Defeating x64: Modern Trends of Kernel-Mode Rootkits

Defeating x64: Modern Trends of Kernel-Mode Rootkits

Defeating x64:
Modern Trends of Kernel-Mode Rootkits
Aleksandr Matrosov
Eugene Rodionov
Who we are?
 Malware researchers at ESET
- rootkits analysis
- development of cleaning tools
- tracking new rootkit techniques
- investigation of cybercrime groups
http://www.joineset.com/
Agenda
 Evolution of payloads and rootkits
 Bypassing code integrity checks
 Attacking Windows Bootloader
 Modern Bootkit details:
 Win64/Olmarik
 Win64/Rovnix
 How to debug bootkit with Bochs emulator
 HiddenFsReader as a forensic tool
Evolution of Rootkits
Evolution of Rootkit Installation
exploit
payload
dropper
rootkit
Evolution of Rootkit Installation
Malicious
Web-site
Exploit
Vulnerability
Execute
Payload
Bypass
ASLR/DEP
Download
Rootkit
Kernel-Mode
Exploit
Escape
Sandbox
Escalate
Local Privilege
Install Rootkit
Evolution of Rootkit Features
x86
bypassing HIPS/AV
self-defense
privilege escalation
surviving reboot
installing rootkit
driver
injecting payload
Kernel mode
Rootkit
User mode
Dropper
Evolution of Rootkit Features
x86
x64
Dropper
Rootkit
Rootkit
bypassing HIPS/AV
self-defense
self-defense
privilege escalation
surviving
surviving reboot
reboot
bypassing signature
injecting
payload
check
Rootkit
bypassing
MS PatchGuard
Kernel mode
User mode
installing rootkit
driver
injecting payload
Obstacles for 64-bit Rootkits
o Kernel-Mode Code Signing Policy:
 It is “difficult” to load unsigned kernel-mode driver
o Kernel-Mode Patch Protection (Patch Guard):
 SSDT (System Service Dispatch Table)
 IDT (Interrupt Descriptor Table)
 GDT ( Global Descriptor Table)
 MSRs (Model Specific Registers)
Bypassing Code Integrity Checks
Types of Integrity Checks
o PnP Device Installation Signing Requirements
o Kernel-Mode Code Signing Policy
Enforced on 64-bit version of Windows Vista and later
versions
Boot-start driver
Non boot-start PnP driver
Non boot-start, non-PnP
driver
64-bit Windows Vista and
later
32-bit Windows Vista
and later






(except stream protected media
drivers)
Subverting KMCSP
o Abusing vulnerable signed legitimate kernel-mode
driver
o Switching off kernel-mode code signing checks by
altering BCD data:
abusing WinPe Mode
disabling signing check
enabling test signing
o Patching Bootmgr and OS loader
Bypassing Integrity Checks
Bypassing Integrity Check Techniques
USER-MODE
TESTSIGNING ON
DISABLE INTEGRITY CHECKS
KERNEL-MODE
System Boot Modification
MBR
(Master Boot Record)
VBR
(Volume Boot Record)
Attacking Windows Bootloader
Boot Process
BIOS
Initialization
MBR
Boot
Loader
Full Kernel
Initialization
First
User-Mode
Process
Early Kernel
Initialization
BIOS Services
Hardware
Kernel Services
Boot Process of Windows OS
real mode
real mode
Load MBR
Load MBR
real mode
Load VBR
real mode
Load VBR
real mode/
protected mode
Load
bootmgr
Load ntldr
Load
winload.exe or
winresume.exe
Load kernel
and boot
start drivers
Boot Process of pre
Windows Vista OS
MBR – Master Boot Record
VBR – Volume Boot Record
real mode/
protected mode
Boot Process of post
Windows Vista OS
real mode/
protected mode
Load kernel
and boot
start drivers
Boot Process with Bootkit Infection
load malicious
MBR/VBR
NT kernel
modifications
load rootkit
driver
Code Integrity Check
OS kernel
Bootmgr
OS loader
OS kernel
dependencies
Boot-start
drivers
Non boot-start
kernel-mode drivers
Evolution of Bootkits
o Bootkit PoC evolution:
o Bootkit Threats evolution:
 eEye Bootroot (2005)
 Win32/Mebroot (2007)
 Vbootkit (2007)
 Win32/Mebratix (2008)
 Vbootkit v2 (2009)
 Win32/Mebroot v2 (2009)
 Stoned Bootkit (2009)
 Win64/Olmarik (2010/11)
 Evilcore x64 (2011)
 Win64/Rovnix (2011)
Win64/Olmarik
Installation on x86 vs. x64
TDL4 Installation on x86
fail
WinXP
Fail
install
Check OS
version
fail
Adjust
SeLoadDriver
privilege
Copy itself into
PrintProcessor
director
Vista/Win7
Exploitation
MS10-092
success
success
Set IMAGE_FILE_DLL
flag in the PE header
Copy itself into
%TMP% directory
Call
AddPrintProvidorW
API
Create
manifest requesting
admin privilege
Call
DeletePrintProvidorW
API
Call
ShellExecute
TDL4 Installation on x64
Prepare hidden FS
image
Write FS image,
patch MBR and Adjust
SE_SHUTDOWN_PRIVILEGE
fail
success
Exploitation
MS10-092
fail
Call
ZwRaiseHardError
to create BSOD
Copy itself into
%TMP% directory
Restart
Dropper
Create
manifest requesting
admin privilege
success
success
Call
ShellExecute
Report to C&C
fail
Boot Configuration Data (BCD)
BCD
BCD
Object1
BCD
Element1
BCD Object
BCD
Element2
BCD
Object2
BCD
Element3
Inheritable
Windows boot
manager
Application
Windows boot
loader
Device
Ntldr
BCD Elements determining KMCSP
(before KB2506014)
BCD option
Description
BcdLibraryBoolean_DisableIntegrityCheck
(0x16000020)
disables kernel-mode code integrity
checks
BcdOSLoaderBoolean_WinPEMode
(0x26000022)
instructs kernel to be loaded in
preinstallation mode, disabling
kernel-mode code integrity checks
as a byproduct
BcdLibraryBoolean_AllowPrereleaseSignatures
(0x16000049)
enables test signing
BCD Elements determining KMCSP
(before KB2506014)
BCD option
Description
BcdLibraryBoolean_DisableIntegrityCheck
(0x16000020)
disables kernel-mode code integrity
checks
BcdOSLoaderBoolean_WinPEMode
(0x26000022)
instructs kernel to be loaded in
preinstallation mode, disabling
kernel-mode code integrity checks
as a byproduct
BcdLibraryBoolean_AllowPrereleaseSignatures
(0x16000049)
enables test signing
Abusing Win PE mode: TDL4 modules
Module name
Description
mbr (infected)
infected MBR loads ldr16 module and restores original
MBR in memory
ldr16
hooks 13h interrupt to disable KMCSP and substitute
kdcom.dll with ldr32 or ldr64
ldr32
reads TDL4’s kernel-mode driver from hidden file
system and maps it into kernel-mode address space
ldr64
implementation of ldr32 module functionality for 64-bit
OS
int 13h – service provided by BIOS to communicate with IDE HDD controller
Abusing Win PE mode: Workflow
Continue kernel
initialization
Load infected MBR
Infected mbr is
loaded
and executed
Load “ldr16” from
hidden file system
“ldr16” is
loaded
and executed
Hook BIOS int 13h
handler and
restore original
MBR
Original mbr is
loaded
and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load ”drv32”
or “drv64"
substitute
kdcom.dll
with”ldr32”
or “ldr64"
distrort
/MININT option
Load winload.exe
Load VBR
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr
read bcd
Bootmgr is loaded
and executed
Abusing Win PE mode: Workflow
Continue kernel
initialization
Load infected MBR
Infected mbr is
loaded
and executed
Load “ldr16” from
hidden file system
“ldr16” is
loaded
and executed
Hook BIOS int 13h
handler and
restore original
MBR
Original mbr is
loaded
and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load ”drv32”
or “drv64"
substitute
kdcom.dll
with”ldr32”
or “ldr64"
distrort
/MININT option
Load winload.exe
Load VBR
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr
read bcd
Bootmgr is loaded
and executed
Abusing Win PE mode: Workflow
Continue kernel
initialization
Load infected MBR
Infected mbr is
loaded
and executed
Load “ldr16” from
hidden file system
“ldr16” is
loaded
and executed
Hook BIOS int 13h
handler and
restore original
MBR
Original mbr is
loaded
and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load ”drv32”
or “drv64"
substitute
kdcom.dll
with”ldr32”
or “ldr64"
distrort
/MININT option
Load winload.exe
Load VBR
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr
read bcd
Bootmgr is loaded
and executed
Abusing Win PE mode: Workflow
Continue kernel
initialization
Load infected MBR
Infected mbr is
loaded
and executed
Load “ldr16” from
hidden file system
“ldr16” is
loaded
and executed
Hook BIOS int 13h
handler and
restore original
MBR
Original mbr is
loaded
and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load ”drv32”
or “drv64"
substitute
kdcom.dll
with”ldr32”
or “ldr64"
distrort
/MININT option
Load winload.exe
Load VBR
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr
read bcd
Bootmgr is loaded
and executed
Abusing Win PE mode: Workflow
Continue kernel
initialization
Load infected MBR
Infected mbr is
loaded
and executed
Load “ldr16” from
hidden file system
“ldr16” is
loaded
and executed
Hook BIOS int 13h
handler and
restore original
MBR
Original mbr is
loaded
and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load ”drv32”
or “drv64"
substitute
kdcom.dll
with”ldr32”
or “ldr64"
distrort
/MININT option
Load winload.exe
Load VBR
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr
read bcd
Bootmgr is loaded
and executed
MS Patch (KB2506014)
o BcdOsLoaderBoolean_WinPEMode option no longer
influences kernel-mode code signing policy
o Size of the export directory of kdcom.dll has been
changed
MS Patch (KB2506014)
o BcdOsLoaderBoolean_WinPEMode option no longer
influences kernel-mode code signing policy
o Size of the export directory of kdcom.dll has been
changed
MS Patch (KB2506014)
o BcdOsLoaderBoolean_WinPEMode option no longer
influences kernel-mode code signing policy
o Size of the export directory of kdcom.dll has been
changed
Bypassing KMCSP: Another Attempt
Patch Bootmgr and OS loader (winload.exe) to disable
KMCSP:
Bypassing KMCSP: Another Attempt
Patch Bootmgr and OS loader (winload.exe) to disable
KMCSP:
Bypassing KMCSP: Result
Bootmgr fails to verify OS loader’s integrity
Bypassing KMCSP: Result
Bootmgr fails to verify OS loader’s integrity
TDL4 Hidden File Systems
TDL’s Hidden Storage
o Reserve space in the end of the hard drive (not visible
at file system level analysis)
o Encrypted contents (stream cipher: RC4, XOR-ing)
o Implemented as a hidden volume in the system
o Can be accessed by standard APIs (CreateFile,
ReadFile, WriteFile, SetFilePointer, CloseHandle)
One
sector
Variable length
Infected MBR
TDL4 File System Layout
Disk partitions
Not more than 8 Mb
TDL4 Hidden FS
Growth direction
One
sector
Debugging Bootkit with WinDbg
WinDbg and kdcom.dll
KdDebuggerInitialize
RETURN_STATUS
Data packet
KdSendPacket
RETURN_CONTROL
Data Packet
KdReceivePacket
KD_RECV_CODE_OK
TDL4 and kdcom.dll
TDL4 and kdcom.dll
How to Debug TDL4 with WinDbg
o Patch ldr16 to disable kdcom.dll
substitution
o Reboot the system and attach to it with
WinDbg
o Manually load drv32/drv64
“TDL4 Analysis Paper: a brief introduction and How to Debug It”, Andrea Allievi
http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf
Debugging Bootkits with Bochs
•DEMO
http://www.youtube.com/watch?v=sT6N7Dr-G6s
Win64/Rovnix
Win64/Rovnix: Installation
Check if
already
infected
success
Check OS
Version
Windows XP
Windows 2000
Vista/Win7
fail
success
Check Admin
Privileges
fail
Determine OS
Digit Capacity
Install Corresponding
Kernel-mode Driver
Call ShellExecuteEx
API with “runas”
Overwrite Bootstrap
Code of Active Partition
Self Delete and Exit
Initiate System Reboot
Win64/Rovnix: Bootkit Overview
real mode
Load MBR
real mode
Load VBR
Load
bootstrap
code
Target of
Win64\Rovnix
real mode/
protected mode
Load
bootmgr
real mode/
protected mode
Load
winload.exe or
winresume.exe
real mode/
protected mode
Load kernel
and boot
start drivers
NTFS Bootstrap Code
NTFS Boot Sector (Volume Boot Record)
JMP
OEM
ID
BIOS
Parameter
Block (BPB)
Extended
BPB (EBPB)
Boot
Code
Signature
[3 b]
[8 b]
[25 b]
[48 b]
[426 b]
[2 b]
NTFS Bootstrap Code
Win64/Rovnix: Infected Partition Layout
o Win64/Rovnix overwrites bootstrap code of the
active partition
o The malicious driver is written either:
 before active partition, in case there is enough space
 in the end of the hard drive, otherwise
MBR
VBR
Bootstrap Code
File System Data
Before Infecting
After Infecting
Compressed
Data
MBR VBR
Malicious
Code
Bootstrap
Code
NTFS bootstrap code
(15 sectors)
File System Data
Malicious
Unsigned
Driver
Win64/Rovnix: Bootkit Details
Continue kernel
initialization
Load MBR
MBR is
loaded
and executed
Map malicious driver into
kernel-mode address space
Load ntoskrnl.exe,
hal.dll,kdcom.dll,b
ootvid.dll ant etc
Load VBR
VBR is loaded
and executed
Hook
BlImgAllocateImageBuffer
Load malicious
bootstrap code
Load winload.exe
Malicious bootstrap
code is
loaded and executed
Hook BIOS int 13h
handler and
restore original
bootstrap code
Bootloader parameters
are read from BCD
Read BCD
Original bootstrap
code is restored
Load bootmgr
Patch bootmgr
Bootmgr is loaded
and receives control
Restore bootmgr,
hook int1 handler and
copy itself over IDT
Win64/Rovnix: Loading Unsigned Driver
o Insert malicious driver in BootDriverList of
KeLoaderBlock structure
o When kernel receives control it calls entry point of
each module in the BootDriverList
KeLoaderBlock
Malicious
Driver
Ntoskrnl.exe
Win64/Rovnix: Abusing Debugging Facilities
Win64/Rovnix:
o hooks Int 1h
 tracing
 handles hardware breakpoints (DR0-DR7)
o overwrites the last half of IDT (Interrupt Descriptor Table)
 is not used by OS
As a result the malware is able to:
 set up hooks without patching bootloader components
 retain control after switching into protected mode
Win64/Rovnix: Abusing Debugging Facilities
Win64/Rovnix:
o hooks Int 1h
 tracing
 handles hardware breakpoints (DR0-DR7)
o overwrites the last half of IDT (Interrupt Descriptor Table)
 is not used by OS
As a result the malware is able to:
 set up hooks without patching bootloader components
 retain control after switching into protected mode
•DEMO
Olmarik vs Rovnix
Characteristics
Win64/Olmarik
Win64/Rovnix
MS10-092

ZwRaiseHardError API
ExitWindowsEx API
MBR
VBR (bootstrap code)
ZwCreateDriver API
Inserting into boot driver list
of KeLoaderBlock structure
KeInitializeApc/
KeInstertQueueApc APIs
KeInitializeApc/
KeInstertQueueApc APIs
Kernel-mode hooks,
MBR monitoring

10
2
Stability of code


Threat complexity


Privilege escalation
Reboot technique
MBR/VBR infection
Loading driver
Payload injection
Self-defense
Number of modules
What Facilitates the Attack Vector?
o Untrusted platform problem
 BIOS controls boot process, but who controls it?
 The trust anchor is below point of attack
Point of
Attack
OS kernel
Pre boot
firmware
Bootmgr
OS loader
OS kernel
dependencies
Boot-start
drivers
Non boot-start
kernel-mode drivers
HiddenFsReader as a Forensic Tool
HiddenFsReader as a Forensic Tool
Retrieves content of the malware hidden file system.
Supported malware: TDL3/TDL3+,TDL4;
ZeroAccess (will be added soon)
•DEMO
http://www.youtube.com/watch?v=iRpp6vn2DAE
HiddenFsReader (HFR) Architecture
HiddenFileReader
HiddenFsRecognizer
HiddenFsDecryptor
User mode
Kernel mode
SelfDefenceDisabler
LowLevelHddReader
Conclusion
 The bootkit technique allows malware to bypass KMCSP
 Return to old-school techniques of infecting MBR
 Win64/Olmarik (TDL4) is the first widely spread rootkit
targeting Win x64
 Win64/Rovnix relies on debugging facilities of the platform
to subvert KMCSP
 The only possible way of debugging bootkits is to use
emulators (Bochs, QEMU)
 The untrusted platform facilitates bootkit techniques
 HiddenFsReader is shared amongst malware researchers
References
 “The Evolution of TDL: Conquering x64”
http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf
 “Defeating x64: The Evolution of the TDL Rootkit”
http://www.eset.com/us/resources/white-papers/TDL4-CONFidence-2011.pdf
 “Hasta La Vista, Bootkit: Exploiting the VBR”
http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr
 Follow ESET Threat Blog
http://blog.eset.com
Questions
Thank you for your attention ;)
Aleksandr Matrosov
matrosov@eset.sk
@matrosov
Eugene Rodionov
rodionov@eset.sk
@vxradius