Defeating x64: Modern Trends of Kernel-Mode Rootkits
Transcription
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode Rootkits Aleksandr Matrosov Eugene Rodionov Who we are? Malware researchers at ESET - rootkits analysis - development of cleaning tools - tracking new rootkit techniques - investigation of cybercrime groups http://www.joineset.com/ Agenda Evolution of payloads and rootkits Bypassing code integrity checks Attacking Windows Bootloader Modern Bootkit details: Win64/Olmarik Win64/Rovnix How to debug bootkit with Bochs emulator HiddenFsReader as a forensic tool Evolution of Rootkits Evolution of Rootkit Installation exploit payload dropper rootkit Evolution of Rootkit Installation Malicious Web-site Exploit Vulnerability Execute Payload Bypass ASLR/DEP Download Rootkit Kernel-Mode Exploit Escape Sandbox Escalate Local Privilege Install Rootkit Evolution of Rootkit Features x86 bypassing HIPS/AV self-defense privilege escalation surviving reboot installing rootkit driver injecting payload Kernel mode Rootkit User mode Dropper Evolution of Rootkit Features x86 x64 Dropper Rootkit Rootkit bypassing HIPS/AV self-defense self-defense privilege escalation surviving surviving reboot reboot bypassing signature injecting payload check Rootkit bypassing MS PatchGuard Kernel mode User mode installing rootkit driver injecting payload Obstacles for 64-bit Rootkits o Kernel-Mode Code Signing Policy: It is “difficult” to load unsigned kernel-mode driver o Kernel-Mode Patch Protection (Patch Guard): SSDT (System Service Dispatch Table) IDT (Interrupt Descriptor Table) GDT ( Global Descriptor Table) MSRs (Model Specific Registers) Bypassing Code Integrity Checks Types of Integrity Checks o PnP Device Installation Signing Requirements o Kernel-Mode Code Signing Policy Enforced on 64-bit version of Windows Vista and later versions Boot-start driver Non boot-start PnP driver Non boot-start, non-PnP driver 64-bit Windows Vista and later 32-bit Windows Vista and later (except stream protected media drivers) Subverting KMCSP o Abusing vulnerable signed legitimate kernel-mode driver o Switching off kernel-mode code signing checks by altering BCD data: abusing WinPe Mode disabling signing check enabling test signing o Patching Bootmgr and OS loader Bypassing Integrity Checks Bypassing Integrity Check Techniques USER-MODE TESTSIGNING ON DISABLE INTEGRITY CHECKS KERNEL-MODE System Boot Modification MBR (Master Boot Record) VBR (Volume Boot Record) Attacking Windows Bootloader Boot Process BIOS Initialization MBR Boot Loader Full Kernel Initialization First User-Mode Process Early Kernel Initialization BIOS Services Hardware Kernel Services Boot Process of Windows OS real mode real mode Load MBR Load MBR real mode Load VBR real mode Load VBR real mode/ protected mode Load bootmgr Load ntldr Load winload.exe or winresume.exe Load kernel and boot start drivers Boot Process of pre Windows Vista OS MBR – Master Boot Record VBR – Volume Boot Record real mode/ protected mode Boot Process of post Windows Vista OS real mode/ protected mode Load kernel and boot start drivers Boot Process with Bootkit Infection load malicious MBR/VBR NT kernel modifications load rootkit driver Code Integrity Check OS kernel Bootmgr OS loader OS kernel dependencies Boot-start drivers Non boot-start kernel-mode drivers Evolution of Bootkits o Bootkit PoC evolution: o Bootkit Threats evolution: eEye Bootroot (2005) Win32/Mebroot (2007) Vbootkit (2007) Win32/Mebratix (2008) Vbootkit v2 (2009) Win32/Mebroot v2 (2009) Stoned Bootkit (2009) Win64/Olmarik (2010/11) Evilcore x64 (2011) Win64/Rovnix (2011) Win64/Olmarik Installation on x86 vs. x64 TDL4 Installation on x86 fail WinXP Fail install Check OS version fail Adjust SeLoadDriver privilege Copy itself into PrintProcessor director Vista/Win7 Exploitation MS10-092 success success Set IMAGE_FILE_DLL flag in the PE header Copy itself into %TMP% directory Call AddPrintProvidorW API Create manifest requesting admin privilege Call DeletePrintProvidorW API Call ShellExecute TDL4 Installation on x64 Prepare hidden FS image Write FS image, patch MBR and Adjust SE_SHUTDOWN_PRIVILEGE fail success Exploitation MS10-092 fail Call ZwRaiseHardError to create BSOD Copy itself into %TMP% directory Restart Dropper Create manifest requesting admin privilege success success Call ShellExecute Report to C&C fail Boot Configuration Data (BCD) BCD BCD Object1 BCD Element1 BCD Object BCD Element2 BCD Object2 BCD Element3 Inheritable Windows boot manager Application Windows boot loader Device Ntldr BCD Elements determining KMCSP (before KB2506014) BCD option Description BcdLibraryBoolean_DisableIntegrityCheck (0x16000020) disables kernel-mode code integrity checks BcdOSLoaderBoolean_WinPEMode (0x26000022) instructs kernel to be loaded in preinstallation mode, disabling kernel-mode code integrity checks as a byproduct BcdLibraryBoolean_AllowPrereleaseSignatures (0x16000049) enables test signing BCD Elements determining KMCSP (before KB2506014) BCD option Description BcdLibraryBoolean_DisableIntegrityCheck (0x16000020) disables kernel-mode code integrity checks BcdOSLoaderBoolean_WinPEMode (0x26000022) instructs kernel to be loaded in preinstallation mode, disabling kernel-mode code integrity checks as a byproduct BcdLibraryBoolean_AllowPrereleaseSignatures (0x16000049) enables test signing Abusing Win PE mode: TDL4 modules Module name Description mbr (infected) infected MBR loads ldr16 module and restores original MBR in memory ldr16 hooks 13h interrupt to disable KMCSP and substitute kdcom.dll with ldr32 or ldr64 ldr32 reads TDL4’s kernel-mode driver from hidden file system and maps it into kernel-mode address space ldr64 implementation of ldr32 module functionality for 64-bit OS int 13h – service provided by BIOS to communicate with IDE HDD controller Abusing Win PE mode: Workflow Continue kernel initialization Load infected MBR Infected mbr is loaded and executed Load “ldr16” from hidden file system “ldr16” is loaded and executed Hook BIOS int 13h handler and restore original MBR Original mbr is loaded and executed Call KdDebuggerInitialize1 from loaded kdcom.dll Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load ”drv32” or “drv64" substitute kdcom.dll with”ldr32” or “ldr64" distrort /MININT option Load winload.exe Load VBR VBR is loaded and executed Substitute EmsEnabled option with WinPe Load bootmgr read bcd Bootmgr is loaded and executed Abusing Win PE mode: Workflow Continue kernel initialization Load infected MBR Infected mbr is loaded and executed Load “ldr16” from hidden file system “ldr16” is loaded and executed Hook BIOS int 13h handler and restore original MBR Original mbr is loaded and executed Call KdDebuggerInitialize1 from loaded kdcom.dll Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load ”drv32” or “drv64" substitute kdcom.dll with”ldr32” or “ldr64" distrort /MININT option Load winload.exe Load VBR VBR is loaded and executed Substitute EmsEnabled option with WinPe Load bootmgr read bcd Bootmgr is loaded and executed Abusing Win PE mode: Workflow Continue kernel initialization Load infected MBR Infected mbr is loaded and executed Load “ldr16” from hidden file system “ldr16” is loaded and executed Hook BIOS int 13h handler and restore original MBR Original mbr is loaded and executed Call KdDebuggerInitialize1 from loaded kdcom.dll Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load ”drv32” or “drv64" substitute kdcom.dll with”ldr32” or “ldr64" distrort /MININT option Load winload.exe Load VBR VBR is loaded and executed Substitute EmsEnabled option with WinPe Load bootmgr read bcd Bootmgr is loaded and executed Abusing Win PE mode: Workflow Continue kernel initialization Load infected MBR Infected mbr is loaded and executed Load “ldr16” from hidden file system “ldr16” is loaded and executed Hook BIOS int 13h handler and restore original MBR Original mbr is loaded and executed Call KdDebuggerInitialize1 from loaded kdcom.dll Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load ”drv32” or “drv64" substitute kdcom.dll with”ldr32” or “ldr64" distrort /MININT option Load winload.exe Load VBR VBR is loaded and executed Substitute EmsEnabled option with WinPe Load bootmgr read bcd Bootmgr is loaded and executed Abusing Win PE mode: Workflow Continue kernel initialization Load infected MBR Infected mbr is loaded and executed Load “ldr16” from hidden file system “ldr16” is loaded and executed Hook BIOS int 13h handler and restore original MBR Original mbr is loaded and executed Call KdDebuggerInitialize1 from loaded kdcom.dll Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load ”drv32” or “drv64" substitute kdcom.dll with”ldr32” or “ldr64" distrort /MININT option Load winload.exe Load VBR VBR is loaded and executed Substitute EmsEnabled option with WinPe Load bootmgr read bcd Bootmgr is loaded and executed MS Patch (KB2506014) o BcdOsLoaderBoolean_WinPEMode option no longer influences kernel-mode code signing policy o Size of the export directory of kdcom.dll has been changed MS Patch (KB2506014) o BcdOsLoaderBoolean_WinPEMode option no longer influences kernel-mode code signing policy o Size of the export directory of kdcom.dll has been changed MS Patch (KB2506014) o BcdOsLoaderBoolean_WinPEMode option no longer influences kernel-mode code signing policy o Size of the export directory of kdcom.dll has been changed Bypassing KMCSP: Another Attempt Patch Bootmgr and OS loader (winload.exe) to disable KMCSP: Bypassing KMCSP: Another Attempt Patch Bootmgr and OS loader (winload.exe) to disable KMCSP: Bypassing KMCSP: Result Bootmgr fails to verify OS loader’s integrity Bypassing KMCSP: Result Bootmgr fails to verify OS loader’s integrity TDL4 Hidden File Systems TDL’s Hidden Storage o Reserve space in the end of the hard drive (not visible at file system level analysis) o Encrypted contents (stream cipher: RC4, XOR-ing) o Implemented as a hidden volume in the system o Can be accessed by standard APIs (CreateFile, ReadFile, WriteFile, SetFilePointer, CloseHandle) One sector Variable length Infected MBR TDL4 File System Layout Disk partitions Not more than 8 Mb TDL4 Hidden FS Growth direction One sector Debugging Bootkit with WinDbg WinDbg and kdcom.dll KdDebuggerInitialize RETURN_STATUS Data packet KdSendPacket RETURN_CONTROL Data Packet KdReceivePacket KD_RECV_CODE_OK TDL4 and kdcom.dll TDL4 and kdcom.dll How to Debug TDL4 with WinDbg o Patch ldr16 to disable kdcom.dll substitution o Reboot the system and attach to it with WinDbg o Manually load drv32/drv64 “TDL4 Analysis Paper: a brief introduction and How to Debug It”, Andrea Allievi http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf Debugging Bootkits with Bochs •DEMO http://www.youtube.com/watch?v=sT6N7Dr-G6s Win64/Rovnix Win64/Rovnix: Installation Check if already infected success Check OS Version Windows XP Windows 2000 Vista/Win7 fail success Check Admin Privileges fail Determine OS Digit Capacity Install Corresponding Kernel-mode Driver Call ShellExecuteEx API with “runas” Overwrite Bootstrap Code of Active Partition Self Delete and Exit Initiate System Reboot Win64/Rovnix: Bootkit Overview real mode Load MBR real mode Load VBR Load bootstrap code Target of Win64\Rovnix real mode/ protected mode Load bootmgr real mode/ protected mode Load winload.exe or winresume.exe real mode/ protected mode Load kernel and boot start drivers NTFS Bootstrap Code NTFS Boot Sector (Volume Boot Record) JMP OEM ID BIOS Parameter Block (BPB) Extended BPB (EBPB) Boot Code Signature [3 b] [8 b] [25 b] [48 b] [426 b] [2 b] NTFS Bootstrap Code Win64/Rovnix: Infected Partition Layout o Win64/Rovnix overwrites bootstrap code of the active partition o The malicious driver is written either: before active partition, in case there is enough space in the end of the hard drive, otherwise MBR VBR Bootstrap Code File System Data Before Infecting After Infecting Compressed Data MBR VBR Malicious Code Bootstrap Code NTFS bootstrap code (15 sectors) File System Data Malicious Unsigned Driver Win64/Rovnix: Bootkit Details Continue kernel initialization Load MBR MBR is loaded and executed Map malicious driver into kernel-mode address space Load ntoskrnl.exe, hal.dll,kdcom.dll,b ootvid.dll ant etc Load VBR VBR is loaded and executed Hook BlImgAllocateImageBuffer Load malicious bootstrap code Load winload.exe Malicious bootstrap code is loaded and executed Hook BIOS int 13h handler and restore original bootstrap code Bootloader parameters are read from BCD Read BCD Original bootstrap code is restored Load bootmgr Patch bootmgr Bootmgr is loaded and receives control Restore bootmgr, hook int1 handler and copy itself over IDT Win64/Rovnix: Loading Unsigned Driver o Insert malicious driver in BootDriverList of KeLoaderBlock structure o When kernel receives control it calls entry point of each module in the BootDriverList KeLoaderBlock Malicious Driver Ntoskrnl.exe Win64/Rovnix: Abusing Debugging Facilities Win64/Rovnix: o hooks Int 1h tracing handles hardware breakpoints (DR0-DR7) o overwrites the last half of IDT (Interrupt Descriptor Table) is not used by OS As a result the malware is able to: set up hooks without patching bootloader components retain control after switching into protected mode Win64/Rovnix: Abusing Debugging Facilities Win64/Rovnix: o hooks Int 1h tracing handles hardware breakpoints (DR0-DR7) o overwrites the last half of IDT (Interrupt Descriptor Table) is not used by OS As a result the malware is able to: set up hooks without patching bootloader components retain control after switching into protected mode •DEMO Olmarik vs Rovnix Characteristics Win64/Olmarik Win64/Rovnix MS10-092 ZwRaiseHardError API ExitWindowsEx API MBR VBR (bootstrap code) ZwCreateDriver API Inserting into boot driver list of KeLoaderBlock structure KeInitializeApc/ KeInstertQueueApc APIs KeInitializeApc/ KeInstertQueueApc APIs Kernel-mode hooks, MBR monitoring 10 2 Stability of code Threat complexity Privilege escalation Reboot technique MBR/VBR infection Loading driver Payload injection Self-defense Number of modules What Facilitates the Attack Vector? o Untrusted platform problem BIOS controls boot process, but who controls it? The trust anchor is below point of attack Point of Attack OS kernel Pre boot firmware Bootmgr OS loader OS kernel dependencies Boot-start drivers Non boot-start kernel-mode drivers HiddenFsReader as a Forensic Tool HiddenFsReader as a Forensic Tool Retrieves content of the malware hidden file system. Supported malware: TDL3/TDL3+,TDL4; ZeroAccess (will be added soon) •DEMO http://www.youtube.com/watch?v=iRpp6vn2DAE HiddenFsReader (HFR) Architecture HiddenFileReader HiddenFsRecognizer HiddenFsDecryptor User mode Kernel mode SelfDefenceDisabler LowLevelHddReader Conclusion The bootkit technique allows malware to bypass KMCSP Return to old-school techniques of infecting MBR Win64/Olmarik (TDL4) is the first widely spread rootkit targeting Win x64 Win64/Rovnix relies on debugging facilities of the platform to subvert KMCSP The only possible way of debugging bootkits is to use emulators (Bochs, QEMU) The untrusted platform facilitates bootkit techniques HiddenFsReader is shared amongst malware researchers References “The Evolution of TDL: Conquering x64” http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf “Defeating x64: The Evolution of the TDL Rootkit” http://www.eset.com/us/resources/white-papers/TDL4-CONFidence-2011.pdf “Hasta La Vista, Bootkit: Exploiting the VBR” http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr Follow ESET Threat Blog http://blog.eset.com Questions Thank you for your attention ;) Aleksandr Matrosov [email protected] @matrosov Eugene Rodionov [email protected] @vxradius