Slashdot Mirror
Hacker Defeats Hardware-based Rootkit Detection
Manequintet writes "Joanna Rutkowska's latest bit of rootkit-related research shatters the myth that hardware-based (PCI cards or FireWire bus) RAM acquisition is the most reliable and secure way to do forensics. At this year's Black Hat Federal conference, she demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU. The overall problem, Rutkowska explained, is the design of the system that makes it impossible to reliably read memory from computers. "Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said."
I was under the impression that the only way to reliably detect a root-kit is to examine the system from another clean system?
ie remove the drive/devices and check them all.
liqbase
"Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said.
that's what she said!
Stop Computers/Cars Analogies on S
If sony could rootkit your computer and your hardware couldnt tell, would they?
Libertarian Leaning Political Discussion Forum.
1) that hardware based rootkit detection is unreliable and
2) that a beautiful girl cannot be a part of the geeky world of cyber security research (considered exclusively a part of male fiefdom).
Linux Help
for all things on Linux
that guy is hot!
"Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said."
Yay, DRM in every piece of hardware to the rescue!
Software can't reliably detect a system problem in all cases.
See also "The Halting Problem." What are they teaching people in IT classes these days?
At this year's Black Hat Federal conference, she demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU.
Isn't this exactly what HD-DVD / Blu-Ray players need to prevent the AACS keys from being stolen? Just last week there was a story saying something like "PC-based movie players are inherently crackable, because the key has to be in main system memory for at least a brief instance, and then we can copy it." Now, this lady says there are methods to prevent anyone from truly reading what is in RAM. I don't understand.
It doesn't hurt to be nice.
To be honest though, the sharp knees ruin it for me.
Plus when you think about it, sperm is the ultimate malware.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
And now a year later, she claims we need specialized hardware interfaces to scan memory for rootkits, even though this problem is laughably easy in the world of virtual machines.
And on to the actual work ... the research basically observes that MTTR registers (some of the MSRs in the CPU) can cause memory mappings to look different between the CPU and the northbridge, and then comes up with a pretty easy way to cause the northbridge to either lock up or read data that is different (really easy once you see the specs for the appropriate registers). And she totally ignores the possibility of a system defending itself against this attack by verifying the registers she's modifying. Lousy research, girl.
Oddly enough, this "hack" is ALREADY IN USE ON YOUR SYSTEM and is actually necessary. See, when the processor is running in SMM (System Management Mode), it switches to exactly this configuration: the PCI bus sees VGA hardware mapped at the well-known address, but the processor maps the RAM at that address, which gives SMM mode a few kilobytes of memory that the normal system can't touch. SMM mode is used for things like "legacy USB devices" (e.g. having your USB keyboard act like PS/2 so DOS can use it) and other implement-in-software hacks that your OS doesn't know about, but your BIOS vendor gives you as "value-added features".
A witty [sig] proves nothing. --Voltaire
and reasonably cute, blah blah basement blah blah over 30 blah blah imaginary blah blah
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
The MPAA/RIAA would just *love* it if there was a port on your motherboard you could just plug something into and get direct access to the contents of RAM, bypassing OS completely.
You can already do this, with many common CPUs. It's called JTAG. In short, it allows you to control the CPU directly, so that you can do exactly what Ms. Rutkowska proposes. That includes by-passing the caches and getting direct access to memory.
JTAG is what embedded people use to port an O.S. to a new hardware platform. And to debug really tough kernel problems. It beats the snot out of printks anyday. And there are certain sections of boot-code and kernel code where it is extremely difficult and annoying to develop without JTAG.
There are two immediate problems with JTAG however. The first is that not all CPUs support it. Believe it or not, I've met CPU designers who have never heard of JTAG (and this is usually a clue that they don't know what the heck they are doing).
The second problem is that some CPU manufacturers consider the JTAG interface proprietary. Intel is one (there's only one JTAG debugger available for x86, and it will cost you between $5,000 - 15,000 depending on what you get). That is absolutely silly, as these can be built for well under $500.
Why they keep the JTAG API interface proprietary is beyond me. I have yet to hear a non-lame excuse yet.
But in any case, the point is that this problem has already been solved. It's surprising to me that anyone seriously doing forensics wouldn't be using JTAG already, for the reasons that Ms. Rutkowska suggests.
The best way to predict the future is to create it. - Peter Drucker.
seriously
after several recent compromises, sensitive government installations opted to completely replace their equipment.
That presumes that the replacement hardware hasn't had its BIOS and/or firmware flashed with malware itself. Do they checksum the ROMs and compare that against what the vendor tells them? Can they trust the vendor, or were those parts from offshore? Etc, etc....
Sometimes I wonder if sensitive government installations are paranoid enough. Probably only the wrong ones are.
-- Alastair
The slide set mentions accessing memory via FireWire, but doesn't say much about it. FireWire understands packets for "reading and writing memory", along with ordinary data packets. But whether memory access packets actually read and write physical memory is up to the driver, when it configures the FireWire controller. The driver can set controller registers so that the physical address range accessible from the hardware controller is limited. Other addresses just pass the packets to the driver.
So it should be straightforward to make a FireWire port return whatever contents of memory the attacker wants to display. Especially since, on PCs, that function isn't otherwise used for much.
In fact, for security, a PC shouldn't accept FireWire memory read and write packets at the hardware level. (Does Windows? I know that QNX does not, having written a FireWire driver for it, and I don't think Linux does, but I'm not sure.) There's nothing that talks to a PC that needs that feature. It's used mostly for talking to "device registers" in peripherals (where, typically, the "device register" is implemented as a switch statement in firmware.) For example, you turn on and set up a FireWire camera by sending packets that write to "device registers". But the images from the camera come back as FireWire data packets, processed by software. They are not "external DMA transfers." You can only read or write one 32-bit word per "memory access" packet anyway, so it's a very inefficient way to move data. All sizable FireWire data is sent in longer packets processed by software.
(FireWire is really a LAN, not a bus. FireWire controllers work a lot like Ethernet controllers, with buffer rings for input and output, although Ethernet uses collision detection and FireWire uses an arbitrarily-chosen master node to schedule the wire. It's not at all like the PCI bus.)
Seems like the Rutkowska paper a) exposes PCI cards used as memory verifiers as unreliable in off-the-shelf hardware--the PCI memory verifier products cited in the paper (one is from BBN no less) might not have been properly reviewed, and might be in use in US DOD computing systems b) sheds some light on how COTS hardware _could_ be less vulnerable to rootkit manipulation, if customers demand it--not unreasonable.
Matt
Every DRM system relies on the user not knowing what is happening on their system. If you had full knowledge of what was going on on your system, you could bypass any DRM system. Some parties lobby for hardware making it even harder to know what is happening on your system in order to make DRM possible. Of course they are also going to make rootkits even easier to do. It is in everybodys best interest to have a more transparent system, where you actually have a possibility to see what is happening on your own hardware. Otherwise we'll probably end up with widespread rootkits going undetected for very long time. Even those advocating DRM is going to lose big time, when that happens.
We don't need DRM, we need truely "trusted computers". But not computers that some content industries trust, computers that we can trust. Computers where we can actually tap the wires and "listen" to what's going on inside.
DRM is exactly the opposite. Locking away your computer's inner workings from you, taking away your chance to see what's going on inside.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Without consideration of the problem at the time all of the system hardware is designed, there is no secure solution. This is in fact a very complex problem.
For instance, most CPUs and complex driver chips include undocumented registers, which can be used to hide code or data from analysis. Some of these register areas can be quite large. The common solutions almost invariably rely on security through obscurity, since the internal design of chips is not widely available. How can one clear or verify memory if the total amount of memory is unknown? An attacker need merely relocate himself dynamically to avoid detection.
The two most common attempts at better security involve two approaches: additional hardware which requires special keys for access (such as is used in some DRM systems), and secondary or even tertiary computers to monitor the primary system. There are even systems with back-to-back PCI bridges, where the second PCI bridge on a completely separate computer audits the behaviour of the first PCI bridge. All software is considered "hostile" in systems which are serious about security.
Even the available security features often are not enabled or used, because of poor design. For example, some video decoding chips have read only register to store keys for DRM purposes, but many STBs don't use them because the designs are flawed, or because the use of the features incurs unacceptable manufacturing and deployment costs. Similarly, JTAG access often is not locked, because the manufacturers prefer the ability to field diagnosis easily, and assume that most attackers won't be able to figure out how to break into the unlocked systems. Even worse, these advanced features are not used because the most egregious holes are even easier to exploit, so why bother to harden the front door when the windows and back door remain open?
Unfortunately, most of the "secure" systems are lame, done without adequate design review. Much common hardware from cable boxes to military equipment is full of holes. The failures remain latent only because of NDAs, government security classification, and other factors impeding review.
No, you can't build a secure system without secure hadware, and you can't verify the contents of memory without special hardware support.
Are you talking about this:
http://www.xkcd.com/c174.html
I diasagree on the cute part. She doesn't look cute and that attractive to me even after doing a Google image search.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Keep in mind I'm actually an Ex HW_Hack ........ From Wikipedia:
.... with disk space becoming trivial couldn't your OS make a copy of itself to a locked partition during OS install - these become master reference files. Then a second security CPU (Xscale etc.) is embedded on the MB with access to system memory (dual-port) ---- during idle periods the security CPU runs random OS calls on system memory and compares those to results of system call from the locked partition.
........ beats me I'm just a ex-hw-hack
A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in relatively benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Linux, Solaris and versions of Microsoft Windows. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.
The best and most reliable method for rootkit detection is to shut down the computer suspected of infection and check its storage by booting from an alternative media (e.g. rescue CD-ROM or USB flash drive). A non-running rootkit cannot hide its presence and most established antivirus programs will identify rootkits armed via standard OS calls (which are supposedly doctored by the rootkit) and lower level queries, which ought to remain reliable. If there is a difference the presence of a rootkit infection can be assumed. Rootkits attempt to protect themselves by monitoring running processes and suspending their activity until the scanning has finished.
So
As I ejected from Intel R+D in '04 we were already doing early work on embeddng Xscale on MBs for other purposes
Its not the years, its the mileage
Joanna Rutkowska's research is catching up to a truth few realized until just recently, This is just the tip of a whole can of worms that has been wiggling right under our noses for years.
a rticlecomments&op=display_comments&ArticleID=11372 &expand_all=true&mode=threaded
If you check the comments below, (to a very good article) some commenters are rather hysterical, (in a bad way) and for good reason, but reflect the truth.
Rootkits headed for BIOS
Comments:
http://www.securityfocus.com/cgi-bin/index.cgi?c=
After reading this, if you don't have experience in these matters please refrain from commenting.
Rather, go read more of what Ms. Rutkowska has so expertly revealed:
http://invisiblethings.org/papers.html
"There are more things in heaven and earth , Haratio, than are dreamt of in your philosophies."
~hylas
Has anyone encountered a modern-day PC motherboard with a well identified JTAG port? Many of the high end servers have these readily available, but I have not found one recently on motherboards (clearly identified).
Does anyone know link to John Heasman's BH presentation? I've recently worked on nVidia rootkit and from googling seems that John did the same. However, problem was that on modern VGA bioses only few kB or none space left. I found solution to this problem (obvious one), but it's not very stable and main Bios version dependant. So I'm very curious about that presentation.
"Until July 2003, a computer security researcher Jan Krzysztof Rutkowski used his school-provided e-mail account at Warsaw University of Technology (jkrutkowski@elka.pw.edu.pl) to publish various security materials on Windows kernel rootkit hiding and detection...This person had ceased all public security research mid-2003.
Within less than two months, a previously unknown researcher named Joanna Rutkowska began to publish papers on Windows rootkit detection and hiding techniques (Concepts for the Stealth Windows Rootkit, first paper by Joanna Rutkowska) that were very closely related to earlier contributions by Jan and extended some of his ideas, referencing previous work (e.g., Detecting Windows Server Compromises with Patchfinder 2).
Hey, you think your house is cool?
>there are methods to prevent anyone from truly reading what is in RAM.
What she demo'ed was a way to prevent a card on the PCI bus from having the same view of RAM as the CPU does. Unless the players have an architecture like a PC motherboard her attack may not apply. Fundamentally her attack works because there are two channels for getting information from RAM and the two can be configured differently.
This sort of thing is why security people sometimes act so devoid of hope.
Yes. The ability to directly access memory space by address from a FireWire connection is a totally inappropriate "feature" on a machine with an operating system. It's intended for embedded system debugging and remote device control. The FireWire interface hardware has it off by default. Windows has to explicitly turn it on. Despite the fact that, as far as I know, that feature is never used for anything legitimate.
And yes, it's broken in Linux. I just looked at the hardware spec (see figure 5-28) and the source code for "fw-ohci.c", and there it is:
That line says "external FireWire packets can access any physical address below (0x10000 << 16)", or, in other words, the first 4GB of memory. Apparently this security hole hasn't been upgraded for 64 bits yet, although the hardware supports a 48-bit memory address. Note the lack of any comments in that area. That one bit opens up a huge security hole, one known for three years, and nobody has fixed it.
I'd suggest changing that value to 0, which turns this "feature" off.
I worked for Guardent for a while, and their coders were the elitist of the elite, if you listened to them. Then you read something like this to show what yutzes they were.
I want to delete my account but Slashdot doesn't allow it.
[Neo sees a black cat walk by them, and then a similar black cat walk by them just like the first one]
Neo: Whoa. Déjà vu.
[Everyone freezes right in their tracks]
Trinity: What did you just say?
Neo: Nothing. Just had a little déjà vu.
Trinity: What did you see?
Cypher: What happened?
Neo: A black cat went past us, and then another that looked just like it.
Trinity: How much like it? Was it the same cat?
Neo: It might have been. I'm not sure.
Morpheus: Switch! Apoc!
Neo: What is it?
Trinity: A déjà vu is usually a glitch in the Matrix. It happens when they change something.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
I'm going to assume that your vaguely sane and not suggesting the second CPU run system calls on a hard drive image but that it should actually be running the second copy of the OS.
I'm also going to assume that your proposing some sort of private bus over which the second system can make remote system calls although even that seems like it could introduce all kinds of new security holes.
Finally I'll assume that by duel-port memory access you mean that there are two separate paths to access memory, the first presumably the standard method employed by the primary CPU and the second a more reliable method.
So the last part of that seems like pretty much what the author is suggesting anyway... Just have two paths to access memory, then you just compare them and any unexpected differences would be a root kit.
I don't think random system calls would be a reliable detector... Maybe some system calls you expect to be different but that may not help with previously unknown root kits, if it's messing with memory like this it may not even need to alter system calls to stay hidden.
Additionally system calls may yield different results just because the two copies of the OS your comparing are in different states.
Also what part of your suggestion actually required the second CPU to access the main memory anyway?
3) Ears aren't meant to be hidden underneath hair.
Just when the good guys think they got it right, the bad guy gives a smug and says, "really?" Sometimes we forget that the main motives for hackers to hack are challenge, fame, ideology, and sometimes money...
Who needs rootkits when we have Vista?