This document provides an in-depth examination of bootkits, detailing how they achieve persistence below the operating system kernel level and offering detection and prevention advice. It covers various boot processes across different operating systems, low-level technologies such as BIOS, UEFI, and Secure Boot, and discusses multiple case studies and countermeasures against exploitation techniques. The conclusion emphasizes the ongoing potential for vulnerabilities and the importance of adopting common security practices.

1. IBM Security Systems | © 2014 IBM Corporation
BOOTKITS STEP-BY-STEP
AN IN-DEPTH LOOK AT PERSISTENCE MECHANISMS USED BY BOOTKITS
Eric Koeppen
IBM X-Force Advanced Research
erkoeppe[at]us[dot]ibm[dot]com
@PorkChop
(v1)

2. IBM Security Systems | © 2014 IBM Corporation
AGENDA
 Introduction
 Snapshot of Boot Process for various OSes
 A Look at Low-Level Technologies
– Case studies as examples of exploitation
– Advice for detection and prevention
 Conclusion

3. IBM Security Systems | © 2014 IBM Corporation
INTRODUCTION
BOOTKITS STEP-BY-STEP:
AN IN-DEPTH LOOK AT PERSISTENCE MECHANISMS USED BY BOOTKITS

4. IBM Security Systems | © 2014 IBM Corporation
DEFINITION
 For the purposes of this presentation, we will define
Bootkit as any malware (rootkit) that is persistent
and exists below the level of the operating system
kernel environment (ring 0).

5. IBM Security Systems | © 2014 IBM Corporation
INTRODUCTION
 Purpose: To look at how Bootkits achieve persistence
and to give advice in regards to detection &
prevention.
 Scope is limited to x86 and x64 compatible
architectures.
 Scope does not include Virtualization technology.
 More details can be found in the forthcoming
companion white paper

6. IBM Security Systems | © 2014 IBM Corporation
THE BOOT PROCESS
BOOTKITS STEP-BY-STEP:
AN IN-DEPTH LOOK AT PERSISTENCE MECHANISMS USED BY BOOTKITS

7. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > WINDOWS XP > BIOS
BIOS Boot Process for Windows XP
POST BIOS MBR/VBR NTLDR
(using ntdetect.com)
NT Kernel

8. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > WIN VISTA & LATER > BIOS
BIOS Boot Process for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows
8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2
POST BIOS MBR/VBR
Windows
Boot Mgr
Boot Conf
Data (BCD)
Win Loader
(winload.exe)
OS

9. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > WINDOWS VISTA SP 1 & LATER > UEFI
UEFI Boot Process for Windows Vista SP1, Windows Server 2008, Windows 7, Windows Server 2008 R2,
Windows 8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2
POST UEFI
MBR/VBR
or GPT
Windows
Boot Mgr
Boot Conf
Data (BCD)
Win Loader
(winload.exe)
OS

10. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > WINDOWS 8 & LATER > SECURE BOOT
Secure Boot Process for Windows 8, Windows 8.1, Windows Server 2012, Windows Server
2012 R2, and Windows RT.
POST UEFI MBR/VBR
or GPT
Verified
Boot Mgr
Verified OS
Loader
OS

11. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > MAC > EFI BOOT
EFI Boot Process for Mac.
BootROM
POST Hw Init
Boot Loader
(boot.efi)
EFI
OS Select

12. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > LINUX > BIOS
BIOS Boot Process for Linux
POST BIOS MBR/VBR
or GPT
Boot Loader
(LILO or Grub)
Linux Kernel

13. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > LINUX > UEFI
UEFI Boot Process for Linux
POST UEFI MBR/VBR
or GPT
Boot
Loader
Linux
Kernel
Boot MGR
Data

14. IBM Security Systems | © 2014 IBM Corporation
BOOT PROCESSES > LINUX > SECURE BOOT
Secure Boot Process for Linux
POST UEFI MBR/VBR
or GPT
Signed
Boot
Loader
Linux
Kernel
Signed
Boot
MGR

15. IBM Security Systems | © 2014 IBM Corporation
A LOOK AT LOW-LEVEL TECHNOLOGIES
BOOTKITS STEP-BY-STEP:
AN IN-DEPTH LOOK AT PERSISTENCE MECHANISMS USED BY BOOTKITS

16. IBM Security Systems | © 2014 IBM Corporation
 Basic Input/Output System (BIOS)
– Firmware interface used to boot older machines.
– Stored on nonvolatile ROM chip on mobo
– Made of modules compressed with LZH
• Each Module has 8 bit checksum for verification
– Some modules uncompressed:
• Bootblock that handles POST & emergency boot
• Decompression routine
– Modifying module without updating checksum
makes system unbootable
LOW-LEVEL TECHNOLOGIES > BIOS

17. IBM Security Systems | © 2014 IBM Corporation
Persistent BIOS Infection by Core @ Cansec West 09
– Used 2 techniques for flashing the BIOS:
1. BIOS Building tool such as Pinczakko’s method
2. Patch & update checksums
– Three steps for flashing BIOS
1. Dump BIOS with flashrom
2. Patch & update checksums
3. Re-flash
LOW-LEVEL TECHNOLOGIES > BIOS > EXPLOITATION

18. IBM Security Systems | © 2014 IBM Corporation
 Four ways to avoid this attack:
1.Stop initial access with common methods (AV,
firewalls, etc) to avoid BIOS modification
2.Enable flash write protection on motherboard
3.Use digitally signed BIOS firmware
4.Don’t download BIOS updates from untrusted
sources
LOW-LEVEL TECHNOLOGIES > BIOS > EXPLOITATION

19. IBM Security Systems | © 2014 IBM Corporation
 Unified Extensible Firmware Interface (UEFI)
– Designed as a BIOS replacement
– Larger, more powerful, and more modular
– Basically bare-bones Operating System
– Allows pre-OS networking
– Some versions provide pre-OS AV
– Provides 2 types of Services:
1. Boot services: only available at boot time
2. Runtime services: available while OS is running
LOW-LEVEL TECHNOLOGIES > UEFI

20. IBM Security Systems | © 2014 IBM Corporation
Dreamboot - Presented by Sebastian Kaczmarek @
Hack in the Box, Amsterdam 2013
– Finds boot loader on hardware & patches it
– Hijacks kernel entry point call in loader to redirect
control flow
– Deactivates kernel protections (once it gets around
PatchGuard)
– Hides payload in ntoskrnl relocation table
LOW-LEVEL TECHNOLOGIES > UEFI > EXPLOITATION

21. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– Prevent initial infection through normal means
(AV, IPS, HIPS, secure use policies)
– Secure Boot means that the boot loader signature
will have to match the stored key.
– Intel TXT’s “Late Launch” can help prevent loading
modified software.
– Bitlocker in TPM mode will provide encryption to
make patching the boot loader more difficult, it
stores software measurements and won’t even
boot if they don’t match up.
LOW-LEVEL TECHNOLOGIES > UEFI > EXPLOITATION

22. IBM Security Systems | © 2014 IBM Corporation
 Secure Boot (UEFI)
– UEFI option where all applications and services
must have a valid digital signature
– Secure Boot Keys stored in UEFI firmware
– Offers protection that makes compromise more
difficult
LOW-LEVEL TECHNOLOGIES > SECURE BOOT

23. IBM Security Systems | © 2014 IBM Corporation
Setup For Failure: Defeating Secure Boot Presented by
Corey Kallenberg and Mitre research team at Hack In
the Box, Amsterdam 2014
– Found that Secure Boot doesn’t always run the
signature check on all target EFI executables,
especially Option ROMs (such as for graphics cards)
– Found a way to manually modify the Setup variable
that determines how lax the signature checking policy
is; making it so that all target EFI executables can be
run without signature check.
LOW-LEVEL TECHNOLOGIES > SECURE BOOT > EXPLOITATION

24. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– Make sure the UEFI version follows the spec in regards
to variable protection, the UEFI spec does not allow
this exploit
– BIOS_CNTL & SMM BIOS Write Enable protection
– Intel Protected Range SPI Flash Protections
• Flash Configuration Lockdown (HSFS.FLOCKDN) Bit
– Setting SMM BIOS Write Protection (SMM_BWP) Bit
– Common Security measures to prevent initial infection
LOW-LEVEL TECHNOLOGIES > SECURE BOOT > EXPLOITATION

25. IBM Security Systems | © 2014 IBM Corporation
 Mac EFI
– Does basic hardware initialization
– Selects Operating System to load
– Modular: comprised of core components, apps,
drivers, bootloader
– Lots of jump tables with function pointers
– Core components reside on Mac BootROM
– Used on all Intel Macs
LOW-LEVEL TECHNOLOGIES > MAC EFI

26. IBM Security Systems | © 2014 IBM Corporation
DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS
presented by Snare at Black Hat 2012
– Lists 3 valid options for persistence:
1. Patch or replace the bootloader
/System/Library/CoreServices/boot.efi
2. Write to PCI device expansion ROM - writeable
from OS via device firmware updates and/or
flashrom application
3. Flash the firmware - also flashrom, but Firmware
Volume signature gets checked by BootROM &
new macs write protect flash
LOW-LEVEL TECHNOLOGIES > MAC EFI > EXPLOITATION

27. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– EFI password can prevent changing boot target,
but can be bypassed
– UEFI Secure Boot would be nice but unsupported
– Use normal measures to prevent initial infection.
– Restrict physical access and consider blocking ports
to avoid “Evil Maid” scenario
LOW-LEVEL TECHNOLOGIES > MAC EFI > EXPLOITATION

28. IBM Security Systems | © 2014 IBM Corporation
 System Management Mode (SMM)
– Most privileged execution mode on x86/x64
architectures
– Has access to all of system memory
• Not subject to standard OS memory protections
such as page tables
– Stored in system firmware (BIOS or UEFI)
– Can be accessed via System Management
Interrupts (SMI) handlers
LOW-LEVEL TECHNOLOGIES > SMM

29. IBM Security Systems | © 2014 IBM Corporation
A Real SMM Rootkit: Reversing and Hooking BIOS
SMI Handlers Phrack article by Filip Wecherowski
– Modified System Management Interrupt (SMI)
handler to create I/O Trap based keylogger
– Only applies to Asus motherboards AMIBIOS
LOW-LEVEL TECHNOLOGIES > SMM > EXPLOITATION

30. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– Common methods (AV, IPS, HIPS, good security
policies, educated users, etc) to prevent initial
infection.
– Author wrote simple C program to detect keylogger.
Reads the Root Complex Base Address Register
(RCBA). Tests keyboard controller port to see if I/O
Trap is enabled.
– SMM Transfer Monitor (STM) to sandbox the existing
SMM handler by virtualizing it using VT-x and VT-d
technologies. Unfortunately it’s not available yet.
LOW-LEVEL TECHNOLOGIES > SMM > EXPLOITATION

31. IBM Security Systems | © 2014 IBM Corporation
 Intel Active Management Technology (AMT)
– Allows for remote system administration
• Doesn’t require Powered-On state or Installed OS
– Stores various data in firmware memory
• System parameters (OEM-defined, setup, etc)
• Configuration details (including startup hdw)
• Credentials (passwords, certificates)
• Network configuration
• Security configuration (ACLs, Defense policies)
– Provides Direct Memory Access (DMA)
• Independent of CPU
LOW-LEVEL TECHNOLOGIES > INTEL AMT

32. IBM Security Systems | © 2014 IBM Corporation
Evaluating “Ring -3” Rootkits presented by
Patrick Stewin of Berlin Institute of Technology
– AMT disabled by default
– Some AMT code runs even if AMT is disabled
– Leverages exploit from Tereshkin BH 09 based on calculating
the re-mapped memory address and hooking function that runs
periodically regardless of whether AMT is enabled or not.
– Only works on old Q35 chipset, not Q45.
– May require a BIOS downgrade, doesn’t require consent
– Resides completely in ARC4 execution environment
– Keylogger with covert communications channel
– Working versions for Linux and Windows
LOW-LEVEL TECHNOLOGIES > INTEL AMT > EXPLOITATION

33. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures
– Replacing BIOS with UEFI Secure Boot
– Intel Trusted Execution Technology (TXT)
– Upgrading chipset to Q45 or later
– Common security practices
LOW-LEVEL TECHNOLOGIES > INTEL AMT > EXPLOITATION

34. IBM Security Systems | © 2014 IBM Corporation
 Trusted Platform Module (TPM)
– Standard for a secure, dedicated microprocessor
designed to secure hardware by integrating
cryptographic keys into devices.
– Developed by the Trusted Computing Group (TCG)
for the purposes of:
• Key Generation
• System Hashing
• Binding – encryption with factory burned key
• Sealing – machine-state-dependent decryption
LOW-LEVEL TECHNOLOGIES > TPM

35. IBM Security Systems | © 2014 IBM Corporation
Thoughts about Trusted Computing presented by
Joanna Rutkowska of Invisible Things Labs
– Evil Maid Scenario – physical access allowing
malicious user to grab keys
LOW-LEVEL TECHNOLOGIES > TPM > EXPLOITATION

36. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– Restrict physical access and consider blocking ports
to avoid “Evil Maid” scenario
LOW-LEVEL TECHNOLOGIES > TPM > EXPLOITATION

37. IBM Security Systems | © 2014 IBM Corporation
 Intel Trusted Execution Technology (TXT)
– Relies heavily on TPM for basic services
• Secure Storage
– Provides trusted mechanism for securely loading &
executing system software
• Stores software metrics
• Called “Late Launch”
– AMD’s version implemented with SKINT instruction
LOW-LEVEL TECHNOLOGIES > INTEL TXT

38. IBM Security Systems | © 2014 IBM Corporation
Invisible Things Labs 2011 whitepaper
– Exploiting flaw in SINIT Authenticated Code
Module (ACM), when executed by SENTER
instruction to cause an overwrite when adding a
maliciously crafted ACPI DMAR table
• Requires execution prior to SENTER instruction
• Requires some TXT heap manipulation
• Causes TXT, LCP bypass & hijacks SMM
• Advisories issued to customers to install updates
LOW-LEVEL TECHNOLOGIES > INTEL TXT > EXPLOITATION

39. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures
– Intel update fixes SINIT overflow
– Intel processor microcode update to prevent
rollback and running buggy modules
– Coordinating with OEM vendors to ensure that
above fixes get disseminated
– Launch Control Policy (LCP) code moved to
beginning of SINIT code to offer blacklisting
without the need for BIOS and microcode updates
LOW-LEVEL TECHNOLOGIES > INTEL TXT > EXPLOITATION

40. IBM Security Systems | © 2014 IBM Corporation
 Master Boot Record (MBR)
– Boot sector at the beginning of storage devices
– Stores partition information
– Stores code for loading OS
– Maximum addressable storage space = 2 TB
– Typically 512 bytes in size
LOW-LEVEL TECHNOLOGIES > MBR

41. IBM Security Systems | © 2014 IBM Corporation
Stoned Bootkit presented by Peter Kleissner at Black
Hat 2009 (and many more)
– Replaces MBR with its own
– Patches ntoskrnl.exe
LOW-LEVEL TECHNOLOGIES > MBR > EXPLOITATION

42. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– Common practices will completely mitigate this
particular malware and go a long way towards any
future MBR attacks
– Full disk encryption using BitLocker in TPM mode
– UEFI Secure Boot
LOW-LEVEL TECHNOLOGIES > MBR > EXPLOITATION

43. IBM Security Systems | © 2014 IBM Corporation
 Volume Boot Record (VBR)
– First sector of an individual partition on a
partitioned storage device
– Loaded the same way as MBR
LOW-LEVEL TECHNOLOGIES > VBR

44. IBM Security Systems | © 2014 IBM Corporation
Reconstructing Gapz: Position-Independent Code
Analysis Problem presented by Aleksandr Matrosov
and Eugene Rodionov at RECon 2013
– Relies on Windows VBR format
– Hooks Int 13h
– Patches 4 bytes in VBR to modify number of
“Hidden Sectors”
– Also patches Bootmgr and Winload.exe
LOW-LEVEL TECHNOLOGIES > VBR > EXPLOITATION

45. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures:
– UEFI Secure Boot
– Switching to GPT
– BitLocker in TPM mode
– Common security practices to prevent initial
infection
LOW-LEVEL TECHNOLOGIES > VBR > EXPLOITATION

46. IBM Security Systems | © 2014 IBM Corporation
 GUID Partition Table (GPT)
– Replacement for MBR
– Allows storages devices larger than 2 TB
– Not being targeted yet
LOW-LEVEL TECHNOLOGIES > GPT

47. IBM Security Systems | © 2014 IBM Corporation
 NT Loader (NTLDR)
– Boot loader for all legacy releases of NT-based
versions of Windows, including Windows XP
– Works with ntldr file stored on bootable media
– Loads boot.ini for specific boot options
– Runs ntdetect.com to gather information about
the computer’s hardware
– Passes that info to ntoskrnl.exe in order to load the
NT Kernel
LOW-LEVEL TECHNOLOGIES > NTLDR

48. IBM Security Systems | © 2014 IBM Corporation
 Windows Boot Manager (Bootmgr.exe)
– Replaces NTLDR
– bootmgr is a hidden system file stored in the
System Reserved Volume
– Locates the active partition
– Reads Boot Configuration Database (BCD) file
• For boot-time configuration data
– Passes data from BCD to Windows Loader
(winload.exe)
LOW-LEVEL TECHNOLOGIES > BOOTMGR

49. IBM Security Systems | © 2014 IBM Corporation
Vboot Kit (1 & 2) from Nitin & Vipin Kumar of NVLABs
– Not really persistent, runs from CD
– Used cdrom to hook INT 13 (Win Vista)
– When bootmgr.exe loaded, hook runs payload
– Patches bootmgr.exe in 3 places in memory
– Bypassed checksums, digital signatures, & DEP
– Gains control when winload.exe runs
LOW-LEVEL TECHNOLOGIES > BOOTMGR > EXPLOITATION

50. IBM Security Systems | © 2014 IBM Corporation
 Countermeasures
– Don’t allow physical access to machine
– Turn off cdrom boot in BIOS if not using
– Find a better way to prevent in-memory
modification between loading executable into
memory and execution
– Bitocker Drive Encryption (BDE) in TPM Mode:
Measurements will be off in TPM, so it declines
unsealing Volume Master Key (VMK), thus
preventing boot
LOW-LEVEL TECHNOLOGIES > BOOTMGR > EXPLOITATION

51. IBM Security Systems | © 2014 IBM Corporation
CONCLUSION
 Everything has potential for vulnerabilities
 New technologies such as UEFI Secure Boot, TPM,
TXT offer a lot of mitigation
 Intel should do everyone a favor and release STM
 Common security practices such as Antivirus,
Intrusion Detection, Intrusion Prevention, Host-
Based Intrusion Prevention, timely patches, and solid
secure use policies can all help with detection and
prevention.

52. IBM Security Systems | © 2014 IBM Corporation
REFERENCES
 Complete Bibliography will be included in the
forthcoming whitepaper
 Presentations referenced are all available on the web
sites for the conferences mentioned

53. IBM Security Systems | © 2014 IBM Corporation
BOOTKITS STEP-BY-STEP:
AN IN-DEPTH LOOK AT PERSISTENCE MECHANISMS USED BY BOOTKITS
Thank You!
Eric Koeppen
IBM X-Force Advanced Research
erkoeppe[at]us[dot]ibm[dot]com
@PorkChop