posted yesteryear Gal Beniamini, Traditionally, the operating system’s total is the concluding security boundary standing betwixt an assaulter together with total command over a target system. As such, additional aid must hold upwards taken inwards lodge to ensure the integrity of the kernel. First, when a organization boots, the integrity of its primal components, including that of the operating system’s kernel, must hold upwards verified. This is achieved on Android yesteryear the verified kicking chain . However, only booting an authenticated total is insufficient—what most maintaining the integrity of the total spell the organization is executing? Imagine a scenario where an assaulter is able to abide by together with exploit a vulnerability inwards the operating system’s kernel. Using such a vulnerability, the assaulter may endeavor to subvert the integrity of the total itself, either yesteryear modifying the contents of its code, or yesteryear introducing novel attacker-co
Posting Komentar
Baca selengkapnya

Chrome Bone Exploit: 1 Byte Overflow As Well As Symlinks

The next article is an invitee weblog post from an external researcher (i.e. the writer is non a or Google researcher). This post is most a Chrome OS exploit I reported to Chrome VRP inward September. The folks were squeamish to allow me do a invitee post most it, therefore hither goes. The study includes a detailed writeup , therefore this post volition have got less detail. 1 byte overflow inward a DNS library In Apr I constitute a TCP port listening on localhost inward Chrome OS. It was an HTTP proxy built into shill, the Chrome OS network manager. The proxy has at nowadays been removed equally component of a fix, but its source tin give notice nonetheless move seen from an one-time revision: shill/http_proxy.cc . The code is unproblematic in addition to doesn’t seem to incorporate whatever obvious exploitable bugs, although it is real liberal inward what it accepts equally incoming HTTP. It calls into the c-ares library for resolving DNS. There was a possible 1 byte ov
Posting Komentar
Baca selengkapnya