Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)

Windows’s Kindnesses - Commoner to D-K(d)OM

Otavio Augusto A. Silva

at

NullByte 4a. Ed.

18 Nov. 2017

Otavio Augusto A. Silva (LASCA-Unicamp) Commoner to D-K(d)OM 18 Nov. 2017 1 / 46

Agenda

1 IntroductionContextOverview

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


1 IntroductionContextOverview

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


Introduction

What is Windows 10?

It’s a Windows... means retro-compatibility.

New approach in a hybrid kernel.

Sanitized “sandboxes” for systems process and “critical user process”.

Enforced security behavior that were optional until Windows 8.1.

More obscure and bizarre (Nt/Sys) internals.

TPM1-2 (Trusted Platform Mode), Device Guard etc.

Forced Updates

A lot of new features were added to ensure that the user will not screw(less) with the system.


Introduction

What this is about?

Windows 0days are worth A LOT of money

What happens if I tell you that Windows 10 will have 0days 4ever (if itsconceptual design remains unchanged).

Its hybrid kernel approach is susceptible of some weakness not presentamong other kernels (Linux, Mac, *BSD etc.).

MS usually name these weakness FEATURES, not bugs. As mostly of itdemands some level of elevation, privileges or “patched mechanism”.

This isn’t about a singular approach, bug or exploit. This is about featuresinherent in Windows, which can leave you to cool placesa.

aSpoiler: kernel :)



Overview

Retro-compatibility

Windows carries an OS/2 compatibility until today!

Windows’s dev are afraid of breaking things: everything mustcontinues to run.

Even device drivers back from 2005 using WinNt 3.1 interface MUSTrun inside Windows 10...

It even introduced Compatibility profile for applications. Runs anapplication, among other chances, using a target Win/NtApi!a

aWinAPI is documented and open for directly calls. NtApi is what WinAPI“uses” internally.


Overview

Virtualization Based Security (VBS)

“VBS uses software and hardware enforced mechanisms to create anisolated, hypervisor-restricted, specialized subsystem for storing, securing,transferring, and operating other sensitive subsystems and data.”

Blah? Uses Model Specific Registers (MSRs) to, among other things,enable Secure Virtual Machine Enable (SVME) bits.

The use of:

CPU virtualization extensions; Intel VT or AMD-V.

Input–Output Memory Management Units; such as VT-d or AMD-IOV.

Second Level Address Translation.

Seems to be a pretty good approach, right?



Overview

These new secure features were added mostly on Windows Store app, and“critical services”. By critical read csrrs and some svchosta instance.

aService Hoster

Not all (enforced) changes were avoidable, e.g. Windows ProtectedProcess Light :).

Protected Process Light(PPL)

Is by all means an anti-malware enchantment added into Windows 8.1 toprotected system process and “special” services (likely A/V and DRM).


Overview

Protected Process Light(PPL)

What is PPL?

Kernel “flag”a into EPROCESS struct.

Protection that avoids user handles to it; System permission isolation(can’t touch it).

Apply a code integrity; only loads/runs signed code after launching;PE32/+ to process.

A device driver must flag a process (service) as PPL, it also claim thelevel of code signing (3rd/MS).

No code injection, DLL hijacking etc. right?

Let’s make a tour into Win10’s process hierarchy and “isolation”.

aW10 build ≥ 15063 added in kernel code sign check










Overview

Mostly all MS services-to-endUser have handles with permissions to alluser process.

Some of them have handle to other process/services, outside userring/token; code injection here I’m....

MS complains: Blah, one need elevation to achieve that, not a securityissue.

I’m pretty sure it’s a security issue, but Admin access on Windows 10 mustbe hard to get, right? ... right?


https://github.com/hfiref0x/UACME


Overview

MS fixes mostly all public methods, just because it became public. Butthe main issue remains: bad privilege maintenance!

One doesn’t need to depend of MS, some A/V sandbox “ELEVATES” you;sandbox have elevated token (exec from service) and doesn’t drop it beforerun a sample.

Most attacks relies user naivety! The end user will click in an UAC elevateprompt...


Overview

Make an assurance: Windows UAC can be bypassed. So what an AdminCAN’T do?

All the security mechanism listed before are just there to restrain theAdmin. Why? Rootkit.

MS reinforce its kernel isolation and control so hard, that A/V can’t hookANY kernel mechanism anymore. KPP scene...

Kernel Patch Protection

A.k.a Patch Guard, added in x64 editions of Windows(XP), to enforcerestrictions on what structures d.drivers cannot modify.


Overview

It works by periodically checking protected system structures in the kernel havenot been modified.

Avoid modify/use:

system service tables.

the interrupt descriptor table.

the global descriptor table.

use kernel stacks not allocated by the kernel.

write code within the kernel, HAL or NDIS kernel libs.

Thus it doesn’t offer any protection against one d.driver patching another.

It relies on security by obscurity and misleading symbol, using a mutatealgorithm to deploy into memorya

aout of kernel phy. memory


1 Introduction

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


Attacks

Ender game

Even with Admin access, user can’t mess with kernel. Unless he have W10kernel 0day, which cost ALOT.

Suppose one wants pretty hard to manipulate a protected process(PLLa),e.g A/V, A/C, DRM. He have to build a kernel module and buy acertificate from MS.

ahttps://github.com/Mattiwatti/PPLKiller

Windows 10 have Signed Driver Enforcement... A/V,A/C and DRMsoftware usually check loaded drivera against a remote chain of trust. Nolocal certificate addition.

aThey also checks debug boot and some old version of vul. d.d


Attacks

Ender game?

Or suppose some one wants to read Phy memory from user level... Mustbe a crazy right? ;)


Attacks

Starting the game :)

Direct Kernel Object Manipulation (DKom): a.k.a touch the kernel troughuser level, by hitting some trust entity, e.g. device driver.

DKom isn’t the unique way to manipulate a protected process, handlestealing is easier and faster (one doesn’t need to R.E a device driver...).

But DKom always work, and trough kernel is cool :)

It relies on the manipulation of some kind of d.driver interface with thekernel; usually trough I/O control (known as IOCTL).

Manipulation by a flaw in the d.driver, or permission (wrong) managementin the device/end-point within user level.


Attacks

Windows drivers have an important interface with userlevel: I/O RequestPackets (IRPs).

IRPs are sent to a driver when a particular operation occurs on the driver’sdevice object, e.g “DevicePriv8Device”.

The end interfaces which IRPs are sent: Major Functions as open/close,read/write, and I/O control (IOCTL).

This interface is created at DriverEntry with IoCreateDevice and thenlinked (user-kernel services) with IoCreateSymbolicLink.

Then the rest is a list of pointers to (Major Func.) that executes inside thekernel; kernel interface visible into user level?


What Could Possibly Go Wrong??


Attacks

This is possible because one d.d used wrong ACL for the end point device,means unprivileged user can access it; privilege escalation at least....

Or that the d.driver have a flaw that can be exploited to operates intokernel pages, or even phy. memory.

Dkom usually demands that the exploit implements some kernel functionto operates the kernel object through d.d functions.

Example: d.d have a function that allows one to read cr3 register, allowingaccess to page directory and so, memory pages to be iterated through d.dfunctions ;)


Attacks

We have a lot famous examples:

Capcom.sys: has an ioctl that disables SMEP (Supervisor ModeExecution Protection Enable)a and calls a provided function pointer(shell code?!), and sets SMEP back.

ASMMAP.sys: ioctls that map or unmap to the calling process’address space ANY PART OF PHYSICAL MEMORY, withREAD/WRITE permissions.

WinNT/Turla VBoxDrv.sys: a set of ioctl and “magic word” for VBoxd.d API, that allows to read kernel symbols tabled and write tospecific regions (DSE)b.

aIf set, execution of code in a higher ring generates a fault, KPPable.bDriver Signature Enforcement.


Attacks

Asus have another others widely used d.d flaw (ASMMAP/ASMMAP64),MSI, Dell, Alienware, Nvidia, AMD, Nvidia....

Hold your breath

NVIDIA GPU Display Driver: CVE-2017-0308, CVE-2017-0309,CVE-2017-0311, CVE-2017-0312, CVE-2017-0313, CVE-2017-0314,CVE-2017-0315, CVE-2017-0321, CVE-2017-0322, CVE-2017-0323,CVE-2017-0324, CVE-2017-0310, CVE-2017-0318, CVE-2017-0319,CVE-2017-0320, CVE-2017-0317.

Basically if a company made d.d for control it’s product using “proprietaryAPI”, you probably got a new d.d IOCTL approach; bad practices is prettycommon.


1 Introduction

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


Old 0day

All the d.d have a flaws listed here were exploited and widely spread. Butcontinues to work!

One can right now download a vulnerable Nvidia d.d, even without aNvidia GPU, and exploit it to manipulate the kernel; an old 0day stillusable.

Asus’s ASMMAP.sys (Memory mapping Driver) d.d flaw uses code fromWINDOWS 95 to bypass phy. mapping to user protection, added in 2004into Windows XP!

How??

MS automatically sign OEM d.d; no code review!!

OEM uses the same certificate for multiples d.d; no vulnerable d.dwill have its certificate revoked!


Old 0day

One doesn’t need to build a rootkit, and then buy a Windows drivercertificate, when OEM already delivery it!

Kernel modea is an old forum for APT (+1 unicorn died) reverseengineering and (mostly) Windows kernel hacking; it have a bunch ofOEM d.d old-0day right now.

ahttp://www.kernelmode.info

Tools to monitoring Windows Internals and API uses d.d with the power toprobing Windows kernel!

Process Hacker 2 have a script language to use its d.d; one doesn’t needto R.E a d.d to get into kernel ;)


Old 0day

Mitigations

It’s not always a double rainbow:

some A/Vs blocks old d.d which isn’t used anymore; only CPUID andProcess Hacker were blocked testing Avast, Avira and AVG :)

A/C and DMR were more aggressive, they doesn’t care if you’re usinga old d.d, if they d.d loads and detects a blacklisted d.d loaded;unload it self and alarm user service.

some A/Ca uses high sophisticated approach; usesObRegisterCallbacks of Windows’s kernel API, to check for rogue d.d.

aBattlEye, Lord of Bans

What about hutting your own d.d IOCTL 0day? Might work :)


1 Introduction

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


D.D 0day hunt

Be advised, it’s simply a R.E task. Bunch of senseless code, assembly anda lot of pain.

Any debug which can read Windows Driver Dev. Kit symbols can be used;I recommend IDA Pro or x64dbg :).

We are interested only into d.d which creates an IO device, so this cutsome fat from analysis; hunt first of all IoCreateDevice.

There is no need to escalate permissions, so IO devices withwrong/inefficients permissions will not be a thing.

Winobj can be used to locate devices created with bad ACL; a.k.a privilegeescalation approach


Leak? Go to the conf next time ;)Otavio Augusto A. Silva (LASCA-Unicamp) Commoner to D-K(d)OM 18 Nov. 2017 40 / 46

D.D 0day hunt

So what?

Suppose one can access the displayed device; admin already.

Provide enough data to follow the right flux.

The d.d will move kernel memory (virtual) to another k.memory;likely a memncpy.

Attack scenario: virtual memory write :), although one will have toknow dest. kernel address; chained attack here...

It isn’t something impossible to locate some bugs! Windows is your friend;best malware kit ever built!

Bad news

Unless one wants to sell d.d ioctl exploit to malware’s market, there is noreward! Mostly all flaws don’t have a CVE!! Lack of interest when it’s APImisuse.


1 Introduction

2 Attacks

3 Old 0day

4 D.D 0day hunt

5 Got tool?


Got tool?

There is a tool, the Kindly Injectora, that I made to inject code intoWindows process ;).

ahttps://github.com/otavioarj/KiInjector

KiInjector was made to avoid some detections applied by both A/C andA/V; even behavior matching was tested o/.

Although I didn’t finish the d.d exploit to push it up, eventually I will do;spoiler phy.mem into user space came with BSoD :).

But, it’s pretty usable for handle hijacking; I pushed a sample dlla code tobe used with it!

ahttps://github.com/otavioarj/HandleN



Got tool?

Usable scenario

Inject HandIn into some cool process with nasty handles (PcaSvca?).

Connect into HandIn’s pipe (kilpipe) and write: target-process-namedll-to-be-internal-injected

There you go, remotely injected a dll through handle hijacking ;)

One can also inject into some svhost instances; pro-tip use ProcessHacker 2 to watch process behavior.

aProgram Compatibility Assistant Service

Can I ask you to not use my tools in your malware? <3


Questions?Otavio Augusto A. Silva (LASCA-Unicamp) Commoner to D-K(d)OM 18 Nov. 2017 46 / 46

Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)

Technology