defeating x64: modern trends of kernel-mode rootkits
DESCRIPTION
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.TRANSCRIPT
Defeating x64: Modern Trends of Kernel-Mode
Rootkits Aleksandr Matrosov
Eugene Rodionov
Who we are?
Malware researchers at ESET- rootkits analysis- development of cleaning tools- tracking new rootkit techniques- investigation of cybercrime
groups
http://www.joineset.com/
Agenda
Evolution of payloads and rootkits Bypassing code integrity checks Attacking Windows Bootloader Modern Bootkit details:
Win64/Olmarik Win64/Rovnix
How to debug bootkit with Bochs emulator
HiddenFsReader as a forensic tool
Evolution of Rootkits
Evolution of Rootkit Installation
exploit payload dropper rootkit
Evolution of Rootkit Installation
Malicious Web-site
ExploitVulnerabili
ty
BypassASLR/DEP
EscapeSandbox
ExecutePayload
DownloadRootkit
EscalateLocal
Privilege
Install RootkitKernel-Mode
Exploit
Dropper
Evolution of Rootkit Features
bypassing HIPS/AV
x86x64
privilege escalation
installing rootkit driver
Rootkit
self-defense
surviving reboot
injecting payload
Rootkit
Rootkit
self-defense
surviving reboot
injecting payload
bypassing signature check
bypassing MS PatchGuard
User
mod
e
Kern
el m
od
e
o Kernel-Mode Code Signing Policy:
It is “difficult” to load unsigned kernel-mode
driver
o Kernel-Mode Patch Protection (Patch Guard):
SSDT (System Service Dispatch Table)
IDT (Interrupt Descriptor Table)
GDT ( Global Descriptor Table)
MSRs (Model Specific Registers)
Obstacles for 64-bit Rootkits
Bypassing Code Integrity Checks
Types of Integrity Checks
o PnP Device Installation Signing Requirements
o Kernel-Mode Code Signing Policy
Enforced on 64-bit version of Windows Vista and later
versions
64-bit Windows Vista and later
32-bit Windows Vista and later
Boot-start driver Non boot-start PnP driver
Non boot-start, non-PnP driver
(except stream
protected media drivers)
Subverting KMCSP
o Abusing vulnerable signed legitimate kernel-
mode driver
o Switching off kernel-mode code signing
checks by altering BCD data:
abusing WinPe Mode
disabling signing check
enabling test signing
o Patching Bootmgr and OS loader
Bypassing Integrity Checks
USER-MODE
Bypassing Integrity Check Techniques
KERNEL-MODE
TESTSIGNING ON
DISABLE INTEGRITY CHECKS
VBR(Volume Boot Record)
System Boot Modification
MBR(Master Boot Record)
Attacking Windows Bootloader
Boot Process
Full KernelInitializati
onMBR
First User-Mode
Process
Kernel ServicesBIOS Services
BIOSInitializati
on
BootLoader
Early Kernel
Initialization
Hardware
CPU in Real Mode CPU in Protected Mode
Load MBR
Load VBR
Load ntldr
Load kernel and boot
start drivers
real mode
real mode
real mode/protected mode
Load MBR
Load VBR
Load bootmgr
Load winload.exe or winresume.exe
real mode
real mode
real mode/protected mode
Load kernel and boot
start drivers
real mode/protected mode
Boot Process of pre Windows Vista OS
Boot Process of post Windows Vista OS
MBR – Master Boot Record
VBR – Volume Boot Record
Boot Process of Windows OS
Boot Process with Bootkit Infection
load malicious MBR/VBR
NT kernel modification
s
load rootkit driver
Code Integrity Check
Bootmgr OS loader OS kernel dependencies
OS kernel
Boot-start drivers
Non boot-start kernel-mode drivers
Evolution of BootkitsStoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
Stoned
Tequila
Vbootkit
Mebroot
Ol
marik
Evilcore
Rovnix
1987 2007 2010 ?
o Bootkit PoC evolution:
eEye Bootroot (2005)
Vbootkit (2007)
Vbootkit v2 (2009)
Stoned Bootkit (2009)
Evilcore x64 (2011)
2011
o Bootkit Threats evolution:
Win32/Mebroot (2007)
Win32/Mebratix (2008)
Win32/Mebroot v2 (2009)
Win64/Olmarik (2010/11)
Win64/Rovnix (2011)
Win64/Olmarik
Installation on x86 vs. x64
TDL4 Installation on x86
AdjustSeLoadDriver
privilegefail success
Copy itself intoPrintProcessor
director
Check OSversion
Copy itself into%TMP% directory
Set IMAGE_FILE_DLLflag in the PE header
CallDeletePrintProvidorW
API
CallAddPrintProvidorW
API
Vista/Win7
ExploitationMS10-092
successfail
Createmanifest requesting
admin privilege
CallShellExecute
Failinstall
WinXP
TDL4 Installation on x64
Write FS image,patch MBR and Adjust
SE_SHUTDOWN_PRIVILEGEfail success
Copy itself into%TMP% directory
ExploitationMS10-092success
fail
Createmanifest requesting
admin privilege
CallZwRaiseHardError
to create BSOD
Prepare hidden FS image
Report to C&C
Restart Dropper
CallShellExecute
fail
success
BCD
BCD Object1
BCD Element1
BCD Element2
BCD Object2
BCD Element3
Boot Configuration Data (BCD)
BCD Object
Inheritable
Application
Windows boot manager
Windows boot loader
Ntldr
Device
BCD Elements determining KMCSP (before KB2506014)
BCD option Description
BcdLibraryBoolean_DisableIntegrityCheck(0x16000020)
disables kernel-mode code integrity checks
BcdOSLoaderBoolean_WinPEMode (0x26000022)
instructs kernel to be loaded in preinstallation mode, disabling kernel-mode code integrity checks as a byproduct
BcdLibraryBoolean_AllowPrereleaseSignatures(0x16000049)
enables test signing
Abusing Win PE mode: TDL4 modules
Module name Descriptionmbr (infected) infected MBR loads ldr16 module and restores
original MBR in memory
ldr16 hooks 13h interrupt to disable KMCSP and substitute kdcom.dll with ldr32 or ldr64
ldr32 reads TDL4’s kernel-mode driver from hidden file system and maps it into kernel-mode address space
ldr64 implementation of ldr32 module functionality for 64-bit OS
int 13h – service provided by BIOS to communicate with IDE HDD controller
Load infected MBRInfected mbr is
loadedand executed
Load “ldr16” from hidden file system
Hook BIOS int 13h handler and
restore original MBR
“ldr16” is loaded
and executed
Load VBR
Original mbr isloaded
and executed
Load bootmgr
VBR is loaded and executed
read bcd
Bootmgr is loaded and executed
Load winload.exe
Substitute EmsEnabled
option with WinPe
Load ntoskrnl.exe, hal.dll,kdcom.dll,bootvid.dll ant etc
distrort /MININT option
Call KdDebuggerInitialize1 from loaded kdcom.dll
substitute kdcom.dll
with”ldr32” or “ldr64"
Continue kernel initialization
Load ”drv32” or “drv64"
Load bootmgr
Abusing Win PE mode: Workflow
MS Patch (KB2506014)
o BcdOsLoaderBoolean_WinPEMode option no
longer influences kernel-mode code signing
policy
o Size of the export directory of kdcom.dll has
been changed
Bypassing KMCSP: Another Attempt
Patch Bootmgr and OS loader (winload.exe) to
disable KMCSP:
Bypassing KMCSP: Result
Bootmgr fails to verify OS loader’s integrity
MS10-015kills TDL3
TDL4 Hidden File Systems
TDL’s Hidden Storage
o Reserve space in the end of the hard drive (not
visible at file system level analysis)
o Encrypted contents (stream cipher: RC4, XOR-ing)
o Implemented as a hidden volume in the system
o Can be accessed by standard APIs (CreateFile,
ReadFile, WriteFile, SetFilePointer, CloseHandle)
TDL4 Hidden FS
Growth direction
Disk partitions
One sector
One sectorVariable length Not more than 8 Mb
Infe
cted
MBR
TDL4 File System Layout
Debugging Bootkit with WinDbg
WinDbgKDCOM.DLLNTOSKRNL
KD_RECV_CODE_OK
Data packet
Data Packet
KdDebuggerInitialize
KdSendPacket
KdReceivePacket
RETURN_STATUS
WinDbg and kdcom.dll
RETURN_CONTROL
original routine
modified routine
TDL4 and kdcom.dll
TDL4 and kdcom.dll
original export table modified export table
How to Debug TDL4 with WinDbg
o Patch ldr16 to disable kdcom.dll substitution
o Reboot the system and attach to it with WinDbg
o Manually load drv32/drv64
“TDL4 Analysis Paper: a brief introduction and How to Debug It”, Andrea Allievi http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf
Debugging Bootkits with Bochs
•DEMO
Win64/Rovnix
Win64/Rovnix: Installation
Check if already infected
success
fail
Determine OSDigit Capacity
Check OSVersion
Install Corresponding Kernel-mode Driver
Initiate System Reboot
Overwrite Bootstrap Code of Active Partition
Vista/Win7
Check Admin Privileges
success
Windows 2000
Self Delete and Exit
Call ShellExecuteEx API with “runas”
fail
Windows XP
Win64/Rovnix: Bootkit Overview
Load MBR
Load VBR
Load bootmgr
Load winload.exe or winresume.exe
real mode
real mode/protected mode
Load kernel and boot
start drivers
real mode/protected mode
Load bootstrap
code
real mode/protected mode
real mode
Target of Win64\Rovnix
NTFS Bootstrap Code
JMP
[3 b]
Extended BPB
(EBPB)
[48 b]
Signature
[2 b]
Boot Code
[426 b]
OEM ID
[8 b]
BIOS Parameter
Block (BPB)
[25 b]
NTFS Boot Sector (Volume Boot Record)
NTFS Bootstrap Code
Win64/Rovnix: Infected Partition Layout
MBR VBR Bootstrap Code File System Data
VBR Malicious Code File System DataBootstrap
CodeMBR
NTFS bootstrap code(15 sectors)
Before Infecting
After Infecting
Malicious Unsigned
Driver
CompressedData
o Win64/Rovnix overwrites bootstrap code of the active partitiono The malicious driver is written either:
before active partition, in case there is enough space in the end of the hard drive, otherwise
Win64/Rovnix: Bootkit Details
Load MBRMBR is loaded
and executed
Load VBR
Patch bootmgr
VBR is loaded and executed
Read BCD
Restore bootmgr, hook int1 handler and
copy itself over IDT
Load winload.exe
Bootloader parametersare read from BCD
Load ntoskrnl.exe, hal.dll,kdcom.dll,bootvid.dll ant etc
Hook BlImgAllocateImageBuffer
Map malicious driver into kernel-mode address space
Continue kernel initialization
Load malicious bootstrap code
Malicious bootstrap code is
loaded and executed
Hook BIOS int 13h handler and
restore original bootstrap code
Original bootstrap code is restored
Load bootmgrBootmgr is loaded
and receives control
Win64/Rovnix: Loading Unsigned Driver
o Insert malicious driver in BootDriverList of KeLoaderBlock structureo When kernel receives control it calls entry point of each module in the BootDriverListKeLoad
erBlock
BootDriverList
Ntoskrnl.exe
BootDriverList
MaliciousDriver
B o o t D r i v e r L i s t
Win64/Rovnix: Abusing Debugging Facilities
Win64/Rovnix:o hooks Int 1h
tracing handles hardware breakpoints (DR0-DR7)
o overwrites the last half of IDT (Interrupt Descriptor Table) is not used by OS
As a result the malware is able to: set up hooks without patching bootloader
components retain control after switching into protected mode
•DEMO
Olmarik vs Rovnix
Characteristics
Win64/Olmarik Win64/Rovnix
Privilege escalation MS10-092 Reboot technique ZwRaiseHardError API ExitWindowsEx API
MBR/VBR infection MBR VBR (bootstrap code)
Loading driver ZwCreateDriver APIInserting into boot driver
list of KeLoaderBlock structure
Payload injectionKeInitializeApc/
KeInstertQueueApc APIs
KeInitializeApc/KeInstertQueueApc APIs
Self-defense Kernel-mode hooks, MBR monitoring
Number of modules 10 2
Stability of code
Threat complexity
What Facilitates the Attack Vector?
o Untrusted platform problem
BIOS controls boot process, but who controls it?
The trust anchor is below point of attack
Bootmgr OS loader OS kernel dependencies
OS kernel
Boot-start drivers
Non boot-start kernel-mode drivers
Pre boot firmware
Point of Attack
HiddenFsReader as a Forensic Tool
HiddenFsReader as a Forensic Tool
Retrieves content of the malware hidden file system.
Supported malware: TDL3/TDL3+,TDL4;
ZeroAccess (will be added soon)
http://www.youtube.com/watch?v=iRpp6vn2DAE
http://eset.ru/tools/TdlFsReader.exe
HiddenFileReader
User mode
Kernel mode
HiddenFsRecognizer
HiddenFsDecryptor
SelfDefenceDisabler
LowLevelHddReader
HiddenFsReader (HFR) Architecture
Conclusion
The bootkit technique allows malware to bypass KMCSP
Return to old-school techniques of infecting MBR
Win64/Olmarik (TDL4) is the first widely spread rootkit
targeting Win x64
Win64/Rovnix relies on debugging facilities of the
platform to subvert KMCSP
The only possible way of debugging bootkits is to use
emulators (Bochs, QEMU)
The untrusted platform facilitates bootkit techniques
HiddenFsReader is shared amongst malware researchers
References
“The Evolution of TDL: Conquering x64”http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf
“Defeating x64: The Evolution of the TDL Rootkit”http://www.eset.com/us/resources/white-papers/TDL4-CONFidence-2011.pdf
“Hasta La Vista, Bootkit: Exploiting the VBR”http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr
Follow ESET Threat Bloghttp://blog.eset.com
Questions
Thank you for your attention ;)
Aleksandr [email protected]@matrosov
Eugene [email protected]@vxradius