Aleknight gave his first talk at the BlackAlps conference regarding the Linux vulnerabilities found during his internship. A few members of the research team were also present to support him and to enjoy the presentations, to meet people and obviously to eat Swiss chocolate! As usual, you can find some notes about our favorite talks.
Hardware attacks against SM4 in practice
S. Pelissier and N. Oberli - Kudelski Security
SM4 is a Chinese standard block cipher, not well known in Europe but mainly used in China for TLS and some WLAN options. Nicolas and Sylvain heard about it because hardware-accelerated instructions for SM4 were introduced in the ARM architecture (since ARMv8.4-A). They presented the different hardware attacks performed. SM4 has similar properties as AES : it’s a 128-bit block cipher, with a 128-bit key size and a reversible key schedule. However, the core is based on a Feistel network with 32 rounds.
They were able to recover the encryption key using 2 types of side-channel attacks. The first one is a Correlation Power Analysis attack (CPA), using power pattern leakage on an ESP32 to recover the key. The second attack is a Differential Fault Attack (DFA). They proceed to explain the different steps to apply DFA to such target. They started by using software faults, realized by patching a software implementation to directly modify a byte at a precise place in the code. This helps creating a theoretically working method to recover the key. Then, they proceed to find the timing at which the fault needs to be injected. To do this, they used a fault injection simulation tool as a radare2 plugin called glitchoz0r3000. Finally, they implement it in practice on a real device.
They added the support for SM4 in the popular DFA tool JeanGrey from SideChannelMarvels, which is available on GitHub.
A journey to pwn and own the Sonos One Speaker
D.Berard - Synacktiv
This talk was given by Berard David, who also spoke at Hexacon where he explained how he attacked the Tesla Model3, along with Vincent Dehors. For this talk, he was alone, explaining how he tackled another Pwn2Own target: a Sonos One speaker. He started by explaining how he grabbed the firmware. The approach was interesting, he removed the WiFi card, which was using a PCIe bus, and inserted a PCILeech device instead. This allowed him to obtain a Direct Memory Access and read/write privileges over the physical memory as there was no IOMMU in place. He obtained a shell and code execution on the device. This part was already documented in a blogpost. From there, he started analyzing the device. He first focused on a big C++ binary, responsible for most of the functionality, listening over the network on multiple ports. After a while he didn’t find anything and postponed his research. At the next Pwn2Own edition, the same target was back, he decided to give it another try. At this moment, he quickly found a vulnerability inside the ALAC
Apple Loseless Audio Codec created by Apple. The vulnerability was a straight forward stack buffer overflow. Similar vulnerabilities have been found on the Android version of the codec library.
Vous n’écrirez plus de script Frida
Axelle Apvrille - Fortinet
Android malware implements a lot of anti-reverse techniques. During her talk, Axelle presented common techniques used by malware: packing and obfuscation.
Within a malware, a packer is in charge of reconstructing a valid payload hidden inside the APK.
To execute it, the malware will dynamically load it in its memory.
Therefore, we can simply get payloads by hooking the Java method
However, it works only for simple cases. Sometimes, the DEX payload is directly charged from the memory. In such a situation, we can use FRIDA-DEXDump to dump all dex from the memory.
Using Frida involved to execute the malware on the device and it can lead to side effects. A solution to avoid side effects is to statically unpack the firmware. It requires to previously reverse the malware, but once the unpacker is written, it allows us to simply analyze several malware using this packer.
Axelle also presented Medusa, a framework based on Frida for dynamic analysis of Android applications.