SlideShare une entreprise Scribd logo

Dima kovalenko - Is ARMv8.3 the end of ROP?

Hacken_Ecosystem
Hacken_Ecosystem

HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology. Join our community: Website - https://hacken.live/hackit-slideshare Twitter - https://hacken.live/twitter_hackit Facebook - https://hacken.live/facebook_hackit Instagram - https://hacken.live/instagram_hackit Reddit - https://hacken.live/reddit Telegram community - https://hacken.live/tg-hackit #hackit #cybersecurity #blockchain #hacking

Technologie
1  sur  30
Télécharger pour lire hors ligne
HackIT 4.0, Kyiv Is ARMv8.3 the end of ROP? Dima Kovalenko
HackIT 4.0, Kyiv Dima Kovalenko kov4l3nko@gmail.com iOS/Android reverse engineer, security researcher
Agenda • ARMv8.3 • Pointer authentication code (PAC) • QARMA • Possible attacks • What about the real world?
ARMv3.8
ARMv8.3 • It’s an optional extension of ARMv8 • It’s for AArch64 mode only. • It adds, among other things, 46 new machine instructions to implement signed pointers • It’s backward compatible with the standard ARMv8 instruction set
Pointer authentication code (PAC)
Pointer authentication code (PAC) • ARMv8.3 introduces Pointer Authentication Code (PAC) • It’s implemented if at least one of system registers ID_AA64ISAR1_EL1.APA, ID_AA64ISAR1_EL1.API, ID_AA64ISAR1_EL1.GPA, or ID_AA64ISAR1_EL1.GPI is 0b0001
Pointer authentication code (PAC) • PAC is stored in upper bits of a pointer: Bit range Description 0…TCR_ELx.TnSZ-1 Actually the address TCR_ELx.TnSZ…54 PAC 55 n 56…63 If n is 1, the the bit range holds address tag; else it holds PAC
Pointer authentication code (PAC) • PAC is calculated according the following general pattern: Pointer Modifier Key P(…) PAC + Pointer • If ID_AA64ISAR1_EL1.APA is 0b0001, then P(…) is QARMA; otherwise it’s IMPLEMENTATION DEFINED • Anyway the resulting PAC+Pointer is not a valid pointer!
Pointer authentication code (PAC) • The specifications defines five 128 bit keys: • API{A,B}Key_EL1 (for instruction pointers) is concatenation of the register values API{A,B}KeyHi_EL1:API{A,B}KeyLo_EL1. • APD{A,B}Key (for data pointers) is the concatenation of the register values APD{A,B}KeyHi_EL1:APD{A,B}KeyLo_EL1. • APGAKey (for data) is the concatenation of the register values APGAKeyHi_EL1:APGAKeyLo_EL1 • The keys are placed in *_EL1 registers and not accessible in EL0 (user mode)
Pointer authentication code (PAC) • The keys are expected to be ephemeral (per process for EL0 and per boot for EL1 to EL3) • Key management, including generating good quality random numbers, is the responsibility of the software (e.g. OS) • Some ARMv8.3 instructions (PACIA, PACIA1716 etc) also need a 64 bit modifier to calculate PAC. Depending on the instruction it can be SP, X16 or any Xn register.
Pointer authentication code (PAC) • In general, there are two groups of ARMv8.3 instructions: • Basic pointer authentication instructions. Each of these instructions only performs an operation that supports pointer authentication. • Combined instructions that include pointer authentication. Each of these instructions combines a pointer authentication with another operation that uses the authenticated pointer (e.g. BRAA branches to a register, with pointer authentication).
Pointer authentication code (PAC) • There are, in turn, three subgroups of basic pointer authentication instructions: • Instructions that calculate/add PAC • Instructions that authenticate/strip PAC. If authentication fails, the upper bits of a pointer are corrupted and any subsequent use of the pointer results in a Translation fault. • Instructions that just strip PAC without authentication.
Pointer authentication code (PAC) • ARMv8.3 instructions are backward compatible with ARMv8 because for early SoC’s they all are encoded as HINT #0 (NOP) :)
Pointer authentication code (PAC) • An example. No stack protection: ; function prologue SUB sp, sp, #0x40 
 STP x29, x30, [sp,#0x30] 
 ADD x29, sp, #0x30
 … ; function epilogue
 LDP x29,x30,[sp,#0x30] 
 ADD sp,sp,#0x40 
 RET
Pointer authentication code (PAC) • An example. The stack is protected with ARMv8.3: ; function prologue PACIASP ; <=== calculate/add PAC to LR, use SP as a modifier
 SUB sp, sp, #0x40 
 STP x29, x30, [sp,#0x30] 
 ADD x29, sp, #0x30
 … ; function epilogue
 LDP x29,x30,[sp,#0x30] 
 ADD sp,sp,#0x40
 AUTIASP ; <== auth./strip PAC from LR, use SP as a modifier
 RET
For more details on ARMv8.3 and PAC, see • “ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile” by ARM team (https://developer.arm.com/docs/ ddi0487/latest/arm-architecture-reference-manual-armv8-for-armv8-a- architecture-profile) • “ARMv8.3 Pointer Authentication” by Mark Rutland from ARM (https:// events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf) • “Pointer Authentication on ARMv8.3” by Qualcomm team (https:// www.qualcomm.com/media/documents/files/whitepaper-pointer- authentication-on-armv8-3.pdf)
QUARMA
QARMA • The size of PAC depends of virtual memory address range, it is between • 11…31 bits when memory tagging is used • 3…23 bits when memory tag is used • Qualcomm considered existing crypto algorithms and rejected it because of various reasons, e.g. • SipHash is relatively slow and can make impact on latency • PRINCE has a fixed-size input/output block, truncating can make PAC predictable
QARMA • QARMA was designed by Qualcomm to be fast and produce short signatures if needed • QARMA was carefully tested, including cryptanalysis tests • Is it really safe? It’s hard to say for sure :)
For more details on QARMA, see • “The QARMA Block Cipher Family” by Roberto Avanzi from Qualcomm (https://eprint.iacr.org/2016/444.pdf) (at least, check the section “4  Security Analysis”)
Possible attacks
Possible attacks • Guessing and forging PAC values. Complexity depends on the crypto algorithm. Theoretically, this attack must be hard for QARMA. • Pointer substitution attacks include various form of substituting one authenticated pointer with another. Probably it’s possible. Anyway, PAC should make finding ROP/JOB chains much harder. • Key management concerns and key reuse attacks. Generating/ managing keys is software responsibility, so it depends on the software.
Possible attacks • Interpreters and Just-in-Time Compilation (JIT) can not be protected by PAC (PAC does not protect again data-only attacks), so it’s a very good attack vector. Maybe the best.
What about the real world?
What about the real world? • ARMv8.3 supported by • GCC, starting from version 7 • LLVM, starting from the commit https://github.com/llvm-mirror/ llvm/commit/af93d17e0c779e519918a892adb33608c6f9dfdb • At the moment, the only widely known system on a chip with ARMv8.3 support is Apple A12. • It should prevent exploitation of memory corruption vulnerabilities on the newest iPhone XS, XS Max, and XR, but…
What about the real world? • …it looks like it doesn’t help. • The details are not known yet, so we are impatiently waiting for the writeup from @PanguTeam.
Links
Links “ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile” by ARM team (https://developer.arm.com/docs/ddi0487/latest/arm-architecture- reference-manual-armv8-for-armv8-a-architecture-profile) “ARMv8.3 Pointer Authentication” by Mark Rutland from ARM (https:// events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf) “Pointer Authentication on ARMv8.3” by Qualcomm team (https:// www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication- on-armv8-3.pdf) “The QARMA Block Cipher Family” by Roberto Avanzi from Qualcomm (https:// eprint.iacr.org/2016/444.pdf)
Questions?

Recommandé

Arm
ArmArm
ArmWave Digitech
 
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner FischerOSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner FischerNETWAYS
 
Embedded System Programming on ARM Cortex M3 and M4 Course
Embedded System Programming on ARM Cortex M3 and M4 CourseEmbedded System Programming on ARM Cortex M3 and M4 Course
Embedded System Programming on ARM Cortex M3 and M4 CourseFastBit Embedded Brain Academy
 
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWER
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWERMastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWER
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWERFastBit Embedded Brain Academy
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development FastBit Embedded Brain Academy
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery Board
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery BoardProgramming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery Board
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery BoardGaurav Verma
 
Part-2: Mastering microcontroller with embedded driver development
Part-2: Mastering microcontroller with embedded driver developmentPart-2: Mastering microcontroller with embedded driver development
Part-2: Mastering microcontroller with embedded driver developmentFastBit Embedded Brain Academy
 

Recommandé

Arm
ArmArm
ArmWave Digitech
 
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner FischerOSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner FischerNETWAYS
 
Embedded System Programming on ARM Cortex M3 and M4 Course
Embedded System Programming on ARM Cortex M3 and M4 CourseEmbedded System Programming on ARM Cortex M3 and M4 Course
Embedded System Programming on ARM Cortex M3 and M4 CourseFastBit Embedded Brain Academy
 
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWER
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWERMastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWER
Mastering Microcontroller : TIMERS, PWM, CAN, RTC,LOW POWERFastBit Embedded Brain Academy
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development FastBit Embedded Brain Academy
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery Board
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery BoardProgramming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery Board
Programming the ARM CORTEX M3 based STM32F100RBT6 Value Line Discovery BoardGaurav Verma
 
Part-2: Mastering microcontroller with embedded driver development
Part-2: Mastering microcontroller with embedded driver developmentPart-2: Mastering microcontroller with embedded driver development
Part-2: Mastering microcontroller with embedded driver developmentFastBit Embedded Brain Academy
 
STM32 Microcontroller Clocks and RCC block
STM32 Microcontroller Clocks and RCC blockSTM32 Microcontroller Clocks and RCC block
STM32 Microcontroller Clocks and RCC blockFastBit Embedded Brain Academy
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Introduction to MPLAB IDE
Introduction to MPLAB IDEIntroduction to MPLAB IDE
Introduction to MPLAB IDEKarim El-Rayes
 
Pic microcontroller step by step your complete guide
Pic microcontroller step by step your complete guidePic microcontroller step by step your complete guide
Pic microcontroller step by step your complete guideAshraf Said AlMadhoun - Educational Engineering Team
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning OverviewPublicly traded global multi-billion services company
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsEdgar Barbosa
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?Javier Tallón
 
Overview of LPC213x MCUs
Overview of LPC213x MCUsOverview of LPC213x MCUs
Overview of LPC213x MCUsPremier Farnell
 
Presentation
PresentationPresentation
PresentationAbhijit Das
 
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Andrej Šimko
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingFastBit Embedded Brain Academy
 
Final
FinalFinal
FinalAmir Sherman
 
Microcontroller part 2
Microcontroller part 2Microcontroller part 2
Microcontroller part 2Keroles karam khalil
 
Aircrack
AircrackAircrack
AircrackNithin Sathees
 
Let's Play STM32
Let's Play STM32Let's Play STM32
Let's Play STM32Jay Chen
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Assembler4
Assembler4Assembler4
Assembler4Omar Sanchez
 
Doc8453
Doc8453Doc8453
Doc8453khoaicuto
 
Effisiensi prog atmel
Effisiensi prog atmelEffisiensi prog atmel
Effisiensi prog atmelrm_dhozooo
 

Contenu connexe

Tendances

Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Introduction to MPLAB IDE
Introduction to MPLAB IDEIntroduction to MPLAB IDE
Introduction to MPLAB IDEKarim El-Rayes
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsEdgar Barbosa
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?Javier Tallón
 
Overview of LPC213x MCUs
Overview of LPC213x MCUsOverview of LPC213x MCUs
Overview of LPC213x MCUsPremier Farnell
 
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Andrej Šimko
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingFastBit Embedded Brain Academy
 
Let's Play STM32
Let's Play STM32Let's Play STM32
Let's Play STM32Jay Chen
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 

Tendances (20)

STM32 Microcontroller Clocks and RCC block
STM32 Microcontroller Clocks and RCC blockSTM32 Microcontroller Clocks and RCC block
STM32 Microcontroller Clocks and RCC block
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Introduction to MPLAB IDE
Introduction to MPLAB IDEIntroduction to MPLAB IDE
Introduction to MPLAB IDE
 
Pic microcontroller step by step your complete guide
Pic microcontroller step by step your complete guidePic microcontroller step by step your complete guide
Pic microcontroller step by step your complete guide
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning Overview
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkits
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 
NMAP
NMAPNMAP
NMAP
 
Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?Mitigating overflows using defense in-depth. What can your compiler do for you?
Mitigating overflows using defense in-depth. What can your compiler do for you?
 
Overview of LPC213x MCUs
Overview of LPC213x MCUsOverview of LPC213x MCUs
Overview of LPC213x MCUs
 
Presentation
PresentationPresentation
Presentation
 
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
 
Final
FinalFinal
Final
 
Microcontroller part 2
Microcontroller part 2Microcontroller part 2
Microcontroller part 2
 
Aircrack
AircrackAircrack
Aircrack
 
Let's Play STM32
Let's Play STM32Let's Play STM32
Let's Play STM32
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Assembler4
Assembler4Assembler4
Assembler4
 

Similaire à Dima kovalenko - Is ARMv8.3 the end of ROP?

Effisiensi prog atmel
Effisiensi prog atmelEffisiensi prog atmel
Effisiensi prog atmelrm_dhozooo
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Aananth C N
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat Security Conference
 
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureRaahul Raghavan
 
Scale17x buffer overflows
Scale17x buffer overflowsScale17x buffer overflows
Scale17x buffer overflowsjohseg
 
AAME ARM Techcon2013 006v02 Implementation Diversity
AAME ARM Techcon2013 006v02 Implementation DiversityAAME ARM Techcon2013 006v02 Implementation Diversity
AAME ARM Techcon2013 006v02 Implementation DiversityAnh Dung NGUYEN
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Introduction to i.MX27 Multimedia Applications Processors
Introduction to i.MX27 Multimedia Applications ProcessorsIntroduction to i.MX27 Multimedia Applications Processors
Introduction to i.MX27 Multimedia Applications ProcessorsPremier Farnell
 
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral Integration
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral IntegrationA 32-Bit Parameterized Leon-3 Processor with Custom Peripheral Integration
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral IntegrationTalal Khaliq
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 

Similaire à Dima kovalenko - Is ARMv8.3 the end of ROP? (20)

Doc8453
Doc8453Doc8453
Doc8453
 
Effisiensi prog atmel
Effisiensi prog atmelEffisiensi prog atmel
Effisiensi prog atmel
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+
 
Dsp on an-avr
Dsp on an-avrDsp on an-avr
Dsp on an-avr
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
 
Intel IA 64
Intel IA 64Intel IA 64
Intel IA 64
 
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_ArchitectureARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
ARM® Cortex™ M Bootup_CMSIS_Part_3_3_Debug_Architecture
 
Mod 3.pptx
Mod 3.pptxMod 3.pptx
Mod 3.pptx
 
Architecture of pentium family
Architecture of pentium familyArchitecture of pentium family
Architecture of pentium family
 
Scale17x buffer overflows
Scale17x buffer overflowsScale17x buffer overflows
Scale17x buffer overflows
 
Lect 1.pptx
Lect 1.pptxLect 1.pptx
Lect 1.pptx
 
AAME ARM Techcon2013 006v02 Implementation Diversity
AAME ARM Techcon2013 006v02 Implementation DiversityAAME ARM Techcon2013 006v02 Implementation Diversity
AAME ARM Techcon2013 006v02 Implementation Diversity
 
DSP_Assign_1
DSP_Assign_1DSP_Assign_1
DSP_Assign_1
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...
 
Introduction to i.MX27 Multimedia Applications Processors
Introduction to i.MX27 Multimedia Applications ProcessorsIntroduction to i.MX27 Multimedia Applications Processors
Introduction to i.MX27 Multimedia Applications Processors
 
Pentium processor
Pentium processorPentium processor
Pentium processor
 
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral Integration
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral IntegrationA 32-Bit Parameterized Leon-3 Processor with Custom Peripheral Integration
A 32-Bit Parameterized Leon-3 Processor with Custom Peripheral Integration
 
Arm architecture
Arm architectureArm architecture
Arm architecture
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
 

Plus de Hacken_Ecosystem

Peter Todd - Hardware Wallets - Threats and Vulnerabilities
Peter Todd - Hardware Wallets - Threats and VulnerabilitiesPeter Todd - Hardware Wallets - Threats and Vulnerabilities
Peter Todd - Hardware Wallets - Threats and VulnerabilitiesHacken_Ecosystem
 
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT Techniques
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT TechniquesSeyfullah Kilic - Hacking Cryptocurrency Miners with OSINT Techniques
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT TechniquesHacken_Ecosystem
 
Walter Belgers - Lockpicking and IT security
Walter Belgers - Lockpicking and IT securityWalter Belgers - Lockpicking and IT security
Walter Belgers - Lockpicking and IT securityHacken_Ecosystem
 
Tomi Wen - The Blockchain Built for Real World Apps
Tomi Wen - The Blockchain Built for Real World AppsTomi Wen - The Blockchain Built for Real World Apps
Tomi Wen - The Blockchain Built for Real World AppsHacken_Ecosystem
 
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?Hacken_Ecosystem
 
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Hacken_Ecosystem
 
Alex Zdrilko - АI and Blockchain in real life application with the highest se...
Alex Zdrilko - АI and Blockchain in real life application with the highest se...Alex Zdrilko - АI and Blockchain in real life application with the highest se...
Alex Zdrilko - АI and Blockchain in real life application with the highest se...Hacken_Ecosystem
 
John Graham-Cumming - Helping to build a better Internet
John Graham-Cumming - Helping to build a better InternetJohn Graham-Cumming - Helping to build a better Internet
John Graham-Cumming - Helping to build a better InternetHacken_Ecosystem
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Hacken_Ecosystem
 
Max Keidun - How to build a Bitcoin exchange and not burn in hell
Max Keidun - How to build a Bitcoin exchange and not burn in hellMax Keidun - How to build a Bitcoin exchange and not burn in hell
Max Keidun - How to build a Bitcoin exchange and not burn in hellHacken_Ecosystem
 
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”Hacken_Ecosystem
 
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...Hacken_Ecosystem
 
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""Hacken_Ecosystem
 

Plus de Hacken_Ecosystem (13)

Peter Todd - Hardware Wallets - Threats and Vulnerabilities
Peter Todd - Hardware Wallets - Threats and VulnerabilitiesPeter Todd - Hardware Wallets - Threats and Vulnerabilities
Peter Todd - Hardware Wallets - Threats and Vulnerabilities
 
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT Techniques
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT TechniquesSeyfullah Kilic - Hacking Cryptocurrency Miners with OSINT Techniques
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT Techniques
 
Walter Belgers - Lockpicking and IT security
Walter Belgers - Lockpicking and IT securityWalter Belgers - Lockpicking and IT security
Walter Belgers - Lockpicking and IT security
 
Tomi Wen - The Blockchain Built for Real World Apps
Tomi Wen - The Blockchain Built for Real World AppsTomi Wen - The Blockchain Built for Real World Apps
Tomi Wen - The Blockchain Built for Real World Apps
 
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?
 
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
 
Alex Zdrilko - АI and Blockchain in real life application with the highest se...
Alex Zdrilko - АI and Blockchain in real life application with the highest se...Alex Zdrilko - АI and Blockchain in real life application with the highest se...
Alex Zdrilko - АI and Blockchain in real life application with the highest se...
 
John Graham-Cumming - Helping to build a better Internet
John Graham-Cumming - Helping to build a better InternetJohn Graham-Cumming - Helping to build a better Internet
John Graham-Cumming - Helping to build a better Internet
 
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...
 
Max Keidun - How to build a Bitcoin exchange and not burn in hell
Max Keidun - How to build a Bitcoin exchange and not burn in hellMax Keidun - How to build a Bitcoin exchange and not burn in hell
Max Keidun - How to build a Bitcoin exchange and not burn in hell
 
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”
 
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings...
 
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""
 

Dernier

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Dernier (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Dima kovalenko - Is ARMv8.3 the end of ROP?

  • 1. HackIT 4.0, Kyiv Is ARMv8.3 the end of ROP? Dima Kovalenko
  • 2. HackIT 4.0, Kyiv Dima Kovalenko kov4l3nko@gmail.com iOS/Android reverse engineer, security researcher
  • 3. Agenda • ARMv8.3 • Pointer authentication code (PAC) • QARMA • Possible attacks • What about the real world?
  • 5. ARMv8.3 • It’s an optional extension of ARMv8 • It’s for AArch64 mode only. • It adds, among other things, 46 new machine instructions to implement signed pointers • It’s backward compatible with the standard ARMv8 instruction set
  • 7. Pointer authentication code (PAC) • ARMv8.3 introduces Pointer Authentication Code (PAC) • It’s implemented if at least one of system registers ID_AA64ISAR1_EL1.APA, ID_AA64ISAR1_EL1.API, ID_AA64ISAR1_EL1.GPA, or ID_AA64ISAR1_EL1.GPI is 0b0001
  • 8. Pointer authentication code (PAC) • PAC is stored in upper bits of a pointer: Bit range Description 0…TCR_ELx.TnSZ-1 Actually the address TCR_ELx.TnSZ…54 PAC 55 n 56…63 If n is 1, the the bit range holds address tag; else it holds PAC
  • 9. Pointer authentication code (PAC) • PAC is calculated according the following general pattern: Pointer Modifier Key P(…) PAC + Pointer • If ID_AA64ISAR1_EL1.APA is 0b0001, then P(…) is QARMA; otherwise it’s IMPLEMENTATION DEFINED • Anyway the resulting PAC+Pointer is not a valid pointer!
  • 10. Pointer authentication code (PAC) • The specifications defines five 128 bit keys: • API{A,B}Key_EL1 (for instruction pointers) is concatenation of the register values API{A,B}KeyHi_EL1:API{A,B}KeyLo_EL1. • APD{A,B}Key (for data pointers) is the concatenation of the register values APD{A,B}KeyHi_EL1:APD{A,B}KeyLo_EL1. • APGAKey (for data) is the concatenation of the register values APGAKeyHi_EL1:APGAKeyLo_EL1 • The keys are placed in *_EL1 registers and not accessible in EL0 (user mode)
  • 11. Pointer authentication code (PAC) • The keys are expected to be ephemeral (per process for EL0 and per boot for EL1 to EL3) • Key management, including generating good quality random numbers, is the responsibility of the software (e.g. OS) • Some ARMv8.3 instructions (PACIA, PACIA1716 etc) also need a 64 bit modifier to calculate PAC. Depending on the instruction it can be SP, X16 or any Xn register.
  • 12. Pointer authentication code (PAC) • In general, there are two groups of ARMv8.3 instructions: • Basic pointer authentication instructions. Each of these instructions only performs an operation that supports pointer authentication. • Combined instructions that include pointer authentication. Each of these instructions combines a pointer authentication with another operation that uses the authenticated pointer (e.g. BRAA branches to a register, with pointer authentication).
  • 13. Pointer authentication code (PAC) • There are, in turn, three subgroups of basic pointer authentication instructions: • Instructions that calculate/add PAC • Instructions that authenticate/strip PAC. If authentication fails, the upper bits of a pointer are corrupted and any subsequent use of the pointer results in a Translation fault. • Instructions that just strip PAC without authentication.
  • 14. Pointer authentication code (PAC) • ARMv8.3 instructions are backward compatible with ARMv8 because for early SoC’s they all are encoded as HINT #0 (NOP) :)
  • 15. Pointer authentication code (PAC) • An example. No stack protection: ; function prologue SUB sp, sp, #0x40 
 STP x29, x30, [sp,#0x30] 
 ADD x29, sp, #0x30
 … ; function epilogue
 LDP x29,x30,[sp,#0x30] 
 ADD sp,sp,#0x40 
 RET
  • 16. Pointer authentication code (PAC) • An example. The stack is protected with ARMv8.3: ; function prologue PACIASP ; <=== calculate/add PAC to LR, use SP as a modifier
 SUB sp, sp, #0x40 
 STP x29, x30, [sp,#0x30] 
 ADD x29, sp, #0x30
 … ; function epilogue
 LDP x29,x30,[sp,#0x30] 
 ADD sp,sp,#0x40
 AUTIASP ; <== auth./strip PAC from LR, use SP as a modifier
 RET
  • 17. For more details on ARMv8.3 and PAC, see • “ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile” by ARM team (https://developer.arm.com/docs/ ddi0487/latest/arm-architecture-reference-manual-armv8-for-armv8-a- architecture-profile) • “ARMv8.3 Pointer Authentication” by Mark Rutland from ARM (https:// events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf) • “Pointer Authentication on ARMv8.3” by Qualcomm team (https:// www.qualcomm.com/media/documents/files/whitepaper-pointer- authentication-on-armv8-3.pdf)
  • 19. QARMA • The size of PAC depends of virtual memory address range, it is between • 11…31 bits when memory tagging is used • 3…23 bits when memory tag is used • Qualcomm considered existing crypto algorithms and rejected it because of various reasons, e.g. • SipHash is relatively slow and can make impact on latency • PRINCE has a fixed-size input/output block, truncating can make PAC predictable
  • 20. QARMA • QARMA was designed by Qualcomm to be fast and produce short signatures if needed • QARMA was carefully tested, including cryptanalysis tests • Is it really safe? It’s hard to say for sure :)
  • 21. For more details on QARMA, see • “The QARMA Block Cipher Family” by Roberto Avanzi from Qualcomm (https://eprint.iacr.org/2016/444.pdf) (at least, check the section “4  Security Analysis”)
  • 23. Possible attacks • Guessing and forging PAC values. Complexity depends on the crypto algorithm. Theoretically, this attack must be hard for QARMA. • Pointer substitution attacks include various form of substituting one authenticated pointer with another. Probably it’s possible. Anyway, PAC should make finding ROP/JOB chains much harder. • Key management concerns and key reuse attacks. Generating/ managing keys is software responsibility, so it depends on the software.
  • 24. Possible attacks • Interpreters and Just-in-Time Compilation (JIT) can not be protected by PAC (PAC does not protect again data-only attacks), so it’s a very good attack vector. Maybe the best.
  • 25. What about the real world?
  • 26. What about the real world? • ARMv8.3 supported by • GCC, starting from version 7 • LLVM, starting from the commit https://github.com/llvm-mirror/ llvm/commit/af93d17e0c779e519918a892adb33608c6f9dfdb • At the moment, the only widely known system on a chip with ARMv8.3 support is Apple A12. • It should prevent exploitation of memory corruption vulnerabilities on the newest iPhone XS, XS Max, and XR, but…
  • 27. What about the real world? • …it looks like it doesn’t help. • The details are not known yet, so we are impatiently waiting for the writeup from @PanguTeam.
  • 28. Links
  • 29. Links “ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile” by ARM team (https://developer.arm.com/docs/ddi0487/latest/arm-architecture- reference-manual-armv8-for-armv8-a-architecture-profile) “ARMv8.3 Pointer Authentication” by Mark Rutland from ARM (https:// events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf) “Pointer Authentication on ARMv8.3” by Qualcomm team (https:// www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication- on-armv8-3.pdf) “The QARMA Block Cipher Family” by Roberto Avanzi from Qualcomm (https:// eprint.iacr.org/2016/444.pdf)