<i>preroll music</i>

Herald: Our next speaker for today is a
computer science PhD student at UC Santa

Barbara. He is a member of the Shellfish
Hacking Team and he's also the organizer

of the IECTF Hacking Competition. Please
give a big round of applause to Nilo

Redini.

<i>applause</i>

Nilo: Thanks for the introduction, hello
to everyone. My name is Nilo, and today

I'm going to present you my work Koronte:
identifying multi-binary vulnerabilities

in embedded firmware at scale. This work
is a co-joint effort between me and

several of my colleagues at University of
Santa Barbara and ASU. This talk is going

to be about IoT devices. So before
starting, let's see an overview about IoT

devices. IoT devices are everywhere. As
the research suggests, they will reach the

20 billion units by the end of the next
year. And a recent study conducted this

year in 2019 on 16 million households
showed that more than 70 percent of homes

in North America already have an IoT
network connected device. IoT devices make

everyday life smarter. You can literally
say "Alexa, I'm cold" and Alexa will

interact with the thermostat and increase
the temperature of your room. Usually the

way we interact with the IoT devices is
through our smartphone. We send a request

to the local network, to some device,
router or door lock, or we might send the

same request through a cloud endpoint,
which is usually managed by the vendor of

the IoT device. Another way is through the
IoT hubs, smartphone will send the request

to some IoT hub, which in turn will send
the request to some other IoT devices. As

you can imagine, IoT devices use and
collect our data and some data is more

sensitive than other. For instance, think
of all the data that is collected by my

lightbulb or data that is collected by our
security camera. As such, IoT devices can

compromise people's safety and privacy.
Things, for example, about the security

implication of a faulty smartlock or the
brakes of your smart car. So the question

that we asked is: Are IoT devices secure?
Well, like everything else, they are not.

OK, in 2016 the Mirai botnet compromised
and leveraged millions of IoT devices to

disrupt core Internet services such as
Twitter, GitHub and Netflix. And in 2018,

154 vulnerabilities affecting IoT devices
were published, which represented an

increment of 15% compared to 2017 and an
increase of 115% compared to 2016. So then

we wonder: So why is it hard to secure IoT
devices? To answer this question we have

to look up how IoT devices work and they
are made. Usually when you remove all the

plastic and peripherals IoT devices look
like this. A board with some chips laying

on it. Usually you can find the big chip,
the microcontroller which runs the

firmware and one or more peripheral
controllers which interact with external

peripherals such as the motor of, your
smart lock or cameras. Though the design

is generic, implementations are very
diverse. For instance, firmware may run on

several different architectures such as
ARM, MIPS, x86, PowerPC and so forth. And

sometimes they are even proprietary, which
means that if a security analyst wants to

understand what's going on in the
firmware, he'll have a hard time if he

doesn't have the vendor specifics. Also,
they're operating in environments with

limited resources, which means that they
run small and optimized code. For

instance, vendors might implement their
own version of some known algorithm in an

optimized way. Also, IoT devices manage
external peripherals that often use custom

code. Again, with peripherals we mean like
cameras, sensors and so forth. The

firmware of IoT devices can be either
Linux based or a blob firmware, Linux

based are by far the most common. A study
showed that 86% of firmware are based on

Linux and on the other hand, blobs
firmware are usually operating systems and

user applications packaged in a single
binary. In any case, firmware samples are

usually made of multiple components. For
instance, let's say that you have your

smart phone and you send a request to your
IoT device. This request will be received

by a binary which we term as body binary,
which in this example is an webserver. The

request will be received, parsed, and then
it might be sent to another binary code,

the handler binary, which will take the
request, work on it, produce an answer,

send it back to the webserver, which in
turn would produce a response to send to

the smartphone. So to come back to the
question why is it hard to secure IoT

devices? Well, the answer is because IoT
devices are in practice very diverse. Of

course, there have been various work that
have been proposed to analyze and secure

firmware for IoT devices. Some of them
using static analysis. Others using

dynamic analysis and several others using
a combination of both. Here I wrote

several of them. Again at the end of the
presentation there is a bibliography with

the title of these works. Of course, all
these approaches have some problems. For

instance, the current dynamic analysis are
hard to apply to scale because of the

customized environments that IoT devices
work on. Usually when you try to

dynamically execute a firmware, it's gonna
check if the peripherals are connected and

are working properly. In a case where you
can't have the peripherals, it's gonna be

hard to actually run the firmware. Also
current static analysis approaches are

based on what we call the single binary
approach, which means that binaries from a

firmware are taken individually and
analysed. This approach might produce many

false positives. For instance, so let's
say again that we have our two binaries.

This is actually an example that we found
on one firmware, so the web server will

take the user request, will parse the
request and produce some data, will set

this data to an environment variable and
eventually will execute the handle binary.

Now, if you see the parsing function
contains a string compare which checks if

some keyword is present in the request.
And if so, it just returns the whole

request. Otherwise, it will constrain the
size of the request to 128 bytes and

return it. The handler binary in turn when
spawned will receive the data by doing a

getenv on the query string, but also will
getenv on another environment variable

which in this case is not user controlled
and they user cannot influence the content

of this variable. Then it's gonna call
function process_request. This function

eventually will do two string copies. One
from the user data, the other one from the

log path on two different local variables
that are 128 bytes long. Now in the first

case, as we have seen before, the data can
be greater than 128 bytes and this string

copy may result in a bug. While in the
second case it will not. Because here we

assume that the system handles its own
data in a good manner. So throughout this

work, we're gonna call the first type of
binary, the setter binary, which means

that it is the binary that takes the data
and set the data for another binary to be

consumed. And the second type of binary we
called them the getter binary. So the

current bug finding tools are inadequate
because other bugs are left undiscovered

if the analysis only consider those
binaries that received network requests or

they're likely to produce many false
positives if the analysis considers all of

them individually. So then we wonder how
these different components actually

communicate. They communicate through what
are called interprocess communication,

which basically it's a finite set of
paradigms used by binaries to communicate

such as files, environment variables, MMIO
and so forth. All these pieces are

represented by data keys, which are file
names, or in the case of the example

before here on the right, it's the query
string environment variable. Each binary

that relies on some shared data must know
the endpoint where such data will be

available, for instance, again, like a
file name or like even a socket endpoint

or the environment variable. This means
that usually, data keys are coded in the

program itself, as we saw before. To find
bugs in firmware, in a precise manner, we

need to track how user data is introduced
and propagated across the different

binaries. Okay, let's talk about our work.
Before you start talking about Karonte, we

define our threat model. We hypotesized
that attacker sends arbitrary requests

over the network, both LAN and WAN
directly to the IoT device. Though we said

before that sometimes IoT device can
communicate through the clouds, research

showed that some form of local
communication is usually available, for

instance, during the setup phase of the
device. Karonte is defined as a static

analysis tool that tracks data flow across
multiple binaries, to find

vulnerabilities. Let's see how it works.
So the first step, Karonte find those

binaries that introduce the user input
into the firmware. We call these border

binaries, which are the binaries, that
basically interface the device to the

outside world. Which in the example is our
web server. Then it tracks how a data is

shared with other binaries within the
firmware sample. Which we'll understand in

this example, the web server communicates
with the handle binary, and builds what we

call the BDG. BDG which stands for binary
dependency graph. It's basically a graph

representation of the data dependencies
among different binaries. Then we detect

vulnerabilities that arise from the misuse
of the data using the BDG. This is an

overview of our system. We start by taking
a packed firmware, we unpack it. We find

the border binaries. Then we build the
binary dependency graph, which relies on a

set of CPFs, as we will see soon. CPF
stands for Communication Paradigm Finder.

Then we find the specifics of the
communication, for instance, like the

constraints applied to the data that is
shared through our module multi-binary

data-flow analysis. Eventually we run our
insecure interaction detection module,

which basically takes all the information
and produces alerts. Our system is

completely static and relies on our static
taint engine. So let's see each one of

these steps, more in details. The
unpacking procedure is pretty easy, we use

the off-the-shelf firmware unpacking tool
binwalk. And then we have to find the

border binaries. Now we see that border
binaries basically are binaries that

receive data from the network. And we
hypotesize that will contain parsers to

validate the data that they received. So
in order to find them, we have to find

parsers which accept data from network and
parse this data. To find parsers we rely

on related work, which basically uses a
few metrics and define through a number

the likelihood for a function to contain
parsing capabilities. These metrics that

we used are number of basic blocks, number
of memory comparison operations and number

of branches. Now while these define
parsers, we also have to find if a binary

takes data from the network. As such, we
define two more metrics. The first one, we

check if binary contains any network
related keywords as SOAP, http and so

forth. And then we check if there exists a
data flow between read from socket and a

memory comparison operation. Once for each
function, we got all these metrics, we

compute what is called a parsing score,
which basically is just a sum of products.

Once we got a parsing score for each
function in a binary, we represent the

binary with its highest parsing score.
Once we got that for each binary in the

firmware we cluster them using the DBSCAN
density based algorithm and consider the

cluster with the highest parsing score as
containing the set of border binaries.

After this, we build the binary dependency
graph. Again the binary dependency graph

represents the data dependency among the
binaries in a firmware sample. For

instance, this simple graph will tell us
that a binary A communicates with binary C

using files and the same binary A
communicates with another binary B using

environment variables. Let's see how this
works. So we start from the identified

border binaries and then we taint the data
compared against network related keywords

that we found and run a static analysis,
static taint analysis to detect whether

the binary relies on any IPC paradigm to
share the data. If we find that it does,

we establish if the binary is a setter or
a getter, which again means that if the

binary is setting the data to be consumed
by another binary, or if the binary

actually gets the data and consumes it.
Then we retrieve the employed data key

which in the example before was the
keyword QUERY_STRING. And finally we scan

the firmware sample to find other binaries
that may rely on the same data keys and

schedule them for further analysis. To
understand whether a binary relies on any

IPC, we use what we call CPFs, which again
means communication paradigm finder. We

design a CPF for each IPC. And the CPFs
are also used to find the same data keys

within the firmware sample. We also
provide Karonte with a generic CPF to

cover those cases where the IPC is
unknown. Or those cases were the vendor

implemented their own versions of some
IPC. So for example they don't use the

setenv. But they implemented their own
setenv. The idea behind this generic CPF

that we call the semantic CPF is that data
keys has to be used as index to set, or to

get some data in this simple example. So
let's see how the BDG algorithm works. We

start from the body binary, which again
will start from the server request and

will pass the URI and we see that here. it
runs a string comparison against some

network related keyword. As such, we taint
the variable P. And we see that the

variable P is returned from the function
to these two different points. As such, we

continue. And now we see that data gets
tainted and the variable data, it's passed

to the function setenv. At this point, the
environment CPF will understand that

tainted data is passed, is set to an
environment variable and will understand

that this binary is indeed the setter
binary that uses the environment. Then we

retrieve the data key QUERY_STRING and
we'll search within the firmware sample

all the other binaries that rely on the
same data key. And it will find that this

binary relies on the same data key and
will schedule this for further analysis.

After this algorithm we build the BDG by
creating edges between setters and getters

for each data key. The multi binary data
flow analysis uses the BDG to find and

propagate the data constraints from a
setter to a getter. Now, through this we

apply only the least three constraints,
which means that ideally between two

program points, there might be an infinite
number of parts and ideally in theory an

infinite amount of constraints that we can
propagate to the setter binary to the

getter binary. But since our goal here is
to find bugs, we only propagate the least

strict set of constraints. Let's see an
example. So again, we have our two

binaries and we see that the variable that
is passed to the setenv function is data,

which comes from two different parts from
the parse URI function. In the first case,

the data that its passed is unconstrained
one in the second case, a line 8 is

constrained to be at most 128 bytes. As
such, we only propagate the constraints of

the first guy. In turn, the getter binary
will retrieve this variable from the

environment and set the variable query.
Oh, sorry. Which in this case will be

unconstrained. Insecure interaction
detection run a static taint analysis and

check whether tainted data can reach a
sink in an unsafe way. We consider as

sinks memcpy like functions which are
functions that implement semantically

equivalent memcyp, strcpy and so forth. We
raise alert if we see that there is a

dereference of a tainted variable and if
we see there are comparisons of tainted

variables in loop conditions to detect
possible DoS vulnerabilities. Let's see an

example again. So we got here. We know
that our query variable is tainted and

it's unconstrained. And then we follow the
taint in the function process_request,

which we see will eventually copy the data
from q to arg. Now we see that arg is 128

bytes long while q is unconstrained and
therefore we generate an alert here. Our

static taint engine is based on BootStomp
and is completely based on symbolic

execution, which means that the taint is
propagated following the program data

flow. Let's see an example. So assuming
that we have this code, the first

instruction takes the result from some
seed function that might return for

instance, some user input. And in a
symbolic world, what we do is we create a

symbolic variable ty and assign to it a
tainted variable that we call TAINT_ty,

which is the taint target. The next
destruction X takes the value ty plus 5

and a symbolic word. We just follow the
data flow and x gets assigned TAINT_ty

plus 5 which effectively taints also X. If
at some point X is overwritten with some

constant data, the taint is automatically
removed. In its original design,

BootStomp, the taint is removed also when
data is constrained. For instance, here we

can see that the variable n is tainted but
then is constrained between two values 0

and 255. And therefore, the taint is
removed. In our taint engine we have two

additions. We added a path prioritization
strategy and we add taint dependencies.

The path prioritization strategy valorizes
paths that propagate the taint and

deprioritizes those that remove it. For
instance, say again that some user input

comes from some function and the variable
user input gets tainted. Gets tainted and

then is passed to another function called
parse. Here, if you see there are possibly

an infinite number of symbolic parts in
this while. But only 1 will return tainted

data. While the others won't. So the path
prioritization strategy valorizes this

path instead of the others. This has been
implemented by finding basic blocks within

a function that return a nonconstant data.
And if one is found, we follow its return

before considering the others. Taint
dependencies allows smart untaint

strategies. Let's see again the example.
So we know that user input here is

tainted, is then parsed and then we see
that it's length is checked and stored in

a variable n. Its size is checked and if
it's higher than 512 bytes, the function

will return. Otherwise it copies the data.
Now in this case, it might happen that if

this strlen function is not analyzed
because of some static analysis input

decisions, the taint tag of cmd might be
different from the taint tag of n and in

this case, though, and gets untainted, cmd
is not untainted and the strcpy can raise,

sorry, carries a false positive. So to fix
this problem. Basically we create a

dependency between the taint tag of n and
the taint tag of cmd. And when n gets

untainted, cmd gets untainted as well. So
we don't have more false positives. This

procedure is automatic and we find
functions that implement streamlined

semantically equivalent code and create
taint tag dependencies. OK. Let's see our

evaluation. We ran 3 different evaluations
on 2 different data sets. The first one

composed by 53 latest firmware samples
from seven vendors and a second one 899

firmware gathered from related work. In
the first case, we can see that the total

number of binaries considered are 8.5k,
few more than that. And our system

generated 87 alerts of which 51 were found
to be true positive and 34 of them were

multibinary vulnerabilities, which means
that the vulnerability was found by

tracking the data flow from the setter to
the getter binary. We also ran a

comparative evaluation, which basically we
tried to measure the effort that an

analyst would go through in analyzing
firmware using different strategies. In

the first one, we consider each and every
binary in the firmware sample

independently and run the analysis for up
to seven days for each firmware. The

system generated almost 21000 alerts.
Considering only almost 2.5k binaries. In

the second case we found the border
binaries, the parsers and we statically

analyzed only them, and the system
generated 9.3k alerts. Notice that in this

case, since we don't know how the user
input is introduced, like in this

experiment, we consider every IPC that we
find in the binary as a possible source of

user input. And this is true for all of
them. In the third case we ran the BDG but

we consider each binaries independently.
Which means that we don't propagate

constraints and we run a static single
corner analysis on each one of them. And

the system generated almost 15000 alerts.
Finally, we run Karonte and the generated

alerts were only 74. We also run a larger
scale analysis on 899 firmware samples.

And we found that almost 40% of them were
multi binary, which means that the network

functionalities were carried on by more
than one binary. And the system generated

1000 alerts. Now, there is a lot going on
in this table, like details are on the

paper. Here in this presentation I just go
through some as I'll motivate. So we found

that on average, a firmware contains 4
border binaries. A BDG contains 5 binaries

and some BDG have more than 10 binaries.
Also, we plot some statistics and we found

that 80% of the firmware were analysed
within a day, as you can see from the top

left figure. However, experiments
presented a great variance which we found

was due to implementation details. For
instance we found that angr would take

more than seven hours to build some CFGs.
And sometimes they were due to a high

number of data keys. Also, we found that
the number of paths, as you can see from

this second picture from the top, the
number of paths do not have an impact on

the total time. And as you can see from
the bottom two pictures, performance not

heavily affected by firmware size.
Firmware size here we mean the number of

binaries in a firmware sample and the
total number of basic blocks. So let's see

how to run Karonte. The procedure is
pretty straightforward. So first you get a

firmware sample. You create a
configuration file containing information

of the firmware sample and then you run
it. So let's see how. So this is an

example of a configuration file. It
contains the information, but most of them

are optional. The only ones that are not
are this one: Firmware path, that is the

path to your firmware. And this too, the
architecture of the firmware and the base

address if the firmware is a blob, is a
firmware blob. All the other fields are

optional. And you can set them if you have
some information about the firmware. A

detailed explanation of all of these
fields are on our GitHub repo. Once you

set the configuration file, you can run
Karonte. Now we provide a Docker

container, you can find the link on our
GitHub repo. And I'm gonna run it, but

it's not gonna finish because it's gonna
take several hours. But all you have to do

is merely... <i>typing noises</i> just run it
on the configuration file and it's gonna

do each step that we saw. Eventually I'm
going to stop it because it's going to

take several hours anyway. Eventually it
will produce a result file that... I ran

this yesterday so you can see it here.
There is a lot going on here. I'm just

gonna go through some important like
information. So one thing that you can see

is that these are the border binaries that
Karonte found. Now, there might be some

false positives. I'm not sure how many
there are here. But as long as there are

no false negatives or the number is very
low, it's fine. It's good. In this case,

wait. Oh, I might have removed something.
All right, here, perfect. In this case,

this guy httpd is a true positive, which
is the web server that we were talking

before. Then we have the BDG. In this
case, we can see that Karonte found that

httpd communicates with two different
binaries, fileaccess.cgi and cgibin. Then

we have information about the CPFs. For
instance, here we can see that. Sorry. So

we can see here that httpd has 28 data
keys. And that the semantics CPF found 27

of them and then there might be one other
here or somewhere that I don't see .

Anyway. And then we have a list of alerts.
Now, thanks. Now, some of those may be

duplicates because of loops, so you can go
ahead and inspect all of them manually.

But I wrote a utility that you can use,
which is basically it's gonna filter out

all the loops for you. Now to remember how
I called it. This guy? Yeah. And you can

see that in total it generated, the system
generated 6... 7... 8 alerts. So let's see

one of them. Oh, and I recently realized
that the path that I'm reporting on the

log. It's not the path from the setter
binary to the getter binary, to the sink.

But it's only related to the getter binary
up to the sink. I'm gonna fix this in the

next days and report the whole paths.
Anyway. So here we can see that the key

content type contains user input and it's
passed in an unsafe way to the sink

address at this address. Now. And the
binary in question is called

fileaccess.cgi. So we can see what happens
there. <i>keyboard noises</i> If you see here,

we have a string copy that copies the
content of haystack to destination,

haystack comes basically from this getenv.
And if you see destination comes as

parameter from this function and return
and these and this by for it's as big as

0x68 bytes. And this turned out to be
actually a positive. OK. So in summary, we

presented a strategy to track data flow
across different binaries. We evaluated

our system on 952 firmware samples and
some takeaways. Analyzing firmware is not

easy and vulnerabilities persist. We found
out that firmware are made of

interconnected components and static
analysis can still be used to efficiently

find vulnerabilities at scale and finding
that communication is key for precision.

Here's a list of bibliography that I use
throughout the presentation and I'm gonna

take questions.

<i>applause</i>

Herald: So thank you, Nilo, for a very
interesting talk. If you have questions,

we have three microphones one, two and
three. If you have a question, please go

head to the microphone and we'll take your
question. Yes. Microphone number two.

Q: Do you rely on imports from libc or
something like that or do you have some

issues with like statically linked
binaries, stripped binaries or is it all

semantic analysis of a function?
Nilo: So. Okay. We use angr. So for

example, if you have an indirect call, we
use angr to figure out, what's the target?

And to answer your question like if you
use libc some CPFs do, for instance, then

environment CPF do any checks, if the
setenv or getenv functions are called. But

also we use the semantic CPF, which
basically in cases where information are

missing like there is no such thing as
libc or some vendors reimplemented their

own functions. We use the CPF to actually
try to understand the semantics of the

function and understand if it's, for
example, a custom setenv.

Q: Yeah, thanks.
Herald: Microphone number three.

Q: In embedded environments you often have
also that the getter might work on a DMA,

some kind of vendor driver on a DMA. Are
you considering this? And second part of

the question, how would you then
distinguish this from your generic IPC?

Because I can imagine that they look very
similar in the actual code.

Nilo: So if I understand correctly your
question, you mention a case of MMIO where

some data is retrieved directly from some
address in memory. So what we found is

that these addresses are usually hardcoded
somewhere. So the vendor knows that, for

example, from this address A to this
address B if some data is some data from

this peripheral. So when we find that some
hardcoded address, like we think that this

is like some read from some interesting
data.

Q: Okay. And this would be also
distinguishable from your sort of CPF, the

generic CPF would be distinguishable...
Nilo: Yeah. Yeah, yeah.

Q: ...from a DMA driver by using this
fixed address assuming.

Nilo: Yeah. That's what the semantic CPF
does, among the other things.

Q: Okay. Thank you.
Nilo: Sure.

Herald: Another question for microphone
number 3.

Q: What's the license for Karonte?
Nilo: Sorry?

Q: I checked the software license, I
checked the git repository and there is no

license like at all.
Nilo: That is a very good question. I

haven't thought about it yet. I will.
Herald: Any more questions from here or

from the Internet? Okay. Then a big round
of applause to Nilo again for your talk.

<i>postroll music</i>

Subtitles created by many many volunteers and
the c3subtitles.de team. Join us, and help us!