hello everyone my name is Matteo Utrecht and today I will be talking about my latest project called the box pol reloaded which is using x86 emulation and stained tracking to disclose to discover this closure of initialized memory in operating system kernels so the agenda for today is first off to briefly start discussing the communication between user and kernel mode in operating systems and what are the common pitfalls that are related to them and then introduce the box pawn reloaded project the principles behind it how it works in general and how it uses the full system emulation to discover any kind of bugs then I will talk about the system specific approaches which are specific to both Windows and Linux which are the two operating systems that I analyzed I will talk about the results in in those operating systems and then wrap up with some ideas for future work on how this project can be extended and improved and how we can deal with this type of issues in the future a few words about myself I am a low-level security researcher interest obviously in all sorts of vulnerability research and software exploitation I work at freedom 0 at Google in my spare time I place in CDF's as part of the dragon sector team and I have a blog and Twitter where I post some of my research as well so yeah let's start with with some basics very quickly about user and kernel communication so as you all know user applications run independently of other programs and independently of the kernel and whenever they actually want to do something in the operating system they call into the kernel to request the operation that they want to do and when they do it the ring free memory which is a shared memory between the user and kernel mode is used as the exchange data exchange channel so this is how it looks on a simple graph so we have the user mode program which wants to perform some operations so it writes input data to the shirt user mode memory then in it invokes the system called which transfers execution to the system kernel which then reads the input data performs some logic writes output beta back and returns to user space then the use program reads the output data back and operates on it so in this presentation we're mostly interested in these two stages of the system kernel first reading input data and then writing output data and especially in the in the second part so let's imagine in a perfect world where the kernel doesn't have any bugs so we would like in this perfect word for the kernel to only read every memory unit once within the scope of a system call and then write to it also at most once after it is done with all of the system call logic do it in a secure manner and only write the data that is intended for user mode so that is the state of the perfect world that we could imagine but of course we have free LT instead so these assumptions that I mentioned can be broken in in a number of ways so for example we can break the assumption that every memory unit is read from at most once it may happen that memory is actually read most and more than once this was the subject of the original box boom research that we performed four years ago we've been very cold wind and the possible violation is that we have two or more fetches from user mode memory which may allow some race conditions to break code assumptions which can lead to buffer overflows right what with work conditions arbitrary it's all kind of badness so these this original research resulted in discovering more than 40 vulnerabilities in Windows and yeah so we wrote quite a few papers on this subject on both trying to find these kind of double fetters and also exploit them this research was also presented here at blackhat we can also break the other assumptions in a number of ways so for example we can have like unprotected accesses to user mode pointers in the kernel we can have multiple writes to a single memory area which can also indicate that something fishy's going on in the kernel we can have reading from the user mode address after already having written to it which is also kind of fishy because why would a kernel do it and there are some other behaviors which can raise an eyebrow for example accessing ring memory within very deeply nested skull stacks or with the first enabled exception hands are very high optical stack these are also some some weird behaviors that could happen but the subject of this talk is actually this part about only writing data that is intended to be used by user mode so that's what we will focus on so writing data to use during 3 happens in general in 4 different cases so we have system calls which exist in all operating systems that were interested in we have IO CDLs which are also a special case of sis calls but they have often dedicated output mechanisms so we can consider them differently a little bit we have user mode callbacks which are a mechanism which is specific to Windows and win 32k graphical subsystem and we finally have exception handling where the kernel has to build an exception frame on the user mode stack so then it also writes to the user mode memory so let's let's go back a little bit and think about where when writing initialized memory or some kind of unintended memory to user mode can happen so we have this easy problem on the example of a fake Windows system call implementation here of writing an initialized value of a primitive type variable so here we have a system call which calculates the multiplication of 2 of a value and of course as we can see the local output value is not initialized if input value is equal to 0 so then we are leaking for or yeah basically for 4 bytes of initialized kernel stack memory back to user mode so this of course can happen and will happen but this is not not as bad as it seems because first of all it's it's not a very trivial bug to make for developers compilers will often warn about instances of such issues it doesn't leak too much information because it's just a single variable and it very well may be detected during development as well because it may be a functional part so this is not not so bad but we have many many other definitely harder problems so first of all we have structures and unions which are used in C and C++ so here in this example we have a structure who has which has three fields which are being used to output some user mode so the two of them - two of the fields in this structure and are initialized because they are used by the system call but the third one is reserved so it's not honest it's not initialized by default kind of by design but still it's allocated in the kernel stack and it still output back to user mode so it's leaking some some data within that fuel furthermore we have unions which can have fields and you know types of fields that have different sizes so here you can see that we have one D word and one Q word and only the D word is initialized here which leaves the other four bytes unutilized and they are also leaked back to user mode in the in the annualized state and furthermore we have structures which have padding holes inside so we have a D word followed by a Q word but since the key word has to be 8 byte aligned the compiler inserts a pairing whole of 4 bytes which in this code are also not initialized properly and output to user mode so we have as I said different problems related to the structures and unions first of all they are usually copied in memory entirely using functions such as mem copy and size is calculated by the sizeof operator they have often many fields so it's either easy to forget about about setting some of them or they may be and not set by design we have padding halls we have as I said different sizes and unions and worst of all compilers don't really have too much inside into structures especially when they are dynamically allocated from the heap or pools and also because of the fact that they are often copied using functions such as mem copy then we have another problem related to fixed size erase so here we have an example of a system call which returns the path to the system on file system and as you can see we have this huge array which is allocated from the stack but it's only partially initialized with with the relevant string that we want to return but the kernel still returns the whole array with more than 200 initialized bytes inside and we have a lot of instances of such long fixed size buffers in a window in the Windows kernel which are used in the exchange of data between user and kernel mode they used for paths in the file system for names identifiers etc and most most often even though these buffers are fixed in size the length of the content inside is variable and usually most of the storage used by the array is actually not not used at all so and the other problem is that these these arrays are often part of structures which are which makes it even harder to only copy the relevant part of the string to user mode so and also the bad thing about this is that since the yes array can be very huge they can also leak a lot of data from the kernel to the user space at once and then we have yet another problem which is kind of specific to Windows but not not not only so even though we have this system call which only returns 12 bytes in total in three magic D words it allows the user mode color to specify the length of the output buffer and it allocates a number of bytes that is requested by the user a mode color and even though it only writes a limited number of bytes into the buffer it copies this use this kernel mode buffer in a hole back to user mode so we also end up with a lot of uninitialized data here this is also very common in Windows as I said and the interesting thing about this is that it this this kind of bug may actually enable disclosure from both the stack and the heap in the same affected code because of the fact that Windows uses an optimization so for small request sizes it uses stack buffers and for a larger one it uses heap allocations in many cases and it often leads to large leaks of control number of bytes and the worst thing is that in this particular case it could be possible for the user to actually be able to specify that the size of the allocation that is being leaked so it may enable the attacker to try to collide with interesting objects in kernel mode memory in order to leak something interesting so apart from all of this we have some more factors which contribute to this whole problem so first of all neither windows nor Linux actually pre initialized allocations on the stack or heap by default of course there are a lot of exceptions mostly in Linux such as the case a lock function the GFP zero flag etc but in general allocations are not initialized by default a recent change in Windows from a few months ago is that some some allocations used for ioctl IO buffers are initialized now but that is that is something that was not true two months ago but the general rule still stands and as you can see here in the screenshot even the official documentation of the X allocate pool with tagged windows function warns about the fact that allocations returned by this function contain initialized memory and if the code wants to return it to user mode it has to memset it first another factor is that there are no visible visible consequences of this kind of behavior so even though C and C++ don't really make it easy for the code to copy data securely between security domains there isn't any punishment if you fail to do it correctly so you know even if the kernel discloses if you initialize bytes in one syscall or another nothing will really crash in most cases and so no one will discover this bug and so as a result if a kernel developer is not aware of this bug class and they are not trying to actively prevent it they will probably never kind of find out because the code crashes or something doesn't work so it's a very silent type of bug yet another factor is the fact that it might be not very easy to discover that any leaks from kernel mode are actually taking place because some of them could be hidden behind the user mode system api so even though data is actually leaked from the system kernel back to user mode in general that the original color of the system api might not see this data at all so yeah when it comes to the severity and considerations of this of these bugs you can say that they are not very severe because it's just local info leaks there is no memory corruption taking place now remote exploitation involved by nature and and and etc but the actual severity depends on what we managed to leak out of the kernel this can be addresses that we can use for further exploitation of other vulnerabilities or it can be some sensitive data that we can use more directly to elevate our privileges in the system but on the positive side from the attacker perspective these bugs are mostly silent and transparent so we can try to exploit them basically indefinitely and very silently without ever worrying about the system going down or someone actually discovering that something something fishy is going on hmm so as I said these bugs are mostly useful in practice as a single link in a full exploit chains for local privilege escalation especially given how much effort is actually being put into protecting kernel address space information in Windows and one real-life example of this would be an exploit found in the hacking team dump two years ago so in order to exploit another vulnerability they used a pool memory disclosure which leaked the base address of the winter dedicated sis driver and so yeah it was used in practice and at the same time a few weeks before all of this came to light a project zero researcher mod state also discovered this independently and reported it so yeah when it comes to the benefits of of this kind of disclosures you have to consider them separately when it comes to whether they are stack or heap disclosures so when it comes to stack these are consistent and immediately useful values because you know these are the desert this is the type of data that is being stored on the stack so we have things like addresses of the kernel stack because of the stack pointers we have heap addresses we have addresses of executable images because of return addresses we can leak values of stock cookies which can be then used to exploit a stack buffer overflow we have some Cisco specific data that is used by services called directly before the leaking Cisco and also interesting thing is that we can sometimes leak data of interrupt handlers if they happen to trigger in the same context as the exploiting threat but that's only on Windows 7 on the other hand when it comes to heap disclosure we have kind of less obvious memory because it's it's not always just pointers to the stack into executable images but we have more potential to collide with something that is more sensitive so of course we have addresses again of the heap and potentially of executable images but we can collide with virtually allocations of any active kernel modules related to the disk networking video etc yeah interestingly there hasn't been too much work with within that space on Windows so according to my best knowledge people have started to take interest in this kind of issues something like two years ago so we have this this one issue in project zero tracker discovered by Mott state then we have a presentation of given by wandering glitch last year about several unutilized memory disclosure bugs fixed in 2015 and we have two more we have a presentation from this year from can sequester which doesn't really concern this subject but mentions that there are some leaks in win32 k user remote callbacks and also we have this work from just last month from two researchers which also collided with my research and and tried to find some sum of info League parks in the Windows kernel automatically on the other hand the problem seems to be much better well known on Linux so already seven years ago Dan Rosenberg apparently went on a rampage and killed several dozen I think more than 20 info leaks in various subsystems he presented some of this work in patien given by him and yon aburrida in 2011 and then there are also a lot of other comets provided by different security researchers which who discovered this kind of bugs throughout the history so this problem seems to be much better well known and well well understood in Linux than it is on Windows probably because of the fact that Linux is open source so you can more easily find this kind of stuff there so let's look into the design of the of the tool now we'll start with a quick description of box because box spawn reloaded is is based on the Box emulator it's a full emulator developed by Intel it has a full implementation of the CPU it has support for all of the latest features of the CPU all of the extensions such as SSE a Fe X and stuff like that it also has all basic peripherals so you can just run a full operating system on this single emulator without any problems and a good thing is that it also provides an extension instrumentation API so we can we can in addition to just running the system we can look into how it works and we can change its behavior in any way we want in terms of performance of this emulator since it's a full system is full software emulator the performance is not very good so here we have you can see that I at this at the point of taking the screenshot it was executing for to me about 40 million instructions per second so that's not too much the longer story is that if we have a non instrumented guest it can run up to 100 IPS which is sufficient to boot a system in kind of reasonable time which is under five minutes and when we do it the environment is fairly responsive we can you know like use the system move the mouse open some applications and stuff like that when we add some instrumentation on top of that we have some overhead depending on what instrumentation we write in my case in in case of box phone reloaded that performance drop was to around 30 to 40 million IPS which was still kind of acceptable for research purposes so I can still interact with the system and get some visible results but when interacting with box we actually had to put a lot of effort into making sure that the logic that we're implementing in the instrumentation is is as simple and as fast as possible so about the instrumentation support in box technically it works through macros defined in C++ starting with the BX instru prefix and then we have a lot of callbacks to actually choose from so we can we can execute our own code on initialization of the virtual machine shuts down before and after executing an instruction on linear and physical memory access on exceptions interrupts and stuff like that so we can control and everything that is going on in the system and this enables us to develop virtually any logic that we want to do so we can count statistics on what instructions are executing and how often we can trace instructions or trace memory accesses add metadata and stuff like that so here you can see a full list of the instrumentation callbacks that box provides and the ones that are underlined are the ones that that I used in box one reloaded so it's not not too many of them basically the most important ones are just the ones triggering before and after execution of an instruction and the one triggering on accessing linear memory and the CoreLogic of box bone is that we want to change track the entire kernel address space and in order to do it we need to first be able to send change on new allocations that are being performed in kernel mode both from the stack and the heap then we want to be able to remove taint when memory is freed of course we want to propagate taint in memory and then most importantly we want to detect when some initialized memory is copied from the kernel space to the user space apart from that core functionality it's also good that we are able to reproduce the bugs and analyse them somehow so in order to do that we want to also keep track of all the loaded cast kernel modules so we know which driver is triggering the bug we will also want to read full stack traces to be able to duplicate the bugs not to run into the same vulnerability all over and over again of course it's good to also symbolize the call stacks to have pretty reports that we can analyze and finally we want to break into kernel debugger attached to the guests when an error actually happens so that we can interactively try to see what's going on in the system here you can see a representation of the shadow memory so we have the guest the West memory divided into user a lot and kernel and for every kernel and byte or rather we have a mapping of the a full mapping of the shadow memory corresponding to the kernel land and then every memory unit is described by a few variables of course we have detained bit but also we have information about what is the base address of the allocation that despite belongs to we have the information about where despite was allocated in the kernel and stuff like that so this this shadow memory size is linear in relation to the size of the guest kernel address space currently we only support 32-bit guests but that shouldn't be really too hard to to modify and some of the information is stored at one by two on orality and some at eight byte granularity so right now with my implementation the size of the shadow memory is three times the size of the kernel address space so we have six gigabytes of memory for for a windows guest and three gigabytes of memory for linux guest so it can easily run on any any host machine that has a reasonable amount of RAM memory and apart from just painting the memory that we that is being allocated in our shadow memory what I wanted to do is also part the guest memory with some special marker bytes so we have a with the a a bite for hip allocations and BB bite for stack areas this is used mostly first of all in order to eliminate all false positives because now we have the guarantee that if shadow memory indicates that there is a bug we can also refer to the actual guest memory and see if these original marker bites are still these values of a a or BB and it can also trigger some use of an energized memory bugs that are not just info leaks but also other bugs so about setting paint on stack this is this is actually very easy because all allocations performed on stack are performed using the same assembly pattern so it's close cross-platform what I do in my instrumentation is I just detect these three instruction of adding subtracting and ending against the ESP register and then after the execution of this instruction if ESP decrease that I just sent the taint on the whole new memory region that also allocated this way of course you can imagine cases where this would crash the operating system if it didn't perform properly but unfortunately both windows and linux do so this behavior doesn't crash anything and it all works out on the other hand setting taint on heap and full allocations is completely different we cannot do it universally in any way we actually have to know how the system allocates memory where the allocators are located in the kernel address space and how do how they work so right now we can just say that after we detect an allocation and we know the address and the size of the allocation we've just tainted and I will talk about how we do it specifically in later in the presentation then we want to remove taint on hip free which is also very reliant on how the heap implementation works on the specific system but basically when we break on a free function Prolog we look up the allocation size of the memory that corresponds to the address and we just clear all of the taint and metadata that corresponds to the whole memory region another idea would be to escape this this clearing of the taint and is that retains this this memory in order to detect use after free and leaks of freed memory but that's an implement implementational detail and the hardest part of all of this is the taint propagation because we can easily detect allocations but detecting data transfers and handling them correctly is definitely the hardest part so in case of my project I only propagate time for the red mob as Dee and her red mob as be instructions which correspond to the mem copy kind of construct it's used both in the mem copy implementation of various C clients and it's also used as an inline version of the mem copy function and the good thing about handling this specific instruction is that we know the source and destination addresses at the same time so we know how many bytes are copied from which address location to to which one so we can analyze this very easily and you know of course this is only a best-effort approach it's not perfect we don't handle all of the data transfers but you know it still gives us a lot of information and we still mostly care about copying large memory blobs and not single variables so this this lets us to spend as little time on this with as much benefit as we can get and it also has a quite a small CPU overhead so if a memory access is not a result of this instruction that we specifically analyzed then we perform the following steps if this instruction that we encounter is writing to some memory we'll just clear the taint on that memory area and if the instruction is reading from the from the memory we check the taint information and if the shadow memory indicates that this is actually an annualized read we verify whether this is the case or not with the marker bytes that I mentioned before in case there is a mismatch for whatever reason we just cleared the taint again but if the marker bytes are still there in the guest memory we we report the bug and also the real detection of the user mode or kernel mode information leak triggers on the read mode as be instruction where the ESI is in kernel mode and idea is in user mode which which is a very clear indicator that initialized memory is actually copied from kernel to user mode so once we have all of this information and this picture of how this product should look like we can try to run it on some real systems starting with Windows what we have to do first is we have to implement the painting of pool allocations in Windows we have a lot of functions which allocate memory from the pool all of them start with X allocate pool but there are different variants but fortunately for us all of these functions eventually call into one called X allocate pool with tag and it's very convenient because it uses the STD call calling convention which means that we have the arguments on the stack and the return value in EAX and this means that when the read instruction is executed in this function we have all of the information about both the allocation request and allocation result at the same time so this is this is very convenient for us this is how it looks on a graph so we have we have different colors of all of the allocation functions eventually they all call into X allocate pool with tag and then we break on this single read instruction and read all of the relevant information from ax and from memory under ESP so we read where the allocation is being made from from the return address and the requested size and the allocation tag for some debugging information and then we also break on the X free pool with tag function this time in the prologue of the function and we just read the address of the regem that is being freed in order to clear the taint unfortunately there are some corner cases which we also have to take into account in order to find all of the bugs so for example in Windows we have some optimized specialized alligators such though such as the one used by winter okay so there is this alligator which first of all tries to return a cached memory region that is pre allocated and after only it is busy the actual Windows kernel a locator is used so and it's called from from quite a few locations so we have to take care of that but what we can do is we can just simply patch this function to always use the system a locator instead and we are good to go when it comes to propagating taint and detecting bugs in Windows we are quite lucky because the the mem copy function that is used by the Windows kernel actually uses the red morph as B and wrap morph as d function instructions sometimes they have some optimizations that we have to care about so for example in Windows if the copy size is less than 32 bytes then morph instructions are used instead of red morph as beep or red Mofaz d but we also can just modify that in assembly so in general as a result tracking most transfers of data blobs in Windows works out of the box with the approach that I mentioned before I'm not sure oh you can actually see that quite well so I created a small visualization of the whole address space in Windows 7 so here you can see the whole 2 gigabyte kernel address space over time this is an image which is of dimensions 1024 by 512 each pixel is a single memory page and so these pages that are that have some stack memory taint are marked in green and the pool ones are marked in red so now we can see that what the patterns are in Windows when it boots up and when you start some of the some of the applications in Windows so that's 40 minutes of runtime a new snapshot was being taken every 20 seconds here so I I found I find that quite interesting myself and here you can see the similar image on Windows 10 over 120 minutes with a snapshot taking every 60 seconds because the boots time was much longer on the box emulator so you can see that much more memories consumed by the operating system and the patterns in which memory is allocated also is also quite different when it comes to other technical details such as keeping track of processes and threads it's very simple it's the same as in the original box born from four years ago it's just about traversing a simple traversing a single a linked list of of modules in the kernel address space and the same goes for keeping track of keeping track of loaded kernel modules you also just have to go through a list of descriptors and note the values there so here we have an example of Bach's bone that that was generated in an actual runtime so you can see all of the information that we have about the bag that happened we have the address of the memory that is being read we have information about the process in this case it's Explorer dot X ax we have the faulting instruction which as I mentioned before can only be read more of SD in this case and we have information about where the memory region was allocated in this case it was just a generic function inside of win32 K and the stack trace of where this happened so this is all very good and it looks very nice but it was a very simple example and there are much more complex examples where we have a bug but it's it's not just to stack frames it's actually like 30 stack frames because the back happens inside of a ioctl handler someone very deep inside of the kernel so it's not very convenient in that case to try to analyze the bug based just on the single box spawn report so as I mentioned before what I wanted to do is to be able to attach windbg or wind back to the emulated guest kernel and this is not a very big problem because box actually supports redirecting comm ports to Windows pipes so we can just enable kernel debugging in the guest system and then attach a wind wind back to it from outside of course this is very very slow if you try to attach wind back takes maybe five minutes for it to fully on initially and provide with the interactive shell but it's still workable for our purposes and of course this is not sufficient because even though we have this kernel debugger attached we don't know when when the bugs are happening so what we also want to do is that we want to break on the specific moment when a bug happens and this is achieved by injecting an entry instruction in the emulator exactly at the moment when the bug is detected so this this lets us break into the debugger and see exactly what is going on and what memory is being copied to user mode and why so for me at least it seems it feels quite magical that it will all works but it does so here I have a screenshot of wind wind bag attached to the box guest here yeah when it comes to the testing that I performed in order to get some reasonable cold coverage first of all I run the instrumentation against Windows 7 and Windows 10 in order to get above the old code that could have been removed in Windows 10 and also the new code that was added in that system and within that guests what I did is that I of course booted up the system started a few default applications such as Internet Explorer WordPad stuff like that I generally did some network traffic and I also run so-called react OS unit tests which is a bunch of applications which are used by react OS to test whether the behavior of the system is the same as Windows so it actually helps us provide or get a lot of code coverage in the kernel that we wouldn't be able to do otherwise we already used this these tests four years ago but they were largely improved since then so they were very helpful for us but of course even though we did all of those things it's still not the perfect amount of code coverage that we can get so it's still a major roadblock in every effective usage of full system instrumentation because we can find only as many bugs are actually triggered on the system so let's look into the results this is this is the results on a single slide so it's a it's a couple of screenshots from Microsoft Billiton from the last four months the summary is that we found so far 30 vulnerabilities 13 of them were in from the pools and 17 from the stack so it's quite evenly divided and we can see here the pool ones were triggered in a number of kernel drivers so we have both the core NTS OS kernel we have win32 k we have a bunch of you know like partition manager drivers volume manager driver stuff like that and root causes of those bugs are also very diverse so we have bugs caused by structure alignment unicode string alignment padding halls and you know a lot of different things and also the the amount of bytes that were leaked is also quite diverse so it ranges from just a single byte to over 6 kilobytes of information at a single request and then we have the stock disclosures as well from a number of functions they are also diverse for some of them I wasn't really able to figure out what the reason for for the leak was but yeah it's still quite a lot of them so it's it's an important problem once we detected these bugs we want to reproduce them of course and this is another important problem that we have to look into so in order to reproduce the pool info leaks what I did is that I used regular vm in order to make sure that this bug is not specific to box but also a normal environment what I did is that I just found out which drivers making the allocation that is being leaked to user mode and I already had this information from the metadata I enabled special pools for that model reboot the system and then started the POC twice and then I could observe a repeated marker bite at the offsets where the data was leaked so this is how it looked like for the volume disks extents vulnerability when I run it the first time you can see 39 marker byte but then when I run it again it's another byte so you can easily see where the leak is actually taking place here when it comes to stacking fully reproduction that is much more difficult because there is no official or documented way of padding stack allocations with marker bytes but on the other hand we still want to reproduce these packs reliably and be able to show where the bytes are being leaked because otherwise you know first of all it's easier for Microsoft to find add to to to fix those bugs and also it's easier for us to make sure that the back is real and also reproduce outside of the test environment what we can do in this case is that we can use stack spraying this is a technique that allows us to spray the kernel stack with some controlled memory and it works thanks to the fact that Windows uses optimization of using local buffers for small requests and some of the system calls actually have very large buffers for storing optimized local data so we have this system call called anti map user physical pages which allows us to put 4 or 8 kilobytes of controlled data on the stack so it's very convenient so this is illustrated here first of all what we do is that we just spray the current start with some easily recognizable patterns such as the for 1 byte and then we trigger the vulnerability and we see where this marker byte happens to to be in our output buffer so this is another example of running the anti GDI get realization info POC here which leaks 8 bytes from the kernel stack and a quick digression is that if memory marking can be used for bug demonstration it can also be used for discovery that's what I at least thought and the basic idea would be to first of all enable special pools for all of the kernel modules and then invoke invite invoke test tested system called twice pre spraying the kernel stack with a different bite each time and then we can compare the output of the system call and see if if it differs in a reliable way and the perfect candidate to to test in this way is that function is the family of anti query information system calls which have a very calm structures so we have a handle to the object that we want to query we have some information class which is just a simple integer and we have a pointer and size of the output buffer so we can create the object that we want to query and then we can just brute force pretty much both the information class and the expected buffer size and our about ten such functions which we can test this way so this looked quite promising and indeed it turned out that this was a fruitful idea and I was able to find about five bucks this way as well so it was it was quite easy so in summary the problem seems to have remained mostly unrecognized until now probably because of the factor that factors that I mentioned before that it's quite invisible and not obvious to find these bugs but on the other hand it's a fundamental issue which is trivial to overlook but very difficult to get right in the code so I think it's also a tip of the iceberg so even though I found thirty bucks so far there are hundreds of men copy calls to user remote in the Windows kernel and every one of them is a potential disclosure so so there are still probably a lot of such bugs lurking in the codebase of Windows and this is especially true in the cases where the size is user controlled but the amount of lab relevant data is fixed or otherwise limited there are some mitigations ideas that Microsoft could probably implement in some way in order to to try to mitigate those bugs first of all of course they could just memset all stack and pool allocations we learned there made or requested which would make the bug go away without doing any bug fixing at all but of course that is probably incurring too much of an overhead so it's not realistic and especially given the fact that most kernel allocations probably don't at end up copied to user mode anyway but it turns out that Microsoft implemented a part of this idea by mem setting the buffered i/o output buffer in the ioctl implementation just just a few weeks ago so they are definitely looking into into this there are some other creation ideas that are more realistic such as for example Creek clearing the kernel stack between system calls they could also add a new a locator function which just clears the returned memory regions before returning them and they could also just detect which allocations end up being copied to user mode and then only clear those either automatically or just by adding Maps it calls manually and in general since when the Microsoft has the wins of source code they could bring this idea to a whole new level by writing better instrumentation which has more information about data transfers and stuff like that they also have probably mode code coverage that I am able to achieve by just running a few simple tests and starting a few applications which also means more bugs found and static analysis is also easier to use to guide this dynamic approaches so when it comes to closing remarks for Windows of course this box phone approach could be also used to detect regular use of an initialized memory but the results in case of Windows are much harder to try out because we don't have access to the source code so we cannot easily analyze if this use of an initialized memory is an actual buck or not and another point that I wanted to make is that the the subject of leaking specific sensitive data from pool disclosures is still an interesting subject that hasn't been explored too much now I also wanted to talk about running Bach's bone against Linux but I guess I don't have too much time anymore so I will just quickly say that the tainting of heap allocations is much more difficult on Linux because the allocators themselves are plenty it's not just a single function but we have a couple of families that are schema log V ma log K memcache a log and stuff like that all of them work in different ways so we have a lot of these functions for came along a lot of these functions in vemma log we have to hook into most of them in order to be able to catch all of the allocations in my case it was seven of them we also have problems such as the fact we have a different calling conventions with arguments passed through registers and not the stack so instead of just hooking into a single read instruction we actually have to hook into the both the prologue of the app function in order to save information about the allocation request and then we have to hook into the return instruction in order to be able to read the address that it was being allocated and then we can set the taint then we have this troublesome family of K memcache functions which create a cache of allocations which are initialized and tainted at the time where the object is initialized but not at the time when it is requested so we have to implement some additional logic to account for that other than that we have a few flags that we have to set in the config in order to make the mem copy function be compiled into a set of rep move move SB instructions we have this visualization of Ubuntu memory layout which I'm gonna skip right now we have a few other config options that we also have to set in order to enable debugging symbols use the right kernel user address mode split and disable some of the mechanisms that we don't want to use in the emulation then we also have to set another config option to make sure that copy to user which is used to copy memory back from kernel mode to user mode is also compiled into read mob SP and read more SD instructions unfortunately there is one problematic function that we have to also care about which is put user which is a macro used to copy simple types back to user mode but we can take care of that by just using a hack of using these prefetch instructions in order to enable and disable strict mode in box which means that we just sanitize all of the reads from memory that happened between those two instructions you are welcome to ask me about the details of that after presentation but that's how it looks in assembly so we have the preface one and preffered two instructions and be in between these instructions we just sanitize all of the memory reads so yeah we have we have a very similar log from box pawn report right now so it's all the same information about the instruction the stack trace where the back happened and stuff like that we also have a kernel debugger attached as well so we can we can debug these bugs that happen at runtime we perform some very simple testing as well by running a few system professors such as Trinity pools I know this also a few unit tests such as the Linux test project and a couple of other things unfortunately we are but we weren't able to use this color because it's currently only supporting 64-bit architectures and we were working with 32-bit when it comes to the results they are much less impressive than on Windows so it was just a single bug which was very minor because it was in the ioctl of a device that was only accessible to route I'd still discovered it around April 20th and I was I was still able to I was still going to report it a few days later but when I started looking around seeing if anybody has reported it already I discovered that seven days after yeah after I discovered it someone from Google already have have fixed it so too bad but since that didn't work out so well for me to detect does direct kernel to user info leaks I decided that I could enable that global strict mode and detect all uses of unutilized memory and analyze all of them because I had access to the source code in this case so I could just look into the in-depth root cause of every such instance so I did that and this was more lucky for me so I was able to find a few bugs one of them actually led to the discovery of an actual kernel info leak in the LLC piece or connect in NFC sockets the other ones are much lesser they were still uses of uninitialized memory but not directly leading to information disclosure thankfully all of them have been fixed now and as you can see some of them have also been found by external researchers as well so it turns out that when it comes to analyze reads from kernel mode my project was not the only one in Linux so there is a project called kernel memory sanitizer which is being worked on right now it's called km Sun it's developed by Alexander Potter Penco and it has collided on a few on a few of my findings and the important thing is that it's actually working in a different way it's adding instrumentation at compile time it's very similar to projects such as address ionizer memory sanitizer for user mode and this is the the correct way to do it in Linux but I still wanted to also test my approach on that operating system so the conclusions in terms of Linux is that here we have we have a community which has been on top of the problem for the last few years we don't have so many info leaks here and even if we find something it turns out that these bugs seem to be quite short-lived from my experience at least yeah there is a little bit of future work to be done here we can run further iteration on Windows we can try to look into improving code coverage which is always something that needs to be done I can also think about improving taste propagation beyond just rap of SB and implementing support for 64-bit guests which also should be able to identify a few more new bugs there are some other more crazy approaches such as taint less approaches of not having any taint but only looking into writes into user remote memory and seeing if there are any marker bytes that are being leaked there this addresses the problem of non-ideal tyne propagation but it has other problems as well yeah we can also we can also think about detecting leaks not just into user remote memory but into other sinks that outgoing network traffic file system metadata and stuff like that so there is a lot of work to do still but I think the results so far are still quite impressive and are motivating to look into info leaks more in the future so thank you for listening and I'm happy to answer questions [Applause] [Music] [Applause] [Music] [Applause] Back To Top