Your Peripheral Has Planted Malware - An Exploit of NXP SOCs

Video thumbnail (Frame 0) Video thumbnail (Frame 4487) Video thumbnail (Frame 14502) Video thumbnail (Frame 18316) Video thumbnail (Frame 20531) Video thumbnail (Frame 27589) Video thumbnail (Frame 30377) Video thumbnail (Frame 32758) Video thumbnail (Frame 34701) Video thumbnail (Frame 35881) Video thumbnail (Frame 37453) Video thumbnail (Frame 39737) Video thumbnail (Frame 44817) Video thumbnail (Frame 46462) Video thumbnail (Frame 48402) Video thumbnail (Frame 50068) Video thumbnail (Frame 51582) Video thumbnail (Frame 52522) Video thumbnail (Frame 55637) Video thumbnail (Frame 58432) Video thumbnail (Frame 61007) Video thumbnail (Frame 63307) Video thumbnail (Frame 64420) Video thumbnail (Frame 67646)
Video in TIB AV-Portal: Your Peripheral Has Planted Malware - An Exploit of NXP SOCs

Formal Metadata

Title
Your Peripheral Has Planted Malware - An Exploit of NXP SOCs
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Abstract
There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most of these devices are Internet ready and definitely security is always the main concern. Vendors would always apply security measurements into the ARM Cortex M product for few major reasons: 1) People will not be able to copy and replicate the product; 2) License control for the hardware and software; 3) Prevent malicious code injection in to the firmware. Vendors normally rely on the security measurements built within the chip (unique ID number/signature) or security measurements built around the chip (secure boot). In this talk, we will share the ARM Cortex M SOC vulnerability that we discovered and it will be two parts: The first is security measurement build within the SOC and how we break it. We could gain control of changing the SOC unique ID and write the firmware or even turn the device into a trojan or bot. The second is security measure built around the SOC and how we break the Secure Boot elements and write into the firmware.
Booting Implementation Presentation of a group Group action Code Workstation <Musikinstrument> Water vapor Focus (optics) Goodness of fit Graphical user interface Telecommunication Different (Kate Ryan album) Software Formal verification Booting Information security Wireless LAN Physical system Vulnerability (computing) Vulnerability (computing) Cone penetration test Uniqueness quantification Core dump Exploit (computer security) Product (business) Type theory Personal computer Numeral (linguistics) Malware Internetworking System programming Different (Kate Ryan album) Smartphone Peripheral Information security Wireless LAN Booting Cloning
Computer program INTEGRAL State of matter Code Correspondence (mathematics) Execution unit Computer programming Software bug Malware Mechanism design Component-based software engineering Strategy game Semiconductor memory Different (Kate Ryan album) Software framework Circle Information security Physical system Area Binary code Data storage device Public-key cryptography Product (business) Electronic signature Type theory Arithmetic mean Data management Smartphone Modem Asynchronous Transfer Mode Booting Booting Server (computing) Implementation Functional (mathematics) Mobile Web Flash memory Cellular automaton Plastikkarte Product (business) Computer hardware Authorization System programming Booting Modem Continuous track Cellular automaton Interface (computing) Lemma (mathematics) Code Device driver Limit (category theory) Cartesian coordinate system Personal computer Kernel (computing) Pauli exclusion principle Formal verification Game theory Musical ensemble Routing Window Operating system
Stapeldatei Complex (psychology) Booting Web crawler Functional (mathematics) Serial port Computer file Correspondence (mathematics) Copyright infringement Control flow Electronic signature Product (business) Number Mechanism design Component-based software engineering Computer hardware Uniqueness quantification Reverse engineering Firmware Booting Uniqueness quantification Total S.A. Cartesian coordinate system Product (business) Electronic signature Component-based software engineering Kernel (computing) Personal digital assistant Procedural programming Whiteboard Communications protocol Reverse engineering
Computer program Suite (music) Complex (psychology) Program code Code Execution unit Parameter (computer programming) Mereology Hooking Semiconductor memory Core dump Formal verification Series (mathematics) System identification Information security Position operator Physical system Flash memory Web page Static random-access memory Interior (topology) Perturbation theory Control flow Trigonometric functions Product (business) Electronic signature Microprocessor Type theory Hooking Oval Series (mathematics) Right angle Pattern language Encryption Information security Physical system Writing Spacetime Firmware Reading (process) Random number Booting Asynchronous Transfer Mode Functional (mathematics) Game controller Proxy server Patch (Unix) Data storage device Protein Event horizon Revision control Advanced Encryption Standard Read-only memory Microprocessor Computer hardware Touch typing Uniqueness quantification Spacetime Statement (computer science) Normal (geometry) Reverse engineering Firmware Booting Address space Pairwise comparison Serial port Execution unit Dependent and independent variables Patch (Unix) Debugger Computer program Mathematical analysis Code Semiconductor memory Cartesian coordinate system Exploit (computer security) Mathematics Number Pointer (computer programming) Event horizon Query language Function (mathematics) Computer hardware Sheaf (mathematics) Formal verification Social class Exception handling Matrix (mathematics) Window Cloning Address space
Game controller Functional (mathematics) Code Patch (Unix) Area Neuroinformatik Pointer (computer programming) Read-only memory Semiconductor memory Process (computing) Data conversion Address space Addition Pairwise comparison Mapping Static random-access memory Content (media) Code Bit Stack (abstract data type) Extreme programming Variable (mathematics) Uniform resource locator Compilation album Row (database) Spacetime
Logical constant Booting Mapping Run time (program lifecycle phase) Software developer Interior (topology) Strut Code Arm Neuroinformatik Product (business) Emulator Goodness of fit Charge carrier Software Computer hardware Uniqueness quantification Implementation Booting Firmware Vulnerability (computing) Link (knot theory) Arm Mapping Electronic mailing list Code Microprocessor Emulator Vector space Order (biology) Charge carrier Compilation album Normal (geometry) Formal verification Hacker (term)
Point (geometry) Computer program Booting Functional (mathematics) Proxy server Code Exploit (computer security) Shape (magazine) XML Mereology Electronic signature Area Number Fraction (mathematics) Mathematics Hooking Uniqueness quantification Position operator Hydraulic jump Mapping Flash memory Code Mathematics Pointer (computer programming) Oval Personal digital assistant Figurate number
Computer program Context awareness Greatest element Link (knot theory) Code Patch (Unix) Real number Sheaf (mathematics) Shape (magazine) Shareware Product (business) Neuroinformatik Power (physics) Mechanism design Computer hardware Formal verification Videoconferencing Software testing Firmware Error message Physical system Software development kit Copyright infringement Software developer Shared memory Data storage device Line (geometry) Cartesian coordinate system Trigonometric functions Exploit (computer security) Electronic signature Performance appraisal Microprocessor In-System-Programmierung Software Right angle Whiteboard Sinc function
Copyright infringement Code Software developer Execution unit Shared memory Electronic mailing list 1 (number) Sheaf (mathematics) Shareware Performance appraisal Mechanism design In-System-Programmierung Software Computer hardware Formal verification Right angle Procedural programming Whiteboard Firmware
Performance appraisal Open source Patch (Unix) Flash memory Whiteboard Shareware
Radical (chemistry) Mathematics Code Flash memory Chain Sheaf (mathematics) Shared memory Firmware Shareware
Functional (mathematics) INTEGRAL Code Patch (Unix) Flash memory Exploit (computer security) Trojanisches Pferd <Informatik> Mereology Shareware Number Product (business) Neuroinformatik Hooking Computer hardware Spacetime Firmware Computing platform Physical system Link (knot theory) Weight Mathematical analysis Core dump Bit Performance appraisal Personal digital assistant Computer hardware Right angle Whiteboard Intercept theorem
Laptop Metre Purchasing Slide rule Functional (mathematics) State of matter INTEGRAL Code Multiplication sign Exploit (computer security) Trojanisches Pferd <Informatik> Mereology Electronic signature Arm Neuroinformatik Formal language Software bug Mechanism design Hooking Well-formed formula Vector space Computer hardware Formal verification Uniqueness quantification Spacetime Normal (geometry) Firmware Physical system Exception handling Link (knot theory) Uniqueness quantification Software developer Core dump Mereology System call Hooking Malware Personal digital assistant Computer hardware Function (mathematics) Mixed reality Interrupt <Informatik> Right angle Procedural programming Flag Firmware
Implementation Functional (mathematics) Code Multiplication sign Information systems Term (mathematics) Power (physics) Neuroinformatik Shareware Hooking Videoconferencing Right angle Procedural programming Implementation Hydraulic jump Firmware Physical system Firmware Booting
Medical imaging Shared memory Website Right angle Open set Firmware Shareware Metropolitan area network Neuroinformatik
Point (geometry) Functional (mathematics) Patch (Unix) Execution unit Electronic signature Entire function Measurement System call Shareware Area Neuroinformatik Product (business) Leak Latent heat Goodness of fit Hooking Hacker (term) Series (mathematics) Function (mathematics) Computer hardware Right angle Firmware Firmware
Reading (process) Functional (mathematics) Group action Code Patch (Unix) Flash memory Set (mathematics) Ordinary differential equation Informationsrate Electronic signature Entire function Area Product (business) Leak Latent heat Hacker (term) Well-formed formula Energy level Information security Address space Area Enterprise architecture Dialect Reflection (mathematics) Code Bit Product (business) Electronic signature Latent heat Word In-System-Programmierung Right angle Firmware Address space
all right so this is the unicorn team 360 technology and go good afternoon everyone thank you for attending this talk it's our honor to hear our research with you in this presentation we are going to talk about our one or ability by founding and actually associate and I will show you how to use this vulnerability to implant Maori into the peripheral which are made of these chips now let me firstly give a brief self-introduction my name is aiwei I'm a security researcher of Union team and this is a shop in town he founded this vulnerability and that is my colleague hakushin unique on team it's a research group within 360 technology the team was formed in 2014 we focus on the security issues in numerous types of wireless system during this talk firstly we were in virtue so why we did this research then we were disgusted at the court and it's different types of implementation suddenly we were real well that eating over water ability we provided to exploits wine to bypass the unique ID verification in secure boot another ill to implant male wearing a peripheral finally we working or recommendation to winners who use these chips Circle pudding is a widely using personal computer workstation there were on a smartphone its user to prove and the merriest code from being loaded and executed party in the embody system because it's resource is limited there is no TPM or was wrong within this system so how to implement secure boot we want to research the implementation on secure boot in cosa constrain the system and the try to find a common way to implant a mirror into such system
let's have a basic understanding of secure boot as this fig fuel in the cyst in the system which have secure boot support there is a primary promoter and I want and I want ham programmer memory in the main chip in the main chip the primary pod loader is designed by the chip wonder and the permanently binding to its put Iran Isis achieve manufacturing stages the one hand program mode a bar memory is used to store the route public key it was banned at the product manufacturing stages in the external storage there are secondary loader or scan or viral applications corresponding public occasion and signature it's a circle when the system is tore up their primary polluter we are wired by the secondary put a loader if the secondary below the arena it away be again is the cute leader then the secondary below the world were friends the kernel and so on otherwise the system will be hard this mechanism in here all the binary code I executed in this state Emil Christina we also can see the primary put loader and the rooted public key is the route all the hot water came the master cannot be replaced or bypassed so what kinda cute boot beautiful the cripple can be used to prevent the malicious code from being executed her we came to attack example one example here total all blackett had a conference to us 14 in this talk is the author priority their way to engage the management feature into a 4G modem tango and the attack is user another example research he provided by our team in Def Con 23 we modified the Remora of a promoter cell to you talk to nearby cellular user if these products have of secure poodle sake attack are hard to perform again the crab buddha also can be used to protect the copyright of retarded window in the sparrow and the commercial area different types of the kaput helping implement and the yield one example in the UEFI in personal computer and the server with the support of the PM just across to the operating system is allowed to load and boot another example is a smartphone with the support of trusted long only the crusty doors can boot and the trusted application can be stored and executed both the to implementation requires a hardware support there surpasses hardware you need to in Europe the Patrol and the public key cannot be replaced but the in the empathy system or I would he system due to the limits of hosts there is no hardware unit in like custard on how do we implement a secure boot many cheaper window design a lot of SSL for such coaster strategy music you this is SSA Lee integrator a lot of components Sakia the flash ram timer radio cicada and the soil which means most of all the aimed application scenario it only requires a very few external components to design a product the way they type of cheap so it's a widely exactly the because it's easy to use and the Lord hoster chief wonders also design a mechanism which can be used to protect the framework from being read out this mechanism we called as color reproduction if the code already protection function a border that the attacker or in system programming interface all these Chiefs away I'd be disabled nobody can read out or erase the flesh through the interface their game party this also results the Remora cannot be updated anymore so as a official the protector wonder also designed the customize the bootloader and the implemented a means application programming features in this put a loader with the IP support the application error can be updated again as a lowering shoes if the bootloader area is not allowed
who is not allowed who updated the public key can be studying the palo de rare this is also fully satisfied of the requirements of secure boot that is the palo de and the public key cannot be replaced to understand how such is occur
Buddakan protected that you Lionel copyright we have to understand how does the copier kernel a hardware product as they speak issues firstly the cop here by the pistol or target protocol then he recovers the PCB layout and the corresponding components through reverse engineering certainly he corrects the codon protective mechanism to read out there for more after that hey bet he buys the same components under reproduces the PDA finally he bends up Remora into the PDA and he came back Carol on target crawl toxin now let's calculate the cost of the copier needed to pay in this procedure the Maine coast causing the PCB reverse and the former without steps according to the complexity of the PCB board the coastal of his be reverse either from 20 to 200 in the firmware with other steps depending on the strength of the coded protection the costly is from 202 files song and 1 the total costs of copier protocol is much lower than design anyone this brings great me2 business renews so to defend the copier the chief
wonder also designer a so-called a unique ID feature they came a unique serial number to each other chips the unique ID is effectively lasered into the silicon as the chip manufacturing stage and the cannot be modified again as the left big shoes the product maker can read out the chip ID and the combined with application to generate it's a sick signature when the system boots the poloidal reader the unique ID and a wonderful signature if the signatures are worried the application for more will be executed and the normal functioning of the protractor can be used otherwise the products became separate so even the cop here by the same Chiefs and the Panda seem for morale due to the unique ID they will get a break when the secure boot is
appended to the unique ID besides the coast so we calculated before the core para also needed to petrol or corresponding passing to bypass the unique ID and the signature for advocating in the femoral because I'm bad in the femoral suit only pradesh independently lincoln the coast to rivers and the pattern firmware is a very high according to the complexity over there for more the coast eels from palace oven 250 song a dollar and the code here needed to pay a king when the firmware update hidden this is not I'm worried about you so the unicorn is I could have even to define an echo here now let's have an analysis all the strength of such type of secure boot how to bypass the security verification and we making the before patrie is not hacking away in Halawa in Haleiwa operating system such as the windows or linux we can hook a the system api to change the behavior of the application but not to patch the application itself for example we can hook at the MAC addresses read the API to give a query MAC address to disable the application but again the resource-constrained ascertain is the hook magnesium also affect you and how to implement it now let's shokran and Hadji to rewire the details all the exploits ok extry cortex-m series uses the method to access the UID there is a function pointer in a fix to the position of a wrong after accessing the function pointer you can invoke a rom function the OID of a chip can be obtained by calling this function this protein is multifunctional and different functions can be selected through our parameters this is the code that access the UID and the response has two parameters one is the entry parameter and the first one the integral of relative parameter is the command where the command is 58 which is to read a UID value and the UI T value will be found in the return parameter this is a static scription of the uit function in XPS document it's very simple we just have to forge the same function that's what we will hook to as we know the part systems can change election of a program we can set a debug breakpoint hot running your program or changing the value of a rebel or a register in cortex-m we can't do this without changing the fresh wrong it means that if we can write a patch and right before the bootloader we can simulate a light debugger it will work similar to at jetting debugger the fvb register is one of the registers of a debugging system of course it can be accessed by Logitech but it can also be accessed by Allah code if we were write code like gatech do actually we are implementing a light version of soft debugger the fvb is used to provide
fresh patch and the breakpoints flash patch means that if instruction accessed by alessio matches a certain adjusts the adjust can be liu mapped to a different location so that a different value is obtained alternatively the matched adjust can be used to trigger a breakpoint event then the fresh patch feature is very useful for testing such as adding a tennessee's program code to a device that cannot be used in normal situations unless left VB is used to touch Angela program control the fvb unit can be programmed to generate breakpoint events even if the program memory cannot be altered however it is limited to six instruction at justice and two literal addresses the fvb had two functions one is Hardware breakpoint it can generate a breakpoint event to a processor to invoke departments such as hot or debug monitor patch instruction or literal data from code memory space to as RAM and it had six instruction parameters and the two literal comparators here is
a very simple example to show how to use left VV the fe b FP the map register is set to there at 2 0 1 0 to 0 it means that once the converter is matched the code all the little data will be replaced pilot data in the map the memory in this example we set two variables to replace Y is read instruction Anala is a literal data the FP compare 0 indicates the instruction in offset a-- director 8 0 0 1 0 0 we are placed to another instruction the FP compare 6 indicates let the data in offset 0 x8 to 0 1 0 0 is replaced if we enable a PB by set like a few control register to say the extreme of the code will be totally changed it should be the data in our four each zx80 the relatives low but actually are four is skipped and our one is directs one third row and Allah are four should be 0 but nephew 1 in fact the LPP
has a fresh patch control register that contains enable bid to enable the fpb in addition each competitor comes with a separate enable bit in its comparator control register both offline never bid must be set one for a comparator to operate computers can be programmed to remember addresses from code space to RAM memory region when this function is used the map register needs to be programmed to provide the pace adjusts of relu map content the opposite bits of remap register is hardwired to 0 0 1 which is limited the map based adjusts location to be visiting till extruder 0 0 to 3 F F F F F 8 0 which is always visiting the SRAM memory region and the
resistor example to replace real literal data this constant int data is initial to negative 1 after compiling and linking it will be stored in tool afresh it cannot be changed again at run time we program la PB to settle a constant to map list data true as RAM and try to set its value to 0 up we enable FTB all codes that access this constant will get zero in order to
verify this vulnerability in real-world product we use the chilling to implement to exploit before discussing the detail of this exploit let me introduce chillin chillin it's a powerful emulator and the debug tours for ARM processors it's very useful for under vectors to depart layer firmware and hardware Lister is designed by seeker they implement a secure boot in their firmware and use the unica ID provided by an XP to verify a license it has a USB port and under normal use scenarios it must be provided into computer so it's also a good carrier for Hardware children based on example and the
character of HP's associ we can't use the FG v to change allah and shape of rome api function there are function pointers in a fixed position therefore find out the function pointer which you want to hook and the map it to the fake fraction that's part of the code this
invokes FV p-funk to the map and the code for entry point of original program just right before a target and this is laughing ahe which is la original ihe is directed to in this example we replace that commander number 58 which is to access the UID in other cases it will jump Trula original old entry so that it only modifies the UID but we are not change any other function you should limit the original function to the figure now let me show you that
the most issue in this video you can see after we burn the chilling from where and our exploit code let development bird has the same function as j-league okay let my partner mr. Haji finish this topic so thanks for my colleagues explanation about the details of the attack so in the following sentence I will introduce you guys how to really exploit or illegal copy of real products of the XP production so in this video we will show you how to copy a journey into production one step by step but before that I will really apologize for the bad solutions of the video because we kind of like make made a mistake so in this video okay so it just corrected so before we started this video I want to as we as we mentioned easy previous discussion we needed a firmware of the share link to do our patch stuff because we didn't actually modifies it from where we actually some kind of code sections some kind of data sections inside of the firmware and do our stuff such a like to bypass the anti chrome stuff internal mechanisms and so in this video we kind of like so before that we needed a firmware of this Jerry in production but as we discussed before the jeddak production has kind of like a code reader protections with this protection see you can't read the firmware outside you can't exploit different where and because there I mean if this code read protection is enabled then you can't access this production with a shedding call or nor with the ISP or programming system I mean you can actually erase the data you can actually raise the code but you can read them out so but there's a very simple way you can get the firmware and they basically store this firmware is in the desktop applications remember sharing has some software on your PC on your Mac so so you can just upgrade your upgrade as a firmware of the jeddak Hardware so basically that is a store this firmware in context so you can just accelerate or you can just copy them out with an execute firmware so we can do the physical copy so start so in the right bottom corner so you can see we actually have a computer we actually have chatting we have a development board on the development board an evaluation board so you can just see there is exactly same chip you know we were using Anzhi I'm sorry my bad yeah
we were using the exactly same shape of some micro processors on the evaluation board and this is exact same with the chatting Hardware production so we say hardware we can just we can just download of this hardware into the evaluation board and mycotic is just doing this stuff so you can see oh because the error here is means we actually forgot to power it up and right now this is the firmware downloading you can see so with the firmware and with the same chip basically if there is no line since verification there is if there is no signature test kit is they are just the same products right same Halloween same software but the chooses so right here if you flash it you can see there is a - jinx in the in the
hardware list now we launch the sharing software command line to verify if all
of them are working or not
so this is the first one this is a legal copy and an Arana we are trying to confirm the second ones this is the illegal copy which is also the evaluation board see it's totally different because the verification procedure is not passed I mean it's failed so after this we are trying to deploy our our patch by
leveraging the fvb unit so before that remember we just talked about there is a code protection mechanism inside of the firmware so if we just burn this firmware until we run it then the developer is dead because you can't actually you can actually erase it you can actually program it by the JTAG right but there's also another way just use the isp programming's mechanism to address all these code sections I'm sorry this is really my bad
so right now my colleagues is trying to erase the evaluation board and the mekinese make it as brand new and so we can do they patch stuff they are after that and there is a - called flash magic you can do since like this okay since this liberalization board is black so we can do the next step connected it so this is a this is
actually the code we count a unique ID and we do the whole conk chains so basically while compile a change so we can just use the original firmware as a section of our new firmware so we can just put our or bypass code at the Paget whole inside of the another plant an RS region of the flash Andy and to combine all of this together as a new firmware and and the tunnel the into the Halloween and trying to flash it and verify and now we launched a new sharing terminal to verify if our work is doable or not
so this is the original one this is a
legal copy and the second one is the
evaluation board so right now you can see there is totally a thing and the
serial number if if our solution is better than me if our radio solution is better than you can see the unique ID or the serial number you exactly SMI you can just reuse this exactly send the production so we all basically would cause a local copy but but I mean we
just do this for phones not for profit so we were trying to say oh gee is there any way we can just explore this you know to something more interesting so then we were thinking about how about the hardware charging I mean imagine scenarios if there is a so like the u.s. is trying to attack the Iraq right there is a there was a case that CIO FBI I can't remember but the kind of like the intercept a bunch of printers which was selling which was intended said into the Urich right so they implemented a bunch of they just intercepted a their patch of the firmware and those kind of printers just was there post there with both nets and the Z and those kind of printers just a still a lot of stuff for them so we were thinking about can we do that I mean patch the firmware a performer of the embedded system is not quite easy it's not like the computer you can do this is it you have a lot of hope platform to do this but with the FPV function we can do this very easily I mean the a bit be funky it's just the it's very simple you can just hook up function or you can see the hook up of a staple of code to to to other some other stuff it won't it won't infect the integrity of this from here and you don't have to actually another analysis the firmware and so you can just put your code the kinda evoke dysfunction that's all so we were thinking about how to inject a hundred children inside of the gelling production and the chairing is using the any XP chip right so which is also based on the correlation for coral and and it's it has a join the flash it's viral I mean it's it's it's it's pretty enough for us so the chairing the firmware is also user lower part of the flash so we can just there's in a place for us so we can just place this hardware charge
inside of the pranky region so if we if we want we can just so we can just inject as the Holloway of charging inside of the firmware before we before some other some other people purchase this this hardware so how about had a better USB into a cheering right you purchase chatting it's all it's huge expensive and you saw I mean and you say that you keep it can accelerate your development procedure but turns out it's a bad it's a patio as we can just do all of this stuff from your computer because it because you just because you just connected this hardware into your computer and into your laptop and you think ok this is a safe enough I can do my stuff so easy so I mean if you were trying to bypass the anti chrome mechanism we were talking about the unique ID verification function but is this one we can't just hook another we can't just a whole can either another system system a function call so in this case we were we were we were we were hooking the systick handler so this is a basically or inter exception handler I mean yourself there is a pump there's a bunch of function inside of the holla we're inside our system and Nate it it's kind of like the time time states rice so this one we're just help you to count the time right so this is a this is and I mean all of these computers all of these empiricism we just use we just use a function like this so we so this is our main target and after we do that I mean the normal function with just the kiddies original it's also I mean we didn't we didn't harm the integrity of this four meter so
how to charge how to trigger this Georgie I mean you can't it can be just considered that we have to part of the formula the first part of us or from where is the original part of the chatting it can do the debug probe you can do out all of us in since this is what you do for the language bugs but if we and another participating us we this part of the function it will be executed in sometimes and it will just inject a bunch of code into your computer and acts like the USB USB USB device like like your keeper like your mouse you can do everything right this is basically this is a human so we have to part of a firmware and we hope the time interrupted entry so we do this by the hooking the function from where that into that which is the which is the systick handler it's it's a previous slide so the thing is I mean our assistant we need to do is like the first step is we try to compile this better USB code the second step is we try to hook this critical function and once this critical function is X to do okay then we can just execute our from where I mean it's a better USB stuff and also the Jarek will just act as pretty normal you can just use this to download to develop everything else I mean does matter but suddenly it has become a bad person sorry
so this is the details of our attack implementation and so you can see so you can see the first step is of course the powerup right of course this is the after we download our firmware into this elevator so the first thing I mean it's a it's just a powerup and we also we don't want to make our code wrong the executed you know in the beginning of this power-ups procedure I mean we want to be executed we wanted to be excluded in the some certain time so nobody will just be noticed so we put attack back inside I mean remember the ISTE so it's basically something like the time counter so we set up we set up a time counter and we tell them okay one this if this drink is power like five minutes that our from with our children will be executed this is sounds like more reliable one when we just put a jump inside of the I mean he's a beginning of the from where and to do all it's better stuff I means to obvious somebody we just noticed okay I just plug in this and my various my computer is doomed nobody won't like that so that's why we choose this critical system system function as all hoc function and we choose a time counter as our attack method so so in
this video we can show you this is the demo of a better USB and so this is a code this is a this is original code of
the biography and you can see right now we are trying to compile all of this into a firmware and we download into the sharing official cheering stuff so right download and we are left our computer right over there and live it wrong so you can see now this is no man touching the touching our computer and this is
the open Def Con website so images that you can just open everything is just
that still stuff like like a personal account or tunnel the firmware into your into computer and executed and you would you can't be noticed so actually as we
mentioned before this is not actually XP chip is a abscess fault I mean this is because we have debug functioning inside of our protection so this is basically as this is basically accelerate some hackers try to attack try to attack your production this is just help them to lower the lower that difficult so all that's good of this cortex-m sorry call him for of X which is serious chip they have the same @pv function I'm sorry same a PPP unit so you can just leveraging or you can say you can say explore this into a malicious function so but also there's all some other vendors also have the team provide a ure feature so you can also clone their protector you can also implement a hardware children instead of their production you can i mean i mean i you know old-fashioned way we if we want to implement a hardware Jordan we need to analogize the hardware we need to analyze the firmware and that we try to implement all of this inside but with this we can just use fvb to hook a function to patch some stuff this would be much easier and somebody was my just won't say is there any medication measure and of course so the first step is never leaked your from where if you don't have if it's the nobody can get your firmware of course they can't they can't do this I mean what's the point right you have you don't have the from where and you give them a bunch of hardware and chill them into this nobody will we use that so also the second one is what we suggest for the XP chip so
basically sorry for the cheering enterprise so basically they were just disable the FPV function before they causing the critical or API so I mean it's it's not Oh sufficient it's actually not a sufficient conveyor but it's but it's much harder for the hackers trying to do stuff like what are we done before also we also you can just have the familiar to you know there is a plank there is a bunch of blank flesh regions of the formula so you can just pet it from here to set all this blank flash area to a specific value so for example you could just use instruction like the PL reset handler that means if the if the code if the plank flash region was was being exterior they just directly jump back into the bath into the beginning so it's not useful anymore so also you should always verify the signature of the entire reflection instead of just uh just a piece of code it's it's totally not secure rights it's a I mean this is little giant black hole and let us set and tolerance okay you can take it it's I mean so we also received the advice from the teaser of the XP I mean it's a it says it's also a security group of the XP so never suggest the enterprise who are the companies who were willing to use your XP chip that is enable the code rate protection I mean the co-direct reader protection setting has a three levels there is a level 1 level 2 and level 3 I mean level 1 or level 2 this only just disable the check you can also use the leverages the ISP to do the better stuff like wait what do we have done before but if you enable the level 3 yes you can't use Jetta you can use ISP I mean you can this to B's and it's not a Reaper Guillermo but but then it also means if your protection has something wrong and a ship's Saturn of the thousands of stuff like to Z to the users to the endpoint and if something wrong then you were doomed all of these will be refunded and your company will be broke so the conveyors is like it's not good idea to put incredible - for the critical API into the just reason that can be remapped I mean it's just the name is called like a flash patch and the breakpoint that all that also means in coding I mean owning the only the flashy region can be remapped so nothing else so you can just put in some critical register or some higher or address there's love it they'll be much better so we can recommend it as all the vendors just prohibit reading remapping all of this ROM API in subsequent product I mean if you just ship it ship it before it can be recalled right this is much harder so this is a reference of our product our word so you can see the principle is much is pretty easy but you can do a lot of better stuff to do this so thanks and thanks thanks guys so if you have any questions you can just ask me right now [Applause]
Feedback