480 likes | 657 Views
Researching iphone’s BASEBAND. Sem voigtländer (@userlandkernel) Special Thanks to @posixninja. $ whoami. Sem Voigtländer 19 years, learning code and security since 13 Software Engineering and Cybersecurity Student Interested in mobile devices Non-profit research. WHY BASEBAND.
E N D
Researching iphone’s BASEBAND Sem voigtländer (@userlandkernel) Special Thanks to @posixninja
$ whoami • Sem Voigtländer • 19 years, learning code and security since 13 • Software Engineering and Cybersecurity Student • Interested in mobile devices • Non-profit research
WHY BASEBAND • Seperated, own os and bootrom • No direct control / entrypoint, means no ability to verify integrity and security • Radio communication: huge attack vector • Proprietary, blackbox thus likelyhood of vulns is higher • CFW for baseband = prevent ss7 attack with firewall • Consumer freedom, consumers pay it’s their right! • Pwn one and pwn many Storytime!
What is BASEBAND • Chip seperated from main os • Own SecureROM, Own RAM, Own NAND, Own CPU • Used for cellular communication (Calls, Texts, LTE) • Managed by kernel drivers • Radio / Modem can send commands
BASEBAND in 32-bit mobile apple devices • Qualcomm Chip • Supports VoIP LTE calls • 32-bit ARM • Hexagon DSP • Communications via CommCenter and Kernel Extension
BASEBAND Firmware in 32-bit mobile apple devices • Conform Apple’s bundle format • ARM 32-bit ELF binaries • OKL4 Kernel (hypervisor kernel) • Codesigned with ticket and certificates, sha256 signatures
Qualcomm baseband Operating system • OKL4, custom proprietry variant + Linux • Crashes will dump to NVRAM instead of the filesystem • Shared memory devices over busses (HSIC) • Disassembly and symbolication in IDA:DEMO
QUALCOMM FIRMWARE: Parse and load • Image is loaded into internal memory • Internal memory is protected and trusted, only available when device is on • External flash / RAM are untrusted • Image must be authenticatedwithin the trust boundary in internal memory • LOAD ELFHDR PARSE VALIDATE • LOAD PHDR PARSE VALIDATE
QUALCOMM FIRMWARE: Parse and load • Image is loaded into internal memory • Internal memory is protected and trusted, only available when device is on • External flash / RAM are untrusted • Image must be authenticatedwithin the trust boundary in internal memory • LOAD ELFHDR PARSE VALIDATE • LOAD PHDR PARSE VALIDATE • HASHES VALIDATE
QUALCOMM FIRMWARE: Parse and load SECURITY • External load Check destination and size within whitelist • Selfevaluates the arithmic to prevent overflows • Above applies to headers, certificates and other size/offset calculated items.
QUALCOMM FIRMWARE: certificate chain • ITU-T X.509 v3 Format • attestation cert. (optional), attestation CA cert. and root CA cert. • Certs are signed by next cert in chain • SHA-256 hash digest of the Root CA must match value in ROM • Serverside signer can’t revoke auth, root CA signs attestation certs directly and is anchored to ROM on device.
QUALCOMM FIRMWARE: certificate chain • Root CA and attestation CA are similar to SSL certificates • Attestation cert includes additional details in (OU) fields
QUALCOMM FIRMWARE: OU Field (SW_ID) • Binds signature to a particular version of a particular software image • Verification fails if current version is newer than image version Prevent downgrades
QUALCOMM FIRMWARE: OU Field (HW_ID) • Binds signature to a particular device family, model and OEM • Consists of an MSMID (Family), OEM ID (Device ID), MODEL ID
QUALCOMM FIRMWARE: OU Field (DEBUG) • Indicates whether debugging is on or not(2 = disabled)
QUALCOMM FIRMWARE: OU Field (OEM_ID) • Humanreadble value derrived from HW_ID
QUALCOMM FIRMWARE: OU Field (SW_SIZE) • Size of signed data • May consist of hash table header, hash table entries and segments • Not used for validation, informative only
QUALCOMM FIRMWARE: OU Field (SHA256 / SHA1) • Used to define hash algorithm for verification • SHA1 is considered a weakness. • Binary patch this to use sha1 breaks signature, but its a small step
Qualcomm firmware: AMSS • AMMS is the Operating system image • Contains the filesystem (YAFFS) • Contains asserts with absolute paths source code name • ELF binary, easy to parse and analyze.
QUALCOMM FIRMWARE: OSBL • OSBL is the Operating System Bootloader • Generally loaded each time the baseband is being boot up
QUALCOMM FIRMWARE: DBL • DBL is the DLOAD bootloader • DLOAD is a protocol used by Qualcomm for emergency debugging and flashing • Two types of implementations of the protocol: Streaming-DLOAD and DLOAD • Commands can be fuzzed and reversed. • DLOAD mode is on the NOR of the baseband • Crashes will enforce the device into DLOAD-mode
Qualcomm details (iPhone 5) • Baseband version: 9x15A-ACEHRMAZA-139510 (from sbl1) • Build name: Maverick (MAV) • Signed by: MAV-SWID3-RootCA6-DataCenter (Probably a physical signing machine name) • Software ID: 3 • EEPROM: AT24C128BN • NAND: MT29F4G16ABC, MT29F4G08ABC, MT29F2G16ABD, MT29F2G08ABD
Qualcomm details (iPhone 5) • Qualcomm Hexagon DSP 6 Processor • SDK Publicly available: https://developer.qualcomm.com/download/hexagon/hexagon-sdk-v3-3-3-linux.zip
SBL1 Dumping and debugging features!!! • mav_ha5.bin (HSIC A5) • Fmav_ua5.bin (UART A5) • Fmav_hq6.bin (HSIC Q6) • nAmav_nor.bin (NORDUMP) • mav_boot.bin (BOOTDUMP) • nAmav_core_a5.bin (A5 CORE DUMP) • mAmav_core_q6.bin (Q6 CORE DUMP)
SBL2: Sahara mode dload EFS1 Image is loaded EFS2 Image is loaded EFS3 Image is loaded ACDB Image is Loaded APPSBL image is Loaded APPS Image is loaded LPASS Image is loaded
SBL2: Sahara mode dload Q6 Firmeware image is loaded Q6 Software Image is loaded Boot authorization is done Boot checksum is done Ram section for executable code is created (Yep, executable stack) RPM (Power Management Module) is loaded
ANALYZING FIRMWARE • Firmware is not encrypted • Binwalk screws up with extraction, not efficient but still informative • Radare2 is not quite helpful either without the images being extracted • Solution: DIY. ELF images can be parsed. • Why? Binary patching and more specific to the MBN file format. • Offset finder, for later use.
KNOWN VULNERABILITIES IN BASEBAND FIRMWARE • Executable Stack • No Address Space Layout randomization • Buffer overflow through integer overflow in QRTK_writeq() • AT+XLOG stack based overflow
FUZZING THE BASEBAND: LOGS • Logs are saved in iOS and can be synced to a PC via the AFC protocol • Logs do not contain registers, only mention the error code and when the crash occured. • To enable extensive logging call *5005*3424# • Baseband crashes are stored in Baseband NVRAM, nvitem is prohibited. • Any command to get access to NVRAM?
Fuzzing the baseband: FUZZER • Through fuzzing QMI messages (new and complicated procotol profit?) • Through fuzzing SAHARA commands • Through fuzzing SDLOAD commands • Through fuzzing DLOAD commands • Through fuzzing DIAG commands • Through fuzzing AT commands • Through maliciously crafted firmware images (E.G: Negative refs in the ELF header)
FUZZING THE QMI Interface • LIBQMI: https://github.com/freedesktop/libqmi
FUZZING SAHARA (SAH) • LibOpenPST: https://github.com/openpst/libopenpst/tree/master/include/qualcomm
FUZZING SDLOAD • LibOpenPST • https://github.com/openpst/libopenpst/tree/master/include/qualcomm
FUZZING DLOAD • LibOpenPST • https://github.com/openpst/libopenpst/tree/master/include/qualcomm
FUZZING DIAG • LibOpenPST • https://github.com/openpst/libopenpst/tree/master/include/qualcomm
FUZZING AT COMMANDS • Thanks to Qualcomm’s genious security... Here are all the commands: https://kernelprogrammer.com/downloads/qc-at-cmds.pdf • Software Defined Radio? HackRF One + GNU Radio! • Serial (seems disabled or hidden nowadays): • /dev/tty.debug • /dev/tty.wlan-debug
Future developments https://kernelprogrammer.com/ https://github.com/userlandkernel/baseband-research https://github.com/posixninja/DLOADTool https://github.com/posixninja/BBTool https://github.com/posixninja/DBLTool https://github.com/posixninja/iOSUSBEnum
Resources https://developer.qualcomm.com https://osmocom.org https://theiphonewiki.com https://github.com/nst/iOS-Runtime-Headers/tree/master/Frameworks/CoreTelephony.framework https://lightbulbone.com/posts/2013/08/snooping-on-commcenter/ https://github.com/freedesktop/libqmi https://github.com/openpst/libopenpst