[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:14.82,Default,,0000,0000,0000,,{\i1}34c3 intro{\i0}
Dialogue: 0,0:00:14.82,0:00:18.97,Default,,0000,0000,0000,,Herald: This is Audrey from California and
Dialogue: 0,0:00:18.97,0:00:26.82,Default,,0000,0000,0000,,she's from the University of California\NSanta Barbara, security lab, if I'm
Dialogue: 0,0:00:26.82,0:00:38.11,Default,,0000,0000,0000,,informed correctly, and it is about\Nautomated discovery of vulnerabilities in
Dialogue: 0,0:00:38.11,0:00:50.100,Default,,0000,0000,0000,,the Android bootloader. Wow, not really my\Nproblem but definitely Audrey's. So here
Dialogue: 0,0:00:50.100,0:00:57.49,Default,,0000,0000,0000,,we go. Please let's have a big hand for\NAudrey Dutcher. Thank you.
Dialogue: 0,0:00:57.49,0:01:07.04,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:07.04,0:01:11.05,Default,,0000,0000,0000,,Audrey: Good evening everybody. Today
Dialogue: 0,0:01:11.05,0:01:17.33,Default,,0000,0000,0000,,we're talking about Android boot loaders.\NAs a brief aside I didn't actually work on
Dialogue: 0,0:01:17.33,0:01:21.79,Default,,0000,0000,0000,,this work I just sit across from the\Npeople who worked on this work and I was
Dialogue: 0,0:01:21.79,0:01:26.66,Default,,0000,0000,0000,,the only one who could make it to Germany.\NI have, do work on some of the stuff that
Dialogue: 0,0:01:26.66,0:01:32.19,Default,,0000,0000,0000,,it depends on, so this is my field but\Nthis is not my project. Just brief
Dialogue: 0,0:01:32.19,0:01:41.01,Default,,0000,0000,0000,,disclaimer, thanks. So today we're talking\Nabout Android boot loaders. Phones are
Dialogue: 0,0:01:41.01,0:01:45.93,Default,,0000,0000,0000,,complicated, bootloaders are complicated,\Nprocessors are complicated and trying to
Dialogue: 0,0:01:45.93,0:01:50.74,Default,,0000,0000,0000,,get at the bottom of these is very\Ndifficult subject; if you ever done any
Dialogue: 0,0:01:50.74,0:01:55.30,Default,,0000,0000,0000,,homebrew kernel dev or homebrew retro-\Ngaming, you know that interacting with
Dialogue: 0,0:01:55.30,0:01:59.53,Default,,0000,0000,0000,,hardware is really complicated and trying\Nto do this in a phone, a system connected
Dialogue: 0,0:01:59.53,0:02:03.75,Default,,0000,0000,0000,,to a touchscreen and a modem and lots of\Ncomplicated, money sensitive things, it's
Dialogue: 0,0:02:03.75,0:02:10.58,Default,,0000,0000,0000,,really not, it's really complicated and -\Nbut every single one of you has one of has
Dialogue: 0,0:02:10.58,0:02:15.84,Default,,0000,0000,0000,,probably has a phone in your pocket and\Nall of these are immensely valuable
Dialogue: 0,0:02:15.84,0:02:21.50,Default,,0000,0000,0000,,targets for attacks, so we want to be able\Nto {\i1}inhales{\i0} detect bugs in them
Dialogue: 0,0:02:21.50,0:02:27.22,Default,,0000,0000,0000,,automatically, that's the name of the\Ngame. So the bootloader in a device: it
Dialogue: 0,0:02:27.22,0:02:31.81,Default,,0000,0000,0000,,takes - it's the it's the job of "oh,\Nwe've powered on, we need to get
Dialogue: 0,0:02:31.81,0:02:37.89,Default,,0000,0000,0000,,everything initialized", so we initialize\Nthe device and the peripherals and then
Dialogue: 0,0:02:37.89,0:02:43.68,Default,,0000,0000,0000,,the final the final gasp of breath of the\Nbootloader is to take the kernel and
Dialogue: 0,0:02:43.68,0:02:49.12,Default,,0000,0000,0000,,execute it. And the kernel obviously needs\Nto be loaded from storage somewhere. For
Dialogue: 0,0:02:49.12,0:02:53.83,Default,,0000,0000,0000,,Android specifically, this is what we\Nworked, on most Android devices are ARMs,
Dialogue: 0,0:02:53.83,0:02:56.83,Default,,0000,0000,0000,,there's no particular standard for what an\NARM bootloader should look like but the
Dialogue: 0,0:02:56.83,0:02:59.91,Default,,0000,0000,0000,,ARM people do give you some guidelines.\NThere's an open-source implementation of
Dialogue: 0,0:02:59.91,0:03:04.04,Default,,0000,0000,0000,,what a secure boot letter should look\Nlike. There are in fact several boot
Dialogue: 0,0:03:04.04,0:03:08.66,Default,,0000,0000,0000,,loaders on ARM, we'll go over this later.\NBut it's some mor- it's a complicated
Dialogue: 0,0:03:08.66,0:03:14.38,Default,,0000,0000,0000,,affair that needs to preserve several\Nsecurity properties along the way. And
Dialogue: 0,0:03:14.38,0:03:19.01,Default,,0000,0000,0000,,above all, the whole goal of this process\Nis to make sure that things are secure and
Dialogue: 0,0:03:19.01,0:03:26.05,Default,,0000,0000,0000,,to make sure the user data is protected.\NThat's what we're trying to do. Like we
Dialogue: 0,0:03:26.05,0:03:31.17,Default,,0000,0000,0000,,said the phones in your pockets are\Nvaluable targets. If you can attack the
Dialogue: 0,0:03:31.17,0:03:34.87,Default,,0000,0000,0000,,bootloader you can root you can roo- get a\Nrootkit on the device, which is even more
Dialogue: 0,0:03:34.87,0:03:40.45,Default,,0000,0000,0000,,powerful than just getting root on it. If\Nan attacker were to compromised your phone
Dialogue: 0,0:03:40.45,0:03:45.72,Default,,0000,0000,0000,,he could brick your device or establi- I\Ntalked about rootkits already but but
Dialogue: 0,0:03:45.72,0:03:50.89,Default,,0000,0000,0000,,additionally you might want to circumvent\Nthe security properties of your phone's
Dialogue: 0,0:03:50.89,0:03:56.93,Default,,0000,0000,0000,,bootloader in order to customize it:\Nrooting, jailbreaking. "Unlocking" is the
Dialogue: 0,0:03:56.93,0:04:04.53,Default,,0000,0000,0000,,key word in this situation.\NThe Android bootloader establishes
Dialogue: 0,0:04:04.53,0:04:10.65,Default,,0000,0000,0000,,cryptographic integrity over basically\Nwhat's happening at all times, so on your
Dialogue: 0,0:04:10.65,0:04:17.45,Default,,0000,0000,0000,,phone there is a master key and that will,\Nthat kno- that knows that it should only
Dialogue: 0,0:04:17.45,0:04:21.40,Default,,0000,0000,0000,,it should only run some code that has been\Nsigned with the key associated with the
Dialogue: 0,0:04:21.40,0:04:24.94,Default,,0000,0000,0000,,hardware and then the next stage of\Nbootloader has a key that it will verify
Dialogue: 0,0:04:24.94,0:04:28.50,Default,,0000,0000,0000,,that the next stage of the bootloader\Nhasn't been tampered with. And this is
Dialogue: 0,0:04:28.50,0:04:34.16,Default,,0000,0000,0000,,where we get the term "chain of trust",\Nwhere each part establishes "oh, I'm very
Dialogue: 0,0:04:34.16,0:04:38.72,Default,,0000,0000,0000,,very sure, cryptographically sure,\Nassuming RSA hasn't been broken yet, that
Dialogue: 0,0:04:38.72,0:04:44.57,Default,,0000,0000,0000,,the next bit of code is going to be doing\Nsomething that I authorized."
Dialogue: 0,0:04:44.57,0:04:48.94,Default,,0000,0000,0000,,Circumventing this is valuable, as we've\Ntalked about, phones have to have a way to
Dialogue: 0,0:04:48.94,0:04:56.47,Default,,0000,0000,0000,,buil- to do that built-in, unless you're\NApple, and but obviously protecting this
Dialogue: 0,0:04:56.47,0:05:02.60,Default,,0000,0000,0000,,mechanism from attackers is a point of\Ncontention, so really you need to make
Dialogue: 0,0:05:02.60,0:05:10.21,Default,,0000,0000,0000,,sure that only the real owner of the\Ndevice can actually unlock the phone. So
Dialogue: 0,0:05:10.21,0:05:16.40,Default,,0000,0000,0000,,wha- this project is about making is about\Ndiscovering vulnerabilities that let us
Dialogue: 0,0:05:16.40,0:05:20.11,Default,,0000,0000,0000,,circumvent this process, so the threat\Nmodel that we use for this project is that
Dialogue: 0,0:05:20.11,0:05:25.32,Default,,0000,0000,0000,,there is, the phone is rooted and the\Nattacker has this root control. This is
Dialogue: 0,0:05:25.32,0:05:32.06,Default,,0000,0000,0000,,pretty out there, no not that out there,\Nroot vulnerabilities exist, but it's it's
Dialogue: 0,0:05:32.06,0:05:35.72,Default,,0000,0000,0000,,enough to make you scoff "Oh what's the\Npoint of this", well, the security
Dialogue: 0,0:05:35.72,0:05:39.92,Default,,0000,0000,0000,,properties of the phone are supposed to\Nextend above the hypervisor level. It's,
Dialogue: 0,0:05:39.92,0:05:42.43,Default,,0000,0000,0000,,you're supposed to have these guarantees\Nthat things should always work, assuming
Dialogue: 0,0:05:42.43,0:05:47.51,Default,,0000,0000,0000,,the chain of trust works, regardless of\Nwhat how what's happening in the kernel.
Dialogue: 0,0:05:48.94,0:05:54.65,Default,,0000,0000,0000,,So today we are going to be talking about\NBootStomp, which is a tool that
Dialogue: 0,0:05:54.65,0:05:59.60,Default,,0000,0000,0000,,automatically verifies these properties\Nand discovers bugs. I'm going a little
Dialogue: 0,0:05:59.60,0:06:04.31,Default,,0000,0000,0000,,slow, I'll speed up.\NSo first of the booting process in Android
Dialogue: 0,0:06:04.31,0:06:09.08,Default,,0000,0000,0000,,ecosystems is pretty complicated and\Nmulti-stage; there is the there's the base
Dialogue: 0,0:06:09.08,0:06:13.25,Default,,0000,0000,0000,,bootloader BL1, which loads and verifies\Nanother bootloader, which loads and
Dialogue: 0,0:06:13.25,0:06:17.26,Default,,0000,0000,0000,,verifies another bootloader and this is\Nimportant, because the first on's in a ROM
Dialogue: 0,0:06:17.26,0:06:22.71,Default,,0000,0000,0000,,and is very small and the second one is\Nprobably going, is probably by the
Dialogue: 0,0:06:22.71,0:06:27.26,Default,,0000,0000,0000,,hardware vendor and the third one is\Nprobably by the OS vendor, for example,
Dialogue: 0,0:06:27.26,0:06:33.25,Default,,0000,0000,0000,,and they all need to do different things.\NSo the important part here is these EL
Dialogue: 0,0:06:33.25,0:06:37.39,Default,,0000,0000,0000,,things; those are the ARM exception\Nlevels, which are basically the global
Dialogue: 0,0:06:37.39,0:06:42.30,Default,,0000,0000,0000,,permission levels for an android\Nprocessor. The EL3 is basically the god
Dialogue: 0,0:06:42.30,0:06:45.50,Default,,0000,0000,0000,,mode. There's EL2 for hypervisors, it\Nisn't in this chart, there's EL1, which is
Dialogue: 0,0:06:45.50,0:06:50.79,Default,,0000,0000,0000,,the kernel and the EL0, which is user\Nspace. So when we boot you're obviously in
Dialogue: 0,0:06:50.79,0:06:53.77,Default,,0000,0000,0000,,the highest execution level and gradually,\Nas we establish more and more
Dialogue: 0,0:06:53.77,0:06:59.20,Default,,0000,0000,0000,,initialization of the device, we're going\Nto cede control to less privileged
Dialogue: 0,0:06:59.20,0:07:04.95,Default,,0000,0000,0000,,components, so the bootloader is operate\Nvery privilegededly and one of the things
Dialogue: 0,0:07:04.95,0:07:10.63,Default,,0000,0000,0000,,they need to do is establish what's, the\NARM trust zone, the trusted execution
Dialogue: 0,0:07:10.63,0:07:18.61,Default,,0000,0000,0000,,environment that lets people do really\Nsecure things on Android phones.
Dialogue: 0,0:07:18.61,0:07:25.71,Default,,0000,0000,0000,,That's, this is something that is set up\Nby built by the BL31 bootloader and in
Dialogue: 0,0:07:25.71,0:07:29.27,Default,,0000,0000,0000,,secure world you need to do things like\Nestablish, initialize hardware and
Dialogue: 0,0:07:29.27,0:07:34.04,Default,,0000,0000,0000,,peripherals and in the non secure world\Nyou're norm- you're running like the
Dialogue: 0,0:07:34.04,0:07:38.57,Default,,0000,0000,0000,,normal kernel and the normal users apps.\NAnd on some phones you actually have a
Dialogue: 0,0:07:38.57,0:07:45.70,Default,,0000,0000,0000,,final bootloader, which runs in EL1, BL33\Nor the aboot executable and that's the
Dialogue: 0,0:07:45.70,0:07:52.91,Default,,0000,0000,0000,,that's the one that we're generally\Ntargeting for for this stuff. So this is
Dialogue: 0,0:07:52.91,0:07:55.69,Default,,0000,0000,0000,,what I was talking about the chain of\Ntrust: each of those arrows represents
Dialogue: 0,0:07:55.69,0:08:00.36,Default,,0000,0000,0000,,cryptographic integrity, so the next stage\Nonly gets loaded if there's a valid
Dialogue: 0,0:08:00.36,0:08:09.42,Default,,0000,0000,0000,,signature indicating that we really trust\Nwhat's going on here. And that's the
Dialogue: 0,0:08:09.42,0:08:13.73,Default,,0000,0000,0000,,unlocking process that we were talking\Nabout; if you, the verified, physical
Dialogue: 0,0:08:13.73,0:08:18.21,Default,,0000,0000,0000,,owner of the device, wants to you can\Ndisable that last bit and cause and allow
Dialogue: 0,0:08:18.21,0:08:21.89,Default,,0000,0000,0000,,untrusted code to run as the kernel.\NThat's totally fine, if you own the
Dialogue: 0,0:08:21.89,0:08:27.77,Default,,0000,0000,0000,,device.\NThe unlocking process is supposed to
Dialogue: 0,0:08:27.77,0:08:30.85,Default,,0000,0000,0000,,really specifically verify these two\Nthings: that you have physical access to
Dialogue: 0,0:08:30.85,0:08:37.80,Default,,0000,0000,0000,,the device and that you actually own it,\Nlike you know the pin to it, that's what
Dialogue: 0,0:08:37.80,0:08:46.05,Default,,0000,0000,0000,,establishes ownership of our device.And so\Nspecifically when you when you go through
Dialogue: 0,0:08:46.05,0:08:51.43,Default,,0000,0000,0000,,that process it does set some specific\Nflags on your persistent storage, saying
Dialogue: 0,0:08:51.43,0:08:57.57,Default,,0000,0000,0000,,this is an unlocked device now, you can do\Nwhatever but making sure that that can
Dialogue: 0,0:08:57.57,0:09:05.01,Default,,0000,0000,0000,,only happen when it's authorized is the\Npoint of contention here. It should, the,
Dialogue: 0,0:09:05.01,0:09:09.45,Default,,0000,0000,0000,,typically what happens is this security\Nstate is itself cryptographically signed,
Dialogue: 0,0:09:09.45,0:09:15.10,Default,,0000,0000,0000,,so you can't just set unlocked, you have\Nto set unlocked but signed by the people
Dialogue: 0,0:09:15.10,0:09:22.53,Default,,0000,0000,0000,,that we really trust. And but but\Ngenerally you probably shouldn't be able
Dialogue: 0,0:09:22.53,0:09:30.90,Default,,0000,0000,0000,,to write to it just from the normal user\Nspace. So the question is: we saw that the
Dialogue: 0,0:09:30.90,0:09:34.94,Default,,0000,0000,0000,,operating system is separate from the\Nbootloader. So what we want to be able to
Dialogue: 0,0:09:34.94,0:09:40.12,Default,,0000,0000,0000,,do is get from the Android OS to affecting\Nthe, to the bootloader. And can this
Dialogue: 0,0:09:40.12,0:09:48.14,Default,,0000,0000,0000,,happen? Well, of course, that's why we're\Nhere. So the, let's see. Oh I didn't
Dialogue: 0,0:09:48.14,0:09:52.47,Default,,0000,0000,0000,,realize there were animations on the\Nslides, that's unfortunate. So this is
Dialogue: 0,0:09:52.47,0:09:59.42,Default,,0000,0000,0000,,sort of the normal flow chart of how these\Nthings normally come about.
Dialogue: 0,0:09:59.42,0:10:03.59,Default,,0000,0000,0000,,You've got the bootloader, which has to\Nread from persistent storage in order to
Dialogue: 0,0:10:03.59,0:10:07.46,Default,,0000,0000,0000,,initialize the operating system. Like, of\Ncourse you have to read, for example,
Dialogue: 0,0:10:07.46,0:10:11.14,Default,,0000,0000,0000,,whether or not the device is unlocked, you\Nhave to load the kernel itself. There are
Dialogue: 0,0:10:11.14,0:10:17.01,Default,,0000,0000,0000,,lots of inputs to the bootloader and\Nintuition is that the bootloader is, these
Dialogue: 0,0:10:17.01,0:10:22.55,Default,,0000,0000,0000,,just serve as normal inputs to a program,\Nwhich can be analyzed for vulnerabilities.
Dialogue: 0,0:10:22.55,0:10:30.87,Default,,0000,0000,0000,,Oh lord, this is a mess. So so from the\NOS, you're allowed to, you ha- if you have
Dialogue: 0,0:10:30.87,0:10:35.88,Default,,0000,0000,0000,,root privileges in the operating system\Nyou can write to this persistent storage,
Dialogue: 0,0:10:35.88,0:10:46.92,Default,,0000,0000,0000,,which means that you have that this serves\Nas another input to the bootloader and
Dialogue: 0,0:10:46.92,0:10:53.18,Default,,0000,0000,0000,,this can cause bad things to happen. So we\Nneed some sort of tool, it's the point of
Dialogue: 0,0:10:53.18,0:10:58.19,Default,,0000,0000,0000,,this project, to automatically verify the\Nsafety properties of these boot loaders.
Dialogue: 0,0:10:58.19,0:11:04.48,Default,,0000,0000,0000,,That's BootStomp. Bootloaders are\Ncomplicated. There's a lot of stuff, which
Dialogue: 0,0:11:04.48,0:11:08.48,Default,,0000,0000,0000,,means you have to automate - the analysis\Nhas to be automated in order to really
Dialogue: 0,0:11:08.48,0:11:11.100,Default,,0000,0000,0000,,sift through something as big and\Ncomplicated as a bootloader, with the care
Dialogue: 0,0:11:11.100,0:11:16.86,Default,,0000,0000,0000,,necessary to actually find bugs that are\Nsitting there.
Dialogue: 0,0:11:16.86,0:11:20.31,Default,,0000,0000,0000,,And but these things aren't usually things\Nthat you have source code for, so it needs
Dialogue: 0,0:11:20.31,0:11:25.42,Default,,0000,0000,0000,,to be a binary analysis and furthermore\Nyou can't really do a dynamic execution on
Dialogue: 0,0:11:25.42,0:11:29.68,Default,,0000,0000,0000,,something that needs to run on the highest\Nprivilege level of a processor, so you
Dialogue: 0,0:11:29.68,0:11:33.39,Default,,0000,0000,0000,,have to have your - step back - and it has\Nto be static as well. And furthermore this
Dialogue: 0,0:11:33.39,0:11:37.50,Default,,0000,0000,0000,,needs to be a fully free-standing analysis\Nthat doesn't assume anything other than
Dialogue: 0,0:11:37.50,0:11:42.08,Default,,0000,0000,0000,,"oh, we're executing code on a system",\Nbecause there's no known syscalls or API's
Dialogue: 0,0:11:42.08,0:11:46.96,Default,,0000,0000,0000,,to checkpoint process or say "oh, we know\Nwhat this means, we don't really have to
Dialogue: 0,0:11:46.96,0:11:56.07,Default,,0000,0000,0000,,analyze it." So it's a tall order but you\Ncan do it with enough work. So BootStomp
Dialogue: 0,0:11:56.07,0:12:02.97,Default,,0000,0000,0000,,specifically is the tool that we built. It\Nwill automatically detect these inputs,
Dialogue: 0,0:12:02.97,0:12:09.87,Default,,0000,0000,0000,,that we talked about, to the bootloader\Nand then it will determine if these inputs
Dialogue: 0,0:12:09.87,0:12:14.05,Default,,0000,0000,0000,,can be used to compromise various security\Nproperties of the device.
Dialogue: 0,0:12:14.05,0:12:20.05,Default,,0000,0000,0000,,One such example is if you can use this to\Njust achieve memory corruption for example
Dialogue: 0,0:12:20.05,0:12:27.65,Default,,0000,0000,0000,,or more abstract forms of vulnerability,\Nsuch as code flows that will result in
Dialogue: 0,0:12:27.65,0:12:33.32,Default,,0000,0000,0000,,unwanted data being written by the more\Nprivileged bootloader somewhere. And the
Dialogue: 0,0:12:33.32,0:12:39.52,Default,,0000,0000,0000,,important thing about this analysis is\Nthat its results are easily verifiable and
Dialogue: 0,0:12:39.52,0:12:44.97,Default,,0000,0000,0000,,traceable and it's very easy to like look\Nat the outputs and say "oh, well, this is
Dialogue: 0,0:12:44.97,0:12:48.58,Default,,0000,0000,0000,,what's happening and this is why I think\Nthis happened and therefore I can
Dialogue: 0,0:12:48.58,0:12:59.29,Default,,0000,0000,0000,,reproduce this, possibly?" This happens\Nthrough symbolic taint analysis. This is
Dialogue: 0,0:12:59.29,0:13:05.55,Default,,0000,0000,0000,,the part that I know about, because I work\Non angr, which is the symbolic execution
Dialogue: 0,0:13:05.55,0:13:11.21,Default,,0000,0000,0000,,analysis static analysis tool that\Nbootstomp uses in order to do its taint
Dialogue: 0,0:13:11.21,0:13:18.91,Default,,0000,0000,0000,,analysis. That taint analysis of all\Nexecution are kind of loaded words, so
Dialogue: 0,0:13:18.91,0:13:24.26,Default,,0000,0000,0000,,this is what specifically is meant is that\Nwhen we discover these sources and sinks
Dialogue: 0,0:13:24.26,0:13:28.79,Default,,0000,0000,0000,,of behavior, through person particularly\Nstatic static analysis and some
Dialogue: 0,0:13:28.79,0:13:32.04,Default,,0000,0000,0000,,heuristics, of course. And then we\Npropagate these taints through symbolic
Dialogue: 0,0:13:32.04,0:13:35.32,Default,,0000,0000,0000,,execution, while maintaining tractability.\NAnd notice wherever
Dialogue: 0,0:13:35.32,0:13:39.85,Default,,0000,0000,0000,,we meet wherever we can find pause from\Ntaint sources to behaviors sinks that we
Dialogue: 0,0:13:39.85,0:13:47.42,Default,,0000,0000,0000,,think are vulnerable. Specifically, we\Nthink these these behavior sinks are
Dialogue: 0,0:13:47.42,0:13:51.89,Default,,0000,0000,0000,,vulnerable behavior if you can arbitrarily\Nwrite to memory, or read from memory.
Dialogue: 0,0:13:51.89,0:13:55.04,Default,,0000,0000,0000,,Like, really arbitrary, if there's a\Npointer which is controlled by user input
Dialogue: 0,0:13:55.04,0:13:59.98,Default,,0000,0000,0000,,- memory corruption stuff. And\Nadditionally, if you can control loop
Dialogue: 0,0:13:59.98,0:14:04.45,Default,,0000,0000,0000,,iterations through your input, that\Nindicates the denial of service attack.
Dialogue: 0,0:14:04.45,0:14:11.82,Default,,0000,0000,0000,,And finally, the unlocking mechanism, the\Nbootloader unlocking mechanism, if there
Dialogue: 0,0:14:11.82,0:14:18.27,Default,,0000,0000,0000,,is if we can detect specific code paths\Nwhich indicate bypasses - those are
Dialogue: 0,0:14:18.27,0:14:25.91,Default,,0000,0000,0000,,valuable. So, yeah, so this is the\Nspecific architecture of the tool. There
Dialogue: 0,0:14:25.91,0:14:31.29,Default,,0000,0000,0000,,are the two main modules one which is\Nwritten as an IDA analysis. You know, the
Dialogue: 0,0:14:31.29,0:14:35.21,Default,,0000,0000,0000,,big tool that everyone probably doesn't\Npay enough money for. And then there's the
Dialogue: 0,0:14:35.21,0:14:41.83,Default,,0000,0000,0000,,other component written in angr which is\Nthe symbolic change analysis. And this is
Dialogue: 0,0:14:41.83,0:14:51.85,Default,,0000,0000,0000,,probably the point where I break out of\Nhere and actually start the live demo.
Dialogue: 0,0:14:51.85,0:14:58.67,Default,,0000,0000,0000,,That's big enough.\NOkay, so we're working on a Huawei boot
Dialogue: 0,0:14:58.67,0:15:07.10,Default,,0000,0000,0000,,image here, the fastboot image. We're\Ngoing to load it up in IDA real quick. So
Dialogue: 0,0:15:07.10,0:15:14.69,Default,,0000,0000,0000,,here, IDA has understands, oh this is what\Nthe executable is. So if we just sort of
Dialogue: 0,0:15:14.69,0:15:23.82,Default,,0000,0000,0000,,run the initial script, find taints, it'll\Nthink real hard for a little bit. There's
Dialogue: 0,0:15:23.82,0:15:27.20,Default,,0000,0000,0000,,no real reason this couldn't if it's part\Ncouldn't have been done an angr or binary
Dialogue: 0,0:15:27.20,0:15:33.58,Default,,0000,0000,0000,,ninja or r2 or (???), god forbid. But,\Nthis is a collaborative project if you saw
Dialogue: 0,0:15:33.58,0:15:36.97,Default,,0000,0000,0000,,the huge author list and people write\Nstuff and whatever they're comfortable
Dialogue: 0,0:15:36.97,0:15:41.86,Default,,0000,0000,0000,,with. So it's IDA in this case.\NRealistically, because this is just a
Dialogue: 0,0:15:41.86,0:15:46.84,Default,,0000,0000,0000,,binary blob when you load it in IDA it\Ndoesn't immediately know where everything
Dialogue: 0,0:15:46.84,0:15:54.47,Default,,0000,0000,0000,,is, so you have to sort of nudge it into..\Noh here's where all the functions are.
Dialogue: 0,0:15:54.47,0:16:05.40,Default,,0000,0000,0000,,Okay, we finished, and what it's done is: \Nwe've got this taint source sync dot txt
Dialogue: 0,0:16:05.40,0:16:12.23,Default,,0000,0000,0000,,which shows us, "oh, here are all the sources\Nof tainted information, and here's a few of
Dialogue: 0,0:16:12.23,0:16:16.46,Default,,0000,0000,0000,,the sinks that we established." Obviously\Nyou don't need a sink analysis to
Dialogue: 0,0:16:16.46,0:16:20.12,Default,,0000,0000,0000,,determine if you've got memory corruption\Nor not but we like knowing where the
Dialogue: 0,0:16:20.12,0:16:23.81,Default,,0000,0000,0000,,writes to persistent storage are and where\Nall the specifically the memcopy functions
Dialogue: 0,0:16:23.81,0:16:35.21,Default,,0000,0000,0000,,are valuable for analysis. And then, if we\Nrun our taint analysis bootloader, taint
Dialogue: 0,0:16:35.21,0:16:38.76,Default,,0000,0000,0000,,on the - oh this configuration file is\Nreal simple. It just says, "oh here's what
Dialogue: 0,0:16:38.76,0:16:42.04,Default,,0000,0000,0000,,we're analyzing: it's a 64-bit\Narchitecture, don't bother analyzing thumb
Dialogue: 0,0:16:42.04,0:16:51.99,Default,,0000,0000,0000,,mode, etc cetera, simple stuff." And it'll\Ndo this for about 20 minutes. Uh, config;
Dialogue: 0,0:16:51.99,0:16:57.63,Default,,0000,0000,0000,,and it'll do this for about 20 minutes. I\Nhope it finishes before the demo is over.
Dialogue: 0,0:16:57.63,0:17:05.78,Default,,0000,0000,0000,,If not, I'll do some magic and we'll a\Npre-prepared solution. But, so, we talked
Dialogue: 0,0:17:05.78,0:17:09.58,Default,,0000,0000,0000,,about these seeds there used the the seeds\Nfor our taint analysis or for our
Dialogue: 0,0:17:09.58,0:17:17.50,Default,,0000,0000,0000,,persistent storage. And that I used by the\Nunlocking procedure. So the heuristics I
Dialogue: 0,0:17:17.50,0:17:21.37,Default,,0000,0000,0000,,was talking about - we want to identify\Nthe reads from persistent storage through
Dialogue: 0,0:17:21.37,0:17:26.05,Default,,0000,0000,0000,,log messages, keyword keyword analysis and\Nlong distances. So the eMMC is this is a
Dialogue: 0,0:17:26.05,0:17:29.69,Default,,0000,0000,0000,,specific memory module used by \Nthe bootloader for secure purposes. And
Dialogue: 0,0:17:29.69,0:17:34.81,Default,,0000,0000,0000,,just it's the persistent storage device\Nbasically. And you can identify these log
Dialogue: 0,0:17:34.81,0:17:39.50,Default,,0000,0000,0000,,messages and then we just do a diff -u\Nanalysis back from the guard condition on
Dialogue: 0,0:17:39.50,0:17:44.33,Default,,0000,0000,0000,,that block to its source and you say, "oh\Nthat function must be the read." It's
Dialogue: 0,0:17:44.33,0:17:52.15,Default,,0000,0000,0000,,pretty simple. It works surprisingly\Noften. Of course, if this isn't enough you
Dialogue: 0,0:17:52.15,0:17:56.32,Default,,0000,0000,0000,,can just manually analyze the firmware and\Nprovide, "oh here's where we read from
Dialogue: 0,0:17:56.32,0:17:58.17,Default,,0000,0000,0000,,persistent storage, here's what you\Nshould taint."
Dialogue: 0,0:18:07.90,0:18:11.60,Default,,0000,0000,0000,,Cool. So the taint
Dialogue: 0,0:18:11.60,0:18:15.20,Default,,0000,0000,0000,,analysis: our taints are specifically\Nsy-- this is specifically symbolic taint
Dialogue: 0,0:18:15.20,0:18:19.81,Default,,0000,0000,0000,,analysis so it's not just like what Triton\Ndoes where you've got a concrete value
Dialogue: 0,0:18:19.81,0:18:25.16,Default,,0000,0000,0000,,that has metadata attached. This is a real\Nsymbol being used for symbolic execution.
Dialogue: 0,0:18:25.16,0:18:29.80,Default,,0000,0000,0000,,If you're not familiar with symbolic\Nexecution, it's a if it's a form of static
Dialogue: 0,0:18:29.80,0:18:38.33,Default,,0000,0000,0000,,analysis in which you emulate the code,\Nbut instead of having the values for some
Dialogue: 0,0:18:38.33,0:18:41.17,Default,,0000,0000,0000,,of things you can just have symbols. And\Nthen when you perform operation on those
Dialogue: 0,0:18:41.17,0:18:46.45,Default,,0000,0000,0000,,symbols you construct an abstract syntax\Ntree of the behavior. And then when you
Dialogue: 0,0:18:46.45,0:18:52.25,Default,,0000,0000,0000,,run into branch conditions based on those\Nthings you can say, "oh, well, in order to
Dialogue: 0,0:18:52.25,0:19:00.42,Default,,0000,0000,0000,,get from point A to point B this\Nconstraint must be satisfied." And of
Dialogue: 0,0:19:00.42,0:19:05.47,Default,,0000,0000,0000,,course, now you can just add z3 and stir\Nand you have passed the inputs to generate
Dialogue: 0,0:19:05.47,0:19:12.23,Default,,0000,0000,0000,,paths to the program. So for the sinks of\Nthe taint analysis, we want we wants to
Dialogue: 0,0:19:12.23,0:19:18.96,Default,,0000,0000,0000,,say, "oh, if tainted data come comes into\Nand is is the argument to memcpy then
Dialogue: 0,0:19:18.96,0:19:23.22,Default,,0000,0000,0000,,that's a vulnerability." I don't mean\Nlike, it's the I don't mean like, the
Dialogue: 0,0:19:23.22,0:19:28.06,Default,,0000,0000,0000,,taint data is the subject of memcopy, like\Nit's one of the values passed to memcpy.
Dialogue: 0,0:19:28.06,0:19:33.55,Default,,0000,0000,0000,,That's a memory corruption vulnerability\Ngenerally. Yeah, we talked about memory
Dialogue: 0,0:19:33.55,0:19:36.41,Default,,0000,0000,0000,,corruption, and we talked about loop\Nconditions, and we talked about writes to
Dialogue: 0,0:19:36.41,0:19:41.22,Default,,0000,0000,0000,,persistent storage with the unlocking\Nstuff. Cool. For taint checking
Dialogue: 0,0:19:41.22,0:19:46.43,Default,,0000,0000,0000,,specifically -- oh this is exactly what I\Njust said. Yeah, and part and what I was
Dialogue: 0,0:19:46.43,0:19:50.48,Default,,0000,0000,0000,,talking about with the symbolic predicates\Nand trace analysis means
Dialogue: 0,0:19:50.48,0:19:54.13,Default,,0000,0000,0000,,that when you see something, \Nyou automatically have
Dialogue: 0,0:19:54.13,0:20:00.35,Default,,0000,0000,0000,,the input that will generate that\Nbehavior. So the output is inherently
Dialogue: 0,0:20:00.35,0:20:06.17,Default,,0000,0000,0000,,traceable. Unfortunately, symbolic\Nexecution has some issues. I was actually
Dialogue: 0,0:20:06.17,0:20:12.38,Default,,0000,0000,0000,,at CCC two years ago talking about the\Nexact same problem. You have this problem
Dialogue: 0,0:20:12.38,0:20:18.76,Default,,0000,0000,0000,,where, oh, you generate paths between\Ndifferent between different states and
Dialogue: 0,0:20:18.76,0:20:24.21,Default,,0000,0000,0000,,there can be too many of them. It\Noverwhelms your analysis. So you can use
Dialogue: 0,0:20:24.21,0:20:29.27,Default,,0000,0000,0000,,some heuristics to say, "oh, we don't want\Nto we can; because it's the static
Dialogue: 0,0:20:29.27,0:20:34.05,Default,,0000,0000,0000,,analysis we have a more powerful step over\Nthan what a debugger can do." We don't
Dialogue: 0,0:20:34.05,0:20:37.34,Default,,0000,0000,0000,,have to actually analyze the function, we\Ncan just take the instruction pointer and
Dialogue: 0,0:20:37.34,0:20:43.59,Default,,0000,0000,0000,,move it over there. And, this does cause\Nsome unsoundness, but it's not a problem
Dialogue: 0,0:20:43.59,0:20:49.04,Default,,0000,0000,0000,,if you like make sure that the arguments\Naren't tainted, for example. Or sometimes
Dialogue: 0,0:20:49.04,0:20:53.91,Default,,0000,0000,0000,,you just accept the unsoundness as part of\Nthe tractability of the problem. Limit
Dialogue: 0,0:20:53.91,0:20:58.52,Default,,0000,0000,0000,,loop operation: that's classic technique\Nfrom static analysis. And the time out, of
Dialogue: 0,0:20:58.52,0:21:05.61,Default,,0000,0000,0000,,course. So, what are the bugs we found? We\Nevaluated this on four boot loaders and we
Dialogue: 0,0:21:05.61,0:21:15.09,Default,,0000,0000,0000,,found several bugs. Six of which were zero\Ndays. So that's pretty good. It's like,
Dialogue: 0,0:21:15.09,0:21:18.98,Default,,0000,0000,0000,,okay, so you found some bugs but it could\Njust be you; oh there are some errors and
Dialogue: 0,0:21:18.98,0:21:22.88,Default,,0000,0000,0000,,an initialization that don't really\Nmatter. But on the other hand you can
Dialogue: 0,0:21:22.88,0:21:31.67,Default,,0000,0000,0000,,crash it 41 41 41. That's pretty serious.\NSo as we saw, some of the bootloader is
Dialogue: 0,0:21:31.67,0:21:35.71,Default,,0000,0000,0000,,like do work in ARM EL3 so this is pretty\Nsignificant. You can do whatever you want
Dialogue: 0,0:21:35.71,0:21:39.92,Default,,0000,0000,0000,,in the device if you actually have\Nsufficient control over it. This is
Dialogue: 0,0:21:39.92,0:21:47.67,Default,,0000,0000,0000,,rootkit territory. You could break\Nanything you wanted. Then there's another
Dialogue: 0,0:21:47.67,0:21:52.12,Default,,0000,0000,0000,,component in the analysis that says, "can\Nwe'd find bypasses to the unlocking
Dialogue: 0,0:21:52.12,0:21:57.86,Default,,0000,0000,0000,,procedure." For example, this is this is\Nbasically one of the ones that we found:
Dialogue: 0,0:21:57.86,0:22:03.89,Default,,0000,0000,0000,,it's so it says boots on detected this,\Nthis flow from data that was read from the
Dialogue: 0,0:22:03.89,0:22:09.44,Default,,0000,0000,0000,,device to data that was written to the\Ndevice, and what this code is supposed to
Dialogue: 0,0:22:09.44,0:22:12.88,Default,,0000,0000,0000,,do -- do I have animations? yes --it's\Nsupposed to,
Dialogue: 0,0:22:12.88,0:22:15.46,Default,,0000,0000,0000,,like, take some input\Nand verify that it hashes
Dialogue: 0,0:22:15.46,0:22:20.13,Default,,0000,0000,0000,,to a certain value. And if so, hash\Nthat value and write it back to disk, and
Dialogue: 0,0:22:20.13,0:22:27.11,Default,,0000,0000,0000,,that constitutes the cryptographically\Nsecure unlocking thing. However, the thing
Dialogue: 0,0:22:27.11,0:22:32.74,Default,,0000,0000,0000,,that we write to is compared to the\Nidentical to the thing that was read from
Dialogue: 0,0:22:32.74,0:22:39.79,Default,,0000,0000,0000,,the disk. So you can just; the thing that\Nboots on purported was the code flow from
Dialogue: 0,0:22:39.79,0:22:43.99,Default,,0000,0000,0000,,the disk backs the disk indicating that if\Nyou can read from the disk, you know how
Dialogue: 0,0:22:43.99,0:22:53.19,Default,,0000,0000,0000,,to produce the thing that will unlock the\Nphone. So this isn't secure. Mitigations.
Dialogue: 0,0:22:53.19,0:22:59.44,Default,,0000,0000,0000,,So, the thing that Google does in order to\Nprevent attacks of this class is that the
Dialogue: 0,0:22:59.44,0:23:04.42,Default,,0000,0000,0000,,key ness is the secure encryption key that\Nunlocked, that decrypts the like userland
Dialogue: 0,0:23:04.42,0:23:13.46,Default,,0000,0000,0000,,data is, has embedded in it the unlock\Nstate. So clearly, if you change the
Dialogue: 0,0:23:13.46,0:23:17.46,Default,,0000,0000,0000,,unlock state you brick the entire phone.\NWell, not brick, but have to reset it have
Dialogue: 0,0:23:17.46,0:23:27.44,Default,,0000,0000,0000,,to lose all your data. That's still not\Nreally good enough but realistically we
Dialogue: 0,0:23:27.44,0:23:32.95,Default,,0000,0000,0000,,should probably be using a more trusted\Nform of storage that's not just the normal
Dialogue: 0,0:23:32.95,0:23:36.81,Default,,0000,0000,0000,,normal partitions in the SD card in order\Nto just sort of store this state. It
Dialogue: 0,0:23:36.81,0:23:41.49,Default,,0000,0000,0000,,should probably be part of the eMMC, or\Nspecifically the replay protected memory
Dialogue: 0,0:23:41.49,0:23:46.79,Default,,0000,0000,0000,,block which uses cryptographic mechanisms\Nto synchronize the, what's it called,
Dialogue: 0,0:23:46.79,0:23:55.27,Default,,0000,0000,0000,,synchronize this writes to the memory with\Nthe authenticated process. And so that
Dialogue: 0,0:23:55.27,0:23:58.27,Default,,0000,0000,0000,,would make that would make sure that\Nonly the bootloader could unlock it. But
Dialogue: 0,0:23:58.27,0:24:01.79,Default,,0000,0000,0000,,of course that wouldn't protect against\Nmemory corruption vulnerabilities and
Dialogue: 0,0:24:01.79,0:24:04.78,Default,,0000,0000,0000,,there's nothing really to be said about\Nthat other than, "hey, this is a serious
Dialogue: 0,0:24:04.78,0:24:11.97,Default,,0000,0000,0000,,problem." In conclusion, all these bugs\Nhave been reported, most of them have been
Dialogue: 0,0:24:11.97,0:24:17.99,Default,,0000,0000,0000,,fixed. As far as I'm aware this is the\Nfirst study to really explore and
Dialogue: 0,0:24:17.99,0:24:22.31,Default,,0000,0000,0000,,develop analyses for Android boot loaders\Nand in it we developed an automated
Dialogue: 0,0:24:22.31,0:24:26.75,Default,,0000,0000,0000,,technique to analyze boot loaders with\Ntractable alerts. I found six 0days in
Dialogue: 0,0:24:26.75,0:24:32.41,Default,,0000,0000,0000,,various boot loaders and our\Nimplementation is open source. I will be
Dialogue: 0,0:24:32.41,0:24:34.96,Default,,0000,0000,0000,,taking questions, thank you for listening.
Dialogue: 0,0:24:34.96,0:24:43.95,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:24:43.95,0:24:46.11,Default,,0000,0000,0000,,Herald: That was quite amazing.
Dialogue: 0,0:24:49.77,0:24:53.12,Default,,0000,0000,0000,,Okay we'll be taking some \Nquestions from people
Dialogue: 0,0:24:53.12,0:24:56.89,Default,,0000,0000,0000,,that understood exactly\Nwhat it was all about. Yes
Dialogue: 0,0:24:56.89,0:24:59.11,Default,,0000,0000,0000,,I see somebody walking up to microphone\None.
Dialogue: 0,0:24:59.11,0:25:02.39,Default,,0000,0000,0000,,Mic 1: Thank you very much for talk--\N
Dialogue: 0,0:25:02.39,0:25:04.81,Default,,0000,0000,0000,,Herald: Are you talking the mic otherwise\Nwe can't record it.
Dialogue: 0,0:25:04.81,0:25:06.96,Default,,0000,0000,0000,,Mic 1: Okay, thank you very much for that
Dialogue: 0,0:25:06.96,0:25:11.66,Default,,0000,0000,0000,,work, that was really cool. Your mystic\Ninvestigations didn't include devicing the
Dialogue: 0,0:25:11.66,0:25:16.29,Default,,0000,0000,0000,,code better. Do you think it's possible to\Nwrite the code so that your tools can
Dialogue: 0,0:25:16.29,0:25:21.35,Default,,0000,0000,0000,,analyze it and maybe it would be secure?\NOr not yet?
Dialogue: 0,0:25:21.35,0:25:28.24,Default,,0000,0000,0000,,Audrey: Well, there's certainly things to\Nbe said for having things in open source,
Dialogue: 0,0:25:28.24,0:25:33.36,Default,,0000,0000,0000,,because necessarily doing analysis on\Nsource code is a much more, a much better
Dialogue: 0,0:25:33.36,0:25:41.25,Default,,0000,0000,0000,,defined field than the than doing analysis\Non binary code. Additionally, you can
Dialogue: 0,0:25:41.25,0:25:48.01,Default,,0000,0000,0000,,write your stuff in languages there is\Nsafer than C. I don't know if it's, I
Dialogue: 0,0:25:48.01,0:25:55.52,Default,,0000,0000,0000,,didn't know if it's safe to talk about\Nrust yet, but rust is cool. Yeah, there's
Dialogue: 0,0:25:55.52,0:26:00.76,Default,,0000,0000,0000,,lots of things that you can do. I just\Nrealized I didn't show off; I didn't show
Dialogue: 0,0:26:00.76,0:26:05.82,Default,,0000,0000,0000,,off the still running, the analysis: the\Nautomated results. It did not finish in
Dialogue: 0,0:26:05.82,0:26:12.82,Default,,0000,0000,0000,,time so I will run some magic, and now we\Nhave some results. Which..
Dialogue: 0,0:26:12.82,0:26:19.43,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:26:19.43,0:26:21.86,Default,,0000,0000,0000,,So, here's a here's one of the analysis
Dialogue: 0,0:26:21.86,0:26:27.52,Default,,0000,0000,0000,,results. We found at this location in the\Nprogram a tainted variable, specifically
Dialogue: 0,0:26:27.52,0:26:33.05,Default,,0000,0000,0000,,the tainted at offset 261 into the tainted\Nbuffer. This variable was used as a
Dialogue: 0,0:26:33.05,0:26:41.02,Default,,0000,0000,0000,,pointer. And that involved following the\Npath from along along this way. So there
Dialogue: 0,0:26:41.02,0:26:46.32,Default,,0000,0000,0000,,is a vulnerability that I discovered for you.\NSo we can go on with question sorry that
Dialogue: 0,0:26:46.32,0:26:47.16,Default,,0000,0000,0000,,was a bit.
Dialogue: 0,0:26:47.16,0:26:48.62,Default,,0000,0000,0000,,Herald: Any more questions from the
Dialogue: 0,0:26:48.62,0:26:57.78,Default,,0000,0000,0000,,audience? There is no question from from\Nthe internet. Okay, one question, go
Dialogue: 0,0:26:57.78,0:27:00.03,Default,,0000,0000,0000,,ahead: talk into the mic please.
Dialogue: 0,0:27:00.03,0:27:03.03,Default,,0000,0000,0000,,Question: You said that the bugs you found
Dialogue: 0,0:27:03.03,0:27:07.79,Default,,0000,0000,0000,,where responsibly disclosed and fixed.\NWere they actually fixed in real existing
Dialogue: 0,0:27:07.79,0:27:11.86,Default,,0000,0000,0000,,devices or did the vendors just say, "oh,\Nwe'll fix it in future devices."
Dialogue: 0,0:27:11.86,0:27:16.76,Default,,0000,0000,0000,,Audrey: I wish I knew the answer to that\Nquestion. I wasn't on the in the did this.
Dialogue: 0,0:27:16.76,0:27:23.10,Default,,0000,0000,0000,,Yeah, I can't speak to that. That was just\Nthat was just a slide on the slides that I
Dialogue: 0,0:27:23.10,0:27:29.78,Default,,0000,0000,0000,,was given. I sure hope they were really\Nresponsibly disclosed. It's real hard to
Dialogue: 0,0:27:29.78,0:27:36.40,Default,,0000,0000,0000,,push updates to the bootloader!\N
Dialogue: 0,0:27:36.40,0:27:39.96,Default,,0000,0000,0000,,Herald: Okay, any more questions? okay so
Dialogue: 0,0:27:39.96,0:27:43.91,Default,,0000,0000,0000,,let's conclude this talk. People, when you\Nleave the hall, please take all your stuff
Dialogue: 0,0:27:43.91,0:27:49.55,Default,,0000,0000,0000,,with you. Your bottles, your cups. Don't\Nforget anything, have a last check. Thank
Dialogue: 0,0:27:49.56,0:27:55.05,Default,,0000,0000,0000,,you very much let's have one final hand\Nfor Audrey Dutcher, from California!
Dialogue: 0,0:27:55.05,0:28:00.75,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:28:00.75,0:28:06.14,Default,,0000,0000,0000,,{\i1}34c3 outro{\i0}
Dialogue: 0,0:28:06.14,0:28:23.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2018. Join, and help us!