In recent years, we have been witnessing a steady increase in security vulnerabilities in firmware. Nearly all of these issues require local (often privileged) or physical access to exploit. In this talk, we will present novel *remote* attacks on system firmware. In this talk, we will show different remote attack vectors into system firmware, including networking, updates over the Internet, and error reporting. We will also be demonstrating and remotely exploiting vulnerabilities in different UEFI firmware implementations which can lead to installing persistent implants remotely at scale. The proof-of-concept exploit is less than 800 bytes. How can we defend against such firmware attacks? We will analyze the remotely exploitable UEFI and BMC attack surface of modern systems, explain specific mitigations for the discussed vulnerabilities, and provide recommendations to detect such attacks and discover compromised systems.

1. RemotelyAttackingSystemFirmware
AlexBazhaniuk JesseMichael MickeyShkatov

2. • Overview
• Remoteattacksurface
• BIOSRemoteattackvectors
• Walkthroughexploits
• Detectingcompromise
Agenda

3. Overview

4. Overview
14
3
3
4 5 6
2
2
1
5 6

5. BMC-RemoteAttacksurface
1
2
3
1
2
3
CPU
SRAM
FLASH

6. BMC-RemoteAttacksurface
• DesignedforOutofBandservermanagement
• Commonusecases
-KVM
-BIOSFLASH
-Etc.
• Licensingtiers

7. Nmap scanreportforsupermicro-x11ssm-bmc.x.x.x (x.x.x.x)
Not shown: 65530closedports
PORT STATESERVICE REASON VERSION
80/tcp open http syn-ackttl 64ATEN/SupermicroIPMIwebinterface
443/tcp open ssl/http syn-ackttl64ATEN/SupermicroIPMIwebinterface
623/tcp open asf-rmcpsyn-ackttl 64SuperMicroIPMIRMCP
5900/tcp open vnc syn-ackttl 64VNC(protocol3.8)
MACAddress:0C:C4:7A:40:60:97(SuperMicroComputer)
Nmap done: 1IPaddress(1host up)scanned in 1403.00 seconds
BMC-RemoteAttacksurface

8. BMC-RemoteAttacksurface
IPMISpecification, V2.0,Rev.1.1
1
2
3 4
1
2
3
SHAREDorDEDICATEDNIC
SERIAL/MODEM
IPMBRemote management Card
4
4 ICMBBridge

9. HP iLO4 auth
bypass and
RCE
Multiplevulnsincluding
trivialauthbypass: curl
-H"Connection:
AAAAAAAAAAAAAAAAA
AAAAAAAAAAAA"
2018
SMC PSBlock
password file
vulnerability
Zachary Wikholmdiscoveredthat
Supermicro BMCshaveplaintext
passwordfilewhichcould be
retrievedremotely withoutauth,
32koninternet
2014
Many BMC/IPMI
vulnerabilities
published
Dan Farmer andHDMoore
foundover 300kBMCs
connected totheinternet,53k
vulnerabletocipher-zeroauth
bypass
2013
IPMI v2.0
spec
NewfeaturesincludingSerial
over LAN,Enhanced
Authentication,Firmware
Firewall, andVLANsupport
2004
IPMI v1.5 spec
Manyenhancementstobase
specification includingIPMI
over LANandIPMIover
Serial/Modem
IPMI v1.0 spec
BaseversionofIPMI
specification released
1998
BMC/IPMIhistory
2001
BMC-RemoteAttacksurface

10. ME/AMTRemoteAttacksurface
- CodeloadedfromplatformSPI
- Coderunning indedicatedCPUinchipset
- UsesdedicatedRAM&mainRAM

11. ME/AMTRemoteAttacksurface
Manageability Ports
16992 Intel(R)AMTHTTP
16993 Intel(R)AMTHTTPS
16994 Intel(R)AMTRedirection/TCP
16995 Intel(R)AMTRedirection/TLS
623 ASFRemoteManagement andControlProtocol(ASF-RMCP)
664 ASFSecureRemoteManagementandControlProtocol(ASF-RMCP)
5900 VNC(VirtualNetworkComputing)-remotecontrolprogram
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide

12. Multiple vulns
in AMT v8
through v11
PositiveTechnologies
foundmore vulnsinAMT
includingmultiple buffer
overflowsallowing LPE
andRCE
Also2017
Critical auth
bypass in AMT
v6 through v11
Embedi discovered that
you could logintoAMTas
admin withnopassword
on allvProsystemssince
2010
2017
AMT 6.0
Remote KVM support
added here
2010
AMT 4.0
Over-the-internet
provisioningcapabilities
2008
AMT 2.5
Wirelessnetwork
support added here
2007
AMT 1.0
FirstversionofIntelAMT
availableinCore 2Duo
vPro, includedembedded
web serverandfwupdate
capabilities
2006
IntelME/AMThistory
ME/AMTRemoteAttacksurface

13. BIOS-RemoteAttacksurface
- CodeloadedfrommainplatformSPI
- Coderunning inmainplatformCPU
- UsesmainRAM

14. Missing size
checks in
DHCP code
Topher Timzennoticed
thatDHCPcode used
untrustedlengthfrom
networkforcopy
withoutchecks
2016
UEFI 2.6
TLSimplementation
added based on
OpenSSL
2016
UEFI 2.5
WiFi,Bluetooth,HTTP,
andHTTPBOOT
functionalityadded
2015
UEFI 2.1
Cryptography,
network
authentication,andUI
infrastructureadded
2007
EFI 1.10
Intelreleased EFI1.10
standard and
contributeditto
UnifiedEFIForum
2002
EFI 1.02
Firstversionof
Extensible Firmware
Interfacestandard
writtenbyIntel
1998
UEFIhistory
BIOS-RemoteAttacksurface

15. BIOS-RemoteAttacksurface
• ReferenceCode
• Implementedfrom
scratch
• RunsbeforeOS

16. BIOS-RemoteAttacksurface
• Additionalfeatures
implementedbyvendor
• Extensionsontopof
UEFIstandard
• Somefeatures
eventuallygetpulled
intoUEFIstandard

17. UEFIBluetoothStackArchitecture
BIOS-RemoteAttacksurface
http://www.uefi.org/sites/default/files/resources/Tony%20Lo_UEFI_Plugfest_AMI_Spring_2017_Final.pdf
• Bluetoothfeature
createdbyAMI
• AllowstheuseofBT
devicesbefore
ExitBootService()
• BluetoothSMM

18. BIOS-RemoteAttacksurface
http://www.uefi.org/sites/default/files/resources/Tony%20Lo_UEFI_Plugfest_AMI_Spring_2017_Final.pdf
• AMIbuilttheirownWiFi
stackwithadditional
features

19. HTTPand PXEboot
BIOS-RemoteAttacksurface
• AllowsdownloadofUEFIbootloaderor
ISOviaHTTP(S)
• Checkssignaturebeforeexecutionto
allowSecureBoot

20. HPIntelligent Provisioning
BIOS-RemoteAttacksurface
• BuiltintoHPservers
• Allowsdownloadof
firmware/driversfrominternet
• Simpleconfigurationandinstallation
ofoperatingsystem

21. SMTPfromUEFI
BIOS-RemoteAttacksurface
● Sendsemailfrom BIOS
● CanmountNTFS partitions
● AttachanyfilefromHDto
email
● Couldbeusedmaliciously

22. Remote Diagnostics Download andExecute
BIOS-RemoteAttacksurface
● Downloads UEFI
executable from
remoteserverover
internet
● Candownload tool
fromHPorcustomURL
● Optionally upload
resultsbackto
customer-provided URL

23. BIOS-RemoteAttacksurface
● Downloadupdatesfromremote
serveroverinternet
● Multiplevendorshave
implementedthisontheirown
● Whatcouldgowrong?
UEFI updatesoverInternet

24. UEFI updatesoverInternet
BIOS-RemoteAttacksurface
● ASRock
implementation

25. UEFI updatesoverInternet
BIOS-RemoteAttacksurface
● ASUS
implementation
● Essentiallythe
samefunctionality,
implemented
differently

26. ● Canspecifycheckfrequency
● Canconfigureautomatic
downloadandinstallation
BIOS-RemoteAttacksurface
UEFI updatesoverInternet

27. RemoteUpdateVulnerabilities

28. Providefirmwareupdatesforallaffected systemsdisablingthisfunctionality
Basicallyallrecentmotherboardshadthisvulnerability
Affected models:
● Intel1151(Skylake,KabyLake,CoffeeLake):159uniquemodels
● Intel1150(Haswell,Haswell-WS,Broadwell):109uniquemodels
● AMDAM4(Excavator,Zen,Zen+):27uniquemodels
ASRock’sresponsetoourvulnerability report:
RemoteUpdateVulnerabilities

29. ASUS’sresponse toourvulnerability report:
RemoteUpdateVulnerabilities

30. ExploitWalkthrough

31. ExploitWalkthrough

32. ExploitWalkthrough

33. ExploitWalkthrough

34. ExploitWalkthrough

35. ExploitWalkthrough

36. ExploitWalkthrough

37. ExploitWalkthrough

38. ExploitWalkthrough

39. DebuggingSystemFirmwareExploits
● IntelHardwareDebugInterface
XDP (Old) CCA(Newer) DbC(Current)
$3000 $390 $15
ExploitWalkthrough

40. ExploitWalkthrough
DebuggingSystemFirmwareExploits
● IntelSystemDebugger

41. ExploitWalkthrough
DebuggingSystemFirmwareExploits
● IntelDebugAbstractionLayer

42. UEFIpost-exploitationenvironment
● “Normal”shellcodewon’twork
● Nooperatingsystem=nosyscalls
ExploitWalkthrough

43. UEFIpost-exploitationenvironment
● Runningasring0
● NoASLR
● Nostackcanaries
● Nomemoryprotection
● Executablestack
ExploitWalkthrough

44. UEFIpost-exploitationenvironment
● CanuseBootServicesUEFIfunctionality
● NeedtoknowhowUEFIworksinternally
ExploitWalkthrough

45. UEFIpost-exploitationenvironment
UEFIprotocols
● Inter-componentOOPmechanism
● IdentifiedbyGUID
● Oneapplication/driverregistersprotocolinterfaceusingGUID
● Anotherapp/driverfindsprotocolinterfaceusingGUIDand
callsfunctionsinobject
ExploitWalkthrough
GUID
PROTOCOLINTERFACE
PRIVATEDATA
FUNCTIONPOINTER1
FUNCTIONPOINTER2
FUNCTIONPOINTER3
FUNCTIONPOINTERN

46. UEFIpost-exploitationenvironment
UsefulBootServicesfunctions
● LocateProtocol()
○ FindsaprotocolbyGUID
● LoadImage()
○ LoadsaUEFIimageintomemory
● StartImage()
○ Transferscontroltoaloadedimage’sentrypoint.
ExploitWalkthrough

47. NOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOP EGGHUNTERSHELLCODE RETURNADDRESS
ONTHESTACK
8-BYTETAG LOAD&STARTIMAGESHELLCODE ARBITRARYUEFIAPPLICATION
ONTHEHEAP
COPY&DECODESTUB
ExploitWalkthrough

48. NOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOPNOP EGGHUNTERSHELLCODE RETURNADDRESS
ONTHESTACK
8-BYTETAG LOAD&STARTIMAGESHELLCODE ARBITRARYUEFIAPPLICATION
ONTHEHEAP
COPY&DECODESTUB
LOAD&STARTIMAGESHELLCODE ARBITRARYUEFIAPPLICATION
COPIEDFROMHEAPTO SAFELOCATION
ExploitWalkthrough

49. Potential UEFIsecurityhardening
● Hardenedpagingconfiguration
● Stackcanaries
● ASLR
● NX/DEP
Mitigations

50. DetectingtheASRockbufferoverflowwithYARA
ruleASRockUpdateOverflow
{
strings:
$liveupdate="LiveUpdate"
$urln=/<URL[0-9]+?.+?</URL[0-9]+?/
condition:
$liveupdateandforanyiin(1..#urln):(!urln[i]>260)
}
Mitigations

51. DetectingtheASUSbufferoverflowwithYARA
ruleASUSUpdateOverflow
{
strings:
$prod="<product>"
$desc=“<~description>”
$ver=/<version>.+?</
condition:
$prodand$descandforanyiin(1..#ver):(!ver[i]>260)
}
Mitigations

52. DetectingUEFI/BIOSmodificationwithCHIPSEC
ExtractBIOS SPIflash fromplatform andcreatewhitelist fromcontents:
# chipsec_main -m tools.uefi.whitelist
Generate whitelist fromcontents ofuefi.rom:
# chipsec_main -i -n -m tools.uefi.whitelist -a generate,efilist.json,uefi.rom
Checkcontents of uefi.romagainst whitelist:
# chipsec_main -i -n -m tools.uefi.whitelist -a check,efilist.json,uefi.rom
Detection

53. ● Systemfirmwareiscomplex andhighlyprivileged
● BIOSishardtoupdate,sodonerarely
● Networkfunctionalityisbeingaddedinnewandexcitingplaces
● Newfeaturestomakeupdateseasierarealsoaddingnewexploitvectors
Conclusions

54. Questions?