Baseband exploitation in 2013: Hexagon challenges Ralf-Philipp Weinmann <ralf comsec!ris.com# Presented at Pacsec 2013 2013-11-1$% &okyo, Japan Who am I+ ● ,ecurit( researcher from -ermany ● Previousl( in academia (Uni.ersit( of 1!xembourg) ● 3ow 4orking for my own company ● 5een interest in securit( of mobile% wireless and embedded systems ● First to demonstrate remotel( exploitable .!lnerabilities in baseband stacks (3 years ago2 7.erview ● Importance of Hexagon for mobile exploitation ● Intro to the 89,P: architect!re ● Past iss!es with B1;,& ● 7n the complexit( of ROP and similar techniques ● ;n example vulnerabilit( ● Concl!sions &he now: cellular baseband market 2013 1?> ?> 8!alcomm @ediate' :3> 13> *ntel 7thers 1TE: Baseband market share distrib!tion 3> B?> 8!alcomm A.er(bod( else Hexagon architect!re ● 7riginated from 8=7Ms general p!rpose 9,P – 0sed for onl( a!dio processing and L1 in early da(s ● C1*W architecture [1-$ instr!ctions per cycle] ● Barrel processor /interlea.ed m!ltithreading2 ● 32-bit !nified address space for code and data – Byte addressable ● 32 -eneral registers /32-bit2 – also usable pair4ise: 64-bit register pairs ● ,!pports nestable loops ● @any addressing modes (specific to 9,P !sage cases2 ● 1ea'ed docs claim !p F3x fewer cycles than ;R@B on control code” *nstr!ction packets ● ;tomic units grouping instructions executed in parallel ● $ parallel pipelines /called slots2 ● Different ins. t(pes assigned to different slots ● Constraints for grouping appl( – HW reso!rces cannot be o.ersubscribed ● Manuals: no branching into middle of packet – Empirically: (o! can ret!rn into middle of packet =hipset evolution ● 89,P:.1: @,@H:00 – Pantech Racer Vega (anyone+I+2 ● 89,P:.2: 8,9H:J0 /.1Kv22% @,@H200 /.1Kv22% =,@HB00% @9@HB00 – e"g. Sharp IS03/*S05 ● 89,P:.3: @9@B00 /.1K.22% =,@H?00% 6,@B000% 8,9H:J0a% @9@H200a% @,@H::0% 8,9Hx?2 – e"g. Sony Xperia acro H9 IS12S ● 89,P:.$: @,@HB:0% @9@Bx1J – e"g. Sams!ng -alaxy S4 (-&-iBJ052, Apple iPhone 5, Blac'Berry Z10 ● 89,P:.J: @,@HB?$ – e"g. LG G2, Sony Xperia Z Ultra Problems with I,A (revisions2 ● Hexagon ProgrammerNs guide onl( a.ailable for v2 ● ;rchitect!re has significantl( e.ol.ed since ● Many details g!essed and deduced from toolchain – Example: immext /payload extender) ● Cer( hard to build tools from scratch because of sheer complexit( of *,; – &esting? – Easier to start from publicly released toolchain Usef!l instr!ctions ● &ransfer: rL O rP Q| immediate ● ;1U: Rd O add/Rs, Rt QQ immediate2 [1: bit signed immediate for arithmetic, 10 bit for logicalE ● combine: Rdd=combine(immediate, immediate2 DH bit signed immediates] ● @0L: Rd O mux(P!% RsQQimmediate% RtQQimmediate2 DH bit signed immediates] ● 37P: 7f xx xx xx Control registers ● LC0 [C1]% SA0 [C0]% LC1 [C3]% SA1 [C2]: 1oop registers ● PC [C9]: Program counter ● USR [C8]: 0ser stat!s register ● M0 [C6] M1 [C7]: Modifier registers /circular addressing2 ● P3:0 [C4]: Predicate registers ● UGP [C10]: 0ser -eneral Pointer /&1,2 ● GP [C11]: Global Pointer Calling conventions ● allocframe/siRe Du1$E2 Saved LR – Push LR and FP to top of stack. Saved FP – ,!btract size D8-b(te alignedE from SP Procedure – FP = addressof(oldFPonStack) local data ● deallocframe – 1oad sa.ed 6P and 1R .alues from address referenced at 6P Saved LR – Restore SP to pre.ious frame Saved FP Hexagon code, examples some_func: 01 02 03 A3: memw (r0 + #0xC) = r3 ; memw (r0 + #8) = r1 00 30 02 A4: memw (r0 + #0x10) = r2 ; memw (r0 + #0) = #0 00 40 9F 52: { jumpr r31 80 C0 40 3C: memw (r0 + #4) = #0 } [...] 60 46 04 7C { r1:0 = combine (#0x33, #8) 46 42 33 04 immext (#0x43309180) 82 45 00 78 r2 = ##filename @ "/local/mnt/" … 43 C1 03 78 r3 = #0x60A } 51 42 33 04 { immext (#0x43309440) A4 46 00 78 r4 = ##message @ "<PRESENCE" … 00 40 5D 3C memw (r29 + #0) = #0 80 C0 5D 3C memw (r29 + #4) = #0 } 4A 63 64 5A { call logmsg 00 C1 5D 3C memw (r29 + #8) = #0 } [...] ,ecurity of chip fabric ● Old(er2 8!alcomm chipsets /e"g. @,@?200): – baseband 4as master /access to AP memory & flash) ● =!rrent-gen chipsets ha.e separate AR@? core for bringup /RPM2 – @odem firm4are no4 is loaded by HL7S (e"g" Android% i7,2 ● =hipset fabric has “hardware fire4alls” – 3o doc!mentation leaked on these ● 0nclear 4hether baseband → AP escalation is possible – What abo!t 9@;+ 3ew R&7, ● Cer( old 8ualcomm chips use proprietar( 7, REL ● 1ater% REL 4as propped onto O51$ – commercial microkernel based on 1$ ● Hexagon-based baseband firm4ares abandon 751$ – BLA,&K8!R& apparently redesigned from scratch – ,ome remnants of RAL for compatibility can be fo!nd Sec!rity mitigations ● Stack coo'ies% generated b( build toolchain ● 3on-executable stac'Kheap – albeit% according to 8=OM securit( ad.isor( 80-N3172-14 /Ma( 2012): F&he c!stomer must FAnable 9ata Axecution Pre.ention .erify that an( support in QuR&KB1;,&-based performance impact is images” acceptable.G ● 5ernel/user-mode separation in Dc!stomer O 7A@E 8uRT/B1;ST Dalso H0-N31?2-1$E ● Safe unlinking for heap ● 3o ;,1R ROP & Roll ● 3ote that deallocframe sets 6P – .ery similar popping SP off stac' on other architect!res ● *nstruction pac'ets can be split – as long as they are not in cache ● =ompo!nd instructions are anno(ing – create constraints for gadgets ● 6or a!tomation: !se ,@& sol.er to handle constraints – See BH 2010 tal' & W77& paper on same subject ● ,till some 4a( to go ● @anual gadget search 4or's% b!t .ery labor-intensi.e ● ;lternate gadgets ending in T!mp r31 and deallocframe gadgets to get 4ork done Hands-on training ● ,martphones: most modem firmwares signature checked at boot time (mostl( older @DMs% though) ● 0,B modems: firm4are freel( modifiable [ca.eat% there ma( be exceptions: ha.en't seen any (etE ● ,ome ,amsung -alaxy ,$s /-&-iBJ0J) with @,@HB:0: no signature check on modem firmware – ,ec!re boot t(pe: ,amsung ● ;ccording to lea'ed docs modem bringup and sigcheck done b( Krait core – ,BL hac's may help 4ith getting aro!nd chec's &ools ● 89,P:.J toolchain released by 80*= – based on -== $"$ ● Can be !sed to compile C/=UU code for Hexagon and inspect using objdump ● Modem firmware: empt( A16 section header – need to populate to ma'e objd!mp disassemble ● IDA Pro Hexagon pl!gin by -,@5 /89,P:.$2 – also based on released bin!tils – .er( rudimentary at the moment – crashes on some firmwares /e.g. iPhone J baseband) Leaked b!gs: An example /CR 3106292 ● Bac'ground: some 4hile ago, archi.e of chipset docs on @,@HB:0 appeared on L9; 9evelopers site – Someone had p!t 7 ;@,, sec!rity b!lletins into this ● =lassic stac' buffer o.erflow ● *n 1&A air interface ● 7ccurs 4hen processing &est 1oopbac' messages – Simple 13 messages > 100 b(tes trigger this problem ● @itigated b( !se of -fstack-protector ● ;ppeared in @a( 2012 sec!rit( ad.isory – 9etailed description gi.en ● Still% s!rprising to see s!ch straightforward b!gs – Possible explanation: 1&A stack 4as still F(oungG &he Way Forward ● 3e4 architect!re has raised bar of entr( significantl( ● Ho4e.er, Q!alcomm dominates mar'et – People 4ill and do have interest in their chips ● Well-f!nded attackers will adapt ● P!blic leaks of v!lnerabilit( information ma'e attac'ers task easier – &a'edown possible, but the internet “doesn't forget” – 9onNt find bugs% find bug description – 7A@s sometimes have slo4 patch c(cles ● R7P exploitation needs a!tomation – 3ot as difficult as assumed .