Tesla Codeblue
Tesla Codeblue
David BERARD
Offensive security
SECURITY EXPERT
@_p0ly_ 150 Experts
Pentest, Reverse Engineering, Development,
Incident Response
Pwn2Own 2022
Timeline
GTW PC died
Bluetooth Exploit P2O
A useless on the plane
Vulnerabilities
& exploit Vulnerabilities service Event
Buy a new one
in Vancouver
Dec 2022 Mid Feb 2023 8 mar 2023 22-23 mar 2023
20 mar 2023
Actuators
ECU 1 ECU 2
Sensors
CAN 1
Infotainment Security
Gateway CAN N
Actuators
ECU 3
Connectivity Sensors
components
Model 3 – Infotainment
Hardware
6
WiFi/BT
CANs
Hardware setup
7
Lab
1
3
bsa_server process
Firmwares update
Linux Userland app
Voice call
Display received SMS on the infotainment screen
Play music
Play music from a phone using Bluetooth standards
(supported by smartphones)
Spotify
Play music from a phone using Spotify
Bluetooth classic
10
SPP MAP
GATT
AVRCP SDP
PAN AVDTP
HID
L2CAP
RFCOMM SYNC All these acronyms are real
DUN
HCI OBEX Bluetooth protocols / profiles
BNEP HFP
FTP And there are much more…
Bluetooth classic
Attack surface on Tesla car
11
L2CAP
Audio/Video Remote Control Profile (AVRCP)
HCI Audio controls (play/stop, playlist management, …)
Hardware / RF
Basic Imaging (BIP)
Allows to transfer the Cover Art image
Bluetooth stack
12
UART
Wifi / BT UART
subsystem
TTY chardev Qtcar-
bsa_server btd
Chip UNIX DBUS
bluetooth
HCI
Debug symbols
Similar binary with debug symbols found on Github
Vulnerability research
14
ddbaddba ddbaddba
Code execution
18
Arbitrary
Main loop
write
Application Arbitrary
Fake timer Stack Pivot ROP
timer queue Call
Shellcode
Injected C program (stage1)
All addresses are located in the binary (globals, gadgets) (Small)
so they are already known
The end ?
19
Infotainment
• bsa_server communicates with Bluetooth
chipset through HCI protocol
bsa_server process
• Vendor specific commands are used to
Stage1 payload initialize the chipset (i.e. load Bluetooth
firmware patches)
Linux Userland
• At least HCI_BRCM_WRITE_RAM and
HCI_BRCM_SUPER_PEEK_POKE
HCI
Infotainment
• Bluetooth firmware and WiFi firmware share
some memory regions
bsa_server process
• WiFi firmware RAM code is mapped at
Stage1 payload address 0x500000 in the Bluetooth part
Bluetooth Firmware WiFi Firmware • WiFi Firmware Idle task is patched to jump on
Shared
WIFI/BTmemory Stage2 payload
CHIP BCM4359 the injected code: stage2
LPE
22
Infotainment
• WiFi part of the chipset uses PCIe to
bsa_server process
communicate with the main processor
- DMA
Stage1 payload - Mailbox
PCIe
• Stage2 can write out of bound after the ioremap TCM region by setting d2h_r_idx_ptr to a value bigger
than the TCM size
write
LPE
26
• Thanks to a big buffer allocated by the GPU driver, the offset (from TCM) of a process kernel stack is fixed
• Stage2 (payload in WiFi firmware) can patch a process kernel stack of a child of Stage1 (payload in
bsa_server) blocked in clock_nanosleep
Fixed offset
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
do_fork
TCM ioremap buffer i915_ggtt_init_hw
0x20007000
write
KASLR bypass
27
0xffffffffbf000000
ffffffffb0900000 179
ffffffffb0a00000 138
Similar side-channel issue ffffffffb0b00000 136
Prefetch times differ ffffffffb0c00000 44 🤔
…
ffffffffb1300000 179
LPE
28
ROP chain
Strategy
End of a kernel process stack
Pivot
0xffffc90024007f50 │ 75 00 a0 81 ff ff ff ff 44 44 44 44 44 44 44 44 │ 1. Replace Return address by a RET gadget address
0xffffc90024007f60 │ 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 │
0xffffc90024007f70 │ 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 │
(that is executed when the clock_nanosleep
0xffffc90024007f80 │ 44 44 44 44 44 44 44 44 42 02 00 00 00 00 00 00 │ syscall ends)
0xffffc90024007f90 │ 00 00 00 00 00 00 00 00 44 44 44 44 44 44 44 44 │ 2. Use saved register as a first ROP chain
0xffffc90024007fa0 │ 44 44 44 44 44 44 44 44 da ff ff ff ff ff ff ff │
0xffffc90024007fb0 │ b1 d2 23 92 c0 55 00 00 c0 ed 63 db ff 7f 00 00 │
0xffffc90024007fc0 │ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │ Ropchain 1 (in saved registers)
0xffffc90024007fd0 │ e6 00 00 00 00 00 00 00 b1 d2 23 92 c0 55 00 00 │
0xffffc90024007fe0 │ 33 00 00 00 00 00 00 00 42 02 00 00 00 00 00 00 │ 1. Jump in copy_from_user to fill the Kernel process
0xffffc90024007ff0 │ 80 ec 63 db ff 7f 00 00 2b 00 00 00 00 00 00 00 │ stack with a second ROP chain
Ropchain 2
Last return address
Some controllable saved task registers (used to restore register values)
1. Jump in copy_from_user to override poweroff_cmd
string in the kernel memory with the command we
want to start
2. Call poweroff_work_func to start the command as
root with User Mode Helper Linux subsystem
3. Call do_exit to end the task properly
LPE
29
Infotainment
Linux Userland
BCMDHD driver
Linux Kernel
Linux Userland
BCMDHD driver
Linux Kernel
• GTW uses fixed addresses (no ASLR, code is in the internal flash)
• Logic TOCTOU bug inside the update mode => 100% stable
GTW
34
XFER UPDATE.IMG TCP xfer (port 1050) Firmware main Write on SDCARD
App
REBOOT_FOR_UPDATE UDP_API (port 3500) (ROM)
REBOOT
Update mode
(RAM)
GTW
35
Update mode
(RAM) Read
Phase 2
Apply without verify
Temp files
WRITE
/deploy (ECU_ID)
CAN
Internal ROM ECUs
GTW
36
TFTP Server
FETCH 1
FETCH 2
APPLY 1
Update mode
FETCH 3
(RAM) Update mode
APPLY 2
Phase 1 (RAM)
Fetch & verify Phase 2
FETCH 4 Apply without verify
/deploy APPLY 3
APPLY 4
GTW
37
BUG
• Update mode can be forced to fetch two times the same ECU update
• The first time if the file has a good signature the update is scheduled to be
applied, and the file is saved on the SDCARD
• The second fetch overrides the file on the SDCARD, if the signature is invalid
the first one is still scheduled, and the bad temporary file is not removed
• When applying updates, the signature is not re-checked, so the badly signed file
is applied
• This bypasses the signature check, and allows an attacker to apply arbitrary
updates, and can be used to gain code execution on the security gateway
GTW
38
Secure boot
Security Gateway
• Bootloader verifies next stages
Secure boot
Security Gateway
• Bootloader patch
Linux Userland
BCMDHD driver
Linux Kernel
Tesla Response
• Security GTW
• Now moves files with a specific name when signature is
correct
• Manifest is now signed
• If a signature check fails, the file is deleted for the SDcard
Pwn2Own 2023
42
Synacktiv was Master Of Pwn for the second time with many entries
(Windows/macOS/Ubuntu/VirtualBox/Tesla)
First Tier 2 entry ever (could have been a Tier 1 but we had chosen
to split RCE+LPE and Gateway entries)
Conclusion 43
Was fun
www.linkedin.com/company/synacktiv
www.twitter.com/synacktiv
www.synacktiv.com