Share this page!

john Profile picture
Twitter logo
5 Feb 20, 23 tweets, 7 min read
Here is my little thread about bugs I’ve found in Image3 parsers of various SecureROMs (well, A4 and A6)

None of them are exploitable, but all of them can cause a crash and/or denial-of-service

Why am I posting this? Just for lulz and from hopelessness

Image
1) memsetting the whole address space

That’s only for A4 (and maybe lower)

Back in February 2019, someone told me about “SHSH tag length underflow”, that allows “arbitrary memset”. The person failed to tell me which ROM it’s for
But for A4 ROM I found something similar. Look at this line of code:

github.com/NyanSatan/Imag… Image
This line validates buffer length of SHSH tag. But if we set shsh_tag->itBufferLength to a high enough value (near 0xFFFFFFFF), the sum will overflow and become a small number, so the check will be passed
SHSH tag data is then erased using memset() even if signature check failed. That very high value of shsh_tag->itBufferLength is passed as length. Such action leads to a hang

github.com/NyanSatan/Imag… Image
On A6 (and most likely on any of A5) Apple mitigated that in the following way:

github.com/NyanSatan/Imag… Image
Although the expression is arithmetically same, there’s no summing anymore, only subtraction. Underflowing the right part of the expression would have been very convenient, as it will allow arbitrary number of bytes to be memsetted
But unfortunately checks around it are too good (are they actually?)
2) Nested image memory leak

Inside of every Image3’s CERT there’s another little Image3 called “nested image” used for most of constraint validations (CPID, CEPO, PROD, OVRD and etc. go here) Image
When verify_signature_with_chain() validates a certificate, it also parses its extensions, and one of the extensions - a nested image - is returned to a caller (image3PKIVerifyHash() is a wrapper around verify_signature_with_chain())

github.com/NyanSatan/Imag… Image
The caller then passes it to image3InstantiateFromBuffer() with copyBuffer arg set to true. That arg makes it allocate a new buffer on the heap for the image and copy it to there
But this buffer is just never freed. By sending correctly signed and yet unpersonalized (or with mismatching constraints) Image3s you can fill out the heap completely Image
On A6 it leads to a panic! But don’t worry, it’s just an assertion in malloc() (“malloc() must allocate at least one byte” or something like this) triggered when it cannot allocate anything
A5’s malloc isn’t that fatalistic and just returns NULL. Some USB nonsense fails to be allocated and a device just disconnects Image
3) CERT memory corruption

The most interesting bug, discovered only 1.5 months ago

Look at this flow:

github.com/NyanSatan/Imag… Image
SHSH is stored encrypted on device, so before actual validation it needs to be decrypted. That’s where image3AESDecryptUsingLocalKey() comes to a rescue! It takes just 2 args: the address of buffer and its length:

github.com/NyanSatan/Imag… Image
Let’s return to SHSH’s buffer length validation. As you can see it’s only validated not to overlap Image3’s sizeNoPack (whole Image3’s meaningful data length minus header), but not to overlap CERT that lies right after SHSH!

github.com/NyanSatan/Imag… Image
So by setting shsh_tag->itBufferLength to a high enough value, but not that high to overflow sizeNoPack bounds, you can corrupt CERT tag header and data!
For example, you can make CERT’s buffer length value a very big number, overlaping the Image3, load area, SRAM itself…

By constructing malformed certificate I managed to trigger ARM prefetch abort exception (it tried to read somewhere far behind the SRAM bounds)
Unfortunately, certificate data isn’t modified in any way while validation, so that bug doesn’t seem to be very useful. Maybe there’s a point to look inside of PKI code?
On the other hand, someone told me I’m on “the right path”, when I told them about this discovery, so maybe it’s not that useless in the end?
Anyway, I think I'm done with all this nonsense, completely this time. I struggle with F20.0 and people with F20.0 are usually dumber than healthy people - I feel that every day I live this frigging life
So finding that untethered iBoot-1145.3(.3) 0day is just not my fate

And all the people who could help me with that are so fucking tired of my annoyance that no longer even talk to me

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with john

john Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nyan_satan

john Profile picture
17 Aug 19
Here is my little thread about Power NVRAM — another persistent key-value storage, located right on PMU chip. Only talking about iBoot context
Modifying certain key there allows to enable debug UART on any boot loader (including DFU ones) very early and without touching normal NVRAM

Both keys and values are unsigned 8-bit integers

Now let’s talk about known keys and values for them:
Read 17 tweets
john Profile picture
27 Jul 19
Here is my little thread about Lightning video adapters – also known as Haywire – which are actually computers that feature Apple Secure Boot and run Darwin kernel
There’re 2 kinds of Haywire:

1. Lightning Digital AV Adapter (b137ap/iAccy1,1) – Lightning to HDMI adapter, supports both video and audio
2. Lightning to VGA Adapter (b165ap/iAccy1,2) – doesn’t support audio output for obvious reason
Read 20 tweets
john Profile picture
31 Jan 19
I was planning to keep this knowledge private, but damn it. This is a thread about Apple SWD cables, some things they can do and how to use them
For now I only have got KongSWD, so everything below applies to this type of cable first of all
f you’re reading this thread, you’ve most likely seen many photos with these weird Apple internal cables posted here, on Twitter, — Gorilla, Kong, Kanzi, Chimp, Flamingo, etc.

Read 29 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @nyan_satan has new unrolls!

Check out other threads from @nyan_satan!

Read all threads by @nyan_satan