The Rise of MBR Rootkits And Bootkits in the Wild

Vbootkit Black Hat dj vu - Stoned again

Mebroot

Stoned Bootkit

Peter Kleissner

Agenda

History Windows Product Activation Development, Installation & Usage Stoned Bootkit Future

Who the hack am I?

Independent Operating System Developer

Hometown Vienna (Austria)

Startup Insecurity Systems (InSec)

About Bootkits

A Bootkit is a Rootkit in the Master Boot Record Introduced by Vipin and Nitin Kumar
A bootkit is a rootkit that is able to load from a master boot record and persist in memory all the way through the transition to protected mode and the startup of the OS. It's a very interesting type of rootkit. Robert Hensing about bootkits

BIOS

Master Boot Record (contains Bootkit)

Bootloader (OS)

Firmware

Malware

Operating System
4

Timeline
2006 Mebroot BOOT KIT 2008 Vista Loader 2010 Stoned Bootkit Tophet Kon-Boot Vbootkit 2.0

TPMkit
Stoned BootRoot Vbootkit

1987

2005

2007

2009

BootRoot Vbootkit Tophet

Windows XP Windows Vista

Black Hat USA 2005 Black Hat Europe 2007 XCon 2008

Vbootkit 2.0
Stoned Bootkit

Windows 7 (x64)
All Windows Systems

Hack In The Box Dubai 2009

Black Hat USA 2009
5

Typical Usage
Stoned Keeping the user happy with text and sound messages :)

Mebroot
Vista Loader Kon-Boot

Stealing your banking data

Spoofing OEM BIOS for Windows Product Activation Bypassing Windows Logon

Stoned Bootkit For forensics and law enforcement agencies & Black Hats

Vbootkit 1+2

Proof of concept

Windows Product Activation

OEM BIOS OEM Certificate

OEM Key

No Internet Activation!

For Windows Vista and 7

Microsoft has a secret arrangement with OEM hardware manufacturers to include a secret additional ACPI table to identify the system as OEM

Acer, ASUS, Dell, Fujitsu Siemens, Gateway, HP, Lenovo, Medion, NEC, Sony, Sotec, Toshiba, MSI, Intel, and others
7

OEM BIOS SLIC Table

The SLIC (Software Licensing Internal Code) table identifies the system as OEM. RSDP XSDT RSDT SLIC

Software Licensing Internal Code

374 bytes

These are some simple ACPI structures:

RSDP XSDT SLIC Root System Description Pointer Extended System Description Table Software Licensing Internal Code 40h:0Eh RSDP + 24 found

The BIOS (= firmware) sets up these tables. So your bootkit can too!
8

SLIC Table
00000000 00000010 00000020 00000030 00000040 00000050 00000060 00000070 00000080 00000090 000000A0 000000B0 000000C0 000000D0 000000E0 000000F0 00000100 00000110 00000120 00000130 00000140 00000150 00000160 00000170 53 4D 61 00 7F AF DC 42 5F 0C DF C4 01 20 53 00 CE BD A5 E0 74 9E BB C3 4C 30 00 24 F6 B4 25 93 5B D2 A5 29 00 20 20 00 05 3B CD 2F 06 42 30 CA 49 37 00 00 C1 9F 1A 86 15 BA 6A C5 00 4D 00 00 FA 99 33 B6 2E 5A FF 66 43 20 00 00 05 68 9C 98 0C 3A C8 6F 00 30 00 00 26 B5 0B CE 1D 7D 84 1B 76 20 00 52 BE 82 E3 E7 AB 69 DC 3F B6 37 00 00 B5 6E 40 53 00 F3 0F 80 01 20 00 53 5C 23 E3 D5 D0 30 45 29 00 20 00 00 43 23 2E F0 71 F8 B5 2E 00 20 00 41 57 EC 66 1B 21 76 D5 6C 00 20 00 51 29 49 C8 09 13 CC 2B 00 00 00 31 63 50 11 D4 DE 94 4D 6D 00 20 00 E9 40 F7 E1 3D 6A D1 B3 01 12 9C 00 A5 40 E0 D7 BF 71 8C 57 00 20 00 A5 1C 97 8B B4 C7 FD C0 47 0C 00 04 8A 5A A5 3A E9 A2 B8 79 00 00 00 CD 13 BC E6 18 C9 22 7A 44 D6 00 00 68 73 98 A4 B5 64 8C 0E 02 57 00 35 16 ED 8F 0F 9E 90 71 45 27 00 00 F3 7F 06 0B 6E D7 05 B6 00 49 00 30 EF FF B6 44 82 BF 44 4C 41 06 01 6E EC C5 EE A4 4C 2F 75 44 4E 00 91 E3 C9 74 23 CB 37 C5 4C 53 02 00 8F E4 80 E2 57 D8 FC ED 45 44 00 B0 BF 4A 8E 10 71 3E EB 20 4C 00 01 06 07 0A 7D B9 85 2E 21 4C 4F 00 9B 17 95 94 64 09 2C 13 20 20 00 00 FA CB FA BE 8C BF 23 95 4C 57 00 C0 2F F4 43 F3 B1 68 15 SLICv....GDELL M07 ...'ASL a.............. .$..RSA1........ ..\Wchn.. h#P@Zs.. %.f... B.:.} _[..!nW .:i0vqdL jEM./.# )o?)lmWy.u! ...........DELL M07 .WINDOW S .............. ......Q50 .&C)@..../ ;n#IJ 3.@..tC /S.=..D#.d t....q.jq. BZ}".7>,h 0.+zqD.. f..

RSA Key 1024 Bit

OEM identifier

Certificate
<?xml version="1.0" encoding="utf-8"?><r:license xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS" licenseId="{e56c50ff-e9fe-461b-a5f2-1573cf933dbf}" xmlns:sx="urn:mpeg:mpeg21:2003:01-RELSX-NS" xmlns:mx="urn:mpeg:mpeg21:2003:01-REL-MX-NS" xmlns:sl="http://www.microsoft.com/DRM/XrML2/SL/v2" xmlns:tm="http://www.microsoft.com/DRM/XrML2/TM/v2"><r:title>OEM Certificate</r:title><r:grant><sl:binding><sl:data Algorithm="msft:rm/algorithm/bios/4.0">kgAAAAAAAgBERUxMICABAAEAf/bBBb5cV2Olimjzbo8G+q+0n2iC I+xQQFpzf+zkB8vcJRqc4+NmEeClmAbFgAr6QpOGmOfVG9TXOqQL7uJ9vl9bFQyr0CHev+m1bqRXuYwM0ro6aTB2lHG iZNdM2IW/36VqyNxF1U2MuIwFL/wuI8QpxW8/KWxtV3kOtnXtIZU=</sl:data></sl:binding><r:possessPrope rty/><sx:propertyUri definition="trustedOem"/></r:grant><r:issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.microsoft.com/xrml/lwc14n"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference><Transforms><Transform Algorithm="urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform"/><Transform Algorithm="http://www.microsoft.com/xrml/lwc14n"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>mylUeSOamDoBwptofZ7FKoCePH k=</DigestValue></Reference></SignedInfo><SignatureValue>OQojHOugcB3VvUc7xRonmHv/DP136N/mKu l3wR7gXg9OgmlSlm2Gjm59QO9xt7LvWDjdNWUNwNudww9+Ay1wjly0fGXRcMBO1rObJgAbGMC7ejtxMETpNZ8Ukzn9n hsnBJAUtzvynXSFqJQvboe45dNN6FBh9uaEj4zPiUKlk2c3B9GwFZi0554cC/tgF7mA8Bb+Hsa7e2jMrRN5KIjxD5di RNZr7XRzH0RLm/S9+sKtl9SkVQ5b3bIZhfAqVJ4hsCFpvyaVKW/XYbc4wOxf6r377ONOQD3NJX4nqELg3S4GCUG7xyK HFL2/QVqygiGr+CRCxJfZxf2feucbSWOgMQ==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modu lus>sotZn+w9juKPf7bMO9rNFriB+10v/t9bo/XWG+rzoDbw/uF4INZ5rGRIitiITY/bI4rANkv4Z5hG/8VxGMbqvqc aXJqnRFda7XAjgm1z9wkgX1R/d2tXLUUUQP0J1XuSbgzR89T/lpnc5q2Cdvy7Gv2pZvAzSeLOponXc8J3zOFr0IUXBG prXKnemVk1iJBFnyQGlWG3UoSpdlF0ichBQwPx/PgoTbcZsA7Gg62BGwPx/uDA3ZgwowrPlRwfLVAO6qE9xPJqRZdRF fPHbdQjp1YAq27wc6cTz5sPSTB1pJ4L9MD+NpvHj2OMZV5+LJ+bxZbTqhPcrzCp7ckkyD7Hzw==</Modulus><Expon ent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><r:details><r:timeOfIssue >2006-03-16T20:17:30Z</r:timeOfIssue></r:details></r:issuer><r:otherInfo xmlns:r="urn:mpeg:mpeg21:2003:01-REL-R-NS"><tm:infoTables xmlns:tm="http://www.microsoft.com/DRM/XrML2/TM/v2"><tm:infoList tag="#global"><tm:infoStr name="applicationId">{55c92734-d682-4d71-983e-d6ec3f16059f}</tm:infoStr><tm:infoStr name="licenseCategory">msft:sl/PPD</tm:infoStr><tm:infoStr name="licenseType">msft:sl/OEMCERT</tm:infoStr><tm:infoStr name="licenseVersion">2.0</tm:infoStr><tm:infoStr name="licensorUrl">http://licensing.microsoft.com</tm:infoStr></tm:infoList></tm:infoTables ></r:otherInfo></r:license>

Install it: cscript %windir%\system32\slmgr.vbs -ilc Dell.xrm-ms

10

SLP OEM Key

Install System-Locked Preinstallation master product key:
slmgr -ipk 223PV-8KCX6-F9KJX-3W2R7-BB2FH

Disclaimer: Informational purposes only

11

The dynamic injection vs. the persistent way

12

Microsoft against activation exploits

13

Installation

1. Physical Access
Live CD, writing it raw to the hard disk,

2. Administrator Rights (Infector in Windows) Elevate the rights at runtime using ShellExecute() or via a manifest
Use some exploit
14

Elevated Administrator Rights

Application Manifest (embedded into executable)

<requestedPrivileges> <requestedExecutionLevel level=asInvoker uiAccess=true/> </requestedPrivileges>

ShellExecute() at runtime
HINSTANCE ShellExecute( HWND hwnd, LPCTSTR lpOperation = runas, () );

Create a small loader that tries ShellExecute() until the user clicks Yes on Consent UI
15

Environment

Real Mode (old school)

cs:ip = 0000h:7C00h 16 bit!
Directly loaded by the BIOS Must be programmed in assembly language low-level

The bootkit must be able to be memory persistent. It is OS independent but attacks specific operating systems.
16

Bypassing Full Volume Encryption

Windows I/O Request Hook! Call (unencrypted request) Volume Encryption

(encrypted request) jmp 0000h:BACKh

BIOS Disk Services A double forward for intercepting the encrypted and decrypted disk I/O. Does not modify the decryption software (it is independent)!

17

Owning Operating Systems from the boot

Stoned MBR
Bootkit Real Mode Relocates the code to the end of memory (4 KB), hooks interrupt 13h and patches code integrity verification Patches image verification and hooks NT kernel

Interrupt 13h handler

Bootkit Protected Mode

Kernel Code

NT kernel base address and PsLoadedModuleList are used for resolving own imports
Loads, relocates, resolves, executes all drivers in the list

Driver Code

Boot file loading routine

PE Loader
Subsystem

PE-image relocation & resolving

Core functions for the Stoned Subsystem installed in Windows

Init system

Payload

Kernel drivers Applications using the subsystem

Payload
18

Windows Boot Process

BIOS Master Boot Record
OS Loader

Partition Bootloader
winload.exe

ntldr / bootmgr NT kernel

Ntldr = 16-bit stub + OS Loader (just binary appended) Windows Vista splits up ntldr into bootmgr, winload.exe and winresume.exe
Windows XP ntldr OS Loader Windows Vista bootmgr OS Loader Processor Environment Real Mode Protected Mode

NT kernel

winload.exe
NT kernel

Protected Mode
Protected Mode + Paging
19

Not only on-the-fly attacks

For example Hibernation File Attack

Owning the system before it has started

20

Signatures The magic behind

Signatures against operating system files ensure that

1. The bootkit stays undetected 2. The bootkit gets executed They are all assembly code instructions.
Bypass NT Loader code integrity verification
+ 83 C4 02 E9 00 00 E9 FD FF Windows XP in NTLDR at +1C81h 00021c6e: 00021c71: 00021c74: 00021c77: call .+0x0c1e/+0x0c39 add sp, 0x0002 jmp .+0x0000 jmp .+0xfffd ; ; ; ; e8390c 83c402 e90000 e9fdff -> -> -> -> nop, nop, nop add sp, 0x0002 jmp .+0x0000 jmp .+0x0000
21

Solutions to close out bootkits

Use the Trusted Platform Module in connection with full volume encryption Full volume encryption software should: 1. Secure its own software 2. Disable MBR overwrite in Windows 3. Make MBR genuine verifications
Consider the attacking vector, do not excuse with policies (physical security)
22

Bootkits for law enforcement agencies

Might become interesting for LAEs:

Install a trojan even if the hard disk is fully encrypted Undetectable, bootkit starts first and can hide itself Owns the whole system (full access) Physical access required

23

Stoned.. Again!

Attacks:
Windows Windows Windows Windows Windows Windows 2000 XP Server 2003 Vista Server 2008 7

Main targets:
Pwning all Windows systems from the boot

Being able to bypass code integrity verifications & signed code checks
Creating the most sophisticated bootkit

TrueCrypt DiskCryptor

Much more features in the future! Your PC is now Stoned!

Your PC is now Stoned! ..again

(1987)
(2010)
24

Architecture of Stoned
Address 0000 Size 440 Description Code Area

01B8
01BE 01FE

6
4*16 2

Microsoft Disk Signature

IBM Partition Table Signature, 0AA55h

0200
7A00 7C00

512 512

Stoned Kernel Modules

Stoned Plugins Backup of Original Bootloader Configuration Area

Master Boot Record

-

File System

Modularized Master Boot Record Boot Applications Plugins Proof of concept payload (cmd.exe privilege escalation)
25

Time for a live demonstration!

With Stoned v2 Infector (Live CD)

Based on Windows PE Infects any drive

26

Example Plugin: CO2 Plugin

Save The Environment!

Throttling CPU speed down to 80% Normal user should not take any notice but our earth does :) Using the Advanced Configuration Programming Interface

Using open source Throttle source code

27

Not only malicious purposes

Using Stoned Bootkit to execute Sinowal and extract the unpacked kernel driver
1. Tracing the memory by hooking the exports for ExAllocatePool() and ExFreePool() using the installed Stoned Subsystem 2. Writing it out to disk for further analysis

(Unpacked Sinowal kernel driver, here you see commands & domain name generation strings)
28

Future Outlook

Totally operating system independency Linux support Support for 64-bit Windows systems

Defeating Trusted Platform Module (for my next presentation)

29

References
[1] Your Computer is Now Stoned (...Again!): The Rise of MBR Rootkits Elia Florio (Symantec) and Kimmo Kasslin (F-Secure) http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/your_computer_is_now_stoned.pdf VBootkit vs. Bitlocker in TPM mode Robert Hensing's Blog http://blogs.technet.com/robert_hensing/archive/2007/04/05/vbootkit-vs-bitlocker-in-tpm-mode.aspx An Analysis of the Windows PE Checksum Algorithm Jeffrey Walton http://www.codeproject.com/KB/cpp/PEChecksum.aspx Analysis of Sinowal Paul Kleissner =) loof http://web17.webbpro.de/index.php?page=analysis-of-sinowal Mebroot Source Code http://web17.webbpro.de/downloads/Sinowal%20Article/Sinowal%20Source%20Code.zip Anti-Sinowal strategies and Sinowal Bootkit Extractor www.bootkitanalytics.com

[2]

[3]

[4]

[5]

[6]

[7]

Stoned Bootkit Project Site www.stoned-vienna.com

Improved Way to Add SLIC (SLP 2.0) Table into BIOS ACPI to Activate Windows Vista OEM http://www.betalog.com/read.php/152.htm

[8]

30

Thanks for your attention!

The Rise of MBR Rootkits & Bootkits in the Wild Presentation materials: Contact: Questions? Comments?
zZ

www.stoned-vienna.com Peter@Kleissner.at
zzZZZ zzZ zZ
stupid TrueCrypt

And have a good night =), Peter Kleissner

31