1 00:00:00,160 --> 00:00:06,439 GOON 1 This is what happens when the math on speaking doesn't really all add up. 2 00:00:12,570 --> 00:00:25,500 (inaudible) Goon 2: Hello 3 00:00:27,500 --> 00:00:30,500 Speaker: Yeah, I'm ready to do this. Let's do it. 4 00:00:32,500 --> 00:00:33,700 Speaker Should I stand up? 5 00:00:33,719 --> 00:00:40,719 Goon 2 Absolutely. 6 00:00:40,719 --> 00:00:59,000 (inaudible) (Crowd Laughs) 7 00:00:59,000 --> 00:01:02,800 Goon 3 All-right guy's, it's up to a vote, Pants on or off? 8 00:01:02,800 --> 00:01:07,859 (Crowd Cheers) 9 00:01:10,800 --> 00:01:13,000 (Crowd Cheers) Speaker : No, Fuck you guys. Do it. 10 00:01:28,700 --> 00:01:28,750 (Crowd Cheers) 11 00:01:28,750 --> 00:01:35,750 Goon 2 21, one for every year right. (Goon 2 Spanks Speaker with Paddle ) 12 00:01:36,980 --> 00:01:38,800 Speaker OWWWW (laughter) 13 00:01:49,800 --> 00:01:51,500 Goon 2. That's TWO. Alright, Alright 14 00:01:53,500 --> 00:01:54,500 Speaker For science.... 15 00:01:54,500 --> 00:01:58,500 16 00:01:58,500 --> 00:02:05,500 (Goon 2 Spanks speaker, counting out loud.) 17 00:02:05,500 --> 00:02:09,750 18 00:02:09,750 --> 00:02:15,540 suck, I thought I would like it, I liked it for a little bit. 19 00:02:15,540 --> 00:02:20,860 (Counts to 21) 20 00:02:40,300 --> 00:02:46,300 All right science time! No spanking. No fucking around. We're going 21 00:02:52,180 --> 00:02:59,180 Anyone else? Oh, Lord. Science. So I'm a PHC student 22 00:02:59,440 --> 00:03:06,440 from Columbia University. And this is my research. My butt hurts. And this is terrible. Okay. 23 00:03:10,470 --> 00:03:17,470 So the name of my talk is Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation. 24 00:03:19,100 --> 00:03:23,240 This is what I really want to talk to you guys about and here's why. And oh, by the 25 00:03:23,240 --> 00:03:28,200 way, the slides are not on the DVD. It's on our website and it's like a hundred megs. 26 00:03:30,200 --> 00:03:34,400 Because Unicorns are magical creatures and cannot be compressed, at all. So, sorry about that. 27 00:03:35,400 --> 00:03:41,010 This is what I typically do. We say, hey, look, we find this bright shiny thing we want 28 00:03:41,010 --> 00:03:46,790 to play with and be it a router, a car, or a phone or a printer, whatever it is. We talk 29 00:03:46,790 --> 00:03:51,850 about our motivation for wanting to do this sort of thing. 30 00:03:51,850 --> 00:03:55,849 (laughter) Then we spend a lot of time figuring out all 31 00:03:55,849 --> 00:04:02,430 the different ways ‑‑ ouch ‑‑ for owning these devices. We fail and we fail. 32 00:04:02,430 --> 00:04:06,709 Finally we succeed. We find one vulnerability, build that one exploit that works and we're 33 00:04:06,709 --> 00:04:10,240 excited and we spend some time during the presentation talking about it. And then comes 34 00:04:10,240 --> 00:04:15,430 the bad news. The bad news is this thing is everywhere. This fix is hard. It runs our 35 00:04:15,430 --> 00:04:21,120 lives and it can have very big impact that's terrible for the world. Then we feel bad for 36 00:04:21,120 --> 00:04:25,590 saying that. So we say well, it's okay, actually. We have this thing called duct tape. So we'll 37 00:04:25,590 --> 00:04:29,830 duct tape this thing by unplugging it from the network or let's not use it in the way 38 00:04:29,830 --> 00:04:32,560 it's intended to and hopefully your house won't fall down tomorrow. 39 00:04:32,560 --> 00:04:38,130 Then, you know me, I usually have pictures of cats and things I find on Google image 40 00:04:38,130 --> 00:04:42,660 search at four o'clock in the morning for harmless copyright infringement. During the 41 00:04:42,660 --> 00:04:46,440 last two minutes of the talk, right, we always have the slide that says wouldn't it be great 42 00:04:46,440 --> 00:04:50,370 if we had a real solution, a solution that's not just duct tape, that actually fixes the 43 00:04:50,370 --> 00:04:56,530 problems, the reasons why we have the problem that we presented on. Then we say, okay, good‑bye, 44 00:04:56,530 --> 00:05:03,240 have a nice day and we do it all over again. The real solution is never really presented. 45 00:05:03,240 --> 00:05:08,639 We worked hard to make this talk different. I'll spend about 47 percent of the talk on 46 00:05:08,639 --> 00:05:15,639 the offensive side. You will see malware propagation, malware on embedded device that propagate 47 00:05:15,940 --> 00:05:20,470 from one type of device from another, like a printer from a phone, to phone to router, 48 00:05:20,470 --> 00:05:26,570 and full mesh, etc., configuration. And then we'll spend a lot of this time, as much time 49 00:05:26,570 --> 00:05:33,570 as I can, on the defensive that we are commercializing Red Balloon. It's called Software Symbiote. 50 00:05:40,699 --> 00:05:47,699 You're about to see it on stage in your typical modern office. We'll spend some time showing 51 00:05:48,080 --> 00:05:51,850 you pictures of unicorns and other things I find on Google search. 52 00:05:51,850 --> 00:05:58,850 Human cast, this is my PHC and we haven't seen him since Black Hat. Michael Costello, 53 00:06:03,900 --> 00:06:10,900 designer by day and scientist by night. This is Jonathan who is also research, and here 54 00:06:12,720 --> 00:06:18,770 is me, getting spanked on stage and such. Special guest appearance by Mikey Droptables, 55 00:06:18,770 --> 00:06:25,770 who is the mayor of P3wnTown, in New Jersey. We have a lot of gear in front of you. We 56 00:06:28,690 --> 00:06:35,080 have the cache of machines. You may or may not see them on your desk, but we all use 57 00:06:35,080 --> 00:06:40,350 it in our modern offices. So we have the 2821 Cisco router. This is probably something you'll 58 00:06:40,350 --> 00:06:46,830 find in the closet somewhere. You'll have one of my favorite printers, the HP 2055 LaserJet 59 00:06:46,830 --> 00:06:51,820 and the Cisco phone, 7961. Today we'll see you a O‑day that we'll drop 60 00:06:51,820 --> 00:06:58,740 at Black Hat and show you today. It's called the Cisco 8961. So this is the bright new 61 00:06:58,740 --> 00:07:05,199 shiny, sexy new Cisco phone almost twice as expensive, but really nice. It also has an 62 00:07:05,199 --> 00:07:09,430 O‑day that's fun to talk about. We'll show you something on the 1841 Cisco 63 00:07:09,430 --> 00:07:15,009 router and we'll talk very briefly about the work we have been doing on the Avaya IP phone 64 00:07:15,009 --> 00:07:18,830 as well. This is an image we know. You have your big 65 00:07:18,830 --> 00:07:23,770 bad Internet. You have the firewall. Inside you have the Internet where you're supersafe. 66 00:07:23,770 --> 00:07:28,500 And P3wnTown is on the right side of Internet with Mikey Drop Table lives. He doesn't know 67 00:07:28,500 --> 00:07:32,550 anything about your Internet. To him this is a mystery, because you can't really send 68 00:07:32,550 --> 00:07:36,270 any packets to do reconnaissance from the firewall from the outside in. This is how 69 00:07:36,270 --> 00:07:41,540 we set things up. But you can make an educated guess that you probably have a printer somewhere 70 00:07:41,540 --> 00:07:44,259 in your organization. So this is what he does. Very clever. He's 71 00:07:44,259 --> 00:07:49,120 going to make a fantastically impressive resumé. Someone in your organization will be so compelled 72 00:07:49,120 --> 00:07:53,729 by the resumé that they'll print this out. This is a vulnerability that we talked about 73 00:07:53,729 --> 00:07:58,560 a year and a half ago, which has since been patched by the vendor, where a print job can 74 00:07:58,560 --> 00:08:03,350 change the entire firmware on the printer itself. It's because you can pack firmware 75 00:08:03,350 --> 00:08:08,340 update files in the print job and the printer will interpret the firmware update and flash 76 00:08:08,340 --> 00:08:11,660 its firmware. Okay. So that's been talked about. That vulnerability 77 00:08:11,660 --> 00:08:16,620 has been patched in theory. But once you get onto the printer, now he has a physical stepping 78 00:08:16,620 --> 00:08:22,199 point into your Internet from the outside. What he does is he will then ‑‑ oh, so 79 00:08:22,199 --> 00:08:25,949 why am I talking about this vulnerability? It's been fixed. We talked about the chaos 80 00:08:25,949 --> 00:08:32,219 two years ago. But it turns out we scanned IPv4 looking for publicly accessible vulnerable 81 00:08:32,219 --> 00:08:38,769 LaserJet printers on the Internet. After 14 months after the initial security patch was 82 00:08:38,769 --> 00:08:43,059 released by the vendor, and I think they released something like three dozen patches for every 83 00:08:43,059 --> 00:08:47,939 single LaserJet model they made, we found that only seven and a half percent of the 84 00:08:47,939 --> 00:08:52,589 Internet has been patched against this vulnerability. So if you find a O‑day on something like 85 00:08:52,589 --> 00:08:57,999 Firefox or Chrome, you have maybe a week window where that vulnerability is useful. On the 86 00:08:57,999 --> 00:09:03,009 embedded side this is absolutely not the case. We don't have the same update infrastructure 87 00:09:03,009 --> 00:09:06,879 that we do on general purpose computers. So the vulnerability I found on this LaserJet 88 00:09:06,879 --> 00:09:12,619 printer a year and a half ago will still be something that your organization will probably 89 00:09:12,619 --> 00:09:17,019 be vulnerable to today. That's just because people don't patch the firmware on their printers. 90 00:09:17,019 --> 00:09:19,920 It's difficult, cumbersome, and nobody likes to do it. 91 00:09:19,920 --> 00:09:24,929 So with this vulnerability what he'll do is we'll create a reverse IP tunnel out the firewall 92 00:09:24,929 --> 00:09:30,290 so he can get control through this tunnel from outside from P3wnTown into the Internet. 93 00:09:30,290 --> 00:09:34,920 From there he'll send a couple of commands to do reconnaissance on the network to find 94 00:09:34,920 --> 00:09:41,920 other devices there are and seeing the exploits he has on those embedded devices. We'll show 95 00:09:41,939 --> 00:09:47,490 how you can propagate through the network, without ever touching a general purpose computer 96 00:09:47,490 --> 00:09:50,170 where you have host‑based defense of any kind. 97 00:09:50,170 --> 00:09:55,550 All right. So we've done a few of these. We looked at the printer. We looked at the router. 98 00:09:55,550 --> 00:09:59,079 We looked at the various phones. It turns out if you just sit down with an embedded 99 00:09:59,079 --> 00:10:04,360 device, if you focus on the one thing, finding vulnerabilities isn't all that difficult. 100 00:10:04,360 --> 00:10:08,720 I have to put that in air quotes. It's not easy, but you have the physical device, you 101 00:10:08,720 --> 00:10:12,790 have all the time in the world. You can take it apart. You can figure out how it works. 102 00:10:12,790 --> 00:10:19,790 So the idea was, and this is the page I put in the first page of candidacy at Columbia. 103 00:10:20,429 --> 00:10:27,429 It's certainly coming. We have the offensive capability to exploit. The next logical progression 104 00:10:27,679 --> 00:10:34,679 would be to take one device and own another one. It turns out it isn't just trivial. There's 105 00:10:36,290 --> 00:10:41,089 some challenges that have to be solved to really work in the real world. 106 00:10:41,089 --> 00:10:46,629 My goal is to own the router and from there put malicious implants in every single one 107 00:10:46,629 --> 00:10:53,629 of these devices, embedded devices on the network. There are certainly some challenges. 108 00:10:53,709 --> 00:10:55,920 In order to get this to work, we'll talk about that. 109 00:10:55,920 --> 00:11:01,339 Here is the reason why: If you look at the cache of machines, we have Cisco, HP, and 110 00:11:01,339 --> 00:11:06,110 Avaya, different proprietary devices. You'll not get the source code for any of this stuff. 111 00:11:06,110 --> 00:11:13,110 The hardware is all specialized, on top of that, the architecture, MIPS, all sorts of 112 00:11:14,629 --> 00:11:20,759 ISA's. And after that, we have different operating systems. We have modified Linux, iOS, full 113 00:11:20,759 --> 00:11:27,759 of mystery, and CNU, kind of like Linux, but not really. Complete mysteries. Did you see 114 00:11:33,989 --> 00:11:38,489 this thing even have a kernel. Completely unknown. 115 00:11:38,489 --> 00:11:45,489 We'll show you solutions to these challenges that we found for the offensive side. But 116 00:11:45,529 --> 00:11:49,480 we're really ‑‑ when you solve the offensive problem, you're solving the dual defensive 117 00:11:49,480 --> 00:11:56,480 problem. We're taking the inside. We're building from the Software Symbiote to do an offensive 118 00:11:58,189 --> 00:12:04,269 demo. We're using the same type of technology for offense and defense. 119 00:12:04,269 --> 00:12:10,790 So the very first challenge here is a generalized way of modifying binaries. Once you have a 120 00:12:10,790 --> 00:12:17,790 device, how do I get it to run? It's not like I can install .exe on a router. I installed 121 00:12:21,809 --> 00:12:26,910 FRAK from a reverse analysis console that we presented here last year. I definitely 122 00:12:26,910 --> 00:12:30,220 recommend you check that out. We've been building on top of it, and it seems to have worked 123 00:12:30,220 --> 00:12:33,799 quite well. So that challenge is more or less solved for us. 124 00:12:33,799 --> 00:12:38,529 The next part gets a little tricky, and here is the generalized execution problem. So once 125 00:12:38,529 --> 00:12:43,959 you have modification, you can put whatever binary in whatever devices. What do you want 126 00:12:43,959 --> 00:12:50,410 to execute? By "execute" I don't mean single instructions, but I want to run payload equivalent 127 00:12:50,410 --> 00:12:57,410 payload on environments that are vastly different, like Linux, VH works, and have it do exactly 128 00:12:58,249 --> 00:13:03,009 the same thing without a full understanding of the operating system at all. Right? I'll 129 00:13:03,009 --> 00:13:07,189 show you ways of doing that. Once you solve that, there is the even trickier 130 00:13:07,189 --> 00:13:12,879 problem of getting input and output to these targets, so you have OS and hardware agnostic 131 00:13:12,879 --> 00:13:17,790 payload of some sort. How do you communicate to it? How do I send traffic and receive traffic 132 00:13:17,790 --> 00:13:21,670 from this device without understanding how the network subsystem works? 133 00:13:21,670 --> 00:13:27,899 Typically you figure out I'll hook this specific call and that's the way that I can see all 134 00:13:27,899 --> 00:13:32,399 the traffic that are coming in. But in the operating systems that you really don't understand, 135 00:13:32,399 --> 00:13:37,769 this is very difficult. So let's talk about generalized execution first. Forget about 136 00:13:37,769 --> 00:13:40,720 everything you've ever learned about any operating system. 137 00:13:40,720 --> 00:13:46,559 That's why we have this black box down here. This is XYZ computer. You know that the memory 138 00:13:46,559 --> 00:13:50,879 is roughly organized in this way. You have some code, and then you have some data, dynamic 139 00:13:50,879 --> 00:13:57,359 data. Somewhere in that dynamic data region you have what's generally referred to as iOmem. 140 00:13:57,359 --> 00:14:03,809 The firmware is really bloated. It's got a whole bunch of code not necessary for the 141 00:14:03,809 --> 00:14:10,809 operation of that device. By that I mean debug strings, IPv6 if you're not using it, syslog 142 00:14:12,439 --> 00:14:19,139 and a lot of dead code and whatnot. In fact, Mike and I looked at Cisco iOS, and 143 00:14:19,139 --> 00:14:24,850 it turns out if we wanted to repel BGP and AGP server, it looked like we were able to 144 00:14:24,850 --> 00:14:30,420 take out 40 percent of the iOS binary and have the router come up and be fully functional 145 00:14:30,420 --> 00:14:36,879 if you didn't want to use the web server or BGP. A lot of room to play with. 146 00:14:36,879 --> 00:14:41,269 There are points inside the code that we know will be executed at a high frequency with 147 00:14:41,269 --> 00:14:47,259 high confidence; right? Regardless of the operating system. Here is a real good example. 148 00:14:47,259 --> 00:14:52,549 Every time the e‑wrap instruction is called. If we just mapped out all the e‑wrap instructions 149 00:14:52,549 --> 00:14:59,549 and hooked that, we'll be in control of the CPU. A bunch of other places, popular functions, 150 00:15:01,049 --> 00:15:04,970 mem copy, etc. So put these two things together. We replace 151 00:15:04,970 --> 00:15:08,609 the dead code that's not necessary for the operation of the device, whatever it is. We 152 00:15:08,609 --> 00:15:13,350 replace it with our own payload. This payload is capable of restoring state between itself 153 00:15:13,350 --> 00:15:17,089 and host program. So think about this as a binary scheduler. 154 00:15:17,089 --> 00:15:22,509 We use some other dead code for dynamic memory region, stack, heap, scratch area, and the 155 00:15:22,509 --> 00:15:27,709 last thing we do is we hook a whole bunch of intercept points to guarantee that our 156 00:15:27,709 --> 00:15:32,809 payload is perfectly invoked. Then that's really the solution to the generalized execution 157 00:15:32,809 --> 00:15:38,059 problem. You can compile the code for a specific architecture and inject it into the environment 158 00:15:38,059 --> 00:15:41,100 regardless of the operating system that you're working inside. 159 00:15:41,100 --> 00:15:45,149 Now, how do we solve the input and output problem? And I'm gonna say that we can actually 160 00:15:45,149 --> 00:15:50,799 take the solution from the generalized execution part of this and at least solve the generalized 161 00:15:50,799 --> 00:15:53,459 input problem. The output is still a little bit more difficult. 162 00:15:53,459 --> 00:16:00,459 This is what we do. The payload in this case we choose to run is the packet scrubber. We're 163 00:16:00,869 --> 00:16:07,009 doing an Easter hunt, essentially. Linear scan through the memory of the device regardless 164 00:16:07,009 --> 00:16:11,329 of what the operating system is. We'll hook a whole bunch of points that's gonna guarantee 165 00:16:11,329 --> 00:16:17,850 that the packet scrubber will be hit periodically all the time. And as the device received network 166 00:16:17,850 --> 00:16:24,439 traffic, packets are going to be copied into iO memory. In that region we'll detect known 167 00:16:24,439 --> 00:16:30,269 patterns that we define ahead of time that we'll call command and control patterns. 168 00:16:30,269 --> 00:16:35,689 As the device operates, we pick out the patterns in memory and then we service them accordingly 169 00:16:35,689 --> 00:16:39,799 to our command and control scheme. And how do we get these patterns inside the iOmem 170 00:16:39,799 --> 00:16:45,359 range? It turns out it's really easy. Even if you send a malformed packet of some sort, 171 00:16:45,359 --> 00:16:49,879 as long as the device doesn't have the lost hardware acceleration, the entire packet is 172 00:16:49,879 --> 00:16:54,359 copied into the memory range and the processor will analyze it and decide whether to discard 173 00:16:54,359 --> 00:16:59,790 it, quote/unquote, or copy it. As long as it's copied into iOmem, our packet scrubber 174 00:16:59,790 --> 00:17:06,740 will find it. We send the command and control into an IMP message or through the content 175 00:17:06,740 --> 00:17:12,380 of a JPG picture, as long as that is copied into iOmem, our packet scrubber will identify 176 00:17:12,380 --> 00:17:16,000 it. So take a step back and think, is it specific 177 00:17:16,000 --> 00:17:23,000 for ARM? It will work for MIPS, whatever architecture. Now, is this something that will only work 178 00:17:24,050 --> 00:17:31,050 for VX works? No, it will work for Linux, iOS, big iOS, little iOS, the Linux kernel 179 00:17:32,240 --> 00:17:39,240 inside a program. This is hardware agnostic. For completeness this is the command control 180 00:17:40,380 --> 00:17:44,060 and the command and control acknowledgment packet that we define for this demo. You have 181 00:17:44,060 --> 00:17:50,590 an envelope predesigned, in this case I have ACSC, my initials, followed by some metadata. 182 00:17:50,590 --> 00:17:57,590 At the end we have magic pattern so we can validate that it doesn't understand about 183 00:17:57,980 --> 00:18:04,580 how iO memory is manipulated, command arguments and various payloads, how both the offensive 184 00:18:04,580 --> 00:18:11,580 and defense demo work. As these packets are hit, we identify it. 185 00:18:16,880 --> 00:18:23,880 We service the command and control, and that's how it all works. We have it working on MIPS. 186 00:18:28,250 --> 00:18:35,250 We found about Barnaby Jack a few days before the presentation. We wanted to do something 187 00:18:35,980 --> 00:18:42,980 as attribute to him. We've actually implemented the Barnaby function. It takes embedded device 188 00:18:45,570 --> 00:18:50,060 input and puts his face into the working memory of those devices. 189 00:18:50,060 --> 00:18:57,060 (applause) We're not done. We made a modified Barnaby 190 00:18:57,190 --> 00:19:03,470 prime that does the same thing but in a permanent way. To show not only can we do this through 191 00:19:03,470 --> 00:19:08,290 command and control, we can affect real permanent construction through our command and control. 192 00:19:08,290 --> 00:19:15,290 Here is Barnaby Jack's face right past the loader, physical destruction F prime. 193 00:19:17,480 --> 00:19:24,480 Now I want to talk a little bit how our demo will go. Owns the printer through this reverse 194 00:19:25,520 --> 00:19:29,990 IP tunnel, through this resumé, establishes the reverse IP tunnel, sends command and control 195 00:19:29,990 --> 00:19:36,740 down to the printer to do recon. We'll do a whole bunch of fingerprinting to find out 196 00:19:36,740 --> 00:19:40,820 the devices you're actually looking at. Once we have, we figure out whether this is a Cisco 197 00:19:40,820 --> 00:19:47,150 router or an RP printer or Cisco phone, etc. Using what we find there, we'll start dropping 198 00:19:47,150 --> 00:19:51,060 exploits onto these things and putting our malicious implants that will give us the same 199 00:19:51,060 --> 00:19:55,780 command and control capability on all of these devices. 200 00:19:55,780 --> 00:19:59,340 Before we jump into the demo, I really have to say I'm not allowed to say what we have 201 00:19:59,340 --> 00:20:06,340 done with Avaya, but the JTAGulator, the superawesome sauce. This is the coolest piece of hardware 202 00:20:08,180 --> 00:20:13,950 I've seen in a while. If you see Joe, get him a latte or something, buy ten of his boards. 203 00:20:13,950 --> 00:20:20,680 This is really cool. His board made our work really possible. So big thanks to Joe Grant. 204 00:20:20,680 --> 00:20:25,600 Now, without further ado, Michael will start running the offensive demo. 205 00:20:25,600 --> 00:20:31,660 MICHAEL COSTELLO: All right. I just wanted to say I really love this community. It's 206 00:20:31,660 --> 00:20:35,440 one o'clock, 1:30 now on a Sunday afternoon, the last day of the conference and the room 207 00:20:35,440 --> 00:20:42,440 is packed. I mean, this is great. You should all give yourself a round of applause. Please. 208 00:20:43,390 --> 00:20:47,790 (applause) And there is going to be a little bit of audience 209 00:20:47,790 --> 00:20:53,980 participation here. So when that happens, please everybody just shout out the obvious 210 00:20:53,980 --> 00:21:00,980 answer. ANG CUI: So we're going to P3wnTown. 211 00:21:01,900 --> 00:21:07,100 MICHAEL COSTELLO: Everything we're doing here on stage right is P3wnTown. So this is 212 00:21:07,100 --> 00:21:11,640 where we'll put our offensive payloads and then after that's done we'll come to stage 213 00:21:11,640 --> 00:21:17,020 left over here and do defense. So I'll bring up my server. We've already ‑‑ we've 214 00:21:17,020 --> 00:21:24,020 already sent our resumé to the printer. It has been rebooted and it's going to build. 215 00:21:24,430 --> 00:21:28,020 It's reverse tunnel connection out through the firewall out to where Mikey Droptables 216 00:21:28,020 --> 00:21:35,020 is living. We bring up our counsel sole. All right we see that we have the printer in here. 217 00:21:42,030 --> 00:21:49,030 And so everything that we'll be doing here and all we see at the beginning, but every 218 00:21:49,040 --> 00:21:53,030 command that we're doing or almost every command that we're doing is we're sending commands 219 00:21:53,030 --> 00:21:58,260 through the command control tunnel to the printer to have the printer instructed to 220 00:21:58,260 --> 00:22:01,250 do different things. So what might be the first thing we want to 221 00:22:01,250 --> 00:22:06,610 do? So we've got our printer. We know about this on the network. But we want to find ‑‑ 222 00:22:06,610 --> 00:22:13,610 we can to do reconnaissance on the rest of the network. So we'll do a scan on the printer 223 00:22:13,720 --> 00:22:20,080 on port 23. And we're instructing the printer through the tunnel to do a syn scan. We spoofed 224 00:22:20,080 --> 00:22:27,080 the and they're packets are coming back to us. We seat number of devices on the network. 225 00:22:27,350 --> 00:22:34,350 We see a number of IP devices. I apologize for the formatting, for the screen size, but 226 00:22:34,490 --> 00:22:39,730 another thing that you'll notice is that the printer now has a fingerprint. This is a memory 227 00:22:39,730 --> 00:22:43,580 fingerprint. So when our rootkit is on there, we can check 228 00:22:43,580 --> 00:22:48,280 some memory and then use this fingerprint as a key into a database that we have precomputed 229 00:22:48,280 --> 00:22:55,280 offline a number of information on these devices. Here we notice an HP LaserJet 2055 DN running 230 00:22:57,010 --> 00:23:03,080 from March of 2010. And this might be another good time or this might be a good time to 231 00:23:03,080 --> 00:23:07,080 note that this work that we're doing on the printer is nothing new. This is not a new 232 00:23:07,080 --> 00:23:14,080 exploit. This was presented at 28C3, Print Me If You Dare. There was an NDSS 2013 modifications 233 00:23:14,470 --> 00:23:19,570 attack paper. Read that and watch that. We were making the printer do a lot more things 234 00:23:19,570 --> 00:23:23,870 during this presentation. So now the next thing that we want to do now 235 00:23:23,870 --> 00:23:27,990 that we have an idea of some devices on the network, is that we want to find out a little 236 00:23:27,990 --> 00:23:30,870 bit more information. We want ‑‑ we have some Layer 3 information. We want to get some 237 00:23:30,870 --> 00:23:36,190 Layer 2 information because that will help us in the next stage of our attack. So we'll 238 00:23:36,190 --> 00:23:43,190 ask the printer to give us a IP to Mac address mapping of these various devices. Looking 239 00:23:43,470 --> 00:23:50,310 at the first six bytes of the Mac address OUI, we can see who the vendors are. 240 00:23:50,310 --> 00:23:57,310 We have an HP, a couple of Ciscos on here. We also have one target on here, recon 4, 241 00:23:57,780 --> 00:24:02,420 which is the Cisco. For the purposes of the demo, we know this is an IP phone. So we're 242 00:24:02,420 --> 00:24:09,420 going to rename recon 4 to Phone 2. What we'll do is we'll try to SSH into this phone. We're 243 00:24:14,210 --> 00:24:18,790 going to try ‑‑ because we know that the phone is going to be running SSH. We're 244 00:24:18,790 --> 00:24:23,600 not going to try to log into the phone by guessing a user name and password. 245 00:24:23,600 --> 00:24:28,460 We'll take advantage of a feature on these phones is that every single time you attempt 246 00:24:28,460 --> 00:24:35,460 to SSH into them; they ask their preconfigured TFTP signature for an authorized key file. 247 00:24:38,010 --> 00:24:43,080 What we'll do, though, is instruct the printer to ARP‑spoof the phone, making it think 248 00:24:43,080 --> 00:24:47,600 it's a device we control on the network is in fact the TFTP server. That's going to be 249 00:24:47,600 --> 00:24:51,580 the printer. So one of the things that the printer does in addition as part of the packet 250 00:24:51,580 --> 00:24:55,400 scrubber looking for these magic patterns of command and control packets, it looks for 251 00:24:55,400 --> 00:25:01,570 TFTP‑authorized keys request files. It has in memory a nicely formed one packet TFTP 252 00:25:01,570 --> 00:25:08,140 file. It has to populate a couple of fields. ANG CUI: Which key are we going to use? 253 00:25:08,140 --> 00:25:13,680 MICHAEL COSTELLO: A key we built ourselves. ANG CUI: So we would be able to authenticate. 254 00:25:13,680 --> 00:25:17,400 That's nice. MICHAEL COSTELLO: Uh‑huh. So we're going 255 00:25:17,400 --> 00:25:24,400 to poison Phone 2 with the IP address of the TFTP server that we learned through reconnaissance. 256 00:25:26,960 --> 00:25:33,960 First before that I need to bring up a proxy. The proxy already connected. Very good. And 257 00:25:35,210 --> 00:25:42,190 we're going to ‑‑ so we'll ARP poison it and do it again for good measure. 258 00:25:42,190 --> 00:25:47,690 ANG CUI: Mike is going to SSH through the local host in P3wnTown right through the proxy, 259 00:25:47,690 --> 00:25:53,000 through the printer, to the phone, and spoof the authorized key file as it's being requested 260 00:25:53,000 --> 00:25:57,539 and then get console access to the phone from the Internet through the printer. 261 00:25:57,539 --> 00:26:02,530 MICHAEL COSTELLO: If this works, we should get a shell log‑in prompt and not an SSH 262 00:26:02,530 --> 00:26:04,770 prompt. (applause) 263 00:26:04,770 --> 00:26:11,770 ANG CUI: You typed in a supersecret password. How do you know? 264 00:26:12,570 --> 00:26:15,610 MICHAEL COSTELLO: Cisco documentation informs. (laughter) 265 00:26:15,610 --> 00:26:20,030 ANG CUI: Can you not just change that password? MICHAEL COSTELLO: No, if you change it, 266 00:26:20,030 --> 00:26:22,970 the phone resets itself. ANG CUI: And the password comes back to 267 00:26:22,970 --> 00:26:25,810 the way it was before? MICHAEL COSTELLO: Yes. 268 00:26:25,810 --> 00:26:28,530 ANG CUI: That sucks. (laughter) 269 00:26:28,530 --> 00:26:35,220 MICHAEL COSTELLO: Okay. So we find out it's a Cisco 8961. It's running 921 software. 270 00:26:35,220 --> 00:26:40,960 This is not ‑‑ this is recent, not the latest software on it. There has been a release 271 00:26:40,960 --> 00:26:47,960 or there will be forthcoming a release that kind of puts epoxy on some of the holes, but 272 00:26:51,080 --> 00:26:55,590 here we notice this is a phone. A general purpose computer, disguised to look like a 273 00:26:55,590 --> 00:27:02,590 phone that's running a Linux kernel. We'll cut right to the point. After looking 274 00:27:07,000 --> 00:27:14,000 at how the phone boots up that it uses NAN devices. One of the things that we noticed, 275 00:27:15,970 --> 00:27:22,970 and this is just one of the devices, does anybody see a problem with the permissions 276 00:27:25,200 --> 00:27:26,730 on this device? (laughter) 277 00:27:26,730 --> 00:27:33,430 ANG CUI: There you go. Question this before, talk about NAN vulnerability. We could have 278 00:27:33,430 --> 00:27:38,860 done this in a lot more elegant way. He didn't send the slides and we did it in the most 279 00:27:38,860 --> 00:27:45,860 monkey way possible. MICHAEL COSTELLO: What we could do is if 280 00:27:48,010 --> 00:27:55,010 it has world right nonprivileged user, we could write to this device? In theory, we 281 00:27:56,540 --> 00:28:01,150 don't have any tools to do that. We'll have to download it. That will be a lot. How are 282 00:28:01,150 --> 00:28:07,610 we going to do to do this? Actually, it's really convenient that Cisco had already packed 283 00:28:07,610 --> 00:28:11,540 for us a number of Flash utility, so we could erase the device. 284 00:28:11,540 --> 00:28:16,280 ANG CUI: No way. The tools to do it that allows us to do it. 285 00:28:16,280 --> 00:28:23,160 MICHAEL COSTELLO: Flash erase info, but also a number of mantles that we can ‑‑ 286 00:28:23,160 --> 00:28:26,740 ANG CUI: That's really useful. This file system will be megs and megs large. How will 287 00:28:26,740 --> 00:28:33,059 we ship it to the phone? Sounds all very complicated. MICHAEL COSTELLO: You can do all of this 288 00:28:33,059 --> 00:28:37,590 stuff offline. And you could pack one file in a very small file system, fit into one 289 00:28:37,590 --> 00:28:44,280 4 K block and using TFPT. ANG CUI: This is also on the phone. All 290 00:28:44,280 --> 00:28:50,590 the tools are there. So there is the O‑day. When I found it, this was a little disappointing, 291 00:28:50,590 --> 00:28:57,160 almost, because we've gone from the CNU kernel, which is proprietary thing, to a much more 292 00:28:57,160 --> 00:29:03,610 secure environment, the Linux with all the security patches backdated to the thing, yet 293 00:29:03,610 --> 00:29:09,200 only this phone has become somehow easier. So something is wrong here. It's just human 294 00:29:09,200 --> 00:29:11,870 error, really. MICHAEL COSTELLO: So what we might want 295 00:29:11,870 --> 00:29:16,080 to ‑‑ what somebody would want to pack into one of these files, a little root popping, 296 00:29:16,080 --> 00:29:23,080 a root popping program, so if we look at who I am now, I'm default. But I really don't type this slow. Everything 297 00:29:30,750 --> 00:29:37,750 is going over this proxy. We're root. Tada! ANG CUI: That's all it took. We didn't 298 00:29:43,740 --> 00:29:48,690 have to compile anything, log into the phone, look around and build this 4 K file system 299 00:29:48,690 --> 00:29:54,300 and there you go. You have it. Now we'll switch over to our command control demo. For good 300 00:29:54,300 --> 00:30:01,300 looks, we promised that this is gonna be a command and control infrastructure. Going 301 00:30:05,080 --> 00:30:11,140 from a Linux phone to compromising the printer becomes all of a sudden very simple. 302 00:30:11,140 --> 00:30:15,840 Now we'll load up all the devices we have in command and control implant on. For good 303 00:30:15,840 --> 00:30:21,540 measures we'll add two other devices. The Cisco 2821 router and Cisco 1841 router to 304 00:30:21,540 --> 00:30:26,140 show it will work on phones, printers, and all sorts of routers. 305 00:30:26,140 --> 00:30:31,420 MICHAEL COSTELLO: We'll see if our rootkit is listening. 306 00:30:31,420 --> 00:30:37,280 ANG CUI: Of course, we're also doing this through the printer tunnel. 307 00:30:37,280 --> 00:30:44,280 MICHAEL COSTELLO: Everything responds and says we're here, again, with the memory fingerprints 308 00:30:45,120 --> 00:30:50,140 that we're able to take, we can look up a bunch of info on these things precomputed 309 00:30:50,140 --> 00:30:57,140 offline. So for instance, let's instead look at the 2821. We see that we know that it's 310 00:31:01,390 --> 00:31:08,390 running MIPS 4 NDN. We can find the addresses of various functions. Here we've decided to 311 00:31:08,980 --> 00:31:10,990 redact to the fact. ANG CUI: We've got lawyer p3wned and we 312 00:31:10,990 --> 00:31:17,990 couldn't show you the actual offsets, but they're there in our database. Sorry. Let's 313 00:31:20,640 --> 00:31:27,640 rock out the Barnaby function. MICHAEL COSTELLO: Before running the Barnaby 314 00:31:31,240 --> 00:31:37,890 function, in case anybody doesn't know typical Cisco router behavior, if you type in "enable" 315 00:31:37,890 --> 00:31:42,559 and you type in the password wrong three times, this is bad secrets, you're just a regular 316 00:31:42,559 --> 00:31:48,220 privileged user, if you do a show version, you just get to see what the router is running. 317 00:31:48,220 --> 00:31:55,220 If we run the Barnaby function, this is doing a number of writes to memory. Let's do it 318 00:31:58,170 --> 00:32:05,170 on the 1841 as well. If we do enable bad secrets but notice that the prompt has changed. 319 00:32:07,429 --> 00:32:09,640 ANG CUI: Oh, wow. How is that supposed to happen? 320 00:32:09,640 --> 00:32:13,690 (applause) that's not all. So we'll do the show version. 321 00:32:13,690 --> 00:32:18,200 MICHAEL COSTELLO: Yeah. If we do the show version. 322 00:32:18,200 --> 00:32:23,920 ANG CUI: Oh, look at that. MICHAEL COSTELLO: We've got Barnaby's face 323 00:32:23,920 --> 00:32:28,040 now. (applause) 324 00:32:28,040 --> 00:32:32,059 It's in the 1841 as well. ANG CUI: Right. This is because the command 325 00:32:32,059 --> 00:32:35,929 control works the same way on different architect users, different operating systems. We're 326 00:32:35,929 --> 00:32:40,210 given an arbitrary memory write command and we're writing it to the specific location. 327 00:32:40,210 --> 00:32:45,230 And the reason why we know the specific location of the string is because we have precomputed 328 00:32:45,230 --> 00:32:49,929 this assembly of the specific iO version that we found that we know this is running through 329 00:32:49,929 --> 00:32:55,600 the fingerprint that we have exfiltrated through the heartbeat. We can do this from all the 330 00:32:55,600 --> 00:32:58,850 other devices that we have under CNC. MICHAEL COSTELLO: Let's move on. 331 00:32:58,850 --> 00:33:02,490 ANG CUI: So let's do the defense demo. We're running a little bit short on time. 332 00:33:02,490 --> 00:33:09,490 As promised, I'll spend as much time as I can on the defensive side. Population P3wnTown 333 00:33:10,320 --> 00:33:17,320 without six. Another fun fact, the HP printer is really quite a capable piece of device. 334 00:33:18,650 --> 00:33:22,929 This thing can send about 15,000 packets per second. You can send terrible things and yack, 335 00:33:22,929 --> 00:33:27,730 yack, yack, all day long. It turns out if you want to DOS a 2821 router using a single 336 00:33:27,730 --> 00:33:34,730 printer, you can. You can peg it. That's one printer; imagine what I could do with two 337 00:33:36,010 --> 00:33:40,590 printers. We'll show you that if we have some time. 338 00:33:40,590 --> 00:33:44,050 Now I want to show you the defense determine. This is what I've been spending the last five 339 00:33:44,050 --> 00:33:51,050 years of my career developing. It's Software Symbiote. It's used to develop dynamic firmware 340 00:33:53,170 --> 00:34:00,170 integrity and arbitrary legacy devices, on ARP, Cisco phones, routers, and on HP printers. 341 00:34:03,640 --> 00:34:07,690 This is really not something that ‑‑ oh, and we require absolutely no vendor intelligent 342 00:34:07,690 --> 00:34:13,470 property. We take the binary that comes from the vendor, no source code, no hardware modification. 343 00:34:13,470 --> 00:34:20,470 This is not a timing‑based attestation method. This is not proof carrying code in any way 344 00:34:20,769 --> 00:34:26,379 or inline monitoring. This is something very new and very flexible. You will see a demo 345 00:34:26,379 --> 00:34:30,489 of this thing working right now on exactly the same hardware that you saw the offensive 346 00:34:30,489 --> 00:34:37,489 demo on. We'll get out of P3wnTown and go somewhere else. 347 00:34:39,079 --> 00:34:45,059 Then as Mike is setting up, we'll run through the first phone exploit that does kernel memory 348 00:34:45,059 --> 00:34:50,849 modification and we'll bring up the Symbiote alerting console to show us dynamic updates 349 00:34:50,849 --> 00:34:57,529 to the checksums of the static region. Any piece of code that's modified within static 350 00:34:57,529 --> 00:35:03,200 code of these devices will be detected in approximately a hundred milliseconds, depending 351 00:35:03,200 --> 00:35:09,130 on the speed of the CPU. The routers will have a hundredth of a millisecond or so. The 352 00:35:09,130 --> 00:35:14,619 phone will have a much faster CPU, so we can detect it much, much faster. 353 00:35:14,619 --> 00:35:21,619 MICHAEL COSTELLO: We got in here. We added our routers in again. I apologize for the 354 00:35:22,009 --> 00:35:26,089 formatting. Again we have the phone, the router. There is a printer at the bottom. We'll try 355 00:35:26,089 --> 00:35:30,140 to add that in individually at the end. But for right now we'll show you the phone and 356 00:35:30,140 --> 00:35:33,739 the routers. So these are routers that are running or Symbiote code, this is all work 357 00:35:33,739 --> 00:35:40,739 that's been funded by DARPA the DHS, all these things are packed together with a utility 358 00:35:40,779 --> 00:35:46,190 we built called FRAK funded by CFT, thank you very much if you're in the audience or 359 00:35:46,190 --> 00:35:48,939 wherever you are. ANG CUI: All right. 360 00:35:48,939 --> 00:35:54,390 MICHAEL COSTELLO: So what we'll do is we're going to go through exploits that we've demonstrated 361 00:35:54,390 --> 00:35:59,529 before, shown before. There's not much new here. The first one ‑‑ but what is new 362 00:35:59,529 --> 00:36:05,420 here is the Symbiote defending all this stuff. The first thing we'll try it on is the Cisco 363 00:36:05,420 --> 00:36:12,420 IP phone. We'll SSH into this thing. So the exploit that we'll be showing here is the 364 00:36:21,589 --> 00:36:28,259 same one that we showed 29 C 3 hacking Cisco phone. So if you want the details on that, 365 00:36:28,259 --> 00:36:31,020 please watch that video. You can find it on YouTube. 366 00:36:31,020 --> 00:36:38,020 Don't walk in front of the speaker. MICHAEL COSTELLO: And then the way that 367 00:36:44,829 --> 00:36:51,670 this demo works is that we have a file called p3wned in. It's the way we set response and 368 00:36:51,670 --> 00:36:58,670 we get access. The Cisco phone, we have one checksum is secure. But after we go through 369 00:36:59,210 --> 00:37:06,210 the phone, we run p3wn bin. We can then log into the phone. Please watch the video to 370 00:37:07,749 --> 00:37:12,979 seat details. We see the Symbiote detected the change we made. 371 00:37:12,979 --> 00:37:18,759 ANG CUI: And the checksum is changed. You can see the alarms coming periodically. We 372 00:37:18,759 --> 00:37:22,759 actually had to slow down the alarms coming from the phone, otherwise it would flood the 373 00:37:22,759 --> 00:37:27,690 screen. The alarms can come faster but for the sake of the demonstration we had to slow 374 00:37:27,690 --> 00:37:31,579 down the refresh rate a little bit. MICHAEL COSTELLO: Here we're just going 375 00:37:31,579 --> 00:37:36,589 to show the 2821 router because of the screen fore math. We're not going to be demonstrating 376 00:37:36,589 --> 00:37:43,589 that today. We made a small show to the show CDP neighbor command, in addition to showing 377 00:37:44,109 --> 00:37:49,609 our CDP neighbors, it makes the memory modification change that was part of the Barnaby function 378 00:37:49,609 --> 00:37:56,609 to bypass the authentication. If we run that here, we could see that the router 2821 checksum 379 00:37:57,640 --> 00:38:04,640 is changed and it's states p3wned as well. Let me see if I can bring up the printer quickly. 380 00:38:06,910 --> 00:38:11,559 ANG CUI: Do the 2821. MICHAEL COSTELLO: It's off the screen and 381 00:38:11,559 --> 00:38:14,730 can't see. ANG CUI: What you're looking at functionally 382 00:38:14,730 --> 00:38:19,170 equivalent devices, but these are very unique devices in the sense that the phone and the 383 00:38:19,170 --> 00:38:24,119 printer and the routers you've seen are literally the only ones of their kind in the universe 384 00:38:24,119 --> 00:38:28,650 that actually has host‑based defense in real‑time as the device is running that 385 00:38:28,650 --> 00:38:32,029 would allow you to have alert to tell you whether the phone, the printer, the router, 386 00:38:32,029 --> 00:38:37,099 has been exploited with approximately a hundred millisecond legacy. This is something that's 387 00:38:37,099 --> 00:38:42,499 never happened before. You folks are ‑‑ well, the very first people to actually see 388 00:38:42,499 --> 00:38:47,190 something like this. This is not something we developed specifically for a specific model 389 00:38:47,190 --> 00:38:52,739 of Cisco or a phone or a printer. This is generic technology that can be injected into 390 00:38:52,739 --> 00:38:57,460 legacy‑embedded devices without requiring any source code, any hardware modification. 391 00:38:57,460 --> 00:39:01,950 This is something that you can see in a car. You are speaking in a control that controls 392 00:39:01,950 --> 00:39:08,619 predator drone or the Mars recovery, the same operating system as the printer. 393 00:39:08,619 --> 00:39:14,339 MICHAEL COSTELLO: Okay. So here with the printer that has a very small proof of concept 394 00:39:14,339 --> 00:39:19,809 Symbiote running into it, we can use our command control rootkit that we had demonstrated earlier. 395 00:39:19,809 --> 00:39:26,809 If we write an image of Hello Kitty into it, the state should change. Sorry. There. So 396 00:39:38,960 --> 00:39:43,550 we made a change in memory to Symbiote to pick up on the checksum change. 397 00:39:43,550 --> 00:39:46,980 ANG CUI: Tada! (applause) 398 00:39:46,980 --> 00:39:53,980 ANG CUI: We accepted host‑based defense on desktop servers for a very long time now. 399 00:39:55,329 --> 00:39:58,839 We haven't really started thinking about ways of seriously defending embedded systems against 400 00:39:58,839 --> 00:40:02,579 this type of attack. So you've seen in the last few years that exploitation of these 401 00:40:02,579 --> 00:40:07,109 devices no longer a myth. It's no longer that hard that people aren't looking at it. 402 00:40:07,109 --> 00:40:13,759 Now, hopefully you saw here that the polyspecies propagation is also not a myth. You saw it 403 00:40:13,759 --> 00:40:19,019 live on stage. You saw a printer own a phone and malicious implants on routers, etc. so 404 00:40:19,019 --> 00:40:25,259 I think this is the real‑time that we need think of ways to getting this out, host‑based 405 00:40:25,259 --> 00:40:31,119 defense on the defenses that we use every single day in our offices, right, in our defensive 406 00:40:31,119 --> 00:40:38,119 networks, etc. So we have a few more minutes. I'm going to take Q&A in the pool. So we'll 407 00:40:38,220 --> 00:40:45,170 have some time for that. Before can we run the DDOS? Who wants to see a printer peg a 408 00:40:45,170 --> 00:40:47,650 2821 router? (applause) 409 00:40:47,650 --> 00:40:54,650 Let's do it. This is a lot of fun. So right now Mike is going to send the service attack 410 00:40:57,920 --> 00:41:04,920 command to the printer. What the printer will do is send as quickly as it can, a when the 411 00:41:07,819 --> 00:41:12,220 router sees that, it doesn't know what to do, and it gets all scared and the CPU goes 412 00:41:12,220 --> 00:41:19,220 all very high and bad things happen; right? ANG CUI: Tada! That's not good. You shouldn't 413 00:41:43,430 --> 00:41:50,430 have your router running at 98% CPU utilization. This is happening from a single printer. Imagine 414 00:41:51,349 --> 00:41:56,579 a printer and a phone. We show that next year. (laughter) 415 00:41:56,579 --> 00:42:00,849 That's our presentation. If you want to know more about Software Symbiote or our presentation, 416 00:42:00,849 --> 00:42:06,109 check out Red Balloon Security. We have all the academic papers that discuss exactly how 417 00:42:06,109 --> 00:42:11,259 this works, the performance constraints, the security promises and limitations of our technology 418 00:42:11,259 --> 00:42:16,690 and some demo videos, and of course the slide. I don't know if I have time to take questions. 419 00:42:16,690 --> 00:42:18,380 But Q&A area in the pool. (applause) 420 00:42:18,380 --> 00:42:19,839 MICHAEL COSTELLO: Probably it will be about 30 minutes. We'll pack up and go to the pool. 421 00:42:19,839 --> 00:42:22,290 Thank you very much.