Experiments on ROP Attack with Various Instruction Set Architectures 1 GMO Cybersecurity by Ierae Yuma Taki University of Nagasaki Masayuki Fukumitsu Hokkaido Information University Tsubasa Yumura

Abstract Background ・Increasing the ROP attacks ・Implementing countermeasures e.g. CFI ・Developing gadget search tools e.g. RiscyROP[16] →Reconsidering the possibility of ROP attacks Contribution ・Investigating the latest trends in ROP ・Experimenting and verifying the possibility of ROP attacks to three types of target environments ・Discussing a simple architectural design which can mitigate ROP attack 2

Background Evolution of ROP ・Although progress is being made in implementing security mechanisms, a response is required on the architecture side. Difficulty in ROP attacks due to differences in architecture design ・The difficulty of ROP attacks is greatly influenced by architectural design differences such as function calling conventions. 3 [16] T. Cloosters, D. Paaßen, J. Wang, O. Draissi, P. Jauernig, E. Stapf, L. Davi, and A.-R. Sadeghi, "Riscyrop: Automated return-oriented programming attacks on risc-v and arm64," in RAID '22. pp. 30‒42, 2022. ROP attack will be explained later

4 Threat Bypass of Security mechanisms Arbitrary Code Execution Target x86 AArch32 AArch64 Versatility Blind ROP, kROP, etc. Diverse derived techniques Danger of ROP Attack

About ROP Attack ・Attack using stack buffer overflow attack ・Can perform arbitrary processing ・Bypass NXbit NX bit: Security mechanism that prohibits code execution outside the specified area ・Connect a bunch of assembly instructions (code snippet) to be attacked, build a ROP chain and embed it in the stack area 5

Principle of ROP Attack Code Segment Snippets3 ROP Chain Collect Snippets needed for attack Binary ROP Chain Code Segment Data Segment 6 … … 0x10694: pop {r4, r5, r6, r7, r8, sb, sl, pc} 0x103ac: pop {r3, pc} 0x10684: mov r0, r7 0x10688: blx r3 0x1067c: mov r2, r9 0x10680: mov r1, r8 0x103ac: pop {r3, pc} 0x10684: mov r0, r7 0x10688: blx r3 0x10694: pop {r4, r5, r6, r7, r8, sb, sl, pc} Data to assign to registers 0x103ac: pop {r3, pc} 0x10684: mov r0, r7 0x10688: blx r3 0x10694: pop {r4, r5, r6, r7, r8, sb, sl, pc} Snippets2 Snippets1 Data to assign to registers Data to assign to registers Data to assign to registers

Func2 Security Countermeasures against ROP Control-Flow Integrity (CFI) ・Monitor control flow and prevent ROP attacks ・Armv8-M architecture advances CFI implementation [12] ArmPAC ・Embed the authentication code in the first 16 bits of the function pointer to detect ROP attacks 7 [12] T. Kawada, S. Honda, Y. Matsubara, and H. Takada, "Study on multitasking-aware control-flow integrity based on trustzone for armv8-m," in Embedded System Symposium, pp. 71‒74, 2018. (in Japanese) Func1 Func3 Func1 CFI

Our Contributions ・Investigated the latest trends in ROP attack and demonstrated. ・Confirmed that ROP attacks can be mitigated using only the function call method. 8 Target Possibility ROP Attack (A) x86 environment ? (B) ARM32 environment ? (C) ARM64 environment ?

Our Experiments 9

Experiments Overview ・Three types of attack environments were prepared and ROP attacks were verified. ・The environment was constructed using QEMU so as not to affect the outside world. ・To focus on differences in architecture, disable security mechanisms provided by the OS and compiler 10 Attacker side Target Exploit Code Vulnerable Test Program Attack Host Guest to steal the shell…

Research Ethical Considerations ・Due to QEMU settings, the compromised environment is blocking communication with anything other than the host environment. ・Attack verification is performed on the test program, it does not affect specific products or services. 11

Three Types of Target Environments 12 Env. name Processor Architecture OS Execution State (A) x86 i686 x86 CentOS6 - (B) ARM32 Arm Cortex-A53 Armv8-A RaspiOS AArch32 (C) ARM64 Arm Cortex-A53 Armv8-A Nuttx AArch64

Test Program Test program used for x86, ARM32 Sakai’s ROP verification program [18] 13 Test program used for ARM64 Self-made test program [18] H. Sakai, "Sample of rop experiment," https://kozos.jp/samples/rop-sample.html, (in Japanese, Accessed on August 1, 2023). Prepared for ROP attack verification ・have buffer overflow vulnerabilities

Attacker Side Assumptions of the attacker ・Has the executable file of the attack target program and can perform various analyzes Search for code snippets ・Use analysis tools (rp++, ropper) to search for code snippets that can be used for attacks Creating exploit code ・Create a ROP chain according to the target architecture ・Create attack code to embed ROP chain using Pwntools 14

Env. (A): x86 Environment 15 Target OS Architecture Design LR Instruction size PC (A) x86 Environment CentOS6 N/A Variable Unrewritable ROP Possibility Possible

Env. (A): Function calls on x86 Processing in caller The call instruction pushes the return address and jumps to the function. Processing in callee After pushing the caller's stack base pointer, allocate a buffer. 16 buffer caller EBP Return address buffer caller EBP Return address

Env. (A): Exploit Code 17

Operating now Operating now To steal The shell x86 environment Attack! 18

Env. (B): ARM32 Environment 19 Target OS Architecture Design LR Instruction size PC (B) ARM32 Environment Raspi OS Available Fixed Rewritable Execution state: AArch32 ROP Possibility Possible

Env. (B): Function Calls on ARM32 Processing in caller The bl instruction stores the return address in the link register and jumps to the function. Processing in callee Basically, there is a push {fp, lr} instruction during the function prologue, after which the buffer is allocated. 20 buffer saved fp Return Address buffer saved fp Return Address

Env. (B): Exploit Code 21

ARM32 environment Operating now Operating now To steal the shell Attack! 22

Env. (C): ARM64 Environment 23 Execution state: AArch64 Target OS Architecture Design LR Instruction Size PC (C) ARM64 Environment Nuttx N/A Fixed Unrewritable ROP Possibility Impossible

Env. (C): Function Calls on ARM64 24 Processing in caller The bl instruction stores the return address in the link register and jumps to the function. Processing in callee Pushing the link register is performed at any timing. Therefore, the return address may be placed above the buffer to be prepared. buffer1 Saved Registers Return Address buffer2

Env. (C): Exploit Code 25

Env. (C): Analysis Demonstration 26 Analysis memory by GDB Debugger ・Setting breakpoint to confirm stack memory ・Just before jumping to roptest_main(function with buffer overflow vulnerable) Push as return address

Analysis Demonstration 27 Stack area after jumping to roptest_main Stack area after buffer overflow

Experiment Results Confirmed that ROP attacks can be mitigated using only the function call method 28 Target OS Architecture Design Possibility ROP Attack LR Instrcution size PC (A) x86 environment CentOS6 N/A Variable Unrewritable Possible (B) ARM32 environment RaspiOS Available Fixed Rewritable Possible (C) ARM64 environment Nuttx Available Fixed Unrewritable Impossible

Discussion Possibility of ROP attack in x86/ARM32 environment ・When a security mechanism is applied - ASLR and SSP can be avoided depending on the environment - Difficult to bypass properly implemented CFI →Implementing CFI is important 29

Discussion Possibility of ROP attack in ARM64 environment ・Security mechanisms added from ARMv8 - ArmPAC: Embed the authentication code in the first 16 bits of the function pointer to detect ROP attacks ・Architectural design that makes ROP attacks difficult - Fixed instruction size - Unrewritable PC registers - Arbitrary timing of return address push 30

Conclusion ・Investigated the latest trends in ROP attack and demonstrated. ・We confirmed that ROP attacks can be mitigated using only the function call method. 31 Target Possibility ROP Attack (A) x86 environment Possible (B) ARM32 environment Possible (C) ARM64 environment Impossible