hackable security modules - recon · hackable security modules: reversing and exploiting a fips...
TRANSCRIPT
FOTISLOUKOS
SSLCORP
RECONBRUSSELS2016
HACKABLESECURITYMODULES:
REVERSINGANDEXPLOITINGAFIPS140-2LVL3HSMFIRMWARE
WHOAMI?FotisLoukos
GobythenickfotislWorkatSSL.com,agloballytrustedCertificationAuthorityfocusingonTLS/SSLandCodeSigningHoldaPhDinComputerSciencefromtheAristotleUniversityofThessalonikiMyworkfocusesonPublicKeyInfrastructures,CertificationAuthoritiessecurity,vulnerabilityresearchandreverseengineering
OUTLINEWhatisanHSMandHSMsecurityrequirementsTheUtimacoHSManditsFirmwareTheTMS320C64xDSPAddinganewarchitecturetoCapstoneSearchingforvulnerabilities
WHATISANHSM?
USAGESecurelystorecryptographickeysManage(generateetc)cryptographickeysPerformcryptographicoperations(encrypt,decrypt,sign,verify,wrap,unwrap,etc)
Networkdevice PCIcard
PHYSICALFORM
BIGPLAYERSGemalto
BoughtSafenet,anotherbigplayerFamousfortheLunaseriesofproductsSamplevaluefortheSafenetNetworkHSM7000Model:$29,500.00
BIGPLAYERSThales
BoughtnCipher,thesecondbigplayerFamousforthenShieldseriesofproductsSamplevaluefortheUSBnShieldEdgeHSMwithECCactivation:$9,500.00
BIGPLAYERSUtimaco
PrimarytargetFamousfortheCryptoserverseriesofproductsPartoftheEJBCAready-to-deployPKIsolutionbyPrimeKeySamplevaluefortheSecurityServerSe52LANV4:15,000.00€
ABUSINESSWITHALOTOFMONEY
WHEREARETHEYUSED?
PKIAllCertificationAuthorities(CAs)arerequiredtouseHSMs.FromtheCA/BForumBaseline
requirements:
TheCASHALLprotectitsPrivateKeyinasystemordevicethathasbeenvalidatedasmeetingatleastFIPS
140level3oranappropriateCommonCriteriaProtectionProfileorSecurityTarget,EAL4(orhigher),whichincludesrequirementstoprotectthePrivateKey
andotherassetsagainstknownthreats.
DNSSECRootZoneoperatorsstorekeysinsideHSMs.FromtheDNSSECPracticeStatementfortheRootZone
KSKOperator:
ForRZKSKgenerationandRZKSKprivatecomponentoperationsandstorage,ICANNuseshardwaresecurity
modulesthatarevalidatedatFIPS140-2level4overall.
ELECTRONICTRANSACTIONS
PCIDSSinsomecasesrequiresHSMstosecurecardholderdatathroughoutthetransaction
process.
ThePCIHSMSecurityRequirementsdocumentdescribestheminimumsecurityrequirementsfor
compliantHSMs.
ONEDOESNOTSIMPLYImplementseriouscrypto
withoutanHSM
SECURITYREQUIREMENTS
GENERALINFORMATIONAsHSMsareusedincriticalapplicationsandinfrastructures,differentstandardshavebeenproposedtoevaluatetheirsecurity.
Majorstandards:
FIPS140-2CommonCriteria
FIPS140-2FederalInformationProcessingStandardsPublication140-2...orotherwise,theUSstuffIssuedat2001bytheNationalInstituteofStandardsandTechnology,updatedat2002MostwidelyusedstandardSupersedesFIPS140-1WillbesupersededbyFIPS140-3...whenitgetsreleased!
FIPS140-2Defines4differentsecuritylevels:
Level1:Lowestsecuritylevel.Atleastoneapprovedalgorithmmustbeimplementedandtherearenophysicalsecuritycontrols.Level2:Level1plusphysicalsecuritycontrols.CryptographickeysandCriticalSecurityParameters(CSPs)areprotectedwithtamper-evidentcoatingsorseals
FIPS140-2Defines4differentsecuritylevels:
Level3:Level2withharderphysicalsecuritycontrols.KeysandCSPsaredeletedifpotentialbreachisdetected.Level4:Level3withmorestrictphysicalsecuritycontrolstomaketheHSMusableinphysicallyunprotectedenvironments.
FIPS140-2FIPS140-2validationhappensattheCryptographicModuleTestingLaboratorieswhichareaccreditedbytheNationalVoluntaryLaboratoryAccreditationProgramaspartoftheCryptographicModule
ValidationProgram.
Currently22laboratorieshavebeenaccreditedtoperformFIPS140-2validation.
COMMONCRITERIAISOStandardTheEUstuffHasEvaluationAssuranceLevels(EALs)similartoFIPS140-2levelsInadditionthereareProtectionProfiles(PP),SecurityTargets(ST),etc
COMMONCRITERIAInterestingfact:
InthePKIworldthestandardisEAL4+EAL4isMethodicallyDesigned,TestedandReviewedBestsecuritypracticesshouldbeusedduringdesignandtest...Letsseehowitgoes!
THEUTIMACOHSM
VARIOUSMODELSOFTHECRYPTOSERVERSecurityServerSeGen2SecurityServerCSeSecurityServerSe(Endofline)TimestampServer
SPECIFICATIONSFIPS140-2Level3certification(somehavehigherlevelsinspecificareas,suchasphysicalsecurity)AvailableasbothPCIecardsandNetworkAttachedAppliancesSupportforRSA,DSA,ECDSA(NISTandBrainpoolcurves),DH,ECDH,AES,DES,3DES,SHA1,SHA2,SHA3,RIPEMD,etcDependingonyourlicenseyougetmoretransactionspersecond
THEHARDWARENetworkHSMsareLinuxboxeswithaPCIeHSM.ThereisaphysicalprotectionlayerandabatterythathelpserasethecontentsofthememoryincaseofbreachwhentheHSMispoweredoffSensorscandetectchangesintemperature,voltage,powersupplyingeneralandtamperingoftheprotectingfoil
THEHARDWAREEveryPCIeHSMcontains:
ATexasInstrumentsTMS320C64xDSPthatperformsallcryptographicoperationsAhardwareTrueRandomNumberGenerator(TRNG)andaDeterministicRandomBitGenerator(DRBG)AKey-RAMwhichcontainstheDeviceKeyandincaseofattackgetsdeleted
DEVICEKEYAsinglekeycreatedwhentheHSMisbroughtintooperationCannotbeextracted,exported,imported,orinanywaymanipulatedEncryptsallothercryptographickeysandcriticalsecurityparameters
MASTERBACKUPKEYS256bitAESor128bit(?)3DESKeyUsedtoencryptbackupsofcryptographickeysCanbesplitintomanysharesusingannoutofmscheme(XORfor2outof2,Shamir'sSecretSharingotherwise)KeysinsidetheHSMarenotencryptedusingtheMBKbutusingtheDeviceKey
TOOLScsadm:CommandlinetooltomanagebothPCIeandNetworkHSMsp11tool2:CommandlinetooltousethePKCS#11APIcxitool:CommandlinetooltousetheCXIAPIcat/p11cat:Javaversionsoftheabove
SIMULATORAsimulatorexistswhichrunsitsownfirmwaretooAswe'llseelateron,thiswillbeveryuseful!
USERSEveryuserhas:
Anauthenticationmethod:RSAsignature(insoftformorinsmartcards),ECDSAsignature(insoftform),HMACpasswordPermissions:Thevalue0,1or2at8differentpermissiongroupsFlags,attributes,etc
PERMISSIONSTocompleteataskyouneedallloggedinuserstoadduptoacertainpermissionlevelatacertaingroup.Forexample,toaddauseryouneedallloggedinusers'permissionstoaddupto2atgroup7(nomore,noless).
COMMUNICATIONPROTOCOL
CustomcommunicationprotocolwiththePCIeHSMNetworkHSMslistenatbothaTCPandaUDPportandsendeverythingreceivedtotheinternalPCIecardNopublicspecificationavailableAES256encryptedcommunicationwithuniquesessionkeysandMAC
THEUTIMACOFIRMWARE
FORMATAsingleblobinacustom.mpkgformatBothFIPSandnon-FIPSversionsAfterreversingmuchoftheformatIfoundoutthatcsadmhasanoptiontounpackmpkgfilesLessonlearned:RTFM!Afterunpackingyougetanumberof.mtcfiles
SAMPLEFIRMWARESecurityServer-Se-Series-4.01.0.5.mpkg→
adm_3.0.18.1_c50.mtcaes_1.3.7.0_c50.mtcasn1_1.0.3.4_c50.mtcbcm_1.0.2.0_c50.mtccmds_3.5.1.6_c50.mtccxi_2.1.11.3_c50.mtcdb_1.3.1.1_c50.mtcdsa_1.2.2.1_c50.mtceca_1.1.7.6_c50.mtcecdsa_1.1.8.7_c50.mtchash_1.0.10.1_c50.mtc
hce_2.2.2.1_c50.mtclna_1.2.3.4_c50.mtcmbk_2.2.4.4_c50.mtcntp_1.2.0.7_c50.mtcpp_1.2.5.1_c50.mtcsc_1.2.0.3_c50.mtc
smos_3.3.4.2_c86.mtcutil_3.0.3.0_c50.mtcvdes_1.0.9.1_c50.mtcvrsa_1.3.0.6_c50.mtc
MTCFILESIndividualfirmwaremodules
Eachoneofthemseemstobeassociatedwithaspecificfunction:
adm_3.0.18.1_c50.mtc→Administrationfunctionsaes_1.3.7.0_c50.mtc→AESimplementationasn1_1.0.3.4_c50.mtc→ASN.1encoding/decoding(thisistheX.509world!)
MTCFILES
Let'susebinwalk!
MTCFILES
Fourcopyrightstringsinsideandoneunixpath→WTFguys,useastandardformat!
$binwalkadm_3.0.18.1_c50.mtc
DECIMALHEXADECIMALDESCRIPTION--------------------------------------------------------------------------------539250xD2A5Copyrightstring:"Copyright(c)1996-2014TexasInstrumentsIncorporated"541230xD36BCopyrightstring:"Copyright(c)1996-2014TexasInstrumentsIncorporated"556580xD96AUnixpath:/tmp/TI_MKLIBqpFZmO/OBJ/memset.asm:$C$L2:1:1398463752558160xDA08Copyrightstring:"Copyright(c)1996-2014TexasInstrumentsIncorporated"559850xDAB1Copyrightstring:"Copyright(c)1996-2014TexasInstrumentsIncorporated"
MTCFILES
Hexdumptotherescue!
MTCFILES
Aheaderatthebeginingwithadescription!".text"and".data"seemtobenamesofsectionsMaybesomemodifiedstandardformat???
$hexdump-Cadm_3.0.18.1_c50.mtc000000004d54434800012de00100000001020100|MTCH..-.........|0000001000000018000000004d4d434800012dc8|........MMCH..-.|0000002001010000a307552ed344d5ba41444d00|......U..D..ADM.|0000003000000000000000000000008703001201|................|0000004041646d696e697374726174696f6e204d|AdministrationM|000000506f64756c650000000000000000000000|odule...........|....0000011000002e74657874000000800f0000800f|...text.........|000001200000e0bf00008e1100005ee200000000|..........^.....|000001300000b603000000000000200500000000|...............|0000014000002e6461746100000060cf000060cf|...data...`...`.|0000015000000000000000000000000000000000|................|0000016000000000000000000000800000000000|................|
MTCFILESChallengeaccepted!
Let'sreversetheadministrationtoolthatextractedthefiles!
MTCFILESFastforwardmanyhours...
$stringscsadm|grepCOFFCS2-COFFCOFFsection
MTCFILESCOFFfiles!Butwhydidn'tbinwalkrecognizethis?Theanswerissimple:someonethoughtitwouldbenicetochangethestandardCOFFformattoaddtheirownfieldsoverthere!
MTCFILES
Nowwhat???
MTCFILESWefirstidentifythelengthofthesectionheaderbycalculatingdifferencesbetweennamesWethenfittherecordswefoundtothestandardsectionheaderNextstepisfindingouthowmuchtheCOFFfileheaderwasmessedup(youthoughttheywouldmesswiththisone?)AndwefitthisheadertothestandardCOFFfileheader
MTCFILES
WecannowextracttheCOFFfile!
Nowwhat?
MTCFILES
MTCFILES
MTCFILES
MTCFILES(InsertmultipleslideswithPicardfacepalmsand
radare2,binutils,etc)
(Ok,actuallyTIhasadisassemblerbutit'sunusable)
MTCFILESChallengeaccepted!
Let'swriteourowndisassembler!
THETMS320C64XDSPStepstowriteourowndisassembler:
StudythearchitectureoftheDSPStudythememoryorganizationStudytheABIFindpotentialframeworkswecanuseWritetheactualdisassembler
THEARCHITECTUREAn'exotic'architecturecomparedtox86,x86_64,ARM,MIPS,etc16bitVeryLongInstructionWord(VLIW)DSP2x4FunctionalUnits(.L1,.S1,.M1,.D1,.L2,.S2,.M2,.D2),eachonewithit'sownassemblyinstructionsAbilitytoexecutemultipleinstructionsinparallelatdifferentFunctionalUnits2RegisterFiles(AandB)CrosspathtotransferdatabetweenAandB
BLOCKDIAGRAM
DATAPATHSEachdatapathcontains:
1ALU(the.Lfunctionalunit)1Shifter(the.Sfunctionalunit)1Multiplier(the.Mfunctionalunit)1Adder/Subtractor,alsousedforaddressgeneration(the.Dfunctionalunit)1RegisterFilewith3232-bitregisters
ThereisalsoonecrosspathfortransfersbetweendatapathAandB
PARALLELEXECUTION8executionunitscanexecuteupto8commandsinparallelAtanysingletimeonlyonecommandcanusethecrosspathInstructionsarefetchedinfetchpackets(FP)of8wordsYoucannotexecuteinstructionsintwodifferentFPsinparallel
REGISTERSGeneralpurposeregistersA0-A31andB0-B31Instructionsoperateon8,16,32or40bitdataFor40bitoperationsoneregisterfromtheevenregisterfileisused,togetherwiththerelevantregisterfromtheoddregisterfile,e.g.A11:A10orB25:B24Thereareinstructionsthatoperateonpackeddata(e.g.48-bitquantitiesatasingleregister)64bitloadsandstorescanbeperformedinasingleoperation
REGISTERSA0-A2,B0-B2arealsoconditionalregistersAllinstructionscantakeaconditionalprefix,thoseinstructionswillbeexecutedonlyifthecorrespondingregisteriszeroornon-zero
ControlRegisterFile:Controlregisterssuchas:
PCE1:ProgramCounter,E1phaseICR:InterruptClearRegisterCSR:ControlStatusRegister
INSTRUCTIONFORMATSampleinstructions:
SHR.S1A1,10,A2
MV.S1XB0,A0
AND.D1A0,A1,A2||AND.D2B0,B1,B2
[A0]ADD.L1A1,A2,A3||[!A0]ADD.L2B1,B2,B3
DELAYSLOTSMostinstructionsareexecutedatasinglecycle...butnotallofthem!Somemulti-cycleinstructionsreadthesourceoperandsatonecycleandwritetheresultatadifferentoneBranchesreadthejumptargetatcycleiandjumptoitatcyclei+5Inthemeantime,ifthejumptargetwasaregister,itsvaluemayhavechanged
DELAYSLOTS
REVERSINGTOOLS
Stillwonderingwhynotoolsareavailable???
MEMORYORGANIZATION32bit,byteaddressableaddressspace
On-chipmemory:
OrganizedindataandprogramspacesTwo64bitinternalportstoaccessdatamemoryOne256bitinternalporttoaccessprogrammemory
Off-chipmemory:
DataandprogramspacesareunifiedviatheExternalMemoryInterFace(EMIF)EMIFis32bit
ABI-CALLINGCONVENTIONS
Nostackexists(stackasinx86stack)TocallafunctionyouneedtocalculatethereturnaddressbyaddingPCtotherelativeoffsetofthereturnaddressusingaspecialassemblyinstruction(ADDKPC)ToreturnyouneedtojumptotheregisterwherethepreviousvaluehasbeensavedABIspecifiesthisregistershouldbeB3Thedisplacementatabranchinstructionisa21bitwordoffset.Ifthedestinationisunreachable,thelinkermustgenerateatrampoline
ABI-CALLINGCONVENTIONS
B.S1funcAND.D1A0,A1,A2||AND.D2B0,B1,B2ADDKPC.S2returnhere,B3ADD.D1A2,1,A3MV.D2B3,B0||MV.D1A3,A0OR.S2XB0,A0,B4returnhere:MVK.S110,A0...
func:...B.S1B3
ABI-REGISTERS12callee-savedregisters(A10-A15,B10-B15)A15actsasFramePointerB14actsasDataPagePointerB15actsasStackPointerB3keepsthereturnaddress
ABI-ARGUMENTPASSINGFirst10argumentsarepassedinregistersIfanargumentis64bits,aregisterpairisusedThatmakesusatotalof20registersforargumentpassing32bitvaluesarereturnedinA4,64bitvaluesinA5:A4,andbiggervaluesarereturnedbyreference
IMPLEMENTINGTHEDISASSEMBLER
Weknowthearchitecture,thememorylayoutandtheABI.Nowwhat???
FRAMEWORKCHOICESBinutils:toomuchworkLLVM:stilltoomuchworkRadare2:PotentialchoiceCapstone:Potentialchoice,muchmoreattractiveforimplementingnewarchitectures
THECAPSTONEDISASSEMBLYFRAMEWORK
THECAPSTONEDISASSEMBLYFRAMEWORKWritteninpureCOpensourceBasedonLLVMBindingsformanyotherprogramminglanguagesNodocumentationexistsonaddinganewarchitecture,butitshouldbefairlyeasy
WHEREDOWESTART?ClonetheprojectSeehowotherarchitecturesareimplementedTrytoimplementourown
ARCHITECTUREIMPLEMENTATION
ATableGen(.td)filewiththearchitectureandinstructionsdescriptionhelpsgenerate:
Register/Instruction/SubtargetInfoFilesDisassemblerTablesAssemblyWriter
Butthere'smoreneeded!
THETABLEGENFILELet'sfirstgeneratethisandwe'llseeaboutthe
rest...
THETABLEGENFILEFORMATAfiledefining:
Targets/SubtargetsProcessorsInstructionSetRegistersCallingConventions
WHAT'SACTUALLYNEEDED?
Inourcasewedon'tneed:
Callingconventions-LLVMneedsthemforthecompilationpartbutwe'lljustcreateadisassemblerTheinstructionselectionpattern-LLVMneedsittoselecttheappropriateinstructionwhencompilingManyflags
WHAT'SACTUALLYNEEDED?
Whatwewillneedis:
Registerdescription
Instructiondescriptionwith:
HardwareencodingInput/outputregistersAssemblystring
HOWDOWEDEFINEREGISTERS?
Simple,wedefinearegisterclassandtheninstancesforallregisters!
classTMS320C64xReg<stringn,bits<5>num,bitfile,bits<3>condition=7>:Register<n>{letHWEncoding{15-5}=0;letHWEncoding{4-0}=num;fieldbitFile=file;fieldbits<3>Condition=condition;letNamespace="TMS320C64x";}defA0:TMS320C64xReg<"A0",0,0,6>,DwarfRegNum<[0]>;...defB31:TMS320C64xReg<"B31",31,1>,DwarfRegNum<[63]>;
HOWDOWEDEFINEINSTRUCTIONS?MoredifficultWehavetodefineoperandsTheninstructionclassesAndifneededmulticlasses
HOWDOWEDEFINEOPERANDS?
Foreveryoperandweneedtocreateadecoder,anencoderandmaybeaprintmethod!
defmemop:Operand<i32>,PatLeaf<(imm),[{returnisInt<15>(N->getZExtValue());}]>{letDecoderMethod="DecodeMemOperand";letEncoderMethod="EncodeMemOperand";letPrintMethod="printMemOperand";}
HOWDOWEDEFINEINSTRUCTIONCLASSES?
//SuperclassclassTMS320C64xInst<dagoutops,daginops,stringasmstr,list<dag>pattern>:Instruction{fieldbits<32>Inst;fieldbits<32>SoftFail=0;bits<3>cond;bitcondzero;bitside;bitparallel;
letOutOperandList=outops;letInOperandList=!con(inops,(inscondreg:$cond,condregzero:$condzero,sideop:$side,parallelop:$parallel));letAsmString=asmstr;letPattern=pattern;
HOWDOWEDEFINEINSTRUCTIONCLASSES?
letInst{31-29}=cond;letInst{28}=condzero;letInst{1}=side;letInst{0}=parallel;letSize=4;letisPredicable=1;lethasSideEffects=0;letNamespace="TMS320C64x";}
HOWDOWEDEFINEINSTRUCTIONCLASSES?
classTMS320C64xInstD1<bits<6>opVal,dagoutops,daginops,stringasmstr,list<dag>pattern>:TMS320C64xInst<outops,inops,asmstr,pattern>{bits<5>dst;bits<5>src2;bits<5>src1;bits<6>op=opVal;
letInst{27-23}=dst;letInst{22-18}=src2;letInst{17-13}=src1;letInst{12-7}=op;letInst{6-2}=0b10000;}
HOWDOWEDEFINEINSTRUCTIONCLASSES?
classTMS320C64xInstD2<bits<4>opVal,dagoutops,daginops,stringasmstr,list<dag>pattern>:TMS320C64xInst<outops,!con(inops,(inscrosspathopx2:$crosspath)),asmstr,pattern>{bits<5>dst;bits<5>src2;bits<5>src1;bitcrosspath;bits<4>op=opVal;
letInst{27-23}=dst;letInst{22-18}=src2;letInst{17-13}=src1;letInst{12}=crosspath;letInst{9-6}=op;letInst{11-10}=0b10;letInst{5-2}=0b1100;}
HOWDOWEDEFINEINSTRUCTIONMULTICLASSES?
multiclassTMS320C64xInstD1_ri<bits<6>opVal1,bits<6>opVal2,stringasmstr1,stringasmstr2>{def_d1_rrr:TMS320C64xInstD1<opVal1,(outsGPRegs:$dst),(insGPRegs:$src2,GPRegs:$src1),asmstr1,[]>;def_d1_rir:TMS320C64xInstD1<opVal2,(outsGPRegs:$dst),(insGPRegs:$src2,ucst5:$src1),asmstr2,[]>;}
HOWDOWEDEFINEINSTRUCTIONS?
defmADD:TMS320C64xInstD1_ri<0b010000,0b010010,"ADD\t$src2,$src1,$dst","ADD\t$src2,$src1,$dst">;
defADD_d2_rrr:TMS320C64xInstD2<0b1010,(outsGPRegs:$dst),(insGPRegs:$src2,GPRegs:$src1),"ADD\t$src1,$src2,$dst",[]>;
AREWEDONE?NotevencloseWeneedtoimplementcodeforencoding/decoding/printingoperands(realand'virtual'onessuchasparallelandcrosspath)WeneedtoimplementinstructionmappingsWeneedtoaddsupportingcodeforthearchitectureWeneedtoaddatleastpythonbindings
LETSFINISHTHISTHING!
PROBLEMSFACEDTheconverterwasnottheLLVMonebutanot-disclosedversionthatproducesCcodeinsteadofC++
Noproblem,convertedtheoriginalLLVMconvertertoproduceoutputcompatiblewithCapstone
Decodingofallfieldsmustbedonemanually
Stillnoproblem,wehaveallthedocumentationsoitcanbedone
PROBLEMSFACEDInstructionsthatusePCrelativeaddressingmustbehandledspecially
We'lljusthavetokeepthePCandmakeallcalculationscorrectlyDuringcodingtheTMS320C64xarchitecturesupport,PCrelativeaddressingbugswerefoundatotherarchitectures
PROBLEMSFACEDBranchesmustbehandledwithcaresincetheyarerelativetothefirstinstructioninthefetchpacket
Again,we'llhavetokeepthePCandbasedontheimplementationoftheinstructiondispatchunitfindoutthefirstinstructionineachfetchpacket
Theparallelbitisnotsetatthesameinstructionbutatthepreviousone
Difficult,butcanbedonewithsomepost-processing
CONGRATULATIONS!
Wehaveadisassemblerwecanuse!
REVERSINGTHEFIRMWAREHowdoweproceed?
WecandisassembleeverythingButwehavenosymbolsAndwehavethousandsoflinesofstrangeassemblycode
REVERSINGTHEFIRMWARE
Let'scheckthesimulatorfirmware!
THESIMULATORFIRMWAREExtracttheMTCfilesandthentheinternalbinaryAttheactualfirmwarethiswasamodifiedCOFFAtthesimulatorfirmwareit's...aDLL!
REVERSINGTHEFIRMWARE
We'vegotsymbols!
WHATNOW?Correlatestringreferencesinbothfirmwares,samestringsatsamefunctions(easy)Checkoutbranchesfromthesamefunctions(harder)Fixtherestbyhand(muchharder)Readthecodeandprofit!
CANWEPROFIT?TheseproductsaremethodicallytestedandthebestsecuritypracticesareusedduringdesignBugsshouldnotexistAtleast,simpleandeasytoidentifybugsshouldbeeliminatedLet'smoveontoanexampleofsecuritychecks...
EXTRACTIONOFMBKDATABASEBACKUP
000009d800564d42.word0x00564d42//'\x00VMB'000009dc4b310073.word0x4b310073//'K1\x00s'
_adm_ext_list_db_search_keys:...||MVK.S10x09d9,A5||ADD.L1XA4,B4,A3||ADD.D2B15,0x17,B4MVKH.S10x0000,A5SUB.L1A5,0x1,A4LDB.D1T1*++A4[1],A0LDBU.D2T2*++B4[1],B5MVK.L10,A1NOP2EXTU.S1A0,24,24,A5||[A0]SUB.L1A3,0x1,A1[A0]SUB.L1A3,0x1,A3CMPEQ.L2XB5,A5,B0[!B0]MVK.L10,A1||[!B0]B.S20x003010...
EXTRACTIONOFMBKDATABASEBACKUP
Securitycontrols:checkifstringstartswith'VMBK1','MBK'or'session_obj'toprotectsensitivedatabasesIftestspass,thenopenthedatabasewiththecommonopenfunction
What'stheargumenttothisfunction?
Thenameofthedatabase,suchasCXIKEY.dbPossiblyprefixedwiththelocation,suchasFLASH\CXIKEY.db
EXTRACTIONOFMBKDATABASEBACKUPWhatifweextractFLASH\VMBK1.db?
Sometimesonefacepalmisnotenough...
WHATABOUTOTHERBUGS?
AllthecodehasthesamequalitySimilarlogicalerrorscanbefoundHaven'tsearchedforbufferoverflowsyet
DISCLOSUREContactedUtimacoat10/03/2016ManagedtoreceivePGPkeysandcertificateat19/5/2016Sentdetailsat20/5/2016Receivedfinalofficialanswerat17/6/2016GotaccesstoanHSMwithupdatedfirmwarefortestingat20/10/2016
DOWNLOADSReversingtools:https://github.com/fotisl/utimacoCapstone:https://github.com/aquynh/capstone/tree/tms320c64x
QUESTIONS???