How Alibaba are researching using the hardware features of ARM MMU to enable God Mode in Android 8 terminals
Wang Yong, a.k.a. Thomas King, is a researcher from Alibaba Security’s Pandora Lab. The lab focuses on mobile security, including research on the attack and defense technologies for iOS and Android systems. Thomas King focuses on attack and defense research for Android system-level vulnerabilities. This year, at Black Hat Asia in March, he has introduced a new exploitation technique named “Kernel Space Mirroring Attack”. This article is a technical analysis of his research topic.
Enabling God Mode
In modern operating systems, the system’s kernel space and the applications’ user space are isolated from each other to ensure the security of the operating systems. Taking an ARM terminal running Linux kernel as an example, the kernel space and the user space have different page tables and are stored in different hardware registers.
In addition, the kernel runs at a higher privilege level than user-mode programs, and the kernel space is invisible to ordinary programs at all times. However, some special hardware features of an ARM processor can be used to break this protection, allowing ordinary programs to directly access the kernel space in user mode, directly breaking the isolation of kernel space and user space, and allowing modification of the kernel code and enabling God Mode.
Android’s New System
Google launched Android 8 (Oreo) in late 2017. The new system introduces a variety of kernel mitigations in order to protect devices from malicious software that try to gain the highest privileges on mobile devices. Among them, the most important features are PAN (Privileged Access Never) and KASLR (Kernel Address Space Layout Randomization). Therefore, it is challenging to use a single vulnerability to get the highest privilege on many of the latest mobile phone systems.
Before explaining the kernel space mirroring attack, we first outline ReVent Rooting Solution, a general rooting solution. It is based on a Linux kernel vulnerability discovered by Leilei Lin from the Alibaba Group.
This exploit is related to the notification of the subsystem of the Linux kernel:
The length of the file name is calculated in . Based on this information, the storage buffer is allocated in , and then, the file name string is copied in . The problem is that the file can be renamed on the code path from  to , resulting in the overlay of kernel heap-out-of-bounds in .
With a clever heap layout and overwriting the appropriate kernel objects (e.g.: iovs), it can be turned into a write primitive for almost any kernel address under race condition. The following is an example of heap layout:
In order to provide services to applications, the address space of the user program is visible to the kernel in the operating system. In order to prevent the kernel from directly executing malicious code provided by user programs, PXN (Privileged Execute Never) mitigation was added to ARM processors in earlier years to mitigate any vulnerability exploits. Although the kernel cannot directly execute user-mode code, user-mode data can be accessed directly and if you can write the kernel address, you can hijack the kernel data pointer. A common way to bypass the PXN mitigation on Android 7 and below is shown in the figure.
Getting Around Android’s Defenses
Android 8 introduced a PAN defense mechanism that prevents the kernel from directly accessing user-mode data. This invalidates the above method of bypassing the PXN defense mechanism.
Although the above vulnerability is triggered multiple times to write payload data into the kernel and it can be used to bypass the PAN, the success rate of executing the exploit code drops drastically. In addition, the data can be stably written into the kernel using other kernel vulnerabilities (e.g.: CVE-2017–13164). Nowadays, Android tends to have fewer vulnerabilities. Can new exploitation techniques be used to bypass both the PXN and PAN mitigations and gain the highest privilege? With the MMU hardware features of the ARM processor, the answer is now yes.
The Kernel Space Mirroring Attack
The classical Page Table layout of Linux is shown in the following figure. There are three separate levels of the page table: Page Global Directory, Page Middle Directory and Page Table Entry. When a process accesses a virtual address, the virtual address will be broken up into its component parts for navigating those three tables.
The majority of modern processors already have a memory management unit (MMU), and the virtual address translation described above is actually done automatically by it. The ARM processor is not an exception. Its general address-translation relationship is shown in the figure. Android uses a three-level page table, and Level 0 page tables are not used.
The descriptors in the page tables of all levels contain not only the next-level starting physical address, but also the access attributes for this memory. ARM has two types of descriptors: block and table.
The last-level page table is shown separately.
In the above page table descriptors, the physical address is stored in Output address, and the memory attributes are in the bits at both ends.
The execution attribute of the memory is determined by the XN bit. The PXN bit determines whether the code of the memory can be executed in the kernel mode. And the combination of two bits AP[2:1] determines the read and write permissions of the memory.
Among them, the “01” combination is unusual. According to this design, the memory can be accessed simultaneously by user mode and kernel mode, and the corresponding virtual address can be either a user address or a kernel address. If the access to a certain kernel virtual address is set to this combination, all ordinary applications can access this kernel address directly.
Obviously, this address is normally beyond the address range of any ordinary application. Because of the isolation of the virtual address space, the kernel address is invisible to the application. However, this combination directly violates the security design, and the operating system kernel is unaware of this.
According to the above page table traversal method, to modify the access attribute of any kernel virtual address, the Arbitrary R/W Primitive is crucial and is required. If the attacker already owns this primitive, he/she can directly obtain the highest privilege in the system. The above vulnerability allows writing almost any kernel address. Under this condition, the conventional page table attack method basically fails.
If an Android terminal has 3 GB of memory, the common first-level page table layout is as follows when the Kernel Address Space Layout Randomization mitigation is not enabled.
Taking 1GB of the kernel virtual address space starting with “0xFFFFFFC000000000” as an example, the kernel image is loaded into this range. The access attribute of the kernel code segment is R-X, while that of the kernel data segment is RW-. Therefore, the first-level page table descriptor must belong to the TABLE type.
Most of the virtual addresses in the 64-bit kernel space are invalid. For example, the addresses of the “[0xFFFFFFC200000000, 0xFFFFFFC23FFFFFFF]” range are invalid, and their corresponding first-level page table entry is empty. If this page table entry is not empty, there is a page table entry of BLOCK type. In the meantime, its AP combination is “01” and the output address points to the first 1GB of physical memory, as shown in the figure.
Usually, the “0xFFFFFFC03000200” kernel address can only be accessed by the kernel. However, the “0xFFFFFFC230002000” kernel address can be accessed simultaneously by the user mode and the kernel mode. The above kernel virtual addresses access the same physical memory, but their access permissions can be completely different. The code segment can be implemented with the R-X permission in the original virtual address range and with the RW-permission in the mirrored virtual address range which can be accessed by all applications. In other words, the code that the kernel runs can be directly tampered with, and detection at the kernel level cannot be implemented. In this circumstance, it is unnecessary to obtain the highest privilege of the system, because the system kernel code is completely controllable and God Mode is truly enabled.
With the above vulnerability the attacker can already write a first-level page table entry for enabling God Mode to a precisely specified and calculated position. The starting address of the Linux kernel first-level page table is stored in the “swapper_pg_dir” structure, so that the address of the page table entry can be calculated via a simple formula. For a system that enables Kernel Address Space Layout Randomization, only the real address of swapper_pg_dir needs to be corrected.
swapper_pg_dir + (Kernel_Mirroring_Base / 1G) * 8
What Happens When God Mode is Enabled?
Once God Mode has been enabled. An attacker can run the following attack code. This attack code directly modifies the kernel data and patches the kernel code. For ordinary C development programmers or Linux kernel developers, this violates the common sense of modern operating systems and is absolute nonsense. However, in God Mode, this code can actually run.
In God Mode, the attacker can already manipulate the kernel directly in user mode. The attack demo video of the above code can be found here. At this point, the PXN and PAN kernel mitigation of Android 8 terminal have been completely neutralized for attackers. A video of accessing Pixel 2XL’s highest permission level can be found here.
In addition to directly bypassing the important kernel mitigations of Android 8, kernel space mirroring attack can also make the seemingly unusable and low-risk vulnerabilities exploitable. A typical example is CVE-2017–0583.
This vulnerability is taken as an effective defense case in zer0conf2017 (Your Move: Vulnerability Exploitation and Mitigation in Android). For details on how to use this vulnerability with 100% success rate, see the latter part of Black Hat Asia 2018 (KSMA: Breaking Android kernel isolation and Rooting with ARM MMU features).
The Consequences of This Attack
The irrational design of hardware is more harmful than that of software, as it is more difficult to patch and update. The best option is to have security as an important priority and indicator at the beginning of the design phase.
It is worth noting that although this attack technique can be extremely harmful, it has a high technical threshold. We hope that hardware solution providers and manufacturers can pay attention to this issue and block it from the hardware level.
There are many white hat hackers like Thomas King at the Pandora Lab of Ali Security. These young people were born around 1990 and they are committed to discovering security vulnerabilities from the perspective of attackers and suggesting solutions to increase the security level of the entire security industry.
(Original article by Wang Yong??, a.k.a. Thomas King, Pandora Lab of Alibaba Security)