Putting it all together: Building an iOS jailbreak from scratch

Transcript

1. Nullcon Goa 2020 Putting it all together:
 Building an iOS

   Jailbreak
 From Scratch

2. @umanghere

3. Nullcon Goa 2020 whoami • 20 • Offensive security researcher.

   • Primarily work on kernel and browser exploitation, occasionally release some of my research. • Part of the Electra jailbreak team. • Play CTFs with OpenToAll.

4. Nullcon Goa 2020 What’s this talk about? • A journey

   to run unsigned code on Apple’s iOS devices, with the maximum privileges possible. • A look at the mitigations that stand between us and our goal. • Thoughts on breaking these mitigations, and understanding how they can be improved.

5. Nullcon Goa 2020 Where do we begin? • We could

   target the iOS bootchain, and compromise the boot process of the device. • Or, we could target the iOS kernel to escalate our privileges after the device has booted.

6. Nullcon Goa 2020 The iOS Bootchain

7. Nullcon Goa 2020 BootROM (SecureROM) LLB iBoot Kernel Userspace

8. Nullcon Goa 2020 Immutable BootROM (SecureROM) LLB iBoot Kernel Userspace

9. Nullcon Goa 2020 Immutable Each stage verifies the next before

   switching to it BootROM (SecureROM) LLB iBoot Kernel Userspace

10. Nullcon Goa 2020 Immutable Attacking any stage allows you to

    control the next BootROM (SecureROM) LLB iBoot Kernel Userspace

11. Nullcon Goa 2020 Why target the bootchain? • Processors start

    by executing code at the highest privilege level possible. • Most exploit mitigations do not apply, or have not yet been initialised. • If a vulnerability lies within the SecureROM, it cannot possibly be patched.

12. Nullcon Goa 2020 Why not target the bootchain? • Just

    a fraction of the complexity of the kernel and the userspace. • Harder to find vulnerabilities due to reduced attack surface. • Insufficient effort-to-reward ratio.

13. Nullcon Goa 2020 The iOS Kernel

14. Open Source Closed Source Mach BSD IOKit Proprietary Kernel Extensions

15. Nullcon Goa 2020 The iOS Kernel • Hybrid kernel, incorporates

    the Mach microkernel and BSD APIs. • Some parts are released as open-source software. • Device drivers are written with the IOKit framework, most of them are closed source.

16. Nullcon Goa 2020 Why target the iOS Kernel? • Significantly

    more complex than the bootchain, vast attack surface. • Closed-source kernel extensions are not audited enough. • Successful compromise should allow code execution in EL1. • Implicitly allows control over userspace processes.

17. Nullcon Goa 2020 Why not target the iOS Kernel? •

    Open-source portions are heavily audited. • Some of the attack surface is inaccessible from inside the sandbox. • Interesting hardware, such as the crypto engine, are inaccessible. • Significant vulnerability churn.

18. Nullcon Goa 2020 Attacking the
 iOS Kernel

19. Nullcon Goa 2020 What’s in a kernel exploit? • We

    generalise a kernel exploit to have two primitives. • readKernelMemory(vm_addr_t, size_t) • writeKernelMemory(vm_addr_t, void *, size_t)

20. Nullcon Goa 2020 What’s in a kernel exploit? • We

    generalise a kernel exploit to have two primitives. • readKernelMemory(vm_addr_t) • writeKernelMemory(vm_addr_t, void *, size_t) Read from the
 kernel’s address space Write to the
 kernel’s address space

21. Nullcon Goa 2020 What’s in a kernel exploit? • Most

    kernel exploits prefer to craft a send right to a fake Mach port corresponding to the kernel task. • Reading and writing memory is just a matter of calling mach_vm_{read|write} on the send right. • This isn’t as straightforward as it sounds — being able to read kernel memory is often a prerequisite to craft this port.

22. Nullcon Goa 2020 oob_timestamp • Kernel exploit targeting iOS 13.3

    and below. • Released by Brandon Azad for Google Project Zero. • Out of bounds write of partially-controlled data in AGXCommandQueue::processSegmentKernelCommand()

23. Nullcon Goa 2020 oob_timestamp • Kernel exploit targeting iOS 13.3

    and below. • Released by Brandon Azad for Google Project Zero. • Out of bounds write of partially-controlled data in AGXCommandQueue::processSegmentKernelCommand() Closed Source Kernel Extension

24. Nullcon Goa 2020 oob_timestamp • Sends a Mach message containing

    out-of-line ports. • Uses a somewhat controlled out of bounds write to free some of these ports. • Reallocates those ports by spraying data, leading to a Mach port with controlled contents waiting to be recieved. • Receives the crafted Mach port.

25. Nullcon Goa 2020 early_readKernelMemory • Given just control over a

    Mach port, how do we read kernel memory? • Enter, pid_for_task. • In normal circumstances, returns the 32-bit process identifier of a task (to whose port you have a send right).
26. None
27. None

28. Get the task corresponding to the port

29. Get the task corresponding to the port Get the proc_t

    structure
 corresponding to the task

30. Get the task corresponding to the port Get the proc_t

    structure
 corresponding to the task Get the PID from the process structure

31. Get the task corresponding to the port Get the proc_t

    structure
 corresponding to the task Get the PID from the process structure Copy the PID out to userspace

32. Nullcon Goa 2020 early_readKernelMemory • In effect, pid_for_task can be

    abused as a 4 byte read from a controlled address, given a controlled port. • We combine two adjacent 4 byte reads into an 8 byte read.

33. Nullcon Goa 2020 early_readKernelMemory • This would be enough to

    craft a task port that would behave like the actual kernel’s task port, as we can now read kernel_map and ipc_space_kernel. • Except we do not know where these values are located in kernel memory, due to Kernel Address Space Layout Randomisation.

34. Nullcon Goa 2020 KASLR • Slides the kernel’s virtual memory

    mapping by a random amount. • The slide is generated by iBoot by hashing entropy, and changes every time the device reboots. • In effect, we must know at least one pointer inside the kernel’s image, direct or otherwise, to defeat KASLR.

35. Nullcon Goa 2020 KASLR • Fortunately for us, oob_timestamp gives

    us a pointer to our IPC space. • We can use this to leak the address of a Mach port corresponding to an IOSurface. • This port has a pointer to the C++ object in ip_kobject. • By reading the vtable pointer from this C++ object, we obtain a pointer within the kernel image.

36. Nullcon Goa 2020 {read,write}kernelMemory • Using pid_for_task to read kernel

    memory is very inefficient. • More importantly, we cannot write kernel memory with this technique. • What do we do?

37. Nullcon Goa 2020 {read,write}kernelMemory • Given that we now know

    the value of the kernel_map, kernel_task and ipc_space_kernel, we can now craft a fake task port that behaves exactly like the kernel task port. • Having a send right to this task port grants us the ability to read and write memory in the kernel’s address space by using mach_vm_{read|write}.

38. Nullcon Goa 2020 To Root and Beyond • It is

    almost natural to escalate our privileges to the root user, so we locate our proc_t structure in memory and perform a few writes. • writeKernelMemory(proc->p_ucred.cr_posix.cr_uid, 0, 4); • So we should now be able to do anything, right?

39. Nullcon Goa 2020 No!

40. Nullcon Goa 2020 To Root and Beyond • Our application

    is running in the container sandbox profile, so we cannot perform several interesting operations. • More importantly, we can’t even successfully call some syscalls like execve or fork. • What now?

41. Nullcon Goa 2020 To Root and Beyond bsd/kern/kern_fork.c

42. Nullcon Goa 2020 To Root and Beyond security/mac_process.c

43. Nullcon Goa 2020 To Root and Beyond bsd/sys/ucred.h

44. Nullcon Goa 2020 To Root and Beyond bsd/sys/ucred.h

45. Nullcon Goa 2020 To Root and Beyond • The Mandatory

    Access Control framework is the foundation of the iOS sandbox. • MAC uses p_ucred.cr_label to determine which policies to enforce. • We could change it to a null pointer. • Or we could change the process’s p_ucred to the kernel’s p_ucred, which bypasses almost all sandbox checks.

46. Nullcon Goa 2020 To Root and Beyond kptr_t kern_ucred =

    readKernelMemory64(kernel_proc + OFF(proc, p_ucred));
 
 writeKernelMemory32(kern_ucred + OFF(ucred, cr_ref), 0xcdef); writeKernelMemory64(my_proc + OFF(proc, p_ucred), kern_ucred);

47. Nullcon Goa 2020 To Root and Beyond • As soon

    as we try to do something useful, the kernel panics. panic(cpu 0 caller 0xfffffff00a18b574): “shenanigans!"

48. Nullcon Goa 2020 Shenanigans!

49. Nullcon Goa 2020 To Root and Beyond

50. Nullcon Goa 2020 To Root and Beyond Check if the

    caller is using the kernel’s ucred. Check if the caller is using the kernel’s ucred. Panic if the caller isn’t the kernel process. sb_evaluate

51. Nullcon Goa 2020 To Root and Beyond • Good idea,

    terrible implementation. • Caches the value of the kernel’s ucred. • We can overwrite the cached value with garbage and always skip the check.

52. Nullcon Goa 2020 Remounting / • The APFS filesystem at

    / is mounted read-only at boot, whereas /private/var is mounted as read-write. • We’d like to write in /, so let’s remount it.

53. Nullcon Goa 2020 Remounting / • But we can’t! The

    kernel explicitly disallows remounting the filesystem at /. • This is done by checking the MNT_ROOTFS flag on the root vnode. • Let’s patch away the check in _hook_mount_check_remount.

54. Nullcon Goa 2020 Nope!

55. Nullcon Goa 2020 A Lesson in KTRR • On the

    A10 SoCs and later, the MMU prevents writes to protected memory pages. • These include the kernel code (__TEXT), kext code and all __const regions. • Patching the kernel’s code is nontrivial, we have to make do by data-only post-exploitation.

56. Nullcon Goa 2020 Remounting / • To remount the filesystem,

    let’s temporarily remove the MNT_ROOTFS flag from the root vnode. • That worked, so let’s try to write something in /.

57. Nullcon Goa 2020 Panic!

58. Nullcon Goa 2020 Remounting / • Starting iOS 11.2.6, an

    APFS snapshot is mounted at /. • Snapshots are not designed to be written to, the filesystem driver panics. • @SparkZheng and @bxl1989 released a temporary bypass, followed by which, I released a persistent one.

59. Nullcon Goa 2020 Remounting / • Their solution: mount the

    root block device somewhere else and swap the filesystem-specific data. • Somewhat unstable, the device eventually panics.

60. Nullcon Goa 2020 Remounting / • My solution stops the

    snapshot from being mounted at / in the first place. • This is because the kernel checks for the presence of a snapshot corresponding to the boot manifest hash and mounts it early in the boot process. • Strangely enough, if a matching snapshot is not found, the kernel mounts the actual volume instead. • We can rename the snapshot to anything we’d like by using the fs_snapshot_rename syscall, and force the actual filesystem to be mounted.

61. Nullcon Goa 2020 Remounting /

62. Nullcon Goa 2020 Remounting / • After iOS 12, fs_snapshot_rename

    fails when called on the root volume. • A flag inside the snapshot’s vnode is checked, and the syscall fails if it is set. • Sneaky, sneaky! • Didn’t last very long, I demoed a bypass just a few days after the first kernel exploit for iOS 12 became available.

63. Nullcon Goa 2020 Remounting / • This change was a

    step in the right direction — attackers now needed the ability to call functions in EL1 if they wanted to locate the snapshot vnode. • On A12 SoCs and above, this would require the ability to forge signed pointers in order to defeat ARMv8.3 Pointer Authentication. • Here’s what happens if you don’t use a signed pointer when calling kernel functions:

64. Nullcon Goa 2020 Panic!

65. Nullcon Goa 2020 Remounting / “It's hard to call something

    a PAC defeat without knowing what PAC is supposed to defend against, and it's hard to say that something like PAC "raises the bar" without knowing whether anyone really has to cross that bar anyway.” — Ian Beer

66. Nullcon Goa 2020 Remounting / • “Attackers now needed the

    ability to call functions in EL1 if they wanted to locate the snapshot vnode.” • Do they? • Is there absolutely no place where a pointer to the snapshot vnode might be saved?

67. Nullcon Goa 2020 Remounting / • There is one —

    iterating through the namecache yields a pointer to “/.snaps/snapshot-name”. • We can then set the flag and remount away. • Since we only need to read and write kernel memory, bypassing pointer authentication is not required!

68. Nullcon Goa 2020 CoreTrust • Introduced in iOS 12, with

    several rumours suggesting that it’d be a userspace version of KTRR. • One of the most underwhelming security mitigations I have seen. • Requires that every binary have a valid CMS blob in the code signature.

69. Nullcon Goa 2020 CoreTrust • There are no checks if

    the certificate used to sign the CMS blob are still valid — the only requirement is that the certificate must have a chain of trust leading to Apple. • While it can be bypassed entirely by a few well placed writes in the vnode cache, it’s far simpler to get an expired enterprise developer certificate and use it to sign binaries instead.

70. Nullcon Goa 2020 Takeaways

71. Nullcon Goa 2020 iOS and macOS pack a ton of

    pre-exploit and post-exploit mitigations.

72. Nullcon Goa 2020 Even after attacking the kernel, the amount

    of hoops an attacker has to jump through is fascinating.

73. Nullcon Goa 2020 The security architecture of iOS results in

    a semblance of normality even when the kernel has been successfully attacked.

74. Nullcon Goa 2020 Apple’s approach to security relies significantly on

    post-exploit mitigations, which are only set to increase in number.

75. Nullcon Goa 2020 The future for attackers is challenging —

    and, dare I say, exciting!

76. Nullcon Goa 2020 Thanks We’re standing on the shoulders of

    giants.

77. Nullcon Goa 2020 Thanks • The Electra team (@CStar_OW, @jaimiebishop123

    et. al.) • Nullcon organisers. • You

78. Nullcon Goa 2020 Questions? @umanghere