Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University,...
-
Upload
gwenda-hicks -
Category
Documents
-
view
219 -
download
0
Transcript of Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University,...
![Page 1: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/1.jpg)
Embedded devices, an AntiVirus-free safe hideout for Malware
KiChan Ahn - Hanyang University, UndergraduateDongJoo Ha - AhnLab Inc., Security Researcher
AVTOKYO 2010
![Page 2: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/2.jpg)
Index
Background Knowledge- The pirate scene of Gamine consoles and Smartphones- Gaming consoles as an attacking tool - Hacking with NDS (DEMO)
Code Injection for Nintendo Wii- How custom code can be injected- Injection Tutorial (DEMO)
The mindset of an attacker- Malware on Wii (DEMO)
Preparation - Our defenses
AVTOKYO 2010
![Page 3: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/3.jpg)
Background Knowledge
AVTOKYO 2010
![Page 4: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/4.jpg)
Payed software being illegally downloaded
- Most embedded devices implement anti pirate Measures by some means, but these protections are eventually bypassed- ほとんどの組み込みデバイスは、保護装置を持っているが 効果がない。
AVTOKYO 2010
![Page 5: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/5.jpg)
The distribution of illegal software
- Just like PC software, illegal software is Being distributed without any restrictions via P2P,
torrents, web storage- Easily accessible by the general public- PCのように海賊版ソフトウェアを簡単に一般の人々に共有されている。
AVTOKYO 2010
![Page 6: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/6.jpg)
The hardware and software development environment
- Most embedded devices contain a high quality CPU, I/O devices, and network devices - 高性能の CPUと I/Oデバイス、ネットワークデバイスを 持っている。- Users can create legit software that runs on the device with a custom development environment- そのデバイスで動作するソフトウェアを公開された開発環 境を使って製作することができる。
AVTOKYO 2010
![Page 7: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/7.jpg)
Hacking with NDS
HOME AP
NDS
Desktop PCNoteboo
kSmartphone
Internet Attacker
Web server
Web server
AVTOKYO 2010
![Page 8: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/8.jpg)
Hacking with NDS
- Attacking and taking control of a PC
- Demo : Using NDS to attack a PC on the network with a public remote exploit 公開された remote exploitと NDSを利用して PCを攻撃 して制御する。
AVTOKYO 2010
![Page 9: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/9.jpg)
Code Injection for Nintendo Wii
AVTOKYO 2010
![Page 10: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/10.jpg)
Piracy in the gaming industry
2nd place among the current gaming console systems, closely following
PSP
Wiiソフトウェアは、 2番目に多くの不法に共有
されている。
AVTOKYO 2010
![Page 11: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/11.jpg)
The inner workings of games running on Wii
- executables files are files with .dol extension- 実行可能ファイルは、拡張子が。 dolになっている
- they are essentially a stripped down version of an elf file- ELFファイルの形式と似ている。
- system menu -> apploader -> .dol
- .dol files(and sometimes .rel files) contain all code needed for the game to run- ゲームの実行に関連するすべての情報は。 dolファイルに含 まれている。
AVTOKYO 2010
![Page 12: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/12.jpg)
DOL file format
AVTOKYO 2010
![Page 13: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/13.jpg)
How custom code can be injected
Merge 2 dol files- 2つの dolファイルを一緒に加える。
- Update header information- 追加されたコードが最初に実行されるように、ヘッダー情報 を修正する。
- Inject code that transfers execution to the game .dol after the execution of the injected .dol- 追加されたコードが実行された後、元のゲームが実行される ようにコードを追加します。
- Fix a few problematic parts in the binary- バイナリが正常に実行されるように、いくつかの修正作業 をしています。
AVTOKYO 2010
![Page 14: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/14.jpg)
Basic infection process
AVTOKYO 2010
![Page 15: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/15.jpg)
PowerPC
AVTOKYO 2010
![Page 16: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/16.jpg)
Manipulating DOL files
AVTOKYO 2010
![Page 17: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/17.jpg)
Debugging - Crash Dump
AVTOKYO 2010
![Page 18: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/18.jpg)
How custom code can be injected
- Demo : POC of malware injection on Nintendo Wii games Wiiゲームにコードを追加する。
AVTOKYO 2010
![Page 19: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/19.jpg)
The mindset of an attacker
AVTOKYO 2010
![Page 20: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/20.jpg)
Malware on Wii
HOME AP
WiiDesktop PCNoteboo
kSmartphone
Internet Attacker
Web server
Web server
AVTOKYO 2010
![Page 21: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/21.jpg)
Malware on Wii
- Demo : Malware(attack remote host) in live action while the game is playing リモートの脆弱性を攻撃する。
AVTOKYO 2010
![Page 22: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/22.jpg)
Malware on Wii
- Demo : Malware(network down) in live action while the game is playing ホームネットワークを攻撃する。
AVTOKYO 2010
![Page 23: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/23.jpg)
Malware on Wii
- Demo : Malware(attack ap & dns pharming) in live action while the game is playing マルウェア、フィッシング攻撃。
AVTOKYO 2010
![Page 24: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/24.jpg)
How to Defend
AVTOKYO 2010
![Page 25: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/25.jpg)
Defenses
-Manufacturers : Steps to take when designing a new device
- Security Companies : Measurements in Software or Policies
- Users : Precautions for the general users
AVTOKYO 2010
![Page 26: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/26.jpg)
Conclusion
AVTOKYO 2010
![Page 27: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/27.jpg)
Conclusion
- There are no doubts that malware can run on embedded devices, and there may already be some running in the wild ゲーム機や組み込み機器でも、悪意のあるコードは、存在す ることができ、誰かは既に使用されているかもしれない。
- These malware can be equally strong as those on PC,
so one must be fully aware of their potential このような悪意のあるコードは、 PCとマチァンがジで、強 力な被害を与えることができる。
- Not only Gaming Consoles of Smartphones, but any other future embedded device may become a target, so users should be careful and be prepared ゲーム機やスマートフォンではなく、他のデバイスたちで も十分に可能なことだ。用心して準備しなければならない。
AVTOKYO 2010
![Page 28: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/28.jpg)
Download Games at your own risk!
AVTOKYO 2010
![Page 29: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/29.jpg)
References
- Google http://google.com/
- WiiBrewhttp://wiibrew.org/wiki/Main_Page
- GBATemphttp://gbatemp.net
- devkitPro.orghttp://www.devkitpro.org/
- kkamagui 프로그래밍 세상http://kkamagui.tistory.com/
- POChttp://www.powerofcommunity.net/
AVTOKYO 2010
![Page 30: Embedded devices, an AntiVirus-free safe hideout for Malware KiChan Ahn - Hanyang University, Undergraduate DongJoo Ha - AhnLab Inc., Security Researcher.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ea35503460f94ba7503/html5/thumbnails/30.jpg)
Question?
DongJoo Ha (@ChakYi) : [email protected] Ahn (@Externalist) : [email protected]
AVTOKYO 2010