FROM PRINTEDFROM PRINTEDCIRCUIT BOARDS TOCIRCUIT BOARDS TO

EXPLOITSEXPLOITS(PWNING IOT DEVICES LIKE A BOSS)(PWNING IOT DEVICES LIKE A BOSS)

| Hack in Paris '18

@virtualabs

ABOUT MEABOUT ME

Head of Research @ Econocom Digital SecurityHardware hacker (or at least pretending to be one)Speaker @ various conferencesSpecial interest in Bluetooth Low Energy since 2years

A detailed referenceguide on how to p0wnIoT devices A list of tools you mayuse to test devices

WHAT THIS TALK IS NOTWHAT THIS TALK IS NOT

IT IS ALL ABOUT HOW TO THINKIT IS ALL ABOUT HOW TO THINKAND ANALYZE AND EXPLOITAND ANALYZE AND EXPLOIT

LET'S DO IT THE HACKER WAY !LET'S DO IT THE HACKER WAY !

METHODOLOGYMETHODOLOGY

EXISTING METHODOLOGIESEXISTING METHODOLOGIES

Rapid7's methodology (7 basic steps) OWASP IoT Project (not really mature yet)

PCB REVERSE-ENGINEERINGPCB REVERSE-ENGINEERING

COMPONENTS IDENTIFICATIONCOMPONENTS IDENTIFICATION

MEMORY EXTRACTIONMEMORY EXTRACTION

SOFTWARE REVERSE-ENGINEEERINGSOFTWARE REVERSE-ENGINEEERING

SNIFFING WIRED COMMS.SNIFFING WIRED COMMS.

SNIFFING WIRELESS COMMS.SNIFFING WIRELESS COMMS.

FIND VULNS & ATTACK !FIND VULNS & ATTACK !

OUR VICTIM SMARTLOCKOUR VICTIM SMARTLOCK

STEP #1: TEARDOWNSTEP #1: TEARDOWN

USE THE RIGHT TOOLSUSE THE RIGHT TOOLS

KEEP CALM !KEEP CALM !

STEP #2: GLOBAL ANALYSISSTEP #2: GLOBAL ANALYSIS

ELECTRONICS ENGINEERS AREELECTRONICS ENGINEERS AREHUMANS TOOHUMANS TOO

Components position based on their global roleConnectors and components producing heat placednear the edges

nRF52832

2.4 GHz Bluetooth Low Energy capable System-on-Chip

COMPONENTS IDENTIFICATIONCOMPONENTS IDENTIFICATION

DRV8848

Dual H-Bridge Motor driver

FUNCTIONS VS. COMPONENTSFUNCTIONS VS. COMPONENTS

STEP #3: RECOVER SCHEMATICSSTEP #3: RECOVER SCHEMATICS

PICTURES + SOFTWARE FTWPICTURES + SOFTWARE FTW

Using high-res pictures (or multimeter), followtracks and viasDetermine protocols used for Inter-ICcommunicationDraw a simplified schematics

FOLLOW TRACKS AND VIASFOLLOW TRACKS AND VIAS

DETERMINE PROTOCOLS USEDDETERMINE PROTOCOLS USED

SIMPLIFIED SCHEMATICSSIMPLIFIED SCHEMATICS

Use Inkscape, Adobe Illustrator, MS Visio, orwhateverDraw only the interesting stuff, we do not want tocounterfeit

STEP #4: GET FIRMWARESTEP #4: GET FIRMWARE

USE DEBUGGING INTERFACES !USE DEBUGGING INTERFACES !

Offers a proper way to access Flash memoryFound in > 50% of devices we have testedRequires the right adapter to connect to

DUMPING FIRMWARE WITHDUMPING FIRMWARE WITHOPENOCDOPENOCD

$ openocd -f interface/stlink-v2.cfg -f target/nrf5x.cfg -c init -c halt -c "dump_image /tmp/firmware.bin 0x0 0x80000"

WHEN DEBUGGING IS NOTWHEN DEBUGGING IS NOTENABLED, ABUSE ENABLED, ABUSE OTAOTA ! !

OVER-THE-AIR UPDATESOVER-THE-AIR UPDATES

OR DUMP EVERY AVAILABLE OR DUMP EVERY AVAILABLE STORAGE DEVICE 😎STORAGE DEVICE 😎

FIRMWARE DUMPED !FIRMWARE DUMPED !

SPARE AREA IS EVILSPARE AREA IS EVIL

REMOVE OOB DATA !REMOVE OOB DATA !

(AND USE ECC TO FIX ERRORS)(AND USE ECC TO FIX ERRORS)

STEP #5: DETERMINE TARGETSTEP #5: DETERMINE TARGETARCHITECTUREARCHITECTURE

ANSWER THE BASIC QUESTIONSANSWER THE BASIC QUESTIONS

What architecture is this ?Does it run an OS ?Does it use a FS ?

WHAT ARCHITECTURE IS IT ?WHAT ARCHITECTURE IS IT ?

ARM CORTEX-M0 (ARMV7-M)ARM CORTEX-M0 (ARMV7-M)

DOES IT RUN AN OS ?DOES IT RUN AN OS ?

NOPE.NOPE.

DOES IT USE A FS ?DOES IT USE A FS ?

NOPE.NOPE.

NRF51 SOFTDEVICENRF51 SOFTDEVICE

SOFTDEVICE VERSION ?SOFTDEVICE VERSION ? EASY-PEASYEASY-PEASY ! !

$ strings firmware-original.bin | grep sdk /home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/l/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/s/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/s/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/l/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/l/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/l/home/benoit/workspace/nrf51/firmware/sdk/sdk13.0/components/s

QUICK REMINDERQUICK REMINDER

It runs an OS or use a known FS: You'd better drop binaries in IDA Pro

It uses no FS and looks like a crappy blob of data:

You'd better figure out the architecture andmemory layout.

STEP #6: DISASSEMBLE !STEP #6: DISASSEMBLE !

SPECIFY TARGET ARCHITECTURE ANDSPECIFY TARGET ARCHITECTURE ANDLAYOUTLAYOUT

Configure CPU accordinglyConfigure memory layout if requiredPerform a quick sanity check (strings xrefs, ...)

AUTOMATED SDK FUNCTIONSAUTOMATED SDK FUNCTIONSDETECTION AND RENAMINGDETECTION AND RENAMING

We developed our own tool to ease So�Device-based firmware reverse-engineering It helps detecting So�Device version andautomatically rename SDK exported functions

0:00 / 2:36

NRF5X-TOOLS AVAILABLE ON GITHUBNRF5X-TOOLS AVAILABLE ON GITHUB

https://github.com/DigitalSecurity/nrf5x-tools

MOBILE APPS TOOMOBILE APPS TOO

STEP #7: SNIFF ALL THE THINGSSTEP #7: SNIFF ALL THE THINGS

SNIFF/INTERCEPTSNIFF/INTERCEPTCOMMUNICATIONSCOMMUNICATIONS

May require various hardware: SPI, I2C, WiFi, BLE,nRF24, Sigfox, LoRa, ...PCAP compatible tools are greatBeware the cost (a lot of $$$) !

BLUETOOTH LOW ENERGY MITMBLUETOOTH LOW ENERGY MITM

https://github.com/DigitalSecurity/btlejuice

HOW OUR SMARTLOCK WORKSHOW OUR SMARTLOCK WORKS(BASED ON A MITM ATTACK)(BASED ON A MITM ATTACK)

1. App retrieves a Nonce from the lock2. App encrypts a token and send it to the lock3. Lock decrypts token and react accordingly

BY THE WAY ...BY THE WAY ...

The mobile app authenticates the smartlock only byits exposed service UUID:

STEP #8: FIND BUGS & VULNSSTEP #8: FIND BUGS & VULNS

SEARCH BUGS & VULNSSEARCH BUGS & VULNS

Default password/keyEscape shellBuffer overflowMisconfiguration...

SMARTLOCK SECURITYSMARTLOCK SECURITYFEATURESFEATURES

Relies on a Nonce generated by the smartlock toavoid replay attacks True AES-based encryption used, cannot break it Resisted to fuzzing, we did not managed to forceopen the lock

BUT ...BUT ...

... IS IT «RANDOM» ?... IS IT «RANDOM» ?

I'VE ALREADY SEEN THAT ...I'VE ALREADY SEEN THAT ...

(SOURCE: XKCD)(SOURCE: XKCD)

SECURITY ISSUESSECURITY ISSUES

Spoofing: App does not authenticate the smartlockit connects to Random Nonce is not random at all !

SO WHAT ?SO WHAT ?

An attacker may spoof the smartlock to force theApp to send an encrypted token He/she may be able to replay a valid token as thenonce is always the same

STEP #9: EXPLOIT !STEP #9: EXPLOIT !

SPOOF SMARTLOCKSPOOF SMARTLOCK

Use NodeJS with Bleno FTW Exploit based on our Mockle library

https://github.com/DigitalSecurity/mockle

SPOOFING SMARTLOCKSPOOFING SMARTLOCK

$ sudo node capture-token.js [setup] creating mock for device XXXXXXX (xx:xx:xx:6b:fc:88) [setup] services registered [ mock] accepted connection from address: 5e:74:79:1e:5f:a9 > Register callback for service 6e4...ca9e:6e4...ca9e > Read Random, provide default value 1. > End of transmission [i] Token written to `token.json`

REPLAY TOKENREPLAY TOKEN

$ sudo node replay-token.js BTLE interface up and running, starting scanning ... [i] Target found, replaying token ... done

0:00 / 1:23

BUG IS NOW FIXEDBUG IS NOW FIXED

CONCLUSIONCONCLUSION

TO BE IMPROVEDTO BE IMPROVED

We have been using this methodology intensivelysince the last two years There is space for improvements, obviously Vendor fixed (some) of the vulnerabilities wedemonstrated

PRO TIPSPRO TIPS

Take your time and document all the thingsRead datasheets carefullyLearn how to master Inkscape, it helps a lotStart from the bottom (PCB) and go up !

PRO TIPS (CONT'D)PRO TIPS (CONT'D)

As usual, know your tools and how to use them Share and learn from others (many cool tricks todiscover)

PRACTICE !PRACTICE !

Soldering (tiny wires)Desoldering with hot air gunUse the scopeUse the scope againCode on embedded devices...

CONTACTCONTACT

QUESTIONS ?QUESTIONS ?

@virtualabs damien.cauquil@digital.security