researchers find an unfixable bug in EVERY ARM cpu

00:00

can computers see the future yes sort of

00:02

in this video we're talking about how

00:04

the way that CPUs look into the future

00:06

actually presented a memory corruption

00:08

vulnerability that allows people to

00:10

bypass a major feature of the arm

00:13

computer instruction set this attack is

00:15

one of those crazy ones and I want to

00:17

talk about this one so badly because any

00:20

attack that uses a cash invalidation as

00:23

a side channel to leak information about

00:25

the CPU is already cool enough think

00:28

about Spectre and meltdown right those

00:30

bugs that broke the internet around 2016

00:33

2017 time period but on top of it being

00:35

a bug in a cash invalidation it is also

00:39

speculative execution and Via this

00:41

attack they're able to break one of the

00:42

major pieces of arms security

00:45

architecture now if you're new here hi

00:47

my name is Ed this is Ol learning a

00:48

channel where I make videos about cyber

00:50

security software security and all kinds

00:51

of other cool stuff so if you like that

00:53

or just want to hang out hit that sub

00:54

button I really appreciate it also yes I

00:56

got a haircut it's uh it's a little long

00:59

little something weird going on here

01:00

okay I do want to give my hats off to

01:01

the researchers here all the people are

01:03

named here in white please go take some

01:05

time after this video go read their

01:07

paper 18 pages of computer architecture

01:10

goodness binary exploitation goodness in

01:12

this video I want to make this paper a

01:14

little more digestible for people who

01:15

may not have as much experience with how

01:17

CPU memory Works how binary exploitation

01:19

works and all that kind of stuff so what

01:21

is memory tagging what are buffer

01:22

overflows what what is all the stuff

01:24

about well to understand how this attack

01:26

works we have to start at the basics

01:28

hackers like to exploit these sing

01:30

called memory corruption vulnerabilities

01:32

the basic one that everyone knows about

01:33

is a buffer overflow right this paper

01:35

here by alf1 called smashing the stack

01:37

from front and profit which is a paper

01:39

within Frack the hacker E from a million

01:41

years ago uh talks about basically hey

01:44

if we are able to right past the bounds

01:47

of a buffer in C we can use that to take

01:50

control of The Code by changing the

01:52

return pointer this guy lf1 enumerates

01:54

that if we are able to control the

01:56

return address of a program by setting

01:58

this value to a hacker controlled value

02:01

we can put code in that location and run

02:03

malicious code this has been the basis

02:06

of the majority of the hacks that have

02:07

happened over 70% of them since the

02:09

1990s and this is the thing that

02:11

companies are trying to prevent by

02:13

either secure code or secure

02:15

architecture now arm the chip

02:18

architecture designer that licenses out

02:20

the arm spec has added several features

02:23

in armv8 and rv9 one of them being this

02:26

idea of memory tagging so memory tagging

02:29

is theide aide of just like it sounds

02:31

putting a tag or a specific number at

02:34

the end of a pointer by putting that

02:37

number there you effectively make a a

02:40

special number that if it gets changed

02:42

the CPU will crash at runtime the CPU

02:45

checks that the pointer and the metadata

02:46

tags on each load and store match now

02:50

you're probably wondering wait aren't

02:51

pointers memory addresses like how are

02:53

they able to just put a random value in

02:55

a pointer well pointers actually aren't

02:57

all that magic they actually have a

02:59

specific function that they do when you

03:01

look at a 64-bit pointer for example

03:04

there are a few things that are

03:05

happening on the inside of this pointer

03:06

but basically almost the entire pointer

03:09

is a series of indexes into tables this

03:12

index into table system is known what is

03:14

called virtual memory that allows a

03:16

program to think that it has access to

03:18

all the memory on the CPU by translating

03:22

these virtual memory addresses to a

03:23

physical memory address via page tables

03:26

we're able to give a program the

03:28

illusion that it has access to the

03:30

entire memory map meanwhile it doesn't

03:32

actually it's a specific memory address

03:34

that get gets mapped into a pointer now

03:37

the entire pointer isn't actually used

03:39

there are certain bits that are reserved

03:41

for special purposes or that don't

03:43

actually do anything in the pointer and

03:44

so arm has taken advantage of these

03:46

leftover bits and use them to do

03:49

specific memory protection elements one

03:51

of them being memory tagging another

03:53

example is the pointer authentication

03:55

code where effectively the CPU will sign

03:58

the pointer cryptographically and if you

04:00

overflow it you invalidated the

04:02

signature and therefore the pointer is

04:03

invalid also real quick this video is

04:05

sponsored by none other than me if you

04:07

want to learn to code in assembly or C

04:09

or learn to do Network code in C please

04:11

go check out my website L level Academy

04:13

the courses are on sale right now for

04:14

the summer go check it out if you want

04:16

to learn to code in the C language you

04:18

can get a free preview with the arrays

04:20

lesson here if you want to go learn to

04:21

code in assembly you can get a free

04:22

lesson with the load operations lesson

04:24

right here please go check him out I

04:26

honestly believe that if you want to be

04:27

a better programmer you got to learn the

04:28

fundamentals where do you learn the

04:30

fundamentals C and assembly on low-level

04:33

Academy back to the video memory tagging

04:36

stuff memory tagging an arm also

04:38

prevents against certain attacks like

04:39

use after freeze this place where you

04:41

have data in a heap location for example

04:43

you free it but accidentally access it

04:46

later the way it works is actually

04:47

pretty cool and this graphic here does a

04:49

really good job of explaining it so we

04:50

have this character pointer here that

04:52

gets allocated 16 bytes when we allocate

04:55

it with 16 bytes using an mte compliant

04:58

allocator like the one on Android for

04:59

example we have we can call this a

05:01

particular color right now the memory is

05:04

blue now what happens is we either can

05:06

overflow this data or we can delete it

05:09

we can free it and when we do that we

05:11

recolor the data to a different color so

05:13

this memory address now has a different

05:16

tag if we were to in the future use the

05:19

old pointer the use after free but it

05:22

still has that original tag the blue

05:24

color this will throw a CPU exception

05:26

now the important part here is if the

05:28

hacker is a able to reveal the tag and

05:31

put the tag back in place this defeats

05:34

the entire security of the system the

05:35

idea is that the memory tag which is 16

05:38

bits it hides in the first 16 bits of

05:40

the pointer itself if we are able to

05:42

leak that tag then this entire system

05:45

falls apart now this is where the TIC

05:47

tag paper gets really really interesting

05:50

now what they do is they use this thing

05:52

called speculative execution now we all

05:55

want our computers to run as fast as

05:56

possible Right ideally our computers

05:58

would run our programs it would load and

06:01

store all of our memory and it would

06:02

never take what is called a cash Miss

06:04

where effectively when it looks up a

06:06

memory address if the memory isn't there

06:08

in cash it has to go out to random

06:10

access memory and load that into cash

06:12

now that is very expensive it causes the

06:14

program to slow down so there has been

06:16

this push to do this thing called

06:18

speculative execution where your CPU

06:21

will actually run the instructions that

06:23

are ahead of the current program counter

06:25

it will go into the future and predict

06:27

what path you're going to go down and

06:29

try to preload that memory address to

06:32

put it into cash so that when you

06:34

actually get there you don't miss the

06:36

cash now like I said in the beginning of

06:37

the video there have been a variety of

06:39

memory corruption attacks or leaks uh

06:42

that have come out of speculative

06:44

execution and spoiler alert this is how

06:47

the mte leak works now I'm going to zoom

06:49

in here to their graphic I want to

06:51

highlight this because this is really

06:52

really interesting so the way that it

06:54

works is they create a guess pointer and

06:57

a test pointer that both both live

07:00

within the same 16b block so that they

07:03

have the same memory tag now they create

07:05

an area of speculative execution that

07:08

will go out and try to dreference the

07:11

guest pointer and dreference the test

07:13

pointer now notice they don't actually

07:15

ever go and run this code all they do is

07:18

they put it into the code in a way that

07:20

it could conditionally execute but the

07:23

problem here is that if the tag

07:25

mismatches right the whole point of

07:27

memory tagging is that if the tag Mis

07:29

matches it crashes a CPU if it

07:31

mismatches in a speculative case if it

07:34

mismatches in the future it will not

07:37

crash the CPU and even so if it

07:40

mismatches it won't cash it won't go

07:43

into Cash the test pointer will not be

07:46

uh cash filled and therefore the guess

07:48

is wrong what they're able to do they're

07:50

able to time did we already cash fill

07:53

this test pointer and use that to figure

07:55

out if the tag that they guessed was

07:57

correct so what they do is they iterate

07:59

is tag one correct is tag two correct

08:02

and they keep checking over and over

08:03

again until their access to test pointer

08:06

is now filled in cash therefore they're

08:09

able to leak the tag of the target

08:11

address and use that for a future memory

08:14

corruption attack like when I read this

08:17

paper not only are they doing cash side

08:20

Channel leaking they are doing it in

08:22

speculative execution to bypass a

08:25

hardware memory protection dude it is

08:27

just one of the craziest bugs and make

08:29

it even more crazy what they figured out

08:31

how to do is they're able to do this

08:34

attack inside of the V8 sandbox so what

08:37

the the entire structure here is they

08:38

create these things called tic tag

08:41

gadgets now this this graphic that I

08:42

just showed you is called a tic tag

08:44

Gadget template so basically if you can

08:47

find a piece of code that does this sort

08:49

of thing where you have address you want

08:51

to leak address you control speculative

08:54

branch and then you can check at the end

08:55

of it you've created what is called a a

08:57

gadget template so if you can look for

09:00

Snippets of code that are like this you

09:01

can find ways to leak the mte and other

09:04

code and these researchers actually

09:06

found a bunch of tic tag leak Gadgets in

09:09

the V8 VM which as I've said in previous

09:11

videos is the VM that they use to run

09:14

the JavaScript sandbox right and they're

09:15

they're showing you here in this paper

09:17

and again I'm not going to PR like I

09:18

know how all this works it's very very

09:20

complicated uh that they found tic tag

09:22

V2 gadgets that can work inside the V8

09:25

sandbox to leak arm V8 tags so like I I

09:30

just cannot emphasize how crazy this

09:34

paper is I I really please go go go show

09:36

them some love go go read it I hope it

09:38

made this more accessible to you guys um

09:40

and if you like this video do me a favor

09:41

hit like hit subscribe then go check out

09:43

this other this video that you will also

09:46

like as well