Defeating Samsung KNOX With Zero Privilege

Transcript

1. Defeating Samsung KNOX with zero privilege Di Shen a.k.a. Retme

   (@returnsme) Keen Lab of Tencent

2. whoami • Di Shen a.k.a. Retme (@returnsme) • Member of

   Keen Lab • Android Kernel vulnerability hunting and exploitation since 2014 • Aim: to make out universal rooting exploit for Android • Trophy: • CVE-2016-6787 & CVE-2017-0403 (kernel/events/core.c) • Credit to discoveries and exploits • CVE-2015-1805 (fs/pipe.c) • First working exploit • CVE-2015-4421,4422 • Kernel LPE and TrustZone code execution for Huawei Mate 7 • Exploiting Wireless Extension for all common Wi-Fi chipsets (BHEU 16’) • And more To Be Announced in the future

3. Agenda • Overview of KNOX 2.6 • KASLR (Samsung’s implementation)

   • Real-time kernel protection (RKP) • Data Flow Integrity (DFI) • SELinux enhancement • Bypassing techniques • KASLR bypassing • DFI bypassing • SELinux bypassing • Gain root

4. Target device • Samsung Galaxy S7 edge • SM-G9350 (Hong

   Kong ver.) • Qualcomm-based • KNOX 2.6 • Exploit chain was finished in June 2016 • Demonstrated in July 1st 2016 at Shanghai

5. Common LPE flow on Android Arbitrarykernel memory overwriting Overwrite ptmx_fops

   Overwrite address_limit Overwrite uid, security id,and selinux_enforcing

6. LPE flow on Galaxy S7 edge Bypass KASLR Arbitrary kernel

   memory overwriting Overwrite ptmx_fops Overwrite address_limit Bypass DFI Bypass SELinux for Samsung Gain root privilege

7. KASLR for Linux 3.18 - Initialization • CONFIG_RELOCATABLE_KERNEL by Samsung

   • The Random size is passed to kernel by loader • X1,X2 are set upon kernel start up • X1: phycal offset X2: vitual text offset • Store to __boot_kernel_offset • __boot_kernel_offset[0] : physical address of kernel • __boot_kernel_offset[1] : the actual load address • __boot_kernel_offset[2] : TEXT_OFFSET 0x8000

8. KASLR for Linux 3.18 - relocating • __relocate_kernel() handles kernel

   relocating • Similar to a aarch64 linker in user space

9. KASLR for Linux 3.18 - .rela section • __relocate_kernel handles

   kernel relocating • Similar to a aarch64 linker in user space • Relocation section ‘.rela’ at offset 0x1446600 contains 233903 entries: Offset Info Type Sym. Value Sym. Name + Addend ffffffc000081698 000000000403 R_AARCH64_RELATIV -3ffff7e968 ffffffc0000816a0 000000000403 R_AARCH64_RELATIV -3ffe5d1e20 ffffffc000081798 000000000403 R_AARCH64_RELATIV -3ffff7e868 ... ffffffc00008e000 000000000403 R_AARCH64_RELATIV -3ffff546b8 # Begin of sys_call_table ... ffffffc000f6f800 000600000101 R_AARCH64_ABS64 ffffffc000080000 _text + 0 # Begin of kallsyms_addresses ... ffffffc0013b1468 000000000403 R_AARCH64_RELATIV -3ffec1afdd

10. Bypassing KASLR • Readable TIMA logs

11. Kernel information leaking • Kernel pointer leaked in /proc/tima_secure_rkp_log •

    At 0x13B80 -> init_user_ns • Real:0xFFFFFFC001B0EFB8 Static:0xFFFFFFC01A3AFB8 • KASLR offset = 0xD4000

12. Achieve arbitrary kernel mem overwriting • By exploiting CVE-2016-6787 •

    Use-after-free due to race condition in perf subsystem • Moving group in sys_perf_event_open() is not locked by mutex correctly • Spray struct perf_event_context{} • Control code flow by refill ctx->pmu->pmu_disable(X0) • Another long story J

13. Real-time Kernel Protection • Implemented in TrustZone or hypervisor •

    Depends on device model, for S7 edge (SM-G9350), it’s TrustZone • CONFIG_TIMA_RKP , CONFIG_RKP_KDP • Targeted features via samsungknox.com: • “completely prevents running unauthorized privileged code” • “prevents kernel data from being directly accessed by user processes” • “monitors some critical kernel data structures to verify that they are not exploited by attacks”

14. rkp_call() • RKP call entry • Called by many critical

    kernel functions • SLAB allocation and de-allocation • Page Table operations • Copy/Override/Commit creds

15. Kernel code protection • Not exclusive features for KNOX 2.6

    • “config KERNEL_TEXT_RDONLY” • Data section not executable • Privileged eXecute Never (PXN) • Kill ret2user and other ancient tricks • New in KNOX 2.8? • Control flow protection

16. Kernel page and page table protection • rkp_call() handles :

    • allocations, de-allocations of page table • manipulations of page entries • Neither kernel or user space can change attributes of protected pages unauthorizedly • Related functions • pdg_alloc/free() • set_pte/pmd/pud()

17. Kernel data protection • Based on read only pages •

    Read-only global variables • RO after initialization • RKP_RO_AREA located in page __rkp_ro_start[] • struct cred init_cred • struct task_secrity_struct init_sec • struct security_oprations security_ops

18. Kernel object protection • Allocated in Read-only pages • Writable

    for hypervisor or TrustZone • Protected Object type (name of its kmem_cache): • cred_jar_ro : credential of processes • tsec_jar: security context • vfsmnt_cache: struct vfsmount • Allocation, deallocation and overwriting routines will • call rpk_call() to operate read-only objects • Prevent kernel/user mode manipulating credentials, security context and mount namespace

19. History: bypassing trick on S6 • Kernel Object protection had

    been applied on S6 • Could be bypassed by calling rkp_override_creds() • able to override current process’s credentials via rkp_call() in secure world • Not working on S7 • S7 add more checking in secure world

20. Case study: rkp_override_creds( ) • To override process’s credentials •

    Allocate new cred from RO kmem_cache • Ask RKP to update current cred and security context • On S6, attacker can call this function to bypass previous kernel object protection

21. Further cred verifying in secure world • rpk_override_creds() • ->

    rkp_call(RPK_CMD(0x41)) -> rkp_assign_creds() • rkp_assign_creds() • Real implementation of override_cred() in secure world • Additional verifying in KNOX 2.6 • e • Part of Data flow integrity • UID checking

22. uid_checking( ) • Check if adbd and zygote has started

    up • If not, allow the override • If true, the Android initialize has been finished, start UID checking • Unprivileged process(uid>1000) cannot override the credential with high privilege(uid 0~1000) • But still can change its kernel capabilities (very important!)

23. integrity_checking( ) • Do similar checking with security_integrity_current() in Linux

    Kernel • Will analyze security_integrity_current() later

24. Another old trick to change credential • For now we

    know credentials are READ-ONLY • What if we reuse init’s credential? • Not working on S7,because of Data Flow Integrity current struct cred* init_cred

25. Data Flow Integrity • New in KNOX 2.6 • Implemented

    in both Linux kernel and Secure world • security_integrity_current() (kernel) • Integrity_checking() • Additional members in struct cred{} • use_cnt: pointer to refcount of cred • bp_task: pointer to this cred’s owner • bp_pgd: pointer to process’s PGD • type: not used in DFI

26. Data Flow Integrity • New in KNOX 2.6 • Implemented

    in both Linux kernel and Secure world • security_integrity_current() (kernel) • Integrity_checking() • Additional members in struct task_security_struct{} • bp_cred: pointer to this context’s owner cred

27. security_integrity_current( ) • Hard-coded hooking in every SELinux routines •

    Verify process’s credential in real-time • To check if • current struct cred{} and struct task_security_struct{} are allocated in RO page • cred->bp_task is current process’s • task_security->bp_cred is current cred • current mount namespace is malformed

28. Summary of RKP and DFI • Even we achieved arbitrary

    kernel memory overwriting, we cannot: • Manipulate credentials and security context in kernel mode • Point current credential to init_cred • Call rkp_override_creds() to ask secure world to help us override credential with uid 0~1000 • But we still can: • Call kernel function from user mode • Hijacking ptmx_fops->check_flags(int flag) • The number of parameters is limited • Only low 32bit of X0 is controllable • Override credential with full kernel capabilities (cred->cap_**) • Overwrite unprotected data in kernel

29. Bypassing RKP and DFI • Main idea: ask kernel to

    create a privileged process for me • Creating a root process • I can’t call call_usermodehelper(path,argv,envp,wait) via ptmx_fops->check_flags(flag) • Call orderly_poweroff() instead

30. orderly_poweroff() • Call __oderly_poweroff() in worker thread • Worker create

    a new root process, cmd is poweroff_cmd • poweroff_cmd is writeable

31. Bypassing steps • Call rpk_override_creds() via ptmx_fops->check_flags() • Override own

    cred to gain full kernel capabilities • But don’t change uid • Overwrite poweroff_cmd with “/data/data/***/ss7kiler” • Call orderly_poweroff() via ptmx_fops->check_flags() • Modify ss7killer’s thread_info->address limit • ss7killer: call rpk_override_creds() to change its sid from u:r:kernel:s0 to u:r:init:s0

32. Result: privileged ss7killer • root • u:r:init:s0

33. u:r:init:s0 • Not good enough • Still be limited by

    SELinux • Almost can do nothing… • Disabling/Bypassing SELinux is necessary

34. SELinux enhancement • Disabled CONFIG_SECURITY_SELINUX_DEVELOP long time ago • Cannot

    disable SELinux by overwrite selinux_enforcing • Statically enforcing all the time • init process cannot reload SELinux policy after system initialized • Permissive domain is not allowed

35. Permissive domain • Officially used by Google before Lollipop •

    For policy developing purpose • All domains are non-permissive since Lollipop • Domains still can be switched to permissive mode by policy reloading (/sys/fs/selinux/load)

36. Permissive domain – kernel support • A permissive domain’s access

    vector decision(AVD) will be set AVD_FLAGS_PERMISSIVE • All operations are permitted

37. S7 removed AVD_FLAGS_PERMISSIVE • avc_denied always simply return –EACCES

38. Bypass SELinux on S7 • Cheating kernel that SELinux is

    not initialized yet • Depends on global variable ss_initialized (writable) selinux hooking routines avc_has_perm security_compute_av if !ss_initialized ALLOW check • All labels will reset to none except kernel domain • Now able to load customized policy and reinitialize SELinux

39. After setting ss_initialized = 0 • All labels missed except

    kernel • SELinux must be re-enabled ASAP, or Apps may corrupt files’ label permanently • Load customized policy and reinitialize SELinux

40. Policy customizations • Policy database locate at /sys/fs/selinux/policy • Modify

    the database with libsepol API • Load policy DB to the user memory • Add rules into database • Allow untrusted_app, init, toolbox domain to do everything • Ask kernel to reload the database • Set ss_initialized to 1

41. Gain Root • Leaking kernel information √ • Bypassing KASLR

    √ • Overwriting arbitrary memory √ • Bypassing RKP & DFI √ • Bypassing enforced SELinux √
42. None