0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/35 Thanks! 1 00:00:13,530 --> 00:00:15,659 Hello, so my name is Ralph Wyman, 2 00:00:15,660 --> 00:00:18,089 and I'll be giving a talk about basement 3 00:00:18,090 --> 00:00:21,119 exposition in 2013 4 00:00:21,120 --> 00:00:23,609 and what has changed since I 5 00:00:23,610 --> 00:00:25,410 last gave talks about this subject. 6 00:00:26,520 --> 00:00:28,589 So who am I? I'm a security researcher 7 00:00:28,590 --> 00:00:30,179 from Germany. I was previously in 8 00:00:30,180 --> 00:00:32,669 academia at the University of Luxembourg. 9 00:00:32,670 --> 00:00:35,429 I've recently started my own company 10 00:00:35,430 --> 00:00:37,319 and have a keen interest in mobile, 11 00:00:37,320 --> 00:00:39,299 wireless and embedded systems, and I try 12 00:00:39,300 --> 00:00:41,039 to break them, find vulnerabilities in 13 00:00:41,040 --> 00:00:42,149 them. 14 00:00:42,150 --> 00:00:43,829 I was the first to practically 15 00:00:43,830 --> 00:00:45,989 demonstrate exposed vulnerabilities and 16 00:00:45,990 --> 00:00:48,269 based on sex three years ago, 17 00:00:48,270 --> 00:00:50,729 for instance, at the Congress, at 27. 18 00:00:52,830 --> 00:00:56,039 And in these three years, 19 00:00:56,040 --> 00:00:58,019 a lot of things have changed and I'd like 20 00:00:58,020 --> 00:01:00,959 to look back on what has happened 21 00:01:00,960 --> 00:01:03,089 and what, what the changes 22 00:01:03,090 --> 00:01:03,929 are and 23 00:01:03,930 --> 00:01:06,569 what how the landscape has 24 00:01:06,570 --> 00:01:06,869 has 25 00:01:06,870 --> 00:01:09,239 become in 2030 and how it will develop 26 00:01:09,240 --> 00:01:10,500 in the next couple of years. 27 00:01:13,310 --> 00:01:15,559 So first of all, who in this 28 00:01:15,560 --> 00:01:17,359 room has heard of the Hexagon 29 00:01:17,360 --> 00:01:19,399 architecture before they came into this 30 00:01:19,400 --> 00:01:20,400 talk? 31 00:01:20,980 --> 00:01:23,119 Oh, so a lot of people took this just 32 00:01:23,120 --> 00:01:24,739 by chance. Okay, interesting. 33 00:01:26,390 --> 00:01:28,789 So the Hexagon architecture is 34 00:01:28,790 --> 00:01:31,249 a CPU architecture developed by Qualcomm, 35 00:01:31,250 --> 00:01:33,140 which is a mobile chip manufacturer 36 00:01:35,180 --> 00:01:36,830 for Basement's. 37 00:01:38,000 --> 00:01:40,219 Previously, all 38 00:01:40,220 --> 00:01:42,289 base phones in the last couple of 39 00:01:42,290 --> 00:01:43,249 years have been running 40 00:01:43,250 --> 00:01:45,889 on on arm chips 41 00:01:45,890 --> 00:01:46,999 many, many years ago. 42 00:01:47,000 --> 00:01:49,129 There used to be this piece in 43 00:01:49,130 --> 00:01:50,899 the old markets who had dedicated this 44 00:01:50,900 --> 00:01:53,089 piece with the basement's for running. 45 00:01:54,200 --> 00:01:55,549 So how many people in the room do 46 00:01:55,550 --> 00:01:57,709 actually know what the baseband is 47 00:01:57,710 --> 00:01:59,419 in a cellular phone? 48 00:01:59,420 --> 00:02:01,279 OK. OK, that's good, because then I don't 49 00:02:01,280 --> 00:02:02,269 have to start from scratch. 50 00:02:02,270 --> 00:02:03,529 Okay? 51 00:02:03,530 --> 00:02:06,199 OK. So I will talk about the importance 52 00:02:06,200 --> 00:02:08,369 of the hexagon architecture 53 00:02:08,370 --> 00:02:09,439 for mobile exploitation. 54 00:02:09,440 --> 00:02:11,179 This talk, I will give an introduction to 55 00:02:11,180 --> 00:02:12,709 this architecture. 56 00:02:12,710 --> 00:02:14,899 I will talk about past issues with 57 00:02:14,900 --> 00:02:17,059 a blast, which is the real time 58 00:02:17,060 --> 00:02:19,159 operating system that Qualcomm is 59 00:02:19,160 --> 00:02:20,240 using on these chips now. 60 00:02:21,500 --> 00:02:23,899 I will talk about the difficulty 61 00:02:23,900 --> 00:02:26,029 or the difficulty of return 62 00:02:26,030 --> 00:02:27,319 oriented programing and similar 63 00:02:27,320 --> 00:02:29,539 techniques on this architecture show 64 00:02:29,540 --> 00:02:31,789 an example of vulnerability and 65 00:02:31,790 --> 00:02:32,869 draw some conclusions. 66 00:02:33,920 --> 00:02:36,799 So there's this company's 67 00:02:36,800 --> 00:02:39,229 strategic strategy analytics, 68 00:02:39,230 --> 00:02:40,230 which does 69 00:02:41,690 --> 00:02:43,999 basically market share 70 00:02:44,000 --> 00:02:46,069 surveys for various chips, 71 00:02:46,070 --> 00:02:48,529 and they publish expensive 72 00:02:48,530 --> 00:02:50,869 surveys for a couple of thousand dollars 73 00:02:50,870 --> 00:02:53,299 for which they give abstracts as well. 74 00:02:53,300 --> 00:02:53,689 And he 75 00:02:53,690 --> 00:02:55,969 see a pie chart 76 00:02:56,990 --> 00:02:59,959 for the the basement manufacturers 77 00:02:59,960 --> 00:03:02,359 in two thousand thirteen. 78 00:03:02,360 --> 00:03:04,459 And what you see is that in 79 00:03:04,460 --> 00:03:06,799 terms of shipment share, 63 80 00:03:06,800 --> 00:03:08,989 percent of all shipped units 81 00:03:08,990 --> 00:03:10,309 were shipped by Qualcomm. 82 00:03:11,960 --> 00:03:13,159 The next biggest 83 00:03:13,160 --> 00:03:14,749 manufacturer is Intel. 84 00:03:16,490 --> 00:03:17,569 So no media attack. 85 00:03:17,570 --> 00:03:19,639 So, which 86 00:03:19,640 --> 00:03:21,799 is a Chinese manufacturer, which is 87 00:03:21,800 --> 00:03:23,359 very popular in China as well. 88 00:03:23,360 --> 00:03:26,119 You don't find many units with Meditech 89 00:03:26,120 --> 00:03:27,120 in Europe yet. 90 00:03:28,250 --> 00:03:29,149 The second, 91 00:03:29,150 --> 00:03:31,639 the third largest, is Intel, and 92 00:03:31,640 --> 00:03:34,879 the rest is split, among 93 00:03:34,880 --> 00:03:37,099 others that I'll go into on 94 00:03:37,100 --> 00:03:38,100 one of the next slides. 95 00:03:39,920 --> 00:03:40,920 Now, however, 96 00:03:42,410 --> 00:03:44,210 most of you will have a smartphone, 97 00:03:45,770 --> 00:03:47,599 and many of these smartphones are LTE 98 00:03:47,600 --> 00:03:49,039 capable these days. 99 00:03:50,230 --> 00:03:52,129 Now, if you look at the market share, 100 00:03:52,130 --> 00:03:54,589 distribution for LTE chipsets is looks 101 00:03:54,590 --> 00:03:55,590 somewhat different 102 00:03:56,900 --> 00:03:58,639 now. This is the shipments here in the 103 00:03:58,640 --> 00:04:01,339 first quarter of 2013 or for LTE 104 00:04:01,340 --> 00:04:02,689 chipsets. 105 00:04:02,690 --> 00:04:05,299 And what you see here is basically 106 00:04:05,300 --> 00:04:07,129 Qualcomm totally dominates this market. 107 00:04:07,130 --> 00:04:09,199 So 97 percent of 108 00:04:09,200 --> 00:04:10,340 all of the chips, that's 109 00:04:12,020 --> 00:04:12,269 all 110 00:04:12,270 --> 00:04:14,359 of the chips that were going into mobile 111 00:04:14,360 --> 00:04:16,398 phones that were LTE capable were 112 00:04:16,399 --> 00:04:17,399 Qualcomm's. 113 00:04:19,490 --> 00:04:21,799 Now this obviously creates 114 00:04:21,800 --> 00:04:23,660 an interest to go after this target. 115 00:04:24,920 --> 00:04:26,179 But let's have a look at the other 116 00:04:26,180 --> 00:04:28,369 players first and what will 117 00:04:28,370 --> 00:04:30,409 maybe change in the next year or in the 118 00:04:30,410 --> 00:04:31,999 coming years. 119 00:04:32,000 --> 00:04:34,129 So Intel, which 120 00:04:34,130 --> 00:04:36,569 bought Infineon wireless, 121 00:04:36,570 --> 00:04:38,359 I think like 122 00:04:38,360 --> 00:04:40,459 two and a half for, I think 123 00:04:40,460 --> 00:04:42,079 roughly about the same time I gave the 124 00:04:42,080 --> 00:04:43,970 first talk three years ago. 125 00:04:45,080 --> 00:04:47,509 They're now shipping the chips 126 00:04:47,510 --> 00:04:49,999 that they promised two years ago. 127 00:04:50,000 --> 00:04:51,979 So they have been promising these LTE 128 00:04:51,980 --> 00:04:53,120 capable chipsets 129 00:04:54,320 --> 00:04:54,559 for a 130 00:04:54,560 --> 00:04:56,149 while, and they now shipping them in the 131 00:04:56,150 --> 00:04:58,109 Galaxy Tab three, for instance. 132 00:04:58,110 --> 00:04:59,569 That's the only device I found that 133 00:04:59,570 --> 00:05:00,570 actually has this chip. 134 00:05:02,300 --> 00:05:04,629 Media Tech has announced LTE capable 135 00:05:04,630 --> 00:05:07,329 base for 2014. 136 00:05:07,330 --> 00:05:08,409 Unclear what will happen 137 00:05:08,410 --> 00:05:11,199 there in video, 138 00:05:11,200 --> 00:05:13,899 but I, Sarah, which is a soft 139 00:05:13,900 --> 00:05:17,259 modem, so soft modem manufacturer 140 00:05:17,260 --> 00:05:19,329 that was, I think, originally from the 141 00:05:19,330 --> 00:05:21,429 UK, also a couple 142 00:05:21,430 --> 00:05:23,499 of years ago, and they now have 143 00:05:23,500 --> 00:05:25,629 an LTE capable modem chipset as well. 144 00:05:28,060 --> 00:05:29,829 This is a standalone chipset that's not 145 00:05:29,830 --> 00:05:31,809 integrated with the actual application 146 00:05:31,810 --> 00:05:34,089 processor. So you have different designs 147 00:05:34,090 --> 00:05:35,469 in some of the devices. 148 00:05:35,470 --> 00:05:38,049 You have the application processor and 149 00:05:38,050 --> 00:05:39,829 the baseband CPU in the same package and 150 00:05:39,830 --> 00:05:42,189 in the others, you have two 151 00:05:42,190 --> 00:05:43,209 separate packages. 152 00:05:44,760 --> 00:05:45,009 Now they 153 00:05:45,010 --> 00:05:47,109 have product prototypes of these LTE 154 00:05:47,110 --> 00:05:49,539 capable modem chipsets that they've 155 00:05:49,540 --> 00:05:50,980 shown at various events, 156 00:05:52,000 --> 00:05:53,079 and they've also announced 157 00:05:54,250 --> 00:05:56,379 a Tegra 4i, which has 158 00:05:56,380 --> 00:05:58,629 an integrated modem chipset 159 00:05:58,630 --> 00:06:00,729 that is announced for early 160 00:06:00,730 --> 00:06:02,349 2014. 161 00:06:02,350 --> 00:06:04,449 So you probably find it in a device 162 00:06:04,450 --> 00:06:06,129 by mid-2015, I guess. 163 00:06:07,630 --> 00:06:09,879 Then there's Spreadtrum, which is 164 00:06:09,880 --> 00:06:11,019 actually 165 00:06:11,020 --> 00:06:12,669 from a European perspective, that this is 166 00:06:12,670 --> 00:06:13,670 a niche thing. 167 00:06:14,830 --> 00:06:16,599 But from the Chinese perspective, this is 168 00:06:16,600 --> 00:06:17,600 a huge player. 169 00:06:18,730 --> 00:06:20,979 But the only do time division 170 00:06:20,980 --> 00:06:23,139 LTE chipsets, and 171 00:06:23,140 --> 00:06:25,300 they don't support 3G. 172 00:06:27,580 --> 00:06:29,649 They ship this SC ninety six 173 00:06:29,650 --> 00:06:31,929 ten already. I haven't ever looked 174 00:06:31,930 --> 00:06:33,159 at these things. 175 00:06:33,160 --> 00:06:35,319 But from what I've heard and what 176 00:06:35,320 --> 00:06:37,839 I've seen, Spectrum is is a big player 177 00:06:37,840 --> 00:06:38,840 on the Chinese market. 178 00:06:40,780 --> 00:06:42,669 They have Broadcom, and this is an 179 00:06:42,670 --> 00:06:43,569 interesting story. 180 00:06:43,570 --> 00:06:45,789 So about two and a half month 181 00:06:45,790 --> 00:06:47,499 ago, Broadcom announced that they had 182 00:06:47,500 --> 00:06:48,500 bought Renaissance 183 00:06:50,800 --> 00:06:54,039 Vanessa's baseband division. 184 00:06:54,040 --> 00:06:56,469 And this is interesting because that is 185 00:06:56,470 --> 00:06:59,019 the former Nokia baseband 186 00:06:59,020 --> 00:07:00,279 teams. 187 00:07:00,280 --> 00:07:02,859 And they basically Vanessa's 188 00:07:02,860 --> 00:07:05,049 has a chip that is ready. 189 00:07:05,050 --> 00:07:07,869 It's a big little 190 00:07:07,870 --> 00:07:10,839 arm, so it's a Cortex A15 191 00:07:10,840 --> 00:07:13,539 and well for Cortex-A15 192 00:07:13,540 --> 00:07:16,119 and for Cortex A7 193 00:07:16,120 --> 00:07:18,729 in one package together with a modem. 194 00:07:18,730 --> 00:07:21,099 And according to this, through the specs, 195 00:07:21,100 --> 00:07:22,899 I've read about this chip. 196 00:07:23,950 --> 00:07:26,019 It supports LTE on almost 197 00:07:26,020 --> 00:07:28,869 all bands, and it's capable 198 00:07:28,870 --> 00:07:30,939 of up to 150 megabits per second. 199 00:07:30,940 --> 00:07:33,009 So if this actually is something that 200 00:07:33,010 --> 00:07:35,169 they're producing already and this is 201 00:07:35,170 --> 00:07:37,509 a real threat to 202 00:07:37,510 --> 00:07:39,159 the market share distribution that you've 203 00:07:39,160 --> 00:07:40,160 seen before 204 00:07:41,110 --> 00:07:43,659 for Ericsson, it's 205 00:07:43,660 --> 00:07:44,889 unclear because 206 00:07:47,290 --> 00:07:47,709 like 207 00:07:47,710 --> 00:07:49,419 half a year or still, there was still 208 00:07:49,420 --> 00:07:52,149 Ericsson, which was the semiconductor 209 00:07:52,150 --> 00:07:54,249 manufacturer AC in a joint 210 00:07:54,250 --> 00:07:55,209 venture with Ericsson. 211 00:07:55,210 --> 00:07:56,319 And this broke up. 212 00:07:56,320 --> 00:07:58,509 And now there's just the four 213 00:07:58,510 --> 00:08:00,879 devices that Ericsson will continue, 214 00:08:00,880 --> 00:08:02,589 which are the standalone chipsets. 215 00:08:02,590 --> 00:08:04,149 But it's unclear what will happen to the 216 00:08:04,150 --> 00:08:05,889 overthought the integrated chipsets. 217 00:08:07,720 --> 00:08:09,939 OK, but now let's look 218 00:08:09,940 --> 00:08:12,399 at how they're going to get so Hexagon 219 00:08:12,400 --> 00:08:15,279 originated from Qualcomm's 220 00:08:15,280 --> 00:08:17,049 general purpose. 221 00:08:17,050 --> 00:08:19,719 This would signal processors that they 222 00:08:19,720 --> 00:08:21,009 did many, many years ago. 223 00:08:21,010 --> 00:08:23,319 I think almost two decades 224 00:08:23,320 --> 00:08:25,419 ago, they started for the lower, but for 225 00:08:25,420 --> 00:08:27,909 the actual for modulating 226 00:08:27,910 --> 00:08:29,829 the actual physical layer, you have to 227 00:08:29,830 --> 00:08:31,979 have a digital signal, 228 00:08:31,980 --> 00:08:34,119 digital signal signal processor and 229 00:08:34,120 --> 00:08:35,288 your cell phone. 230 00:08:35,289 --> 00:08:37,479 And this is where the hexagon originated 231 00:08:37,480 --> 00:08:38,480 from. 232 00:08:38,980 --> 00:08:40,569 And it was also used for audio 233 00:08:40,570 --> 00:08:41,570 processing. 234 00:08:42,580 --> 00:08:44,709 Hexagon is a an architecture 235 00:08:44,710 --> 00:08:46,809 that has very large instruction words, 236 00:08:46,810 --> 00:08:48,849 and it can do about one to four 237 00:08:48,850 --> 00:08:50,739 instructions per cycle, so it's very 238 00:08:50,740 --> 00:08:52,359 interesting parallelism. 239 00:08:52,360 --> 00:08:54,699 There it is a barrel processor, 240 00:08:54,700 --> 00:08:56,979 which is like, you are 241 00:08:56,980 --> 00:08:59,139 programing. You just have to get used 242 00:08:59,140 --> 00:09:00,579 to this a little bit. 243 00:09:00,580 --> 00:09:02,380 What this means is that 244 00:09:03,400 --> 00:09:06,489 you basically every 245 00:09:06,490 --> 00:09:07,490 process 246 00:09:09,010 --> 00:09:10,010 sees a separate 247 00:09:12,820 --> 00:09:13,629 set of 248 00:09:13,630 --> 00:09:15,759 registers and you have like basically 249 00:09:15,760 --> 00:09:17,979 three things 250 00:09:17,980 --> 00:09:19,389 in this barrel and it shifts around. 251 00:09:19,390 --> 00:09:20,829 So you actually have like three hardware 252 00:09:20,830 --> 00:09:23,649 threats that need to be filled 253 00:09:23,650 --> 00:09:27,159 by the by the software 254 00:09:27,160 --> 00:09:28,269 scheduler. 255 00:09:28,270 --> 00:09:30,699 And what this means is if you run 256 00:09:30,700 --> 00:09:32,869 things off, if you run a task 257 00:09:32,870 --> 00:09:35,289 single threaded, it only runs 258 00:09:35,290 --> 00:09:37,509 at a fraction of the actual clock 259 00:09:37,510 --> 00:09:39,699 speed. Namely, how many 260 00:09:39,700 --> 00:09:41,889 of these things you have in the barrel? 261 00:09:43,060 --> 00:09:45,129 So usually for the hexagon, you 262 00:09:45,130 --> 00:09:47,059 have three of these slices in the barrel 263 00:09:47,060 --> 00:09:48,429 and it shifts between these seats. 264 00:09:50,620 --> 00:09:52,449 You have a unified outer space for coding 265 00:09:52,450 --> 00:09:53,809 data that despite addressable. 266 00:09:54,940 --> 00:09:56,709 However, there are alignment rules. 267 00:09:56,710 --> 00:09:58,839 Usually things should be aligned by a 268 00:09:58,840 --> 00:09:59,840 fourth byte, 269 00:10:01,330 --> 00:10:02,330 but 270 00:10:02,710 --> 00:10:04,059 by four by elements. 271 00:10:04,060 --> 00:10:06,909 There are situations where the lines 272 00:10:06,910 --> 00:10:09,069 yes, 32 general registers that 273 00:10:09,070 --> 00:10:11,199 are 32 bit, but they can also 274 00:10:11,200 --> 00:10:12,789 be used in registered pairs. 275 00:10:12,790 --> 00:10:14,860 Those are then 64 bit wide. 276 00:10:16,000 --> 00:10:18,189 An interesting feature is that 277 00:10:18,190 --> 00:10:20,469 the architecture supports 278 00:10:20,470 --> 00:10:23,229 so-called hardware loops that investible. 279 00:10:23,230 --> 00:10:25,479 What this means is basically that 280 00:10:25,480 --> 00:10:26,650 you initialize a 281 00:10:28,240 --> 00:10:30,849 loop count to once and 282 00:10:30,850 --> 00:10:32,769 you then have a loop body that you run, 283 00:10:32,770 --> 00:10:34,809 but you don't need to spend any cycles on 284 00:10:34,810 --> 00:10:36,849 actual comparisons in this loop. 285 00:10:36,850 --> 00:10:38,229 So this is done by the hardware, and this 286 00:10:38,230 --> 00:10:39,700 can be nested several 287 00:10:41,110 --> 00:10:42,610 several steps. 288 00:10:44,440 --> 00:10:46,059 There are many, many addressing modes on 289 00:10:46,060 --> 00:10:46,989 this thing. 290 00:10:46,990 --> 00:10:49,089 So, for instance, it has something 291 00:10:49,090 --> 00:10:51,489 like a circular addressing 292 00:10:51,490 --> 00:10:54,039 in reverse with a scatter factor 293 00:10:54,040 --> 00:10:55,040 or something. 294 00:10:56,380 --> 00:10:58,659 And I think the list of different 295 00:10:58,660 --> 00:11:00,819 artistic modes in the Hexagon 296 00:11:00,820 --> 00:11:03,239 manual is about one page already. 297 00:11:03,240 --> 00:11:04,540 And in the latest revision, 298 00:11:06,490 --> 00:11:07,779 the design rules 299 00:11:07,780 --> 00:11:11,129 for this architecture 300 00:11:11,130 --> 00:11:13,269 were actually for 301 00:11:13,270 --> 00:11:15,129 the chip to be low power. 302 00:11:15,130 --> 00:11:16,479 This is something that the constraints 303 00:11:16,480 --> 00:11:18,759 here are truly orthogonal to to security. 304 00:11:19,870 --> 00:11:22,119 So the idea was that if you use this very 305 00:11:22,120 --> 00:11:23,439 long instruction word architecture 306 00:11:23,440 --> 00:11:25,929 instead of out of order execution, 307 00:11:25,930 --> 00:11:28,209 you gain a lower footage and a lower 308 00:11:28,210 --> 00:11:29,890 power consumption. 309 00:11:31,060 --> 00:11:33,039 So what you basically do is you don't 310 00:11:33,040 --> 00:11:35,079 increase the clock rate on these chips, 311 00:11:35,080 --> 00:11:36,640 but you increase the work that is done. 312 00:11:38,380 --> 00:11:40,479 They also try to avoid all kind 313 00:11:40,480 --> 00:11:42,459 of speculation like Pranesh speculation 314 00:11:42,460 --> 00:11:44,559 or predictive data fetches. 315 00:11:45,670 --> 00:11:48,719 And they also try to board members stalls 316 00:11:48,720 --> 00:11:51,279 as as hard as possible. 317 00:11:51,280 --> 00:11:53,589 Are three different levels 318 00:11:53,590 --> 00:11:56,409 of parallelism in the 319 00:11:56,410 --> 00:11:58,749 ZAPU. You have an instruction level 320 00:11:58,750 --> 00:12:00,339 parallelism, you have a data level 321 00:12:00,340 --> 00:12:02,739 parallelism of some things like 322 00:12:02,740 --> 00:12:03,789 then you have the threat level 323 00:12:03,790 --> 00:12:06,069 parallelism, which is 324 00:12:06,070 --> 00:12:07,239 this this barrel thing? 325 00:12:09,940 --> 00:12:10,239 There is 326 00:12:10,240 --> 00:12:11,860 another interesting feature, 327 00:12:13,030 --> 00:12:15,159 which is the 328 00:12:15,160 --> 00:12:16,690 fact that the 329 00:12:18,460 --> 00:12:20,979 atomic unit 330 00:12:20,980 --> 00:12:23,109 of execution on this CPU is 331 00:12:23,110 --> 00:12:24,999 not a single instruction of the so-called 332 00:12:25,000 --> 00:12:25,539 instruction 333 00:12:25,540 --> 00:12:28,029 packet, and 334 00:12:28,030 --> 00:12:30,249 an instruction packet basically groups 335 00:12:30,250 --> 00:12:32,439 together different instructions that will 336 00:12:32,440 --> 00:12:34,850 be executed in parallel by the CPU. 337 00:12:36,650 --> 00:12:39,429 There are full parallel pipelines 338 00:12:39,430 --> 00:12:42,159 which are called slots for some reason, 339 00:12:42,160 --> 00:12:44,169 and different instruction types are 340 00:12:44,170 --> 00:12:46,209 assigned to these different slots. 341 00:12:46,210 --> 00:12:48,939 And, of course, constraints for 342 00:12:48,940 --> 00:12:51,249 this grouping supply that you can read 343 00:12:51,250 --> 00:12:52,479 in the documentation. 344 00:12:52,480 --> 00:12:54,549 I can't give you all the constraints on 345 00:12:54,550 --> 00:12:56,559 this presentation. 346 00:12:56,560 --> 00:12:58,629 Of course, these constraints 347 00:12:58,630 --> 00:12:59,630 simply 348 00:13:01,960 --> 00:13:04,029 have the effect that the hardware 349 00:13:04,030 --> 00:13:05,950 resources are not oversubscribed. 350 00:13:07,900 --> 00:13:09,999 If you read the manuals, they will tell 351 00:13:10,000 --> 00:13:11,679 you that you cannot branch into the 352 00:13:11,680 --> 00:13:12,820 middle of a packet. 353 00:13:14,590 --> 00:13:17,619 It's not quite clear whether branching 354 00:13:17,620 --> 00:13:19,839 in their terminology means that you 355 00:13:19,840 --> 00:13:21,939 also should not be able to 356 00:13:21,940 --> 00:13:23,919 return into a packet. 357 00:13:23,920 --> 00:13:26,769 Empirically, however, you can 358 00:13:26,770 --> 00:13:27,429 at least 359 00:13:27,430 --> 00:13:28,899 most of the time. 360 00:13:28,900 --> 00:13:30,879 I've had some issues with that, which I 361 00:13:30,880 --> 00:13:33,249 however, think might have to do with 362 00:13:33,250 --> 00:13:34,179 our caches. 363 00:13:34,180 --> 00:13:36,279 So it might be that there's an 364 00:13:36,280 --> 00:13:38,409 instruction level cache which 365 00:13:38,410 --> 00:13:39,369 has a packet 366 00:13:39,370 --> 00:13:40,370 fetched 367 00:13:40,990 --> 00:13:43,059 already, and then it fails if I 368 00:13:43,060 --> 00:13:44,109 go into the middle of it. 369 00:13:44,110 --> 00:13:45,849 However, I've had success with this. 370 00:13:45,850 --> 00:13:48,489 If there was a certain distance 371 00:13:48,490 --> 00:13:49,749 between the 372 00:13:51,300 --> 00:13:51,429 the 373 00:13:51,430 --> 00:13:53,919 packet I branched into and the 374 00:13:55,060 --> 00:13:55,569 location 375 00:13:55,570 --> 00:13:58,149 that so that I returned into and the 376 00:13:58,150 --> 00:13:59,470 location that I returned from. 377 00:14:02,410 --> 00:14:04,539 OK, let's have a look at the chips that 378 00:14:04,540 --> 00:14:05,739 evolution. 379 00:14:05,740 --> 00:14:07,839 So there's the cutest 380 00:14:07,840 --> 00:14:09,729 P six version. 381 00:14:09,730 --> 00:14:11,829 One of the cutest V six 382 00:14:11,830 --> 00:14:13,480 is the internal name for 383 00:14:14,620 --> 00:14:15,999 the hexagon. 384 00:14:17,140 --> 00:14:19,209 I guess it's like the sixth iteration of 385 00:14:19,210 --> 00:14:21,639 the DSP that they produced 386 00:14:21,640 --> 00:14:22,959 and the version one. 387 00:14:22,960 --> 00:14:25,419 I actually I only found one 388 00:14:25,420 --> 00:14:27,789 handset that supposedly has 389 00:14:27,790 --> 00:14:30,039 this chipset, which is the Pentyrch 390 00:14:30,040 --> 00:14:32,049 racer vigor. 391 00:14:32,050 --> 00:14:33,549 I'm not sure. Has anybody in this room 392 00:14:33,550 --> 00:14:34,689 ever heard of this device? 393 00:14:34,690 --> 00:14:35,739 It's. 394 00:14:35,740 --> 00:14:36,729 So the US market. 395 00:14:36,730 --> 00:14:38,799 But even when you talk to people 396 00:14:38,800 --> 00:14:40,330 from the US, nobody knows this one. 397 00:14:42,430 --> 00:14:44,569 The curious fifth six version, too, 398 00:14:44,570 --> 00:14:46,779 wasn't a lot of devices then all 399 00:14:46,780 --> 00:14:49,539 of them that had accused the A6 50 400 00:14:49,540 --> 00:14:51,740 or the MSM 80 to 100. 401 00:14:53,500 --> 00:14:54,850 And these other chipsets, 402 00:14:56,200 --> 00:14:57,069 the 403 00:14:57,070 --> 00:14:59,499 cutest version three, 404 00:14:59,500 --> 00:15:00,500 however, 405 00:15:01,780 --> 00:15:04,749 seems to have mostly been in 406 00:15:04,750 --> 00:15:06,039 CDMA devices. 407 00:15:07,060 --> 00:15:09,190 One of the devices is not a CDMA device 408 00:15:10,270 --> 00:15:11,979 that was able to find was the Sony Xperia 409 00:15:11,980 --> 00:15:14,679 Accrue HD. 410 00:15:14,680 --> 00:15:16,779 I was 12 s, so this is a 411 00:15:16,780 --> 00:15:18,879 model specific for the for the 412 00:15:18,880 --> 00:15:19,880 Asian market. 413 00:15:20,890 --> 00:15:22,989 The version four, again, is 414 00:15:22,990 --> 00:15:25,209 the one that is very widespread 415 00:15:25,210 --> 00:15:26,210 at the moment 416 00:15:27,040 --> 00:15:27,219 and 417 00:15:27,220 --> 00:15:29,319 at the rest of the talk will be about so 418 00:15:29,320 --> 00:15:30,519 version three and below. 419 00:15:30,520 --> 00:15:32,079 Basically, it's historic. 420 00:15:32,080 --> 00:15:34,389 It's not because that those 421 00:15:34,390 --> 00:15:36,190 were from the times when 422 00:15:37,240 --> 00:15:39,519 the baseband, the actual 423 00:15:39,520 --> 00:15:41,679 SO baseband stack was still 424 00:15:41,680 --> 00:15:43,869 running on an arm 425 00:15:43,870 --> 00:15:44,919 CPU. 426 00:15:44,920 --> 00:15:46,989 And the cutest architecture 427 00:15:46,990 --> 00:15:48,999 really was for the audio processing and 428 00:15:49,000 --> 00:15:50,000 modulation task. 429 00:15:51,970 --> 00:15:54,519 So the Msomi 960, 430 00:15:54,520 --> 00:15:56,679 for instance, is in the Samsung Galaxy 431 00:15:56,680 --> 00:15:58,779 S four in the Apple iPhone 432 00:15:58,780 --> 00:15:59,379 five 433 00:15:59,380 --> 00:16:02,139 and the five S and 434 00:16:02,140 --> 00:16:04,839 actually the iPhone five 435 00:16:04,840 --> 00:16:07,119 nine nine six one five three 436 00:16:07,120 --> 00:16:09,279 and the five S is nine six one 437 00:16:09,280 --> 00:16:10,209 five 438 00:16:10,210 --> 00:16:11,349 Ms. 439 00:16:11,350 --> 00:16:12,849 And the BlackBerry 440 00:16:12,850 --> 00:16:15,159 10, you again have the MSMEs and 441 00:16:15,160 --> 00:16:16,659 18:9 16 there. There's a lot of other 442 00:16:16,660 --> 00:16:18,070 devices that have the same 443 00:16:19,420 --> 00:16:20,409 chipset. 444 00:16:20,410 --> 00:16:22,389 I'm not going to list all of them. 445 00:16:22,390 --> 00:16:24,190 And the very latest iteration 446 00:16:25,390 --> 00:16:27,459 is the MSM 447 00:16:27,460 --> 00:16:29,559 A9 74, which is, 448 00:16:29,560 --> 00:16:31,719 for instance, in the LG G2 449 00:16:31,720 --> 00:16:34,059 and the Sony Xperia XZ that Ultra 450 00:16:34,060 --> 00:16:36,460 and also the Nexus five. 451 00:16:37,720 --> 00:16:39,849 Internally, these also have these 452 00:16:39,850 --> 00:16:41,470 Snapdragon names, so 453 00:16:43,720 --> 00:16:47,169 be B5. For instance, that Snapdragon 800 454 00:16:47,170 --> 00:16:49,599 Snapdragon 600 is cutest 455 00:16:49,600 --> 00:16:50,600 before. 456 00:16:53,140 --> 00:16:55,719 OK, but I prefer the actual 457 00:16:55,720 --> 00:16:57,459 chip's names instead of the the 458 00:16:57,460 --> 00:16:58,460 Snapdragon names. 459 00:17:00,760 --> 00:17:03,639 So let's see what kind of documentation 460 00:17:03,640 --> 00:17:04,809 and tool change you have. 461 00:17:04,810 --> 00:17:05,810 So 462 00:17:07,000 --> 00:17:09,098 Hex the Hexagon pro-Remain Sky now is 463 00:17:09,099 --> 00:17:11,199 available for version two, four and five 464 00:17:11,200 --> 00:17:12,489 for some reason is not available for 465 00:17:12,490 --> 00:17:13,598 version three. 466 00:17:13,599 --> 00:17:15,130 That wasn't widely used anyway. 467 00:17:16,690 --> 00:17:18,999 When I last gave this talk 468 00:17:19,000 --> 00:17:20,858 one half month ago, I wasn't aware that 469 00:17:20,859 --> 00:17:22,659 they had released the version four and 470 00:17:22,660 --> 00:17:24,499 version five reference manuals. 471 00:17:24,500 --> 00:17:26,439 They did that in the 472 00:17:27,760 --> 00:17:28,990 beginning of October. 473 00:17:30,010 --> 00:17:31,569 But you really have to search for it, and 474 00:17:31,570 --> 00:17:33,339 it's I haven't seen it announced 475 00:17:33,340 --> 00:17:34,340 anywhere, 476 00:17:35,710 --> 00:17:36,069 but I'll 477 00:17:36,070 --> 00:17:38,229 give you the references at the end and 478 00:17:38,230 --> 00:17:39,230 you can find it. 479 00:17:40,840 --> 00:17:43,029 Initially, I tried to build my own tools 480 00:17:43,030 --> 00:17:44,030 from scratch. 481 00:17:45,400 --> 00:17:47,739 Which is, yeah, it's 482 00:17:47,740 --> 00:17:50,579 the ICC, it's complex. 483 00:17:50,580 --> 00:17:52,689 It's from in terms 484 00:17:52,690 --> 00:17:54,909 of complexity is about as 485 00:17:54,910 --> 00:17:57,429 complex as x86 with all of the extensions 486 00:17:57,430 --> 00:17:59,619 that you have at the moment, I would say, 487 00:17:59,620 --> 00:18:01,089 but with less documentation 488 00:18:02,350 --> 00:18:02,979 and 489 00:18:02,980 --> 00:18:05,049 obviously testing is a lot harder 490 00:18:05,050 --> 00:18:06,609 than an x86. 491 00:18:06,610 --> 00:18:07,269 So I mean, 492 00:18:07,270 --> 00:18:08,889 for instance, like I guess like 493 00:18:08,890 --> 00:18:10,239 a lot of people in this room have written 494 00:18:10,240 --> 00:18:11,919 and arm this assembler, that's easy. 495 00:18:11,920 --> 00:18:15,129 You can do that. Like for if you don't 496 00:18:15,130 --> 00:18:15,369 want 497 00:18:15,370 --> 00:18:17,379 to do all of the new stuff, you can do 498 00:18:17,380 --> 00:18:18,380 that in a weekend. 499 00:18:19,360 --> 00:18:20,859 You will not be able to do that for a 500 00:18:20,860 --> 00:18:22,329 fact. And that's what I'm trying to tell 501 00:18:22,330 --> 00:18:23,379 you will try. 502 00:18:23,380 --> 00:18:25,419 We will most probably spend like a month 503 00:18:25,420 --> 00:18:27,639 or two and then you will still 504 00:18:27,640 --> 00:18:29,199 not have the full functionality. 505 00:18:29,200 --> 00:18:30,669 And then I wish you very good luck with 506 00:18:30,670 --> 00:18:31,670 testing that. 507 00:18:32,770 --> 00:18:35,109 So it is. 508 00:18:35,110 --> 00:18:37,329 It seems to be much easier to start from 509 00:18:37,330 --> 00:18:38,799 a publicly released toolchain, and 510 00:18:38,800 --> 00:18:41,379 Qualcomm indeed does release 511 00:18:41,380 --> 00:18:43,509 a touching based 512 00:18:43,510 --> 00:18:45,339 on the on. 513 00:18:45,340 --> 00:18:46,599 They release patches to the new 514 00:18:46,600 --> 00:18:48,579 toolchain. So you have kind of been utils 515 00:18:48,580 --> 00:18:50,199 for the GCSE. 516 00:18:50,200 --> 00:18:52,300 And recently they've also started 517 00:18:54,640 --> 00:18:57,129 posting patches to Hexagon. 518 00:18:57,130 --> 00:18:59,379 However, the so much extra 519 00:18:59,380 --> 00:19:02,439 LVM, so their hexagon touches to LVM 520 00:19:02,440 --> 00:19:04,929 and they are in the tree now. 521 00:19:04,930 --> 00:19:06,430 However, the hexagon 522 00:19:07,450 --> 00:19:09,789 supporting LVM looks very 523 00:19:09,790 --> 00:19:11,529 rough at the moment. For instance, the 524 00:19:11,530 --> 00:19:13,269 MSI framework that you would need for 525 00:19:13,270 --> 00:19:15,489 disassembly for disassembling is 526 00:19:15,490 --> 00:19:16,490 not there at all. 527 00:19:17,500 --> 00:19:17,799 And the 528 00:19:17,800 --> 00:19:20,529 output that I get from 529 00:19:20,530 --> 00:19:23,469 the the assembler and the compiler, 530 00:19:23,470 --> 00:19:23,919 it 531 00:19:23,920 --> 00:19:24,849 looks OK. 532 00:19:24,850 --> 00:19:27,249 But the maturity 533 00:19:27,250 --> 00:19:29,170 of the cnn-youtube chain seems to be 534 00:19:30,550 --> 00:19:32,769 much more advanced than the album 535 00:19:32,770 --> 00:19:34,479 of the album. Things seems to be an 536 00:19:34,480 --> 00:19:36,489 experiment, but I think that's where 537 00:19:36,490 --> 00:19:37,599 there will move eventually. 538 00:19:40,780 --> 00:19:42,429 If you look at the differences between 539 00:19:42,430 --> 00:19:44,829 the diff, between the different revisions 540 00:19:44,830 --> 00:19:46,899 and you want to see like how how has this 541 00:19:46,900 --> 00:19:47,900 moved along? 542 00:19:49,260 --> 00:19:50,949 Now you will see that there's 543 00:19:50,950 --> 00:19:52,659 unfortunately no reference manual for the 544 00:19:52,660 --> 00:19:54,849 version three available, so 545 00:19:54,850 --> 00:19:55,929 you have no changelog. 546 00:19:55,930 --> 00:19:57,939 So we have to defeat the awkward headers 547 00:19:57,940 --> 00:19:59,359 in the hexagon neutrals. 548 00:20:00,370 --> 00:20:02,349 But you will then find is they've added 549 00:20:02,350 --> 00:20:04,419 this very useful instruction pause, 550 00:20:04,420 --> 00:20:07,329 which allows it to pause for up to 551 00:20:07,330 --> 00:20:09,309 263 cycles, 552 00:20:09,310 --> 00:20:10,209 and they've added 553 00:20:10,210 --> 00:20:11,210 a vector 554 00:20:12,490 --> 00:20:14,289 instruction, which is a vector reduce 555 00:20:14,290 --> 00:20:17,019 complex multiply by scalar instruction. 556 00:20:17,020 --> 00:20:18,909 This is something that you need if you do 557 00:20:18,910 --> 00:20:19,910 DSP programing. 558 00:20:21,610 --> 00:20:22,989 This is the thing that you find 559 00:20:22,990 --> 00:20:25,449 documented. Interestingly, 560 00:20:25,450 --> 00:20:27,909 the only document the user level stuff 561 00:20:27,910 --> 00:20:30,159 because you then find 562 00:20:30,160 --> 00:20:32,259 all of these other differences to 563 00:20:32,260 --> 00:20:33,789 be locked, you'll be unlocked. 564 00:20:33,790 --> 00:20:34,989 Well, that's kind of obvious. 565 00:20:37,420 --> 00:20:39,639 Then you have to either unlock, which 566 00:20:39,640 --> 00:20:41,559 is potentially related to runtime 567 00:20:41,560 --> 00:20:43,659 exceptions, but I don't 568 00:20:43,660 --> 00:20:45,999 know what K0 means and what 569 00:20:46,000 --> 00:20:47,829 zero lock does. 570 00:20:47,830 --> 00:20:49,449 I guess it's a privileged instruction, 571 00:20:49,450 --> 00:20:50,379 but I don't know. 572 00:20:50,380 --> 00:20:52,059 It's not clear from the documentation 573 00:20:52,060 --> 00:20:54,189 that they have simply for 574 00:20:54,190 --> 00:20:57,279 the L2 clean envelope. 575 00:20:57,280 --> 00:20:59,049 Index. I guess that's like for cash and 576 00:20:59,050 --> 00:21:01,269 validation. For the same 577 00:21:01,270 --> 00:21:03,249 for I'm. I have no clue what it does that 578 00:21:03,250 --> 00:21:04,250 don't ask. 579 00:21:06,010 --> 00:21:08,169 So what you get is documentation 580 00:21:08,170 --> 00:21:10,529 for running your own user level 581 00:21:10,530 --> 00:21:11,739 of code on the hexagon. 582 00:21:11,740 --> 00:21:14,559 And I don't think that's the goal that 583 00:21:14,560 --> 00:21:15,549 Qualcomm actually has. 584 00:21:15,550 --> 00:21:17,679 So they want you to write 585 00:21:17,680 --> 00:21:19,029 this application. 586 00:21:19,030 --> 00:21:21,459 So. So they want you to write code 587 00:21:21,460 --> 00:21:23,379 to make use of the DSP on the 588 00:21:23,380 --> 00:21:24,380 architecture. 589 00:21:26,790 --> 00:21:28,919 In version three, 590 00:21:28,920 --> 00:21:31,139 version four, it's a similar thing if 591 00:21:31,140 --> 00:21:33,719 you look there, they actually have 592 00:21:33,720 --> 00:21:35,819 a change log what they what 593 00:21:35,820 --> 00:21:37,919 has, what has happened 594 00:21:37,920 --> 00:21:40,409 and they tell you without a virtual 595 00:21:40,410 --> 00:21:41,889 support for virtualization. 596 00:21:41,890 --> 00:21:44,279 Worse, I don't see it anywhere. 597 00:21:44,280 --> 00:21:46,379 Not even like in the not even in the in 598 00:21:46,380 --> 00:21:48,779 the in the 599 00:21:48,780 --> 00:21:49,889 hexagon opcode files. 600 00:21:49,890 --> 00:21:51,389 I don't see I don't see which switch 601 00:21:51,390 --> 00:21:53,639 instructions are responsible for 602 00:21:53,640 --> 00:21:55,409 virtualization. 603 00:21:55,410 --> 00:21:56,279 They have added 604 00:21:56,280 --> 00:21:58,709 support for software defined 605 00:21:58,710 --> 00:22:01,079 radio, so they have added to instructions 606 00:22:03,060 --> 00:22:06,189 which basically make the 607 00:22:06,190 --> 00:22:08,309 the so-called reactive spreading 608 00:22:08,310 --> 00:22:10,859 in Dublin KDM HD modulation. 609 00:22:10,860 --> 00:22:12,209 Well, basically 610 00:22:13,470 --> 00:22:15,959 two or three instruction thing, 611 00:22:15,960 --> 00:22:17,639 but some of them they have already added 612 00:22:17,640 --> 00:22:19,349 in version three. If you look at the 613 00:22:19,350 --> 00:22:21,059 differences and therefore also they also 614 00:22:21,060 --> 00:22:22,469 tell you that they have debug and trace 615 00:22:22,470 --> 00:22:24,539 enhanced. But again, I 616 00:22:24,540 --> 00:22:26,219 don't know, like there is no further 617 00:22:26,220 --> 00:22:27,629 documentation about this. 618 00:22:27,630 --> 00:22:29,159 And also, they allegedly have a logic 619 00:22:29,160 --> 00:22:30,869 address space, which I can verify as 620 00:22:30,870 --> 00:22:31,870 well. 621 00:22:33,090 --> 00:22:35,189 I don't I don't see this in the 622 00:22:35,190 --> 00:22:36,899 in the Akoth file photo generated. 623 00:22:39,510 --> 00:22:41,649 Then if you look at the curious 624 00:22:41,650 --> 00:22:42,929 P5 and up. 625 00:22:42,930 --> 00:22:46,049 So this is the Snapdragon 800, 626 00:22:46,050 --> 00:22:47,519 they've now introduced floating point 627 00:22:47,520 --> 00:22:48,520 support. 628 00:22:50,190 --> 00:22:50,789 That's interesting. 629 00:22:50,790 --> 00:22:53,279 I guess this is related to the fact that 630 00:22:53,280 --> 00:22:55,469 the Snapdragon 800 is the first 631 00:22:55,470 --> 00:22:57,659 device that has 632 00:22:57,660 --> 00:22:59,759 these all these audio capabilities that 633 00:22:59,760 --> 00:23:01,709 first came out with the Moto X, where you 634 00:23:01,710 --> 00:23:03,869 have voice activation, so you can 635 00:23:03,870 --> 00:23:06,569 say, OK, phone, do something for me. 636 00:23:06,570 --> 00:23:07,649 I guess that's what they need is the 637 00:23:07,650 --> 00:23:09,869 floating point support for it, but that's 638 00:23:09,870 --> 00:23:12,479 the first one that I was introducing. 639 00:23:12,480 --> 00:23:13,949 And they also have some fanatical 640 00:23:13,950 --> 00:23:16,289 enhanced data cache, pre fetch. 641 00:23:16,290 --> 00:23:17,969 I don't, so I don't know what that is. 642 00:23:17,970 --> 00:23:19,319 I haven't been able to find further 643 00:23:19,320 --> 00:23:20,369 documentation about this. 644 00:23:22,230 --> 00:23:24,359 There's also this version 5.5, 645 00:23:26,070 --> 00:23:27,839 which, um, 646 00:23:27,840 --> 00:23:29,879 I don't know actually which chip that 647 00:23:29,880 --> 00:23:31,139 went into. 648 00:23:31,140 --> 00:23:33,149 And this adds the cyclone registers 649 00:23:33,150 --> 00:23:35,279 useful. If you want to benchmark things 650 00:23:35,280 --> 00:23:36,929 and it has this vector, add in select 651 00:23:36,930 --> 00:23:39,089 maximum half words instruction, 652 00:23:39,090 --> 00:23:40,769 which yeah, it's a simple instruction 653 00:23:40,770 --> 00:23:42,119 useful for something I don't know. 654 00:23:42,120 --> 00:23:44,549 But I mean, if you look at their 655 00:23:44,550 --> 00:23:46,799 manuals, you'll see that they've actually 656 00:23:46,800 --> 00:23:48,719 choose this up here to do things. 657 00:23:48,720 --> 00:23:50,999 They have actually added instructions 658 00:23:51,000 --> 00:23:54,119 to make, for instance, things like H.264 659 00:23:54,120 --> 00:23:56,129 decompression faster. 660 00:23:56,130 --> 00:23:58,349 So they have very specific applications 661 00:23:58,350 --> 00:23:59,939 in areas for which they app these 662 00:23:59,940 --> 00:24:01,589 instructions. But you cannot. 663 00:24:01,590 --> 00:24:02,879 If you don't haven't seen these 664 00:24:02,880 --> 00:24:04,859 application scenarios, they can certainly 665 00:24:04,860 --> 00:24:07,019 tell would have added them for unless 666 00:24:07,020 --> 00:24:08,020 they tell you. 667 00:24:09,540 --> 00:24:11,399 OK, but let's look at the very basic 668 00:24:11,400 --> 00:24:13,799 things that look at the the useful 669 00:24:13,800 --> 00:24:15,689 instructions that we all can 670 00:24:16,760 --> 00:24:18,839 can understand. Because I mean, the fact 671 00:24:18,840 --> 00:24:20,670 is, if you look for vulnerabilities 672 00:24:22,110 --> 00:24:24,209 that you run across 673 00:24:24,210 --> 00:24:26,759 a loop that does some 674 00:24:26,760 --> 00:24:28,919 simple stuff, most of the 675 00:24:28,920 --> 00:24:31,139 time you will not care because 676 00:24:31,140 --> 00:24:32,819 it's in the lower layers. 677 00:24:32,820 --> 00:24:34,769 So I mean, at least for me, that was a 678 00:24:34,770 --> 00:24:36,329 very quick test. 679 00:24:37,410 --> 00:24:39,669 If there are exceptions 680 00:24:39,670 --> 00:24:40,769 to this, for instance, if you have 681 00:24:40,770 --> 00:24:42,929 something that could be spot, which is 682 00:24:42,930 --> 00:24:45,419 this a splat instruction 683 00:24:45,420 --> 00:24:47,529 which puts the same bite into all the 684 00:24:47,530 --> 00:24:49,139 Brits? That's the vector instruction that 685 00:24:49,140 --> 00:24:51,059 is actually not four percent that can be 686 00:24:51,060 --> 00:24:52,949 used, for instance, in memo set. 687 00:24:52,950 --> 00:24:54,689 But look at the 688 00:24:54,690 --> 00:24:56,999 manual and you will get an idea which 689 00:24:57,000 --> 00:24:59,249 of the instructions you will mostly see 690 00:24:59,250 --> 00:25:00,869 in DSP scenarios. 691 00:25:00,870 --> 00:25:02,519 And then you can see, OK, well, if you 692 00:25:02,520 --> 00:25:04,499 ever see this in a function, you will 693 00:25:04,500 --> 00:25:06,509 probably not have to analyze it further 694 00:25:06,510 --> 00:25:08,279 because it's just for the lower layers. 695 00:25:08,280 --> 00:25:10,019 And it's not actually something that 696 00:25:10,020 --> 00:25:11,879 would be allow you to trigger a memory 697 00:25:11,880 --> 00:25:12,880 corruption easily. 698 00:25:13,920 --> 00:25:15,149 I'm not saying it's impossible. 699 00:25:15,150 --> 00:25:17,339 There have been cases where you 700 00:25:17,340 --> 00:25:19,289 have been able, but it's just like it's 701 00:25:19,290 --> 00:25:21,509 it's a metric for me to judge 702 00:25:21,510 --> 00:25:24,389 how hardware we'll look at a function. 703 00:25:24,390 --> 00:25:26,939 So if I can see it's from 704 00:25:26,940 --> 00:25:28,889 the the lower signal processing layers, 705 00:25:28,890 --> 00:25:30,450 I'm less likely to look at it. 706 00:25:31,500 --> 00:25:33,599 Okay, so useful insertions 707 00:25:33,600 --> 00:25:36,029 obviously are transfer instructions which 708 00:25:36,030 --> 00:25:38,249 allow to transfer between registers or 709 00:25:38,250 --> 00:25:40,349 allow you to put a new religion 710 00:25:40,350 --> 00:25:41,639 to register. 711 00:25:41,640 --> 00:25:43,259 And you have early instructions, for 712 00:25:43,260 --> 00:25:45,329 instance, add, subtract, multiply 713 00:25:45,330 --> 00:25:46,330 and so on. 714 00:25:46,980 --> 00:25:49,109 And for this, you have like a 16 715 00:25:49,110 --> 00:25:51,179 byte sign, immediate, immediate 716 00:25:51,180 --> 00:25:52,829 for the arithmetic that you can use an 717 00:25:52,830 --> 00:25:53,999 attempt for the logical. 718 00:25:54,000 --> 00:25:56,729 If you do an X or something, 719 00:25:56,730 --> 00:25:58,380 you have combined instructions 720 00:25:59,850 --> 00:26:00,059 that 721 00:26:00,060 --> 00:26:03,119 allow you to combine 722 00:26:03,120 --> 00:26:05,519 immediately into basically 723 00:26:05,520 --> 00:26:07,739 a register here, 724 00:26:07,740 --> 00:26:10,229 and you have MUX instructions that 725 00:26:10,230 --> 00:26:11,230 allow you to 726 00:26:12,330 --> 00:26:14,629 basically multiplex with 727 00:26:14,630 --> 00:26:15,539 the predicate. 728 00:26:15,540 --> 00:26:17,129 So depending on the predicate, you put 729 00:26:17,130 --> 00:26:19,919 one or the other into the instruction. 730 00:26:19,920 --> 00:26:21,869 You have a very large chunk of knob 731 00:26:21,870 --> 00:26:23,709 instructions two to the twenty four and 732 00:26:23,710 --> 00:26:24,659 off instructions for you. 733 00:26:24,660 --> 00:26:26,430 Basically, any instruction that starts 734 00:26:28,020 --> 00:26:30,179 with the seven f sorry, I should 735 00:26:30,180 --> 00:26:32,489 have mentioned that the CPU 736 00:26:32,490 --> 00:26:33,659 architectures little engine. 737 00:26:33,660 --> 00:26:35,789 So any instructions that start with 738 00:26:35,790 --> 00:26:37,829 a seven F, the rest of that doesn't 739 00:26:37,830 --> 00:26:38,830 matter. It's enough. 740 00:26:41,460 --> 00:26:42,659 OK. Now. 741 00:26:46,250 --> 00:26:48,109 A while ago, 742 00:26:48,110 --> 00:26:49,639 I'm not going to tell you exactly when to 743 00:26:49,640 --> 00:26:51,199 make searching a little harder. 744 00:26:51,200 --> 00:26:53,449 An archive of ships The documentation for 745 00:26:53,450 --> 00:26:55,190 the Amazon 960 746 00:26:56,420 --> 00:26:58,459 mysteriously appeared on the developer's 747 00:26:58,460 --> 00:26:59,460 site. 748 00:27:00,020 --> 00:27:01,020 And 749 00:27:02,300 --> 00:27:04,700 interestingly, this not only contained 750 00:27:05,720 --> 00:27:07,429 chipset documentation, but for some 751 00:27:07,430 --> 00:27:10,609 reason they 752 00:27:10,610 --> 00:27:11,690 whoever posted it 753 00:27:12,740 --> 00:27:14,929 also put seven a.m. 754 00:27:14,930 --> 00:27:17,629 security Bolton into that archive. 755 00:27:17,630 --> 00:27:20,149 So Mess is the advanced 756 00:27:20,150 --> 00:27:22,489 mobile subscriber system, which is the 757 00:27:22,490 --> 00:27:24,440 Qualcomm codename for the baseband stack, 758 00:27:25,550 --> 00:27:27,619 and these basically 759 00:27:27,620 --> 00:27:27,739 are 760 00:27:27,740 --> 00:27:29,929 very detailed descriptions 761 00:27:29,930 --> 00:27:32,239 of the bugs that they have fixed 762 00:27:32,240 --> 00:27:34,399 in the trees that they give to 763 00:27:34,400 --> 00:27:35,400 the vendors. 764 00:27:37,220 --> 00:27:38,869 And this obviously means that all of 765 00:27:38,870 --> 00:27:40,760 these bugs must now be considered public. 766 00:27:42,770 --> 00:27:45,049 But you also find 767 00:27:45,050 --> 00:27:47,479 interesting things 768 00:27:47,480 --> 00:27:49,639 like the leaked docs, for 769 00:27:49,640 --> 00:27:50,640 instance, claim that 770 00:27:52,040 --> 00:27:52,669 in 771 00:27:52,670 --> 00:27:54,919 benchmarks, they found that Hexagon 772 00:27:54,920 --> 00:27:57,169 for their baseband stack spends up 773 00:27:57,170 --> 00:27:59,929 to three times to cycle 774 00:27:59,930 --> 00:28:02,029 than an arm nine on 775 00:28:02,030 --> 00:28:04,369 the control code in the baseband, 776 00:28:04,370 --> 00:28:05,359 so the control code. 777 00:28:05,360 --> 00:28:07,519 This means, like all the all the things 778 00:28:07,520 --> 00:28:09,719 that are not the the actual 779 00:28:09,720 --> 00:28:10,720 the modulation. 780 00:28:13,310 --> 00:28:14,310 OK, 781 00:28:15,590 --> 00:28:15,949 now 782 00:28:15,950 --> 00:28:17,540 I'm skipping around a little bit. 783 00:28:18,980 --> 00:28:21,109 I wasn't quite finished with the 784 00:28:21,110 --> 00:28:22,909 architecture. Obviously, I just wanted to 785 00:28:22,910 --> 00:28:25,279 put the thing about the leaked docs 786 00:28:25,280 --> 00:28:27,439 in there who would come back to 787 00:28:27,440 --> 00:28:29,059 that in a bit. 788 00:28:29,060 --> 00:28:30,950 But first of all, you have to also see 789 00:28:32,780 --> 00:28:34,819 what kind of different control registers 790 00:28:34,820 --> 00:28:35,820 you have 791 00:28:36,320 --> 00:28:36,979 on 792 00:28:36,980 --> 00:28:39,979 the CPU. So you have the loop registers, 793 00:28:39,980 --> 00:28:42,199 which are for the hardware loops. 794 00:28:42,200 --> 00:28:43,289 You have a program coming. 795 00:28:43,290 --> 00:28:44,719 Obviously, you have a user status 796 00:28:44,720 --> 00:28:46,909 register, just a modifier 797 00:28:46,910 --> 00:28:48,559 registers which are for the circular. 798 00:28:48,560 --> 00:28:50,059 Everything notes you have predicate 799 00:28:50,060 --> 00:28:51,829 registers, which are for things like 800 00:28:51,830 --> 00:28:53,719 comparisons of the story, result of a 801 00:28:53,720 --> 00:28:54,739 comparison. 802 00:28:54,740 --> 00:28:56,359 You have to use a general pointer 803 00:28:57,410 --> 00:28:59,689 widget for things like fed local storage, 804 00:28:59,690 --> 00:29:01,489 and you have a global pointed that can be 805 00:29:01,490 --> 00:29:02,569 used for global data. 806 00:29:04,760 --> 00:29:06,949 Now, before we come to actual 807 00:29:06,950 --> 00:29:08,389 vulnerabilities and looking at them, we 808 00:29:08,390 --> 00:29:09,559 have to understand the calling 809 00:29:09,560 --> 00:29:11,449 conventions a little bit. 810 00:29:11,450 --> 00:29:13,699 So there are Kohler's saved 811 00:29:13,700 --> 00:29:16,489 and cold these safety registers 812 00:29:16,490 --> 00:29:17,750 in the FBI. 813 00:29:18,960 --> 00:29:21,249 Outside the FBI document as public? 814 00:29:21,250 --> 00:29:23,689 No, it wasn't in Alaska. 815 00:29:23,690 --> 00:29:25,789 I did not know that it was public last 816 00:29:25,790 --> 00:29:26,790 time I gave the stock 817 00:29:28,610 --> 00:29:29,839 register generally. 818 00:29:29,840 --> 00:29:32,029 So registers are zero, two or 819 00:29:32,030 --> 00:29:33,799 five are generally used for passing the 820 00:29:33,800 --> 00:29:35,869 parameters, but 821 00:29:35,870 --> 00:29:38,839 parameters can be modified by the culty. 822 00:29:38,840 --> 00:29:41,089 So the caller must not depend on this 823 00:29:41,090 --> 00:29:42,619 being on modified upon return 824 00:29:44,300 --> 00:29:46,819 are six to our 15 or scratch registers, 825 00:29:48,230 --> 00:29:51,259 which need to be color saved 826 00:29:51,260 --> 00:29:53,539 are 14 or 15 are 827 00:29:55,430 --> 00:29:57,649 oftentimes in the API and they're 828 00:29:57,650 --> 00:29:59,749 supposedly they're supposed to be 829 00:29:59,750 --> 00:30:02,269 used for of the procedure. 830 00:30:02,270 --> 00:30:04,429 Linkage tables are 831 00:30:04,430 --> 00:30:05,629 16 to 17. 832 00:30:05,630 --> 00:30:07,879 27 are against scratch 833 00:30:07,880 --> 00:30:10,219 justice, but this must be clearly safe, 834 00:30:10,220 --> 00:30:12,919 not call safe R28. 835 00:30:12,920 --> 00:30:15,219 Also, the scratch register color 836 00:30:15,220 --> 00:30:17,479 saved and then you have R29 837 00:30:17,480 --> 00:30:19,819 or 31, which also 838 00:30:19,820 --> 00:30:22,129 have symbolic names, namely 839 00:30:22,130 --> 00:30:23,440 the link register the 840 00:30:25,010 --> 00:30:26,959 the frame point in a stack pointer. 841 00:30:26,960 --> 00:30:29,089 And these are clearly 842 00:30:29,090 --> 00:30:31,309 saved and their use by frame 843 00:30:31,310 --> 00:30:33,169 and dialog frame, which are these are the 844 00:30:33,170 --> 00:30:35,389 things that are used for setting up 845 00:30:35,390 --> 00:30:36,439 an unwinding of the stack. 846 00:30:36,440 --> 00:30:38,599 And then you have the process of state. 847 00:30:38,600 --> 00:30:39,829 If you want to pass 848 00:30:40,850 --> 00:30:43,189 things through function, 849 00:30:43,190 --> 00:30:45,499 you feel left to right are just registers 850 00:30:45,500 --> 00:30:47,329 are zero, two or four or five. 851 00:30:49,820 --> 00:30:52,279 If it's a parameter 852 00:30:52,280 --> 00:30:54,379 that is larger than 32 bits, 853 00:30:54,380 --> 00:30:56,479 you can use register pairs if it's up to 854 00:30:56,480 --> 00:30:58,249 64 bits. 855 00:30:58,250 --> 00:31:00,229 However, the pair must always be even 856 00:31:00,230 --> 00:31:02,689 odd. So if you have, 857 00:31:02,690 --> 00:31:05,689 for instance, your register 858 00:31:05,690 --> 00:31:07,819 are three, you have to skip this if 859 00:31:07,820 --> 00:31:10,159 you have a 64 bit quantity, 860 00:31:10,160 --> 00:31:12,439 so you go to our for an hour 861 00:31:12,440 --> 00:31:14,509 five and the rest goes onto 862 00:31:14,510 --> 00:31:15,510 the stack. 863 00:31:17,550 --> 00:31:18,550 OK. 864 00:31:19,920 --> 00:31:22,439 You also have the 865 00:31:22,440 --> 00:31:23,440 these two 866 00:31:27,060 --> 00:31:27,719 functions, 867 00:31:27,720 --> 00:31:29,909 Alex Frame and dialog frame, 868 00:31:29,910 --> 00:31:30,910 which basically 869 00:31:32,010 --> 00:31:34,199 manage the register of 870 00:31:34,200 --> 00:31:35,790 the register. 871 00:31:37,560 --> 00:31:39,749 Yeah, well, the the local data window 872 00:31:39,750 --> 00:31:41,639 basically on the stack. 873 00:31:41,640 --> 00:31:43,529 So what these do is they pushed the link 874 00:31:43,530 --> 00:31:45,869 register and the frame pointer onto 875 00:31:45,870 --> 00:31:47,400 the stack and they subtract 876 00:31:48,510 --> 00:31:49,919 a size quantity. 877 00:31:49,920 --> 00:31:52,649 So you give our frame a size quantity 878 00:31:52,650 --> 00:31:54,839 from the stack pointer and 879 00:31:54,840 --> 00:31:55,859 then they assign 880 00:31:57,080 --> 00:31:59,219 the frame pointer with the address 881 00:31:59,220 --> 00:32:01,049 of the old frame pointer that was on the 882 00:32:01,050 --> 00:32:02,369 stack. 883 00:32:02,370 --> 00:32:04,439 And the dialog frame is the inverse 884 00:32:04,440 --> 00:32:06,089 of this procedure that you use 885 00:32:07,740 --> 00:32:10,439 upon return. There's also now a dialog 886 00:32:10,440 --> 00:32:13,679 return, which is not on the slide, 887 00:32:13,680 --> 00:32:15,509 which is basically a dialog frame 888 00:32:15,510 --> 00:32:17,789 followed by a jump to the link register 889 00:32:17,790 --> 00:32:18,960 so you can go out of the 890 00:32:20,340 --> 00:32:22,229 all of the the instructions in back to 891 00:32:22,230 --> 00:32:23,369 the previous function. 892 00:32:25,680 --> 00:32:27,869 OK, so let's have a look 893 00:32:27,870 --> 00:32:29,609 at four simple snippets. 894 00:32:32,340 --> 00:32:34,559 Actually, in terms of time, 895 00:32:34,560 --> 00:32:35,969 I might skip this because we're looking 896 00:32:35,970 --> 00:32:37,649 at something a little bit more complex 897 00:32:37,650 --> 00:32:38,650 later. 898 00:32:40,980 --> 00:32:41,980 So. 899 00:32:43,850 --> 00:32:46,039 There's also the question of 900 00:32:46,040 --> 00:32:48,559 the security of the chip fabric. 901 00:32:49,940 --> 00:32:52,669 So the last time I spoke about Qualcomm 902 00:32:52,670 --> 00:32:54,859 CPUs at a 903 00:32:54,860 --> 00:32:55,880 chaos Congress, 904 00:32:57,470 --> 00:32:59,779 what was the case was that you have 905 00:32:59,780 --> 00:33:02,449 the baseband CPU that was the master 906 00:33:02,450 --> 00:33:04,279 of the system on a chip. 907 00:33:04,280 --> 00:33:06,289 So this basically overruled all of the 908 00:33:06,290 --> 00:33:08,209 other components on this chip. 909 00:33:08,210 --> 00:33:10,699 So this was a very scary thing because it 910 00:33:10,700 --> 00:33:12,079 meant that if you had a successful 911 00:33:12,080 --> 00:33:15,139 baseband attack could basically exploit 912 00:33:15,140 --> 00:33:16,819 and you could basically persist on the 913 00:33:16,820 --> 00:33:17,820 whole chip. 914 00:33:20,580 --> 00:33:22,170 In the current generation 915 00:33:23,340 --> 00:33:25,469 of these systems ownership, it's a much, 916 00:33:25,470 --> 00:33:28,769 much more complex story because 917 00:33:28,770 --> 00:33:30,180 the current generation is 918 00:33:32,370 --> 00:33:33,959 contains a lot of armed force. 919 00:33:33,960 --> 00:33:36,089 They actually have a dedicated 920 00:33:36,090 --> 00:33:38,399 armed core and armed seven for the bring 921 00:33:38,400 --> 00:33:40,209 up of the ships. 922 00:33:40,210 --> 00:33:41,210 This is the 923 00:33:43,260 --> 00:33:45,089 so-called r.p.m. 924 00:33:45,090 --> 00:33:47,129 chips and 925 00:33:47,130 --> 00:33:49,739 the modem from where now is loaded 926 00:33:49,740 --> 00:33:51,629 by the highly operating system, for 927 00:33:51,630 --> 00:33:53,729 instance, Android or iOS, and not the 928 00:33:53,730 --> 00:33:54,730 other way around. 929 00:33:56,670 --> 00:33:58,679 There is, if you look at some of these 930 00:33:58,680 --> 00:34:00,899 leaked documentations, you will see that 931 00:34:00,900 --> 00:34:03,029 they paint little yellow 932 00:34:03,030 --> 00:34:05,429 boxes that they call hardware 933 00:34:05,430 --> 00:34:06,569 firewalls. 934 00:34:06,570 --> 00:34:08,369 There is no full documentation about 935 00:34:08,370 --> 00:34:09,419 this. 936 00:34:09,420 --> 00:34:12,029 I don't. I don't know what exactly 937 00:34:12,030 --> 00:34:13,349 they do. 938 00:34:13,350 --> 00:34:14,729 I'm just a 939 00:34:14,730 --> 00:34:16,829 little bit skeptical because as far 940 00:34:16,830 --> 00:34:18,448 as I know, this has been untested 941 00:34:18,449 --> 00:34:19,449 externally. 942 00:34:21,199 --> 00:34:23,149 So at the moment, it's not clear whether 943 00:34:23,150 --> 00:34:25,529 these new chipsets based 944 00:34:25,530 --> 00:34:27,379 application process, the escalation is 945 00:34:27,380 --> 00:34:28,849 possible. 946 00:34:28,850 --> 00:34:30,079 For instance, I don't know 947 00:34:31,460 --> 00:34:33,198 whether you can do funny things with the 948 00:34:33,199 --> 00:34:34,158 emails. 949 00:34:34,159 --> 00:34:36,049 So, for instance, you can if you have 950 00:34:36,050 --> 00:34:38,109 access to either registers of another 951 00:34:38,110 --> 00:34:40,189 core, whether you 952 00:34:40,190 --> 00:34:42,259 can trigger a transfer to help you, 953 00:34:42,260 --> 00:34:43,609 for instance, into the application 954 00:34:43,610 --> 00:34:45,888 processors memories. 955 00:34:45,889 --> 00:34:47,419 This is something that needs further 956 00:34:47,420 --> 00:34:48,888 research. 957 00:34:48,889 --> 00:34:50,388 I will also tell you how to do this 958 00:34:50,389 --> 00:34:51,389 research later. 959 00:34:54,150 --> 00:34:56,159 OK, but more changes, 960 00:34:57,810 --> 00:34:59,939 the old chips used the very, very 961 00:34:59,940 --> 00:35:02,069 old chips to proprietary 962 00:35:02,070 --> 00:35:03,599 operating system called Rex. 963 00:35:05,160 --> 00:35:07,229 Later, this Real-Time excessive use 964 00:35:07,230 --> 00:35:09,269 of force prop onto something called Oak 965 00:35:09,270 --> 00:35:10,619 Hill for, which is the commercial 966 00:35:10,620 --> 00:35:12,389 microkernel based on L4. 967 00:35:13,710 --> 00:35:15,869 And in the 968 00:35:15,870 --> 00:35:17,759 accident baseband Frommer's, they've now 969 00:35:17,760 --> 00:35:19,199 abandoned this okl form. 970 00:35:19,200 --> 00:35:20,009 They have their 971 00:35:20,010 --> 00:35:21,010 own 972 00:35:21,960 --> 00:35:23,519 Real-Time Operating System, which is 973 00:35:23,520 --> 00:35:24,429 called Blast. 974 00:35:24,430 --> 00:35:27,509 Sometimes it's also called Q Our. 975 00:35:27,510 --> 00:35:29,219 And this apparently was redesigned from 976 00:35:29,220 --> 00:35:30,220 scratch. 977 00:35:32,190 --> 00:35:34,169 You will see some of the remnants from 978 00:35:34,170 --> 00:35:35,170 wrecks 979 00:35:36,330 --> 00:35:37,979 for compatibility reasons. 980 00:35:37,980 --> 00:35:40,319 And funnily enough, you'll also find 981 00:35:40,320 --> 00:35:42,449 an ARM 11 core that 982 00:35:42,450 --> 00:35:44,699 runs for still. 983 00:35:44,700 --> 00:35:46,799 But it's not running 984 00:35:46,800 --> 00:35:47,879 the actual baseband. 985 00:35:47,880 --> 00:35:50,009 It's just another core 986 00:35:50,010 --> 00:35:51,329 on the SLC. 987 00:35:51,330 --> 00:35:52,330 For some reason. 988 00:35:54,530 --> 00:35:56,599 Security mitigations were 989 00:35:56,600 --> 00:35:58,279 now looked at this three years ago, there 990 00:35:58,280 --> 00:36:00,049 were no security mitigations. 991 00:36:00,050 --> 00:36:02,119 Now it's a lot better, so they have 992 00:36:02,120 --> 00:36:04,279 stuck well, maybe it depends 993 00:36:04,280 --> 00:36:06,379 on the vendor. They have set cookies that 994 00:36:06,380 --> 00:36:09,259 are generated by the built toolchain 995 00:36:09,260 --> 00:36:11,389 visa on by default, 996 00:36:11,390 --> 00:36:13,609 and they also have a non executable 997 00:36:13,610 --> 00:36:16,069 stack and heap. 998 00:36:16,070 --> 00:36:18,229 And they also have criminal and user 999 00:36:18,230 --> 00:36:19,729 mode separation in blast, 1000 00:36:20,810 --> 00:36:21,439 except for 1001 00:36:21,440 --> 00:36:24,379 the fact that in 2012 1002 00:36:24,380 --> 00:36:25,790 they had an advisory about this. 1003 00:36:27,710 --> 00:36:29,899 Were it became 1004 00:36:29,900 --> 00:36:31,879 so this in retrospect, it became clear to 1005 00:36:31,880 --> 00:36:34,069 me that they only enabled this 1006 00:36:34,070 --> 00:36:36,859 with the release in May 2012. 1007 00:36:36,860 --> 00:36:38,479 So this is when that enabled that. 1008 00:36:38,480 --> 00:36:40,879 And this is when that enabled the 1009 00:36:40,880 --> 00:36:42,919 separation between the user and the 1010 00:36:42,920 --> 00:36:43,920 kernel mode. 1011 00:36:44,600 --> 00:36:45,439 And the interesting 1012 00:36:45,440 --> 00:36:47,569 thing about this is that they 1013 00:36:47,570 --> 00:36:50,179 state that the customer 1014 00:36:50,180 --> 00:36:52,939 must very find that the performance 1015 00:36:52,940 --> 00:36:55,129 impact of these changes 1016 00:36:55,130 --> 00:36:56,719 is acceptable. 1017 00:36:56,720 --> 00:36:58,549 So what this means is not everyone 1018 00:36:58,550 --> 00:37:01,010 necessarily has these things enabled. 1019 00:37:04,100 --> 00:37:06,169 For the major vendors, however, I found 1020 00:37:06,170 --> 00:37:08,089 them to be enabled, so for instance, I've 1021 00:37:08,090 --> 00:37:10,159 looked at a mass for for 1022 00:37:10,160 --> 00:37:11,339 for the S4. 1023 00:37:11,340 --> 00:37:13,489 For me, I looked at all 1024 00:37:13,490 --> 00:37:15,859 these things were enabled and I guess 1025 00:37:15,860 --> 00:37:17,539 similar story for 1026 00:37:17,540 --> 00:37:17,779 for 1027 00:37:17,780 --> 00:37:19,399 all the big vendors. 1028 00:37:19,400 --> 00:37:20,400 Hopefully 1029 00:37:22,970 --> 00:37:23,179 they 1030 00:37:23,180 --> 00:37:25,669 have safe. I'm thinking for the heap. 1031 00:37:25,670 --> 00:37:27,919 There are tricks that you can do to 1032 00:37:27,920 --> 00:37:30,109 get around this, obviously, but it's 1033 00:37:30,110 --> 00:37:33,199 become harder to heap exploitation. 1034 00:37:33,200 --> 00:37:35,120 And at the moment, there's no SLR, 1035 00:37:36,440 --> 00:37:38,749 which is nice for attackers, obviously, 1036 00:37:38,750 --> 00:37:41,089 but also Asal are embedded devices 1037 00:37:41,090 --> 00:37:42,090 generally is hard. 1038 00:37:43,520 --> 00:37:45,560 OK, so let's rock and roll. 1039 00:37:47,300 --> 00:37:48,650 So initially, 1040 00:37:49,790 --> 00:37:51,889 I and other people as well thought 1041 00:37:51,890 --> 00:37:52,890 that 1042 00:37:55,070 --> 00:37:56,989 exploitation on this architecture with 1043 00:37:56,990 --> 00:37:57,990 Depp enabled 1044 00:37:59,180 --> 00:38:01,699 would become tricky because 1045 00:38:01,700 --> 00:38:03,859 of the the 1046 00:38:03,860 --> 00:38:06,359 way that Alex came into our framework 1047 00:38:06,360 --> 00:38:08,149 and because of the fact that you have to 1048 00:38:08,150 --> 00:38:10,279 find, you have to then 1049 00:38:10,280 --> 00:38:12,469 find a place of function that do things 1050 00:38:12,470 --> 00:38:13,669 for you. 1051 00:38:13,670 --> 00:38:16,129 And oftentimes this has prevented 1052 00:38:16,130 --> 00:38:18,239 us things useful things 1053 00:38:18,240 --> 00:38:19,760 are prevented by our friends. 1054 00:38:21,020 --> 00:38:23,329 But then you note that 1055 00:38:23,330 --> 00:38:26,169 this dialog frame sets 1056 00:38:26,170 --> 00:38:28,969 the FP and this is a very SILVERBEET 1057 00:38:28,970 --> 00:38:31,069 behavior. If you had something 1058 00:38:31,070 --> 00:38:33,169 that would pop, the point to 1059 00:38:33,170 --> 00:38:34,959 off the stack on are the architecture. 1060 00:38:34,960 --> 00:38:38,119 This is a very similar thing. 1061 00:38:38,120 --> 00:38:39,120 And 1062 00:38:40,310 --> 00:38:42,379 as long as the instructions packers are 1063 00:38:42,380 --> 00:38:44,239 not in the case, they can be split. 1064 00:38:45,400 --> 00:38:46,400 Now, 1065 00:38:47,870 --> 00:38:49,939 we didn't talk about this because 1066 00:38:49,940 --> 00:38:51,809 I skipped over the code examples, the 1067 00:38:51,810 --> 00:38:53,509 so-called compound instructions. 1068 00:38:53,510 --> 00:38:55,939 So this means that it's actually one 1069 00:38:55,940 --> 00:38:58,489 for by words that does two instructions 1070 00:38:58,490 --> 00:38:59,509 in parallel. 1071 00:38:59,510 --> 00:39:01,699 These are very annoying for return on 1072 00:39:01,700 --> 00:39:03,679 programing because they do all digits 1073 00:39:03,680 --> 00:39:05,299 these two things together. 1074 00:39:05,300 --> 00:39:06,829 They also sometimes in documentation 1075 00:39:06,830 --> 00:39:07,830 called Duplex. 1076 00:39:08,870 --> 00:39:10,340 It's not clear they use both. 1077 00:39:11,630 --> 00:39:13,759 However, you can deal with this. 1078 00:39:13,760 --> 00:39:16,159 They just create constraint constraints 1079 00:39:16,160 --> 00:39:17,509 for gadgets. 1080 00:39:17,510 --> 00:39:19,759 So mostly what this boils down to is 1081 00:39:19,760 --> 00:39:21,409 that you need automation. 1082 00:39:21,410 --> 00:39:24,079 You will not be able to easily do drop 1083 00:39:24,080 --> 00:39:25,309 by hand anymore. 1084 00:39:26,510 --> 00:39:28,400 What we did in 2010 1085 00:39:30,200 --> 00:39:31,200 was 1086 00:39:32,120 --> 00:39:33,529 Tim Cornell. 1087 00:39:33,530 --> 00:39:35,719 However, Flake and I, 1088 00:39:35,720 --> 00:39:38,149 we wrote a paper about 1089 00:39:38,150 --> 00:39:40,189 this problem how to use S.A. 1090 00:39:40,190 --> 00:39:42,679 solvers to handle the constraints, 1091 00:39:42,680 --> 00:39:45,199 to build up payloads. 1092 00:39:45,200 --> 00:39:47,359 And there's a Black Hat 1093 00:39:47,360 --> 00:39:49,759 2010 talk in a wood paper on the subject. 1094 00:39:49,760 --> 00:39:51,739 And basically, the same things apply with 1095 00:39:51,740 --> 00:39:53,119 some variations for this. 1096 00:39:54,200 --> 00:39:57,229 There's still some way to go, because 1097 00:39:57,230 --> 00:39:59,479 back then we used rail, which 1098 00:39:59,480 --> 00:40:01,009 is the reverse engineering intermediate 1099 00:40:01,010 --> 00:40:03,349 language for 1100 00:40:03,350 --> 00:40:04,439 this toolchain. 1101 00:40:04,440 --> 00:40:06,589 And while there's no 1102 00:40:06,590 --> 00:40:08,629 real translator for Hexagon at the 1103 00:40:08,630 --> 00:40:10,939 moment. But if 1104 00:40:10,940 --> 00:40:11,539 you 1105 00:40:11,540 --> 00:40:12,540 are, 1106 00:40:14,690 --> 00:40:16,760 if you're comfortable with 1107 00:40:17,780 --> 00:40:19,879 not having complete coverage, what you 1108 00:40:19,880 --> 00:40:21,889 just do is to write something that 1109 00:40:21,890 --> 00:40:24,019 translates all the basic instructions 1110 00:40:24,020 --> 00:40:26,389 into some type of syntax for you. 1111 00:40:26,390 --> 00:40:28,549 And you ignore all the rest and you say, 1112 00:40:28,550 --> 00:40:30,769 OK, I will not care about this in 1113 00:40:30,770 --> 00:40:31,770 terms of gadgets. 1114 00:40:33,050 --> 00:40:34,909 And then you can automate this. 1115 00:40:34,910 --> 00:40:37,459 You can also do manual gadgets search, 1116 00:40:37,460 --> 00:40:38,869 but this is very labor intensive. 1117 00:40:38,870 --> 00:40:41,089 I've done that two weeks 1118 00:40:41,090 --> 00:40:42,440 ago. It was not fun. 1119 00:40:45,260 --> 00:40:47,329 But if you do that manually, you will 1120 00:40:47,330 --> 00:40:49,459 also see that what to 1121 00:40:49,460 --> 00:40:51,049 build a pillow? What you will do is you 1122 00:40:51,050 --> 00:40:53,179 will alternate gadgets ending in Jump 1123 00:40:53,180 --> 00:40:55,339 31, which is the 1124 00:40:55,340 --> 00:40:58,129 i3 one, which is the link register and 1125 00:40:58,130 --> 00:40:59,829 the yellow frame. So you will build the 1126 00:40:59,830 --> 00:41:01,999 rough chain that alternates between these 1127 00:41:02,000 --> 00:41:03,319 two. 1128 00:41:03,320 --> 00:41:05,329 OK, but now you probably want to know, 1129 00:41:05,330 --> 00:41:07,819 how do you do this yourself? 1130 00:41:07,820 --> 00:41:10,549 And the problem is that most smartphones 1131 00:41:10,550 --> 00:41:12,439 have modern features that are checked at 1132 00:41:12,440 --> 00:41:13,440 boot times. 1133 00:41:15,770 --> 00:41:17,839 So for use, be 1134 00:41:17,840 --> 00:41:19,459 modems, this is different. 1135 00:41:19,460 --> 00:41:21,559 So most of the spindles that 1136 00:41:21,560 --> 00:41:24,459 you find, I have freely modifiable 1137 00:41:24,460 --> 00:41:26,209 rumor. There may be exceptions that I 1138 00:41:26,210 --> 00:41:27,210 haven't seen them yet. 1139 00:41:29,840 --> 00:41:32,149 Also, there are Samsung Galaxy 1140 00:41:32,150 --> 00:41:34,399 S Force, where there's no 1141 00:41:34,400 --> 00:41:36,340 signature check in the modem firmer. 1142 00:41:38,780 --> 00:41:41,509 It's not clear exactly because 1143 00:41:41,510 --> 00:41:43,519 I have one of these handsets 1144 00:41:43,520 --> 00:41:44,479 and 1145 00:41:44,480 --> 00:41:46,489 I've talked to other people and they 1146 00:41:46,490 --> 00:41:48,109 haven't been able to verify this. 1147 00:41:48,110 --> 00:41:51,169 This depends on the Fuze configuration 1148 00:41:51,170 --> 00:41:52,170 in 1149 00:41:52,850 --> 00:41:54,799 the chip that you cannot actually read 1150 00:41:54,800 --> 00:41:57,289 out without. 1151 00:41:57,290 --> 00:41:59,749 Well, I understand nobody, but Qualcomm 1152 00:41:59,750 --> 00:42:01,549 can read it out there. 1153 00:42:01,550 --> 00:42:03,009 Not even if you have. Kernel level 1154 00:42:03,010 --> 00:42:05,229 access, you can read this out because 1155 00:42:05,230 --> 00:42:07,300 of trust level shenanigans. 1156 00:42:08,740 --> 00:42:09,909 Trust them shenanigans. 1157 00:42:12,310 --> 00:42:14,379 I have one of these phones I I 1158 00:42:14,380 --> 00:42:15,999 can built a 1159 00:42:18,040 --> 00:42:20,649 I am a tool to test 1160 00:42:20,650 --> 00:42:22,179 if people are interested. 1161 00:42:22,180 --> 00:42:24,369 So then many other people can run 1162 00:42:24,370 --> 00:42:26,259 this on their S4 if they have it rooted 1163 00:42:26,260 --> 00:42:28,359 and they can test whether or not 1164 00:42:28,360 --> 00:42:31,269 they can modify their their modem firmer. 1165 00:42:31,270 --> 00:42:32,979 According to the leaked docs, 1166 00:42:32,980 --> 00:42:35,109 the modem 1167 00:42:35,110 --> 00:42:37,179 bring up and signature check is done by 1168 00:42:37,180 --> 00:42:38,379 a credit court. 1169 00:42:38,380 --> 00:42:40,179 And the way I understand is this is done 1170 00:42:40,180 --> 00:42:42,789 in trust, in a trust them compartment. 1171 00:42:42,790 --> 00:42:45,070 So it's not clear, but 1172 00:42:46,420 --> 00:42:48,519 bootloader hacks me may help you get 1173 00:42:48,520 --> 00:42:49,520 around this problem. 1174 00:42:50,590 --> 00:42:52,329 I've been talking to someone who had some 1175 00:42:52,330 --> 00:42:53,330 ideas about that 1176 00:42:56,950 --> 00:42:58,909 in terms of tools for analysis. 1177 00:42:58,910 --> 00:43:01,179 There's the curious six version 1178 00:43:01,180 --> 00:43:03,339 five ToolChain Now, which is released by 1179 00:43:03,340 --> 00:43:05,649 the Qualcomm Innovation Center, which is 1180 00:43:05,650 --> 00:43:07,749 based on CC four four, and I 1181 00:43:07,750 --> 00:43:10,179 forgot which version of pin utils it was. 1182 00:43:10,180 --> 00:43:12,519 This can be used to compile since C++ 1183 00:43:12,520 --> 00:43:14,679 code and for actually inspected 1184 00:43:14,680 --> 00:43:15,680 using object. 1185 00:43:16,720 --> 00:43:17,199 It doesn't 1186 00:43:17,200 --> 00:43:18,819 build cleanly. You have to remove some 1187 00:43:18,820 --> 00:43:20,439 stuff. I had to remove Gadhafi from the 1188 00:43:20,440 --> 00:43:21,939 bin utils and have to tweak. 1189 00:43:21,940 --> 00:43:23,949 I had to tweak the, um 1190 00:43:23,950 --> 00:43:24,639 uh, 1191 00:43:24,640 --> 00:43:26,169 the just the C compiler process a little 1192 00:43:26,170 --> 00:43:29,229 bit. But you can get it working 1193 00:43:29,230 --> 00:43:30,879 for the modem from here that you get 1194 00:43:31,960 --> 00:43:34,089 in firmware archives, 1195 00:43:34,090 --> 00:43:35,889 you have an empty shelf section headers, 1196 00:43:35,890 --> 00:43:38,049 so you cannot just assemble that with 1197 00:43:38,050 --> 00:43:39,879 object and you have to first populate 1198 00:43:39,880 --> 00:43:41,289 that manual with your write a tool for 1199 00:43:41,290 --> 00:43:43,599 that. There is also 1200 00:43:43,600 --> 00:43:45,759 a hexagon plugin 1201 00:43:45,760 --> 00:43:47,499 for either pro that was written by the 1202 00:43:47,500 --> 00:43:49,749 gentleman here in the front row 1203 00:43:49,750 --> 00:43:51,489 and was released by just in case. 1204 00:43:52,840 --> 00:43:55,029 This is also based on a 1205 00:43:55,030 --> 00:43:57,129 bunch of tools. It's for the version 1206 00:43:57,130 --> 00:43:59,979 four at the moment I have 1207 00:43:59,980 --> 00:44:02,259 last week. I've done some, some, some 1208 00:44:02,260 --> 00:44:03,909 things so that it runs with version five. 1209 00:44:03,910 --> 00:44:06,429 I will contribute that back as a push 1210 00:44:06,430 --> 00:44:07,430 to your master, 1211 00:44:08,560 --> 00:44:11,229 and it still crashes on some frameworks. 1212 00:44:11,230 --> 00:44:12,829 For instance, on the iPhone five from 1213 00:44:12,830 --> 00:44:14,199 where I haven't quite figured out what 1214 00:44:14,200 --> 00:44:15,200 the problem there is, 1215 00:44:16,240 --> 00:44:18,609 but it it works. 1216 00:44:18,610 --> 00:44:20,559 It works for analysis, as you will see. 1217 00:44:20,560 --> 00:44:22,179 So as an 1218 00:44:22,180 --> 00:44:24,429 example, we will look at one of the 1219 00:44:24,430 --> 00:44:26,860 bugs that is a classic stack overflow 1220 00:44:28,030 --> 00:44:30,459 patch in May 2012 1221 00:44:30,460 --> 00:44:32,739 on the LTE error interface, I picked 1222 00:44:32,740 --> 00:44:34,719 this particular bug, even though some 1223 00:44:34,720 --> 00:44:36,159 people might find it, find it 1224 00:44:36,160 --> 00:44:38,199 uninteresting because it's not easily 1225 00:44:38,200 --> 00:44:39,200 exploitable. 1226 00:44:40,000 --> 00:44:42,789 Not many people have an LTE capability 1227 00:44:42,790 --> 00:44:45,259 to send these messages, and also 1228 00:44:45,260 --> 00:44:46,719 the stack protector 1229 00:44:48,040 --> 00:44:50,269 prevents you from using that. 1230 00:44:50,270 --> 00:44:52,449 On this, I also have 1231 00:44:52,450 --> 00:44:55,119 a memory, a memory disclosures, 1232 00:44:55,120 --> 00:44:57,369 which there also are many 1233 00:44:57,370 --> 00:44:59,499 off in the um, if you 1234 00:44:59,500 --> 00:45:00,969 look at the leaked documents. 1235 00:45:00,970 --> 00:45:03,039 But I'll just talk 1236 00:45:03,040 --> 00:45:03,969 about this part. 1237 00:45:03,970 --> 00:45:06,009 And the interesting thing is, this just 1238 00:45:06,010 --> 00:45:08,139 again takes one message 1239 00:45:08,140 --> 00:45:10,509 a test loop back message, which is larger 1240 00:45:10,510 --> 00:45:11,859 than 100 bytes. 1241 00:45:11,860 --> 00:45:14,109 And it's I 1242 00:45:14,110 --> 00:45:16,059 found it very surprising to see such 1243 00:45:16,060 --> 00:45:17,229 straightforward bugs. 1244 00:45:17,230 --> 00:45:19,329 And the only explanation I have was that 1245 00:45:19,330 --> 00:45:21,339 at the time, the LTE stack was still very 1246 00:45:21,340 --> 00:45:22,340 young. 1247 00:45:23,380 --> 00:45:25,119 And when I tried to, 1248 00:45:26,410 --> 00:45:27,369 um, 1249 00:45:27,370 --> 00:45:29,469 to verify this, this 1250 00:45:29,470 --> 00:45:31,539 is what disassembly for this 1251 00:45:31,540 --> 00:45:33,519 particular function looks 1252 00:45:33,520 --> 00:45:34,520 like. I have 1253 00:45:35,920 --> 00:45:36,099 I 1254 00:45:36,100 --> 00:45:38,079 have not posted. I first want to post a 1255 00:45:38,080 --> 00:45:40,149 screenshot of the actual bug, but 1256 00:45:40,150 --> 00:45:42,489 I'll just I'll just 1257 00:45:42,490 --> 00:45:45,009 posted this show this summer here. 1258 00:45:45,010 --> 00:45:46,869 So what you will see this is actual 1259 00:45:46,870 --> 00:45:50,049 hexagon code. So the first thing is this 1260 00:45:50,050 --> 00:45:51,669 the algorithm, which basically sets up 1261 00:45:51,670 --> 00:45:53,169 the stack. 1262 00:45:53,170 --> 00:45:55,509 Then you will have a call 1263 00:45:55,510 --> 00:45:58,569 to a function which states these colli 1264 00:45:58,570 --> 00:46:00,999 registers are 16 1265 00:46:01,000 --> 00:46:02,199 to our 19. 1266 00:46:02,200 --> 00:46:04,389 Then you have our 1267 00:46:04,390 --> 00:46:07,030 three, which is set to the stack canary. 1268 00:46:08,920 --> 00:46:10,479 Then you have a little bit of shuffling 1269 00:46:10,480 --> 00:46:12,489 around the registers to save them for 1270 00:46:12,490 --> 00:46:14,559 later. Then you have a call 1271 00:46:14,560 --> 00:46:16,189 to arms a trampoline. 1272 00:46:16,190 --> 00:46:17,349 This is interesting. 1273 00:46:17,350 --> 00:46:19,209 So most of the calls to these functions 1274 00:46:19,210 --> 00:46:20,709 to the often just functions are actually 1275 00:46:20,710 --> 00:46:21,909 trampolines. 1276 00:46:21,910 --> 00:46:23,979 So they go to a function where you have 1277 00:46:23,980 --> 00:46:26,199 an immediate extend and then a 1278 00:46:26,200 --> 00:46:28,299 direct jump to that function. 1279 00:46:29,590 --> 00:46:31,959 So it probably would be useful to call 1280 00:46:31,960 --> 00:46:34,419 this into one function by 1281 00:46:34,420 --> 00:46:36,549 or have an option to call us this so that 1282 00:46:36,550 --> 00:46:38,979 it's more condensed. 1283 00:46:38,980 --> 00:46:42,219 And then 1284 00:46:42,220 --> 00:46:43,959 in the same instruction package, you also 1285 00:46:43,960 --> 00:46:46,239 have a right to the stack 1286 00:46:47,620 --> 00:46:49,929 for the Stack Canary and you set 1287 00:46:49,930 --> 00:46:50,930 the 1288 00:46:52,090 --> 00:46:53,889 one to zero. And the way it works is that 1289 00:46:53,890 --> 00:46:55,399 basically the call is done there. 1290 00:46:55,400 --> 00:46:57,939 So this is one instruction package, 1291 00:46:57,940 --> 00:47:00,339 but basically the registers set first 1292 00:47:00,340 --> 00:47:02,109 and the memory is written first and only. 1293 00:47:02,110 --> 00:47:03,110 On the coldest month 1294 00:47:04,390 --> 00:47:04,809 after 1295 00:47:04,810 --> 00:47:06,849 that. There's some insulation for this 1296 00:47:06,850 --> 00:47:08,049 message, rowdier. 1297 00:47:08,050 --> 00:47:10,419 Again, this is a trampoline function 1298 00:47:10,420 --> 00:47:12,579 and then you will see this P0, which 1299 00:47:12,580 --> 00:47:14,679 is the predicate which basically 1300 00:47:14,680 --> 00:47:16,479 comes from the comparison of this 1301 00:47:16,480 --> 00:47:18,579 Register 017 and 1302 00:47:18,580 --> 00:47:19,869 this register or something. 1303 00:47:19,870 --> 00:47:22,179 If you look up here it is. 1304 00:47:22,180 --> 00:47:24,309 The register that is it 1305 00:47:24,310 --> 00:47:26,499 comes from our once it's identical to our 1306 00:47:26,500 --> 00:47:28,659 one. This was the length that was passed 1307 00:47:28,660 --> 00:47:30,819 on. And here this basically checked with 1308 00:47:30,820 --> 00:47:33,039 the till. The message length is greater 1309 00:47:33,040 --> 00:47:33,969 than 100. 1310 00:47:33,970 --> 00:47:36,519 If it's greater than 100, it basically 1311 00:47:36,520 --> 00:47:37,520 errors out. 1312 00:47:40,630 --> 00:47:41,379 And at the 1313 00:47:41,380 --> 00:47:43,629 end, what it does it 1314 00:47:43,630 --> 00:47:46,029 so are 1315 00:47:46,030 --> 00:47:48,039 all basically means that a message is 1316 00:47:48,040 --> 00:47:50,649 written and it goes to the to the 1317 00:47:50,650 --> 00:47:52,089 to the end of the function, which 1318 00:47:52,090 --> 00:47:54,309 basically is the check and everything 1319 00:47:54,310 --> 00:47:56,199 and the check in or just fetches the 1320 00:47:56,200 --> 00:47:57,969 canary again from the check from the 1321 00:47:57,970 --> 00:48:00,239 stack and compares to this 1322 00:48:00,240 --> 00:48:01,329 to this global value. 1323 00:48:01,330 --> 00:48:03,729 And if it's if it's equal, then 1324 00:48:03,730 --> 00:48:05,319 it's good. If it's not, then the stack 1325 00:48:05,320 --> 00:48:06,789 has been smashed and it's an error 1326 00:48:06,790 --> 00:48:07,790 condition. 1327 00:48:09,190 --> 00:48:11,259 So this is 1328 00:48:11,260 --> 00:48:13,150 the latest version of the 1329 00:48:14,170 --> 00:48:16,269 baseband that you will get if you 1330 00:48:16,270 --> 00:48:18,489 have all the OTERE, all the updates 1331 00:48:18,490 --> 00:48:20,619 for the Galaxy S4, but the 1332 00:48:20,620 --> 00:48:21,729 analyst here. 1333 00:48:21,730 --> 00:48:23,859 So this is fixed there. 1334 00:48:23,860 --> 00:48:26,109 But I mean, also the bulk of the buck has 1335 00:48:26,110 --> 00:48:27,110 been 1336 00:48:28,240 --> 00:48:30,189 made public into, well, not made public, 1337 00:48:30,190 --> 00:48:33,189 but the advisory has been given in 2012. 1338 00:48:33,190 --> 00:48:35,379 So it's of course it should be fixed 1339 00:48:35,380 --> 00:48:36,380 now. 1340 00:48:38,410 --> 00:48:40,929 There are also other baseband versions 1341 00:48:40,930 --> 00:48:43,119 and other phones for this is not fixed, 1342 00:48:43,120 --> 00:48:45,429 but I'm not telling you which 1343 00:48:45,430 --> 00:48:46,419 one these are now. 1344 00:48:46,420 --> 00:48:47,420 It's just 1345 00:48:49,360 --> 00:48:51,339 I wanted to give you an exact positive 1346 00:48:51,340 --> 00:48:52,420 example for this talk. 1347 00:48:54,190 --> 00:48:57,369 If you want to analyze more complex bugs, 1348 00:48:57,370 --> 00:48:59,109 what you realize, I mean this this 1349 00:48:59,110 --> 00:49:01,329 backwards, shallow, it was in one 1350 00:49:01,330 --> 00:49:03,489 function and it was this one 1351 00:49:03,490 --> 00:49:04,779 parameter that came in 1352 00:49:05,980 --> 00:49:06,159 and 1353 00:49:06,160 --> 00:49:07,540 a copy. So this is 1354 00:49:09,520 --> 00:49:12,789 simple. For more complex bugs, 1355 00:49:12,790 --> 00:49:15,249 you will often need to trace 1356 00:49:15,250 --> 00:49:17,050 messages across the tasks. 1357 00:49:18,460 --> 00:49:20,559 This already became obvious when I did 1358 00:49:20,560 --> 00:49:21,580 research for 1359 00:49:22,930 --> 00:49:23,319 a talk 1360 00:49:23,320 --> 00:49:25,209 at Blackhearts 2011, where we looked at 1361 00:49:26,620 --> 00:49:28,149 a protocol called Simple that is 1362 00:49:28,150 --> 00:49:30,399 sometimes also processed 1363 00:49:30,400 --> 00:49:31,400 in the baseband. 1364 00:49:33,400 --> 00:49:35,199 If you don't have source code, you don't 1365 00:49:35,200 --> 00:49:37,049 know where and how these messages are 1366 00:49:37,050 --> 00:49:38,050 about it. 1367 00:49:38,470 --> 00:49:39,819 However, if you have a malleable 1368 00:49:39,820 --> 00:49:41,469 baseband, you can perform dynamic 1369 00:49:41,470 --> 00:49:42,579 analysis, and 1370 00:49:43,870 --> 00:49:46,029 the idea that I use here is basically 1371 00:49:46,030 --> 00:49:48,159 I hook into the message rotor. 1372 00:49:48,160 --> 00:49:50,559 Was this just this message or send 1373 00:49:50,560 --> 00:49:51,699 routine 1374 00:49:51,700 --> 00:49:52,700 and 1375 00:49:53,350 --> 00:49:55,239 then I can trace where the messages are 1376 00:49:55,240 --> 00:49:57,619 going? And this message 1377 00:49:57,620 --> 00:49:59,679 really has used this to for the 1378 00:49:59,680 --> 00:50:02,469 different things and this you structure, 1379 00:50:02,470 --> 00:50:04,839 which is not publicly disclosed 1380 00:50:04,840 --> 00:50:05,919 at the moment. 1381 00:50:05,920 --> 00:50:07,779 It also seems to be different between 1382 00:50:07,780 --> 00:50:08,780 different 1383 00:50:10,330 --> 00:50:12,849 OEMs, so it seems to be auto generated. 1384 00:50:13,900 --> 00:50:16,239 But I have a table that I have extracted 1385 00:50:16,240 --> 00:50:18,669 for the S4 that I will also 1386 00:50:18,670 --> 00:50:20,109 put on my block. 1387 00:50:20,110 --> 00:50:21,459 It doesn't, doesn't fit here. 1388 00:50:25,690 --> 00:50:28,059 I should finish soon, so I will close 1389 00:50:28,060 --> 00:50:30,219 with two things, namely the way 1390 00:50:30,220 --> 00:50:31,239 forward. 1391 00:50:31,240 --> 00:50:33,129 I will talk about the way forward for the 1392 00:50:33,130 --> 00:50:35,049 offense side and a way forward for the 1393 00:50:35,050 --> 00:50:36,369 defense side. 1394 00:50:36,370 --> 00:50:38,529 So takeaway lessons here are 1395 00:50:38,530 --> 00:50:40,689 the new architecture that we have 1396 00:50:40,690 --> 00:50:42,819 on the Qualcomm chipsets has raised the 1397 00:50:42,820 --> 00:50:44,949 bar of entry significantly. 1398 00:50:44,950 --> 00:50:47,019 A lot of people can reverse and work 1399 00:50:47,020 --> 00:50:49,929 with arm code there decompose form. 1400 00:50:49,930 --> 00:50:52,929 This is not the case for Hexagon, 1401 00:50:52,930 --> 00:50:53,649 and I 1402 00:50:53,650 --> 00:50:55,149 haven't met many people who've done 1403 00:50:55,150 --> 00:50:57,459 analysis of Hexagon code. 1404 00:50:57,460 --> 00:50:59,889 However, Qualcomm 1405 00:50:59,890 --> 00:51:02,019 dominates this market at the moment, and 1406 00:51:02,020 --> 00:51:04,089 attackers will have an 1407 00:51:04,090 --> 00:51:05,799 interest, and they do have an interest in 1408 00:51:05,800 --> 00:51:07,959 their chips, so they will adapt and 1409 00:51:07,960 --> 00:51:10,629 learn well-funded adversaries, 1410 00:51:10,630 --> 00:51:11,630 at least. 1411 00:51:14,530 --> 00:51:16,749 Moreover, public weeks of vulnerability 1412 00:51:16,750 --> 00:51:18,639 information obviously makes the attackers 1413 00:51:18,640 --> 00:51:20,829 task much easier because 1414 00:51:20,830 --> 00:51:23,049 they can use those 1415 00:51:23,050 --> 00:51:25,089 for testing, whether they're basically 1416 00:51:25,090 --> 00:51:26,479 they have, they don't have to find a 1417 00:51:26,480 --> 00:51:27,429 vulnerability anymore. 1418 00:51:27,430 --> 00:51:28,929 They can just use the public 1419 00:51:28,930 --> 00:51:31,599 vulnerabilities either for training 1420 00:51:31,600 --> 00:51:33,759 or maybe they're all they're still 1421 00:51:33,760 --> 00:51:35,530 unfixed in the targets they're attacking. 1422 00:51:37,300 --> 00:51:39,969 The takedown is possible, in fact, like 1423 00:51:39,970 --> 00:51:42,099 this archive has been taken down a 1424 00:51:42,100 --> 00:51:43,959 couple of days after it has been posted 1425 00:51:43,960 --> 00:51:45,159 but has reappeared in different 1426 00:51:45,160 --> 00:51:47,259 locations, as the internet doesn't 1427 00:51:47,260 --> 00:51:49,599 forget. So you go after 1428 00:51:49,600 --> 00:51:51,309 these things, which you can't get them 1429 00:51:51,310 --> 00:51:53,019 back on if you've seen other things as 1430 00:51:53,020 --> 00:51:54,219 well. 1431 00:51:54,220 --> 00:51:56,679 But this means is you don't have to find 1432 00:51:56,680 --> 00:51:58,149 the box, you just have to find the bug 1433 00:51:58,150 --> 00:51:59,150 descriptions. 1434 00:51:59,950 --> 00:52:02,379 And sometimes OEMs 1435 00:52:02,380 --> 00:52:04,239 have slow patch cycles. 1436 00:52:04,240 --> 00:52:06,489 I hear that even new phones 1437 00:52:06,490 --> 00:52:08,649 shipped that still have 1438 00:52:08,650 --> 00:52:09,879 the bugs 1439 00:52:09,880 --> 00:52:10,779 from 1440 00:52:10,780 --> 00:52:12,670 the talk I gave in 2010. 1441 00:52:13,900 --> 00:52:15,549 So this is how slow some of the patch 1442 00:52:15,550 --> 00:52:17,679 cycles are. They're not 1443 00:52:17,680 --> 00:52:19,749 high end smartphones, but 1444 00:52:19,750 --> 00:52:21,219 more the medium to low end 1445 00:52:22,990 --> 00:52:24,729 for rough exploitation. 1446 00:52:26,320 --> 00:52:28,839 Forget about it if you don't automate, 1447 00:52:28,840 --> 00:52:30,639 but it's not as difficult as you would 1448 00:52:30,640 --> 00:52:31,690 first expect. 1449 00:52:33,650 --> 00:52:35,809 For the defensive side, I think that 1450 00:52:35,810 --> 00:52:37,909 killing bugs and hardening is only one 1451 00:52:37,910 --> 00:52:38,910 strategy 1452 00:52:39,890 --> 00:52:40,129 because 1453 00:52:40,130 --> 00:52:42,169 after three years, we still see the same 1454 00:52:42,170 --> 00:52:43,579 silly memory corruption problems. 1455 00:52:43,580 --> 00:52:45,259 I mean, you could say, OK, after 40 1456 00:52:45,260 --> 00:52:47,359 years, we still see memory corruptions. 1457 00:52:47,360 --> 00:52:48,949 Then you go to address books, talks and 1458 00:52:48,950 --> 00:52:50,659 he tells you how to kill the whole ball 1459 00:52:50,660 --> 00:52:51,660 class. 1460 00:52:52,310 --> 00:52:54,679 However, that is not entirely practical 1461 00:52:54,680 --> 00:52:55,680 in all cases. 1462 00:52:56,660 --> 00:52:58,879 However, what I think is possible are 1463 00:52:58,880 --> 00:53:00,469 architectural changes. 1464 00:53:00,470 --> 00:53:03,139 So the baseline you should assume 1465 00:53:03,140 --> 00:53:05,299 that things that 1466 00:53:05,300 --> 00:53:07,669 communicate to the outside world will 1467 00:53:07,670 --> 00:53:08,670 be compromised 1468 00:53:10,010 --> 00:53:10,939 and 1469 00:53:10,940 --> 00:53:12,559 minimized damage based on that 1470 00:53:12,560 --> 00:53:14,929 assumption. So why should the baseband 1471 00:53:14,930 --> 00:53:17,119 have access to microphones 1472 00:53:17,120 --> 00:53:19,249 on your smartphone or to the camera or 1473 00:53:19,250 --> 00:53:20,269 to receive? 1474 00:53:20,270 --> 00:53:22,369 I mean, this all already the the 1475 00:53:22,370 --> 00:53:24,079 application CPU that has that. 1476 00:53:24,080 --> 00:53:25,609 Why you why should you give that to both 1477 00:53:25,610 --> 00:53:26,610 sides? 1478 00:53:27,380 --> 00:53:29,089 You can report that to the applications. 1479 00:53:29,090 --> 00:53:31,219 In fact, they often do that, though that 1480 00:53:31,220 --> 00:53:32,220 do that 1481 00:53:33,530 --> 00:53:34,069 if you have a 1482 00:53:34,070 --> 00:53:35,839 short memory architecture. 1483 00:53:35,840 --> 00:53:37,309 It's somewhat harder, though, because 1484 00:53:39,050 --> 00:53:40,939 verifying that this short memory 1485 00:53:40,940 --> 00:53:42,079 separation is good 1486 00:53:43,280 --> 00:53:45,439 is is basically impossible without 1487 00:53:45,440 --> 00:53:46,429 giving up all of the internal 1488 00:53:46,430 --> 00:53:47,599 documentation. So 1489 00:53:48,920 --> 00:53:51,049 if you have designs 1490 00:53:51,050 --> 00:53:54,019 where you have a separate modem chipset, 1491 00:53:54,020 --> 00:53:55,020 you can. 1492 00:53:57,940 --> 00:53:59,349 As some compromise, you can 1493 00:53:59,350 --> 00:54:01,509 compartmentalize if you have the 1494 00:54:01,510 --> 00:54:03,579 ship memory approach, you can do that 1495 00:54:03,580 --> 00:54:05,259 as well, but you also have to trust the 1496 00:54:05,260 --> 00:54:06,260 vendor a little bit more 1497 00:54:07,540 --> 00:54:08,540 so. 1498 00:54:09,760 --> 00:54:10,760 That's it. 1499 00:54:13,120 --> 00:54:14,769 These are the references I wanted to give 1500 00:54:14,770 --> 00:54:16,179 you if you want to read up more on the 1501 00:54:16,180 --> 00:54:17,180 architecture. 1502 00:54:18,040 --> 00:54:20,229 I cannot give you a link to the two 1503 00:54:20,230 --> 00:54:22,359 leaked docs because they have 1504 00:54:22,360 --> 00:54:23,979 been moving again. 1505 00:54:23,980 --> 00:54:24,909 Thank you. 1506 00:54:24,910 --> 00:54:26,859 We have about five more minutes for 1507 00:54:26,860 --> 00:54:27,860 questions. 1508 00:54:35,100 --> 00:54:37,229 So if you have questions, just line 1509 00:54:37,230 --> 00:54:39,319 up, there are mikes there, 1510 00:54:39,320 --> 00:54:41,459 they're there and over 1511 00:54:41,460 --> 00:54:43,439 there, I think yes. 1512 00:54:43,440 --> 00:54:45,809 Anyone in the room 1513 00:54:45,810 --> 00:54:46,810 internet 1514 00:54:47,880 --> 00:54:50,070 knows nobody has questions. 1515 00:54:52,200 --> 00:54:53,729 OK, OK. 1516 00:54:53,730 --> 00:54:54,299 And thank 1517 00:54:54,300 --> 00:54:55,650 you. Please one question. 1518 00:54:58,290 --> 00:54:59,459 We have five more minutes. 1519 00:55:00,720 --> 00:55:02,009 Do you have a question? 1520 00:55:02,010 --> 00:55:03,010 Go ahead. 1521 00:55:04,620 --> 00:55:06,389 OK. I think he has a question. 1522 00:55:06,390 --> 00:55:07,530 His leaving on the tour 1523 00:55:09,600 --> 00:55:11,759 in your in your research, have you come 1524 00:55:11,760 --> 00:55:14,219 across any documentation for Q, KDM 1525 00:55:14,220 --> 00:55:15,220 or Q? Am I 1526 00:55:18,000 --> 00:55:20,249 can you? So would I have come across 1527 00:55:20,250 --> 00:55:21,329 a tax for Q my 1528 00:55:21,330 --> 00:55:22,229 and 1529 00:55:22,230 --> 00:55:24,149 yes, for any Qualcomm proprietary 1530 00:55:24,150 --> 00:55:26,639 protocols that the are based there? 1531 00:55:26,640 --> 00:55:29,219 Well, there are a lot of vulnerabilities 1532 00:55:29,220 --> 00:55:31,409 described in these and 1533 00:55:31,410 --> 00:55:33,599 these bulletins. I haven't seen 1534 00:55:33,600 --> 00:55:36,059 code for making use of them. 1535 00:55:36,060 --> 00:55:37,979 I've written some of that myself, but I 1536 00:55:37,980 --> 00:55:38,980 cannot share that. 1537 00:55:42,100 --> 00:55:43,299 Anyone else? 1538 00:55:43,300 --> 00:55:44,589 Yes. OK. 1539 00:55:44,590 --> 00:55:45,909 Three, please. 1540 00:55:45,910 --> 00:55:48,199 Yes. Hey, I wanted to ask 1541 00:55:48,200 --> 00:55:50,289 if you revised your 1542 00:55:50,290 --> 00:55:51,879 research on the Infineon baseband. 1543 00:55:51,880 --> 00:55:54,339 Have you tried that again to reevaluate 1544 00:55:54,340 --> 00:55:55,809 it if they actually patched everything? 1545 00:55:57,070 --> 00:55:59,379 Yes, I 1546 00:55:59,380 --> 00:56:01,089 did. I have. 1547 00:56:01,090 --> 00:56:04,209 Well, after I gave the talk, 1548 00:56:04,210 --> 00:56:06,159 I gave a talk again at Intel. 1549 00:56:08,200 --> 00:56:09,759 I used two different vulnerability there. 1550 00:56:09,760 --> 00:56:10,929 I didn't tell them about this 1551 00:56:10,930 --> 00:56:11,889 vulnerability. 1552 00:56:11,890 --> 00:56:13,000 After that, they patched. 1553 00:56:14,080 --> 00:56:15,080 So 1554 00:56:16,630 --> 00:56:17,649 I tried again. 1555 00:56:17,650 --> 00:56:18,969 But I cannot talk about this. 1556 00:56:20,410 --> 00:56:21,309 Sorry. All right. 1557 00:56:21,310 --> 00:56:22,449 Thanks. 1558 00:56:22,450 --> 00:56:24,039 That's the internet internet type of 1559 00:56:24,040 --> 00:56:25,040 question. Yeah, OK. 1560 00:56:26,110 --> 00:56:27,110 Yeah. 1561 00:56:27,800 --> 00:56:29,949 Sulu. Nice asking if you could 1562 00:56:29,950 --> 00:56:32,199 elaborate on the real life, real 1563 00:56:32,200 --> 00:56:34,329 life risk of these attack vectors, 1564 00:56:34,330 --> 00:56:35,969 how likely this is. 1565 00:56:35,970 --> 00:56:38,109 Some bad guy would actually go those 1566 00:56:38,110 --> 00:56:40,479 routes and 1567 00:56:40,480 --> 00:56:41,480 the real life? 1568 00:56:43,870 --> 00:56:45,489 Well, it depends on who you are. 1569 00:56:47,080 --> 00:56:49,209 I would say that 1570 00:56:49,210 --> 00:56:51,339 if people, if you're not worth at 1571 00:56:51,340 --> 00:56:53,529 least one to two million, if 1572 00:56:53,530 --> 00:56:55,029 the information that can be gained from 1573 00:56:55,030 --> 00:56:56,799 this attack is not worth at least want 1574 00:56:56,800 --> 00:56:58,869 one million to two million dollars, 1575 00:56:58,870 --> 00:57:00,909 nobody will bother with this kind of 1576 00:57:00,910 --> 00:57:01,839 attack. 1577 00:57:01,840 --> 00:57:02,889 However, if you 1578 00:57:03,910 --> 00:57:05,919 are discussing information that 1579 00:57:07,060 --> 00:57:09,609 is in this ballpark range or above, 1580 00:57:09,610 --> 00:57:11,319 you might have to worry about them. 1581 00:57:11,320 --> 00:57:13,899 This is the basically the market price 1582 00:57:13,900 --> 00:57:14,900 for this, 1583 00:57:18,790 --> 00:57:20,529 for the new instructions, the new 1584 00:57:20,530 --> 00:57:21,939 hardware instructions that you see come 1585 00:57:21,940 --> 00:57:24,639 along with what you said you made 1586 00:57:24,640 --> 00:57:25,659 all times. You don't know what they do 1587 00:57:25,660 --> 00:57:27,999 until you see documentation for them, but 1588 00:57:28,000 --> 00:57:30,009 presumably they're taking the place of 1589 00:57:30,010 --> 00:57:31,359 real code that is now. 1590 00:57:31,360 --> 00:57:31,899 Yes, you're 1591 00:57:31,900 --> 00:57:33,519 right. You can disappear. 1592 00:57:33,520 --> 00:57:36,309 That's correct. So I mean, still, 1593 00:57:36,310 --> 00:57:38,379 if I see it well, 1594 00:57:38,380 --> 00:57:40,510 I see the, for instance, the K0 lock 1595 00:57:41,950 --> 00:57:43,300 in a privileged remote 1596 00:57:45,100 --> 00:57:46,749 piece of code. 1597 00:57:46,750 --> 00:57:48,999 Still, I don't know what this does. 1598 00:57:49,000 --> 00:57:50,829 Same for set for the set. 1599 00:57:50,830 --> 00:57:51,729 I'm asking it right. 1600 00:57:51,730 --> 00:57:53,079 Some value. 1601 00:57:53,080 --> 00:57:54,819 I don't know what it does. 1602 00:57:54,820 --> 00:57:56,399 Do you see this in the same code? 1603 00:57:56,400 --> 00:57:57,909 Do they actually have capability 1604 00:57:57,910 --> 00:58:00,219 registers where they'll use the hardware 1605 00:58:00,220 --> 00:58:01,269 instruction? 1606 00:58:01,270 --> 00:58:03,429 If the revision 1607 00:58:03,430 --> 00:58:04,149 idea of the chip 1608 00:58:04,150 --> 00:58:05,469 is a certain level? 1609 00:58:05,470 --> 00:58:07,719 No, you see this in code 1610 00:58:07,720 --> 00:58:09,999 actually at least four keys, zero 1611 00:58:10,000 --> 00:58:11,769 lock and eye mask. 1612 00:58:11,770 --> 00:58:13,059 I've seen that in code, you'll see 1613 00:58:13,060 --> 00:58:14,379 both the software version and the 1614 00:58:14,380 --> 00:58:15,639 hardware, the new hardware and Touch ID, 1615 00:58:15,640 --> 00:58:17,349 or you have to go to previous versions of 1616 00:58:17,350 --> 00:58:18,039 the baseband for 1617 00:58:18,040 --> 00:58:20,289 this. I don't know if current current 1618 00:58:20,290 --> 00:58:21,290 versions 1619 00:58:22,900 --> 00:58:23,409 OK. 1620 00:58:23,410 --> 00:58:24,459 Anyone else 1621 00:58:25,630 --> 00:58:26,630 internet? 1622 00:58:28,090 --> 00:58:30,399 No. OK, then please give him another 1623 00:58:30,400 --> 00:58:31,659 round round of applause. 1624 00:58:31,660 --> 00:58:32,660 Thank you.