Episode 5 – Software Attacks
In the final episode, we disclose how a refined software attack can be used to hack a Hardware Security Module (HSM). Watch, learn, and Enter the Donjon.
Today at the Donjon after telling you several hardware attacks we are going to present you a software attack. We will show you how to attack a HSM and how to take control of it. Enter the donjon. An HSM is a computer security device that stands for Hardware Security Module. It is usually a very secure card that can store and handle secrets. The HSM are used in industries that need to secure very valuable secrets such as the telecommunications industry or the banking industry. Compromising a HSM can provide access to very sensitive information. Breaking secure hardware with software attacks.
This is a time-consuming attack because there is very little public information about HSM. In addition, you have to be able to get one, it’s quite sensitive equipment, so we don’t sell them to everyone. Besides, it’s rather expensive. Several thousand or even tens of thousands of euros. The principle of our attack on an HSM will be to recover its software to understand its operation. We’re going to do some research on it. We’ll try to find vulnerabilities, to exploit them to finally extract all the secrets it contains. We have to understand this better than the developers themselves. SET UP So a HSM is that. What we’re going to attach today is the software that runs on this card. The first step will be to plug the HSM into a computer to interact with it. Once we have connected the card to the computer, we will try to recover the software that runs on it by executing a script that we have developed. So, we are recovering the software in binary format. There is a succession of 0’s and 1’s, we can’t understand anything. At this stage, only the machine can interpret it. Our work will be to make this code intelligible. This is called reverse engineering. So, we’re going to launch a software that allows us to translate this binary code into assembly code, which is already much more understandable for us. Assembly language is that, it’s what you see on the right. On the left, the list of functions of the software, From there, we will be able to see how the card works. Once we have gathered enough information,we will try to understand how the HSM reacts. We will start sending him messages, but not just any messages. We’re going to send messages that are a little bit modified each time. The idea is to force it to react in a way that was not foreseen by the manufacturer. Intuitively, we will try to make the card crash. Usually, a crash is a good sign for us. It means that there was a really unexpected reaction from the card. And that could be the source of a vulnerability. Here we have a packet that is valid, we see that it’s correctly decoded, and here a packet that is invalid. We hope that this one will cause a crash of the HSM.
We will launch the program that transmits the malformed data. We realize here that we have no answer for a few seconds, so here, good news, we got a crash. So, here, we will study if the crash is a vulnerability and if it is exploitable or not. To do this, we will study the program on the card instruction by instruction. Here, by studying the contents of the memory, we realize that if we send a succession of very specific packets, we will be able to control the entire memory and from there take total control of the HSM. So here we found a vulnerability. We know exactly how the card works, we know how to communicate with it. We will now write the code that sends the succession of packets that allows us to take control of the card. This is what we call an exploit. We move on to the writing of the exploit. This is often the bulk of the work, several days, even several weeks of work. We will code non-stop. The idea is to turn the crash into something that is controllable by an attacker. We will try to authenticate, but we don’t know the HSM password. So, every attempt will in fact fail. Our exploit will disable authentication, so as soon as we run it, we can authenticate with any password. So now we’re going to execute the exploit. SUCCESS The execution is almost instantaneous, as you can see here, thanks to the exploit we were able to authenticate ourselves on the HSM. What you see in green at the bottom of the screen are all the secrets that the card contains. Which means all cryptographic keys. From there, one can remotely replay this exploit on any HSM of the same model, steal the most sensitive secrets of organizations using this HSM. In the wrong hands, these exploits could do great damage. This vulnerability has been reported to the HSM manufacturer. It has been fixed. Make sure to always apply security fixes on your sensitive software.