Search the Community
Showing results for tags 'arm'.
-
Escalating Privileges in Linux using Voltage Fault Injection
u0m3 posted a topic in Stiri securitate
Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS. Link: https://www.riscure.com/publication/escalating-privileges-linux-using-fault-injection/-
- 2
-
- fault injection
- arm
-
(and 1 more)
Tagged with:
-
We’re always on the lookout for and interesting ARM hardware for Kali Linux. Whether it’s a Galaxy Note or a USB stick sized SS808, we want to see Kali run on it. You can therefore imagine our excitement, when we first laid our eyes on the Utilite pro. Utilite Pro is a quad core ARM cortex-A9 machine with up to 4 GB of RAM, up to 512 GB mSATA SSD, HDMI and DVI-D output, dual (2x) 1GB nics, a built in wireless card and 4 USB ports. And its fanless. With those type of specs, this little beauty was unlikely to skip our radars. We wanted Kali Linux on that baby, real bad. We took this opportunity to create and publish the Offensive Security Kali Linux contributed ARM images, and thought we’d demonstrate the use of these scripts, and show you how to get Kali linux on the Utilite Pro. From there, the options are endless. The Utilite Pro came with Ubuntu preinstalled. The first thing we wanted to do, is update the machines uBoot bootloader image, to allow for support of 1.8V microSD cards. root@utilite:~# apt-get install mtd-utils root@utilite:~# git clone https://github.com/offensive-security/kali-uboot-images.git uboot root@utilite:~/uboot# ./cm-fx6-bootloader-update.sh CompuLab CM-FX6 (Utilite) boot loader update utility 1.1 (Nov 25 2013) >> Checking for utilities... >> ...Done >> Board CPU: mx6q >> Board DRAM: 2gb >> Looking for boot loader image file: cm-fx6-u-boot-mx6q-2gb >> ...Found >> Looking for SPI flash: mtd0 >> ...Found >> Current U-Boot version in SPI flash: U-Boot 2009.08-cm-fx6-0.87+tools (Oct 06 2013 - 13:46:27) >> New U-Boot version in file: (248K) >> Proceed with the update? 1) Yes 2) No #? Yes ** Do not power off or reset your computer!!! >> Erasing SPI flash... Erasing 4 Kibyte @ bf000 -- 100 % complete >> ...Done >> Writing boot loader to the SPI flash... ........... >> ...Done >> Checking boot loader in the SPI flash... . >> ...Done >> Boot loader update succeeded! root@utilite:~/uboot# Once that was done, we whipped out our Offensive Security Trusted Contributed ARM image scripts, and let our Utilite image builder script loose. On a separate 32 bit Kali Linux machine, we set up all the pre-requisites to build our ARM image, and make sure we have at least 10GB of free space. We start with downloading and setting up the ARM cross compiler and the build scripts: root@builder:~# git clone https://github.com/offensive-security/kali-arm-build-scripts.git Cloning into 'kali-arm-build-scripts'... remote: Counting objects: 95, done. remote: Compressing objects: 100% (57/57), done. remote: Total 95 (delta 62), reused 70 (delta 37) Unpacking objects: 100% (95/95), done. root@builder:~# git clone https://github.com/offensive-security/gcc-arm-linux-gnueabihf-4.7.git Cloning into 'gcc-arm-linux-gnueabihf-4.7'... remote: Counting objects: 5839, done. remote: Compressing objects: 100% (3105/3105), done. remote: Total 5839 (delta 2559), reused 5837 (delta 2559) Receiving objects: 100% (5839/5839), 74.64 MiB | 3.38 MiB/s, done. Resolving deltas: 100% (2559/2559), done. root@builder:~# Once that’s done, we next run the build-deps scripts, which will install all the dependencies required for the build: root@builder:~# cd kali-arm-build-scripts/ root@builder:~/kali-arm-build-scripts# ./build-deps.sh Reading package lists... Done Building dependency tree Reading state information... Done abootimg is already the newest version. ... Now with everything in place, we kick off our Utilite image builder script, and go for a coffee, or six. The script requires a version parameter for the image, which is something we use to tag our ARM image versions. Once ready, you should get a *full* Kali Linux image which can then be dd’ed to a microSD card. Of course, you are encouraged to read the build script, and edit any installation parameters or packages to your needs. root@builder:~/kali-arm-build-scripts# ./utilite.sh 1.0 I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature I: Valid Release signature (key id 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6) I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... ... ... ... Cloning into 'firmware'... remote: Counting objects: 874, done. remote: Compressing objects: 100% (685/685), done. remote: Total 874 (delta 181), reused 849 (delta 167) Receiving objects: 100% (874/874), 30.17 MiB | 4.84 MiB/s, done. Resolving deltas: 100% (181/181), done. del devmap : loop0p2 del devmap : loop0p1 Removing temporary build files Generating sha1sum for kali-1.0-utilite.img Compressing kali-1.0-utilite.img Generating sha1sum for kali-1.0-utilite.img.xz root@builder:~/kali-arm-build-scripts# Once the image is ready, you can find it in the utlite subdirectory created by the script: root@builder:~/kali-arm-build-scripts# ls -l utilite-1.0/ total 334720 -rw-r--r-- 1 root root 63 Dec 7 23:48 kali-1.0-utilite.img.sha1sum -rw-r--r-- 1 root root 342742176 Dec 7 23:52 kali-1.0-utilite.img.xz -rw-r--r-- 1 root root 66 Dec 7 23:53 kali-1.0-utilite.img.xz.sha1sum root@builder:~/kali-arm-build-scripts# Extract the compressed image file, and dd it to the microSD card (in our case, sdb). Once done, pop the microSD card into the Utilite, and boot it up! root@proxy:~/kali-arm-build-scripts# cd utilite-1.0/ root@proxy:~/kali-arm-build-scripts/utilite-1.0# 7z x kali-1.0-utilite.img.xz 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,4 CPUs) Processing archive: kali-1.0-utilite.img.xz Extracting kali-1.0-utilite.img Everything is Ok Size: 7340032000 Compressed: 342742176 root@proxy:~/kali-arm-build-scripts/utilite-1.0# dd if=kali-1.0-utilite.img of=/dev/sdb bs=1M Once booted, you can log into the Utlite image with root / toor credentials. root@kali:~# uname -a Linux kali 3.0.35-cm-fx6-4 #1 SMP Sat Dec 7 23:47:48 EST 2013 armv7l GNU/Linux root@kali:~# cat /proc/cpuinfo Processor : ARMv7 Processor rev 10 (v7l) processor : 0 BogoMIPS : 790.52 processor : 1 BogoMIPS : 790.52 processor : 2 BogoMIPS : 790.52 processor : 3 BogoMIPS : 790.52 Features : swp half thumb fastmult vfp edsp neon vfpv3 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x2 CPU part : 0xc09 CPU revision : 10 Hardware : Compulab CM-FX6 Revision : 63012 Serial : 0b0991d4d81917c9 root@kali:~# cat /proc/meminfo MemTotal: 2006440 kB MemFree: 1922864 kB .... More info & buy: Home | Utilite Source: Kali Linux Documentation