windows systems & code signing protection by paul rascagneres
TRANSCRIPT
Windows systems & code signing
protection
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | About me
2
Paul Rascagnères
Member of the CERT SEKOIA
Malware analysis
Incident Response
Security researcher
Yo-yo player
Offices in Luxembourg & Paris
Located in Luxembourg
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | About me
3
Due to questions yesterday:
Geography slide about Luxembourg
Area: 998 sq mi - 2,586 km2
Population: 576,249
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Authenticode
4
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Authenticode
5
The code signing mechanism provided by
Microsoft is named Authenticode
Based on certificate
Support expiration date and Microsoft
manages a revocation list (for example if a
certificate is compromised)
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Authenticode
6
For the kernel mode, the driver signature is
mandatory since Windows 7 – 64 bits
For the user mode, the binary signature is not
mandatory. “As a software publisher, there are
two reasons to sign your code: to prove its
Integrity and to develop its Reputation”1.
1. https://blogs.msdn.microsoft.com/ieinternals/2011/03/22/everything-you-need-to-know-about-authenticode-code-signing/
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Authenticode
7
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Kernel space implications
8
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
9
For the kernel mode, the driver signature is
mandatory since Windows 7 – 64 bits
Is it the end of rootkit?
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
10
For the kernel space, the driver signature is
mandatory since Windows 7 – 64 bits
Is it the end of rootkit?
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
11
I identified 2 ways used by rootkit developers
to bypass this protection:
a “low cost” approach
a “high end” approach
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
12
“low cost”
For developing reason, Microsoft provides a
test mode on Windows systems. A reboot is
required to enable this mode bcdedit.exe -set TESTSIGNING ON
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
13
“low cost”
For developing reason, Microsoft provides a
test mode on Windows systems. A reboot is
required to enable this mode bcdedit.exe -set TESTSIGNING ON
The message is shown by winlogon.exe
(and attackers patch it, 1 test to alter)
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
14
“high end”: Uroburos technique
The malware developers used a vulnerability
to disable the driver signature
CVE-2008-3431:
http://www.coresecurity.com/content/virtualb
ox-privilege-escalation-vulnerability Vulnerability in VBoxDrv.sys that allows to
switch an arbitrary kernel memory address to
0.
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
15
“high end”: Uroburos technique
The overwritten address was g_CiEnabled
(Ci is for Code Integrity)
Before: kd> dq nt!g_cienabled ->
fffff800`02e45eb8 00000001
After: kd> dq nt!g_cienabled ->
fffff800`02e45eb8 00000000
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
16
“high end”: Uroburos technique
The effect is to “switch” to test mode without
rebooting, without the message on the
desktop… but with the ability to use the bcdedit.exe command to identify that the
machine is in test mode ;)
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
17
“high end”: Uroburos technique
the malware opens the VBoxDrv symlink;
it loads ntoskrnl.exe;
it locates g_CiEnabled;
it uses DeviceIoControl() to switch
arbitrary address to 0
DeviceIoControl(VBoxDrv, SUP_IOCTL_FAST_DO_NOP,
g_CiEnabledAddr, 0, g_CiEnabledAddr, 0, &cb, NULL)
Complete implementation there; http://www.kernelmode.info/forum/viewtopic.php?t=3322&f=11
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
18
“high end”: Derusbi technique
The malware developers used a vulnerability
to disable the driver signature
CVE-2013-3956:
https://www.novell.com/support/kb/doc.php?i
d=7012497 Vulnerability in NICM.SYS that allows code
execution in kernel space.
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
19
“high end”: Derusbi technique
Analysis of the shellcode used during the
exploitation0:001> g
[...]
String(24,24) at 0000000002c9d230: \Device\Nicm
00000000`02c9d250 00000140
Breakpoint 6 hit
kernel32!DeviceIoControl:
00000000`76e067b4 ff25ce6e0800 jmp qword ptr [kernel32!_imp_DeviceIoControl
(00000000`76e8d688)] ds:00000000`76e8d688={KERNELBASE!DeviceIoControl
(000007fe`fda8a1e0)}
0:001> db @r8
00000000`0d0d0000 28 00 0d 0d 00 00 00 00-ff eb 45 00 ff ff ff ff (.........E.....
00000000`0d0d0010 08 20 ef 16 f9 33 8e 06-e5 44 0d 0e c2 72 0a 5e . ...3...D...r.^
00000000`0d0d0020 2c 02 44 0d 33 49 ae 72-30 00 0d 0d 00 00 00 00 ,.D.3I.r0.......
00000000`0d0d0030 9a 3f 2f 19 0f 36 81 62-25 14 bf 59 13 3b 9f 7b .?/..6.b%..Y.;.{
00000000`0d0d0040 8d 5b 7f 29 29 3f 98 65-86 bc a2 02 00 f8 ff ff .[.))?.e........
00000000`0d0d0050 48 b8 30 0e e8 00 80 f8-ff ff 8b 18 80 cb 08 89 H.0.............
00000000`0d0d0060 18 c3 cc cc cc cc cc cc-cc cc cc cc cc cc cc cc ................
00000000`0d0d0070 cc cc cc cc cc cc cc cc-cc cc cc cc cc cc cc cc ................
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
20
“high end”: Derusbi technique
Analysis of the shellcode used during the
exploitation$rasm2 -k windows -b 64 -a x86.udis -D "48b8300ee80080f8ffff8b1880cb088918c3"
0x00000000 10 48b8300ee80080f8ffff mov rax, 0xfffff88000e80e30
0x0000000a 2 8b18 mov ebx, [rax]
0x0000000c 3 80cb08 or bl, 0x8
0x0000000f 2 8918 mov [rax], ebx
0x00000011 1 c3 ret
kd> !address 0xfffff88000e80e30
[…]
Usage: Module
Base Address: fffff880`00e7b000
End Address: fffff880`00f3b000
Region Size: 00000000`000c0000
VA Type: SystemPTEs
Module name: CI.dll
Module path: [\SystemRoot\system32\CI.dll]
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
21
“high end”: Derusbi technique
Analysis of the shellcode used during the
exploitation Before: kd> dd 0xfffff88000e80e30 L1
fffff880`00e80e30 00000006
After: kd> dd 0xfffff88000e80e30 L1
fffff880`00e80e30 0000000e
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
22
“high end”: Derusbi technique
Analysis of the shellcode used during the
exploitation
Why this value? Let’s check CI.dll
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
23
“high end”: Derusbi technique
Mateusz ‘j00ru’ Jurczyk post2
01. VOID SepInitializeCodeIntegrity()
02. {
03. DWORD CiOptions;
04. g_CiEnabled = FALSE;
05. if(!InitIsWinPEMode)
06. g_CiEnabled = TRUE;
07.
08. memset(g_CiCallbacks,0,3*sizeof(SIZE_T));
09. CiOptions = 4|2; //0x6 by default
10.
11. if(KeLoaderBlock)
12. {
13. if(*(DWORD*)(KeLoaderBlock+84))
14. {
15. if(SepIsOptionPresent((KeLoaderBlock+84),L"DISABLE_INTEGRITY_CHECKS"))
16. CiOptions = 0;
17. if(SepIsOptionPresent((KeLoaderBlock+84),L"TESTSIGNING"))
18. CiOptions |= 8; //4 or 2 or 8 == 0xe
19. }
20. CiInitialize(CiOptions,(KeLoaderBlock+32),&g_CiCallbacks);
21. }
22. }
2. https://blogs.msdn.microsoft.com/ieinternals/2011/03/22/everything-you-need-to-know-about-authenticode-code-signing/
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
24
“high end”: Derusbi technique
Let’s check CI.dll
0xfffff88000e80e30 == dword_7FF404C5E30
This variable contains the CiOptions flags
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
25
“high end”: Derusbi technique
The effect is to “switch” to test mode without
rebooting, without the message on the desktop and the bcdedit.exe command
shows that the machine is not in test mode
because the global flag was not modified…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
26
“high end”: GrayFish (Equation Group)
technique
Sadly I don’t have the samples :’(
Kaspersky report:
https://securelist.com/files/2015/02/Equation
_group_questions_and_answers.pdf
“To bypass modern OS security mechanisms that block the
execution of untrusted code in kernel mode, GrayFish
exploits several legitimate drivers, including one from the
CloneCD program. This driver ( ElbyCDIO.sys ) contains a
vulnerability which GrayFish exploits to achieve kernel-level
code execution”
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
27
“high end”: GrayFish (Equation Group)
technique
CVE-2009-0824 Code execution in ElbyCDIO.sys
(CloneCD)
But no samples hashes in the publication :’(
So I asked & Kaspersky accepted to share
the samples with me…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
28
“high end”: GrayFish (Equation Group)
technique
CVE-2009-0824 Code execution in ElbyCDIO.sys
(CloneCD)
But no samples hashes in the publication :’(
So I asked & Kaspersky accepted to share
the samples with me…
BUT
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
29
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
30
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March… in April
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
31
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March… in April… in May
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
32
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March… in April… in May …
in June
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
33
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March… in April… in May …
in June … and in July…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
34
“high end”: GrayFish (Equation Group)
technique
Kaspersky promised to provide me the
sample in March… in April… in May …
in June … and in July…
I’m still waiting :’(
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
35
“high end”: HIDEDRV (APT28/Fancy
Bear/Sednit/…) technique
I only have the 64 bits .sys file…
No dropper :’(
So I don’t know how the attacker bypass the
authenticode :’(
If someone in the room have this dropper, do
not hesitate to contact me!!!
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
36
“high end”: the same approach
The malware developers use the same
approach with different implementation:
vulnerability exploitation on legitimate driver.
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
37
“high end”: the same approach
What about the expiration date?
In kernel space, we can perfectly load an
driver signed by an expired certificate…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
38
“high end”: the same approach
What about the revocation of certificate?
Who really cares of CRL?
The certificate of the vulnerable drivers
mentioned today are not yet revoked…
It seems to be complicated to
systematically revoke certificates once a
vulnerability is found. (huge side effects)
I’m not even sure that CRL works for
Kernel space…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
39
Extra trick
The Atheros private certificate leak
https://duo.com/assets/pdf/Dude,_You_Got_
Dell_d.pdf
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
40
Extra trick
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
41
Extra trick
The Atheros private certificate can be used
to sign a driver - even if the cert is expired -
On a fresh default Windows install, the driver
can perfectly be loaded - even if the cert is
expired -
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | Kernel
42
The future?
“Microsoft announced that Windows 10 would not allow installation of
drivers unless the driver was signed via the SysDev portal (that is, signed
by Microsoft, thought this will not require the driver to pass the HLK tests.”
source “The NT Insider May-June 2016”
Not implemented for Windows 10 RS2 Preview…
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
User space (new) implications
in Windows 10 TH2
43
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
44
The protected processes
Microsoft implemented a Signing Level in
Windows 8.
Alex Ionescu perfectly documented this code
signing feature: http://www.alex-
ionescu.com/?p=146
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
45
The protected processes
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
46
The protected processes
No more PROCESS_ALL_ACCESS, PROCESS_CREATE_PROCESS, PROCESS_CREATE_THREAD, PROCESS_DUP_HANDLE,
PROCESS_QUERY_INFORMATION, PROCESS_SET_INFORMATION,
PROCESS_SET_QUOTA, PROCESS_VM_OPERATION, PROCESS_VM_READ,
PROCESS_VM_WRITE
Welcome PROCESS_QUERY_LIMITED_INFORMATION
Only available for Microsoft binaries… you cannot create your own protected process :’(
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
47
“Protecting Microsoft Edge against binary
injection”
Communication by Microsoft:
https://blogs.windows.com/msedgedev/2015/
11/17/microsoft-edge-module-code-integrity/
“The latest Windows 10 updates strengthen
Microsoft Edge with industry-leading
enforcement against loading unauthorized
DLLs into Microsoft Edge content
processes.” (latest == TH2)
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
48
“Protecting Microsoft Edge against binary
injection”
Documented
VS
Undocumented
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
49
“Protecting Microsoft Edge against binary
injection”
Mitigation Policytypedef enum _PROCESS_MITIGATION_POLICY {
ProcessDEPPolicy,
ProcessASLRPolicy,
ProcessDynamicCodePolicy,
ProcessStrictHandleCheckPolicy,
ProcessSystemCallDisablePolicy,
ProcessMitigationOptionsMask,
ProcessExtensionPointDisablePolicy,
ProcessControlFlowGuardPolicy,
ProcessSignaturePolicy,
ProcessFontDisablePolicy,
ProcessImageLoadPolicy,
MaxProcessMitigationPolicy
} PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY;
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
50
“Protecting Microsoft Edge against binary
injection”
Mitigation Policytypedef struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY {
union {
DWORD Flags;
struct {
DWORD MicrosoftSignedOnly : 1;
DWORD StoreSignedOnly : 1;
DWORD MitigationOptIn : 1;
DWORD ReservedFlags : 29;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
} PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
*PPROCESS_MITIGATION_BINARY_SIGNATURE_POLICY;
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
51
“Protecting Microsoft Edge against binary
injection”
How does it work? During a LoadLibrary() API call
-> the kernel calls NtCreateSection();
-> MiCreateSection() is called;
-> MiValidateSectionCreate() is called;-> ci.dll (Code Integrity) is used in
order to check signatures
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
52
“Protecting Microsoft Edge against binary
injection”
Is it bulletproof?
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Windows systems & code signing protection | User Space
53
“Protecting Microsoft Edge against binary
injection”
Does it bulletproof?
For proper .dll injection via LoadLibrary(): YES
For dirty injection (shellcode injection, in
memory patching, …): NO
Code test:
https://github.com/SekoiaLab/BinaryInjectionMitigation/
Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA
Questions?
or awkward silence?
or applause to wake up your neighbour?
54