 Siemens recently decided to add some security features to their PLC and today we have Tobias and Ali and they will be sort of telling us what they managed to find this PLC. They both come from University Bohum. Tobias is a recent acquisition as a doctoral student and Ali is a postdoc so let's give them a hand. Hmm, where is our slide? I have a presentation mode. We are. Let's say it again. Yes. Okay, welcome to our talk, a deep dive into unconstrained code execution in Siemens S7 PLCs. My name is Ali Abassi and as mentioned before, I'm a postdoc at chair of system security at Royal University Bohum and here is my colleague. I am Tobias or Toby. I'm very glad to be here. It's my fifth time at the Congress and now finally able to give back in a way so I'm very excited about that. So let's get into it. So first about the plan of the talk. We want to give you a little bit of a background of what PLCs, which is program logic controllers, are all about. Why we might want to use them in what kind of setting and then we want to go into the specifics of PLCs in the Siemens case. First we look a bit about at the hardware and then at the software afterwards and the different findings that we had. At the end we will show a demonstration of what we were able to achieve and conclude with some remarks. So first of all process automation. So we all know it or maybe we do it ourselves or we know somebody who does it. We put in some devices in our smart home if we call it smart already and we try to automate different targets or different things to make our lives easier. Things like turning up and down the heat. We might not want to do that our own. We might not want to overheat or under heat and what we do is basically have some sensory systems inside our homes as well as some devices that interact with those sensors. In this case we might have a thermostat and a heater and we want to adjust our temperature based on the thermostat. There are pretty simplistic solutions like this for smart home but what we do if we have very complex control loops for example. Here we can see on the left bottom corner a pretty complex looking picture. Some operating operators sitting in front of what we call an HMI. A human machine interface which is basically an aggregation of all the information of things that go on in a factory for example. We need different sensors in this factory and we need to steer different motors and stuff like this. So we need things in the middle to kind of control all of this and we do this using PLCs. Here we can see a setup how it could look like. So basically have a set of inputs as we talked about in a set of outputs and we have some logic going on in the middle and what we typically deploy is a PLC, a programmable logic controller and some logic in the middle. There are different technologies that can be used for example structure text or letter logic which gets downloaded onto the PLC and then which steers outputs based on the inputs that gets. Here we can see some applications of this kind of thing. For example a chemical power plant, chemical plant, an electric grid or some manufacturing. All of those components are pretty critical to the workings even either we see it in our everyday lives and sometimes we don't really see it but they are in the steering everything in the background and we really don't want those systems to get compromised. For example if you went on to Google and looked something about disasters and chemical plants you could see some meditate on plants just because of some mis malfunction in a system or so and we really don't want this to happen neither on an accidental but also not in malicious spaces and this is why we want to secure all the processes going on in factories and the like. We've seen some of the recent attacks so it started kind of in 1999 with the first initial reconnaissance base mainly and then we had some more advanced attacks in 2010 for example where we saw Stuxnet which was very much a really intricate operation if you think about it on a technical level what all went into it what different skill sets were involved it's pretty impressive and then in the more recent time we had some issues in the Ukrainian power grid which in 2015 and 16 just before Christmas some lights went out for quite a while in some cities there so quite a bit of impact. So to give you a bit of impact background on Siemens PLC is here when it comes to market shares we can see that together with Rockwell Automation Siemens actually has more than 50% market share in the market and obviously if we tackle some devices that introduce some security it would be interesting to look at those with the biggest market share this is what we did here in the Siemens case. Here we can see the actual PLC that we will focus on in this talk which is the Siemens S7 1200 PLC it's one of the smaller PLCs not quite the smallest there is the logo as well which is more of a playing around example but this is the one that it's still pretty accessible to researchers in terms of costs so it's like 250 for the PLC then if you need a power supply it can add the same so as long as you don't break too many spoiler we broke quite some or you don't drop them or something like this then you're pretty fine so you can kind of get the resources to play with those devices. We have different applications and we talked about them before so here is what an unboxing of a Siemens S7 1200 PLC would look like we have the top view here in the left picture it's only one of different PCBs which are layered onto each other in this case but the real magic goes on in the top PCB which is the green one that we see here. Looking at it a bit more in more detail we have the top view on the left side which shows the different components that really make the PLC tick for example the ARM CPU that we have or different input outputs that we can connect to PLC as we talked about before which they need in order to steer different parts of the system and then we have the flash chip on the top side as well which is a bigger flash chip holding the firmware of the actual PCs which we will talk about a bit more in detail later. On the flip side we have on the right picture the bottom side of the first layer PCB and as we can see here this is where the bootloader chip resides which is an SPI flash chip of four megabytes holding the code of the Siemens PLC bootloader. Here we wanted to have a detailed view on what the actual processing unit inside this board actually looks like and what you can do if you want to really want to find out you can do some decapping and this is what we see here the result of this we can see that at the core of it is it's a Reneza's ARM Cortex R4 from 2010 and if you afterwards are more juggling with the software side of things you may also want to find out the actual revision number what it supports inside the ARM standard and what you can do there is use a special instruction which resides in the ARM instruction set and you can decode the different bits on it which we did here which you can see here for reference. So if you really want to know what's going on you can take apart those bits and make sure you're actually working with the hardware that you expect to be working with. So here's where we come to the memory part of the hardware and this is where I leave you over to Ali. Thanks. Now that the Tobias like unboxed the PLC for us now I'm going to talk about quirks and features in the PLC. So as mentioned before it's a Cortex R4 revision 3 it's a big endian instruction set and it's also only have MPU so there is no virtual memory basically. There are multiple RAM sizes depending on which year you bought it or which variant of the 71200 you buy and also multiple SPI flash and multiple different types of NAND flashes. The most significant one difference is like in the RAM which sometimes they use Wingbone and sometimes they use micro technologies recently at least micro technologies RAM. It's a LPDDR1 RAM. We do expect the SPI flash for bootloader so it's a again depending on the variance between 1 to 4 megabytes SPI flash. It contains different banks of each size 512 puabytes and basically what the bootloader does is that beside the typical actions of the bootloader which is like configuring the hardware is like verifying the integrity of the framework before it being loaded. So we actually did some x-ray tomography of the PLC. So it's basically 3D so the PCB is basically rotating here because we wanted to also do some hardware reverse engineering part and somebody in university had something so we didn't have to go to our dentist for x-ray. So here is like a quick 15 minutes x-ray which is not that good but once you go in deep eventually what you will have is like this and you can actually just it's like a software animation you can go inside PCB and see all layers it's like amazing. So it's a full PCB layer and so beside VCC and GND there are two layers of PCB connection basically. So let's look at the startup process. Again startup as usual some hardware configuration happens. So vector interrupt controller for example like lots of these handlers for different modes in ARM and then CRC checks some of the bootloader itself which is easily bypassable because you can just overwrite the CRC. Then the bootloader especially in the 2017-2018 variant of the Siemens PLC allows you to overwrite the SPI flash. And also eventually check the CRC check some of the framework before basically loading it. The size of the bootloader itself is like 128 kilowatts isn't really even less than that because half of it is just like 0xFF. Siemens multiple times changed they are different version I think in two years we saw like three variants or four variants of the bootloader so it was evolving it was not something that's everybody forgotten about it. So generally as mentioned so you have the first stage of hardware initialization and then basically bringing the bootloader to the RAM and basically checking the bootloader CRC checks some so make sure that it's not manipulated which again easily can be bypassed. And then a second stage of the hardware initialization happens and then at this moment it waits for a specific command for half a second and if you receive this command it goes to another mode which we will discuss later. Otherwise it basically prepares some CRC check some table for the framework and then it tries to load the framework and then eventually it just removes the memory barrier the SWI instruction those who knows about ARM and basically map the framework to the memory. So the name of the operating system it was not mentioned before it's Adonis. We know it from different ways actually so first in the references in the framework we see lots of references to Adonis but that was not enough for us so we actually looked around to see if like there is any reference to it and well LinkedIn is one good open source like reference and here is like one employee actually talk about a Siemens developer who talk about like working in Adonis. I don't know why he put Windows and Linux beside on this but he says that like he work on this and so it was not enough for us so maybe it's some OS we don't know and we look again further and further and we find this thing which was the best indicator. So a Siemens developer engineer mentioned that he worked on a kernel software development for Adonis real time operating system which is good sign for us it means that we are right. So now that we know about the naming and I'm sure about that let's look at the components so it's actually a start in basically 440 and basically then initializing the kernel and then lots of routines for initializing different components of the operating system. I don't think Siemens actually generalize it in this way we don't have such thing in the framework but we actually did it like that so we generalize it to two groups some of them are core services like Adonis real time operating system services and some of them are related to the like automation part so those people who are like in the automation part like the writing ladder logic and stuff like that those commands on function codes which are available in Siemens they actually know this are like more automated related services. So you have Profinet AWP or automated web programming MC7 Git parser basically for their ladder logic or different kind of SD like basically their own Git compiler inside the PLC and you also have the OMS this configuration system which is very related again to the automation part core part of the automation system and of course alarm central IO and stuff like that related to automation. In the operating system part so lots of this usual thing so file system so PDCFS which Tobias talks later about it the TCP IP stack some seed CC++ libraries which is not from Siemens it's from Dinkonware and mini web web server MWSL parser or mini web scripting language parser and lots of different sub components which is usual in operating system like any operating system we can find them. Also there are some references to core site I don't know how many of you know core site or how much you work on ARM but basically core site is something similar to Intel process tracing or Intel PT for tracing applications and can be used for getting code coverage for example and the hardware part is very well documented by Thomas Weber in this year it's not yet ended this year so this year black at Asia but I have to warn you because I received some emails some people ask about that if you connect to it the PLC have some anti debugging feature which detects that it's being debugged via JTAG and overwrite the Nand flash with random stuff so you break the PLC so just connect it to your own risk next is let's look at the core site just a quickly core site basically have like before I go here I have to mention that Ralph Philip also have a good talk in zero nights about core site tracing so I would recommend you guys go look at that as well but generally core site have like three major parts or components sources links and sinks and sinks is basically the part which you actually get the tracing formation and sources are the part which you tell is a feature in the CPU which you ask what kind of sources you want to get the data from and then links basically convert these sources I have to mention that like lots it's very useful for fuzzing as well too I guess some people very few but some people are working on that things on coverage guided fuzzing via core site arm core site as always possible similar implementation is happened in Intel PT for example KFL Vene FL or home files so sources basically they have like three different components SDM PTM ETM ETM version for is the latest version of it and basically you have also links which connects different sources to different like different or single sources to different or single basically sinks and then you have funnels for core sites sorry sinks sorry you have sinks which is basically different kinds so there are some integrated to the CPU which is four kilobytes ring buffer SRAM or you have like system memory or even TPI you or just for example JTAG DP port high speed JTAG port so now that's a clear thing like the core site we actually create a seven for existence of core site and as you can see like in the software part is already implemented so they actually have some references in their software that they are utilizing or configuring the core site in their PLCs and basically we can see that the ETM version is not the latest version it is ETM version three now that I talked about core site Toby can talk about very much so let's get to something that I'm very much more familiar with and feels easier for me to handle it's firmware dumps or software in general but firmware dumps I think it's close as you can get to what I like when talking to a PLC or trying to understand a PLC so in the Siemens case we have a 13 megabytes binary and at the beginning it's not as many but as if you twiddle around with it a bit and apply some Ida Python functions and stuff like this you can get to like 84,000 functions which it's not something you want to really look at everything manually also like 84,000 function firmware image doesn't really get the sexiest firmware on planet I guess so but this is what I what I looked at and what we will look at a bit more in the next couple of minutes or so as you can see we have different names up there we have one name which is called some gets some max size so this is my internal way of saying I don't really have an idea of what's really going on in this function but we can also see some more meaningful functions so we understood some parts a bit more some parts a bit less but I gave it a cursory look at in most places so now let's get into a lot of address related stuff so we extracted a lot of details which are very interesting if you start looking at firmware code and I will explain along the way why they might be interesting so first of all what you have to know is that Cortex R4 gives you bank registers this is basically a feature that's implemented to lower software overhead and allow more seamless mode switches for the internal CPU and what we get is banked stacks per execution mode so if we want to know what is kind of going on in the state of the firmware at a given point we may want to look at the different stacks of the different modes at any given point and this is the addresses that we extracted for this and you could use that if you as a starting point if you started reverse engineering things like that now we will have some address some tables with addresses and the first one is RAM mappings which show you what's kind of functionality or what you might expect when looking at firmware code which is interfacing with different parts of memory so if you initially go and look at some arm code you may just see a random access to someplace in memory and you may want to know what it's actually doing and it looks very uneventful if it's just an address and it gets gets curate and you don't really know what's going on so for example if you looked at an address within the text section you would expect there to reside code if you wanted to see some global static data you want to you would want to look at the data or the bss section and then finally if you wanted to look at heap memory look how chunks are set up there you would look in the uninitialized section and it goes on like this for different sections another very interesting thing to look at if you try to reverse engineer firmware images is that you kind of want to know what the hardware is that a given piece of code is is interfacing with and then this case we dumped some regions or reverse engineered what some regions are for what is called memory map dial and the way arm is talking to firmware is basically to cure your magic value inside the address base and then it gets something back which is not at all what it's has been written there before so it's basically an address which gets wired through to the peripheral the hardware peripheral on the same system on a chip and here we can see that we have different hardware peripherals residing on it for example we can talk to the Siemens PLC via different serial protocols and those protocols might be SPI or I squared C and we have on the left side kind of in the middle top what top part of it have some region pertaining to that and then if you saw some other code talking to timers for example you would know you have your entailment at the moment or like in the scheduler or whatever it would be finally we have some MPU configurations which are memory protection unit configurations as Ali introduced earlier so what we can see is that Siemens is actually applying some of those configurations to protect parts of memory what we can see for example is where whenever the Xn so the execute never bit is set code is not to be executed within this address region or we have a read-only region we really don't want to have it over it so it's interesting that they started playing this in practice here we can see what actually happens when the firmware itself puts up so it turns out the firmware doesn't really want to depend too much on what the bootloader did probably it's different teams doing different things and to keep this interface as small as possible they kind of redo some of the stuff that the bootloader code also does it sets up the vector table for handling interrupts and similar things like that then if we get past this initial stage we actually want to boot the adonis kernel which Ali talked about before so first of all there is an array of function pointers that gets called one for like every piece of functionality that we saw on this overview of the different components of adonis so if you wanted to look at what kind of components are there or functional components are there this is a very interesting list of functions function endless to to examine and also sets up some instrument structures and stuff like this one and typical operating system would have to set up so now we look at more of the different components of adonis first one is the file system so PLC's part of the specifications sometimes it's how resilient is it against temperatures how low of a temperature can I have this PLC reside in without losing functionality and in this case what they also want to provide is some safety against interrupts in power supply so they developed a proprietary file system which is called powered on consistency file system which they implement in the firmware and we can also see one of the one of the work experience entries of one of the previous Siemens employees who stated that you or she worked on this file system now we have another part very critical part of the functionality of course we want to talk to the PLC it wants to talk to us and and one of the ways is obviously TCP IP and this is to expose the web server for example in different other components and in this case it turns out that Siemens doesn't implement their own which probably is a good idea not to do that they use interneach technologies the TCP IP stack and version 3.1 if you are good at googling you can find some source code and you can actually map this to the firmware and how it works so it could give you some wrapper functions something like creating sockets and stuff like this and I could make it easier for you to find those in the firmware image we also have one of the very critical components of each firmware is updates if it allows an update and the Siemens PLC allows updates there are different modes one of the modes is just you drag and drop a UPD file and update file to the web server and it will start checking firmware integrity and signatures and so on and the second way is doing it via an SD card which has a great total of 24 megabytes and that's for the low price of 250 euros you can can get it thank you cannot really beat that that ratio if you actually decompress this kind of UPD file you you get another representation of it in memory and we did some reverse engineering on that and we have different fields I'm not sure if you can see them now but you can expect what it is it's different offsets into the actual binary file it's an entry point into the firmware magic header to make sure something is not too screwed up and CRC over the whole thing for example we also extracted some of the addresses inside the firmware image which help you find a first foothold into what the logic is dealing with and give you some addresses for you to refer this to later the next component that we want to touch on is mini web which is the web server it kind of exposes to you the different internal parts of the PLC and what the state of different GPIOs general purpose input outputs is the inputs and the outputs and what the health of the PLC is itself and the way that it exposes this is using the MWSL language meaning web scripting language it's as we will see on the next over the next slide I will talk to about that in a little bit more detail we have a it be started as a service as well from one of the function handlers of the adornation initialization functions that I refer to a little bit before so now let's get to some undocumented HTTP handlers which I think are very interesting I think my favorites are lily lily lily and lolololo and if you if you put those together in a clever way maybe somebody is musically gifted and can make a song out of it I would be very interested to to hear that so now let's get to the MWSL the mini web scripting language so it basically exposes the internal functionality by allowing you to inject into an HTML page via templating different configuration parameters and stuff like this for example as we can see here on the top right corner you can see the CPU load of the system at a given time it doesn't really seem to perform any output encoding so it kind of trusting what comes out so there may be clever ways to to do some web related trickery with this and also the parsing of this tokenization is kind of complex I looked into it a bit and this implementation could also be interesting to look at but we will get to this kind those kinds of aspects a bit later with this we want to get to our actual findings and talk about those a bit more and this is where Ali will take over thanks Toby so so now we talk about the capability capabilities which exist in the bootloader which allows us to have unconstrained code execution so basically this feature is available in the UART so you need physical access to the device but once you have this physical access you can basically as Toby has later described we can actually bypass the security ecosystem we developed by Siemens in their product so you need UART access as it's documented here you have TXRX and GND in the PLC and the UART actually in previous research was documented as well every address which I am talking about here or mentioned in this presentation are for bootloader version 421 as I mentioned earlier Siemens actively modified the bootloader so I think in two years we saw like two three modifications or different versions of the bootloader coming up so this exactly is based on that half a second waiting for a specific command after a second hardware configuration happens it applies to Siemens S71200 including C plus and S7200 smart actually somebody from Kaspersky ICS security mentioned it we didn't know even about it we just knew we just investigated S71200 but Siemens later updated the advisory that it also applies to other products as well so let's talk about this is special access feature so as we mentioned one of the thing bootloader does is actually initialize the hardware after this hardware is basically copy some of the contents of the bootloader itself to a memory segment called IRAM basically and then PLC basically waits half a second for a specific command and once it's received it's a specific command it responds with a specific string and it's all happening over the UART so it's if you send a magical string MFGT sorry for my broken German but probably it means mid-fondition großen I hope I did it right and then the PLC responds with dash CPU and says that now you are in this a special access mode I am waiting for your commands and and this address is also available at 0x EDF-8 in the bootloader so here is a decoding of our clients which we release later next year actually which you see that 2d435055 which is dash CPU response from the from the PLC so now we are in it and also we also added some extra thing about your packet format somebody asked before so once you send this command you get lots of functionalities here in this presentation we call them handlers and basically there are something we call primarily handler is like 128 entries and there are some three other separated handlers which are like 0x80 UART configuration and buy so in the primarily handler list there are lots of things so if you go back to the two previous slides I got the the framework version here for 2.3 and basically what is happening is that basically it's this command here get bootloader version we are just requesting the via a special access feature to tell us what is the bootloader version and also you can do lots of low level diagnostic functionalities happening there also some functionalities related to framework update happening there which bypasses the usual cryptographic verification of the framework and doesn't need that so let's look at them because for this work which we are talking about we actually primarily only use two of the handlers so we don't use we don't look at like or we don't discuss now all others 128 handlers which exist in the PLC so it works one of the handlers the interesting one for us was handlers 0x80 which mentioned here update not function so basically what it does is that it it lets you allow you to write to a specific part of the memory IRAM which previously copied some contact content of the bootloader so basically you send this handler after this handshake you have to do this MFGT1 and then CPU and then basically you are going to send this handler and then it basically checks because each handler might have different requirements check number of arguments for example and then you are in this update function and then you have to provide target ID because there are four sub functionality available once you enter this mode and some of them are like for IRAM for SPI or IOC or for flash and then for each of them you have to choose what kind of operation you want to do you want to config read write or check and so you can do all of these things so you can read and write to the IRAM basically this is a function handler x0x80 next is a primary handler like 0x1c this is listed in this handler list here so so basically it allows you to call functions so they basically this function are listed in the IRAM and basically what you do is that you send this handshake you are and you are in this basically this 0x1c handler and then you can call the ID number of the handlers which you want to use so here you have like lots of handler available for 0x1c so the question is what we can do with it and before I ask Tobias want to ask anybody here any idea trace somebody said trace I don't know what that means but okay you mean with jade with the core side no we are not going to use that so let's ask Tobias what he can do yeah so looking at it dynamically and seeing what it does with the memory is I guess a good idea in general if you if like static reverse engineering doesn't give you anything in this case we looked through different or I looked through different of those functions and try to see what can I do with it so the base of where I started looking for this special access feature was basically that I saw there is too much in this code going on I kind of feel like I understood what it should be doing the bootloader what should what it should be doing but it seemed just to be too much and the way we can combine those two functions is basically to in recap use this 0x1c handler which gives us control over what kind of secondary list functions are to be called which as we saw before is copied during the the boot up process to a position in IRM from extra read-only memory and this exposes this function handler table to anything that can write to IRM and as we learned before the 0x80 handler is able to in a limited capacity do just that and here we can see what we can try to do with this so we use in the first stage the 0x80 handler to write to IRM we can actually inject another function pointer together with some configuration values that allows us to pass different checks about argument sizes and stuff like this we can inject this as an entry into this table and we can also write to this table a payload which we can use as a shellcode and then in the second stage we can use this previously injected index that we specified just as a trigger to call our own payload so now we have code execution in the context of the bootloader so which is as privileged as we can get at that point and we can see what we can play around with this and as a little summary is that we chain all this together and we get code execution and with Ali's words with this technology we're going to rocket the PLC and before we go into what this actually allows us to do is a little word about the stage of payload so I wrote this this chain of different invocations and it turns out that this right to IRM is somehow a bit very slow in the first place but then also error prone so the device can just error out I'm not quite sure what this pertains to but maybe interesting to know from the Siemens engineer but it basically led to me having to inject a little encoded payload which just has a little subset of bytes which gives us an interface to do to perform more performant reads and writes with an arbitrary right primitive and then use this to inject second stage payloads and this is what we want to demonstrate here thanks so now we will have our demo four demos actually so first one is actually just seeing the communication basically sending this request and getting a response and basically sending the stager payload so in the op is the raw you are communication don't worry it's getting zoomed later and the down is like our client which actually talking with a PLC and sending these commands so we are just running our UART and here is we are sending our command and if you look at in the op you see that dash CPU signal came from the PLC and now we are sending our stager and a stager just send us just one acknowledgement so we know that's a stager run successfully this is for framework version bootloader version 421 basically so now we are going to do something else we are going to actually dump the framework from a running PLC and compare it with the framework downloaded from Siemens website so first we are going to actually unpack the framework downloaded from Siemens website because it's a compressed with LZP3 so that's what we are going to do I hope oh no we are actually setting up our SSL connection first so SSL port for our port forwarding SSH port forwarding before and we are just checking that the PLC is running properly so like this is not a broken PLC or something like that we wrote something so we just make sure that the web server is opening we open the web server yeah it's opens good and also try to log in to the web server of the PLC just again make sure that the PLC is functional so also enter the password I guess everybody can guess it and and then so you see that we log in eventually and in the left side you see all the like functionalities which loads related to the PLC so it's a working running functional PLC and so now you are going to decompress the framework downloaded from Siemens websites after checking for export license and stuff so they want to make sure that people from Iran and North Korea don't get it I'm from Iran so here we have the unpacked framework but because the framework is very large as Toby has mentioned earlier what we are going to do is that we are just going to export 256 kilowatts of the framework from some part of the web server and in the IDA so you have to set the big NDNS for the CPU and also rebase the framework so as you can see here is no function yet but once you rebase it you have all the functions as well and yeah so then we got just go and export 256 kilowatts from the framework so we specifically slow down the UART because we want to make sure that we don't do it too fast to overflow the buffer which we have internally in the PLC so so here for example in this address 691 e28 we are going to export 256 kilowatts this is from the framework Siemens framework right so you just export it so yeah so it's now called FW 0x 691 e28 in the folder out so now we are done with this part we are going to dump the same address in the PLC so from a running PLC I have to mention again so this is the top part is basically raw UART and this is basically our client part and we are dumping it we are cold boot style attack so we are basically resetting the PLC and before it overwrite the RAM we are basically dumping the contents of the RAM so this is the address 691 e this was the same address basically and we are dumping 256 kilowatts and here we send FGT1 basically and then got the dash CPU and then the rest of the stage and stuff goes so now basically we are sending packet and then eventually get received so basically got all the payload like dumped in mem dump 691 e28 basically so this is from the RAM of the PLC this is not any more from Siemens websites we are just SCP to our own machine and then compare it so now we have the mem dump and original framework 256 kilowatt each and then we are going to compare them with each other and as you can see should look here like you have like 100% match meaning that it's exactly the same framework which is available in Siemens website we dumped it directly from the Siemens PLC memory using this a special access feature so let's do another one so this time we are want to show that unconstrained code execution in just a very basic way so we are actually just writing a custom payload to the PLC and gets a hello or greetings from the PLC so basically we just ask the PLC to send us this message all the time so again so we are sending our custom payload right here it's a hello loop and basically the PLC just sending this loop for us so all of these things again are for bootloader 421 we have to readjust certain things because Siemens I think they updated again the bootloader in the recent 2019 December which we bought new PLC again once again and now here we get a response that's the PLC is sending basically to us these are raw data which PLC is keep sending to us that's showing that we are receiving this but maybe this was too basic these are the raw data which we are getting from the PLC let's actually do it a little more complex show something that is not from us so let's play a game called tic-tac-toe inside the PLC and I guess if you don't know this is how tic-tac-toe is like this is I'm playing and I just draw with the Google so now we are again are going to send our custom payload but this time we are just use partial quotes from somebody else from the Internet and just upload compile it and then upload it to the PLC obviously you have to readjust lots of things there but so we are sending our payload including a stager and these are the raw data again these are our client and eventually you will see a tic-tac-toe interface which you have to enter so player one is actually playing with the X and player two is playing with like zero so you see when you position which you choose like you have X X and hopefully player one wins yes so that was it so that was a demo obviously like there are lots of other ideas which we can work on on injecting other custom code using this special access functionality we are still working on this like lots of other things on Siemens we are sorry Siemens we are just working on this but there are more to come but in the meantime there are some ideas for other people in case they are looking into this and want to investigate security of Siemens PLCs so using this a special access entry you can do some odd certain things so for example you can use this special access functionality to write to the framework as we mentioned this functionality is available and it doesn't require those cryptographic signature which normally during update process of the framework available so you can just bypass that and it's just CRC checks up so what you can do is that for example adding entry to otherness like initialization routine which is available and then or also you can do it before otherness initialization routine which we call internal internal th initial another one which we can do if you remember Tobias talked about some undocumented there and lots of creativity and creating music really low so what one person can do is like basically adding a specific handler or overwriting exists handler and what it makes actually is like something like tritone I don't know if anybody know her about tritone it's a malware which were attacking petrographic in Saudi Arabia so they were trying to do it in a TCP but attacker here can maybe do it in HTTP example and just listen and waiting for commands and also other alternatives like patching one of the jump tables in the AWP handlers which can be also used for process a specific attack so what else is out there so what we looked is we looked at attack surface in the Siemens S7 PLC's there are like for from perspective of local privilege attacks what we can what we looked was bootloader we are still working on hardware attacks and some hardware software attacks on the edge it's a still ongoing work which we don't obviously discuss now also interesting thing I think if somebody who is interested in security of PLC's and especially internals I'm not talking about like this general segregation of network and stuff like that in ICS I'm talking about more advanced low-level stuff we think like MWSL is an interesting target there are there probably are some like box in their implementations also with respect to file system parsing and framework signing there are probably some stuff and also MC7G parser basically which they have from a privilege escalation perspective and also from remote code execution perspective both mini web web server and also any network access of accessible services which they have might be interesting we are actually also looking at this part right now so as a conclusion PLC's are becoming more complex that's true because they are actually providing more and more features and because of this more complexity there will be more box we can see for example in the MWSL which we are looking at now also vendors try to basically more make it more complex they have basically some anti debugging which we discussed in Siemens PLC's but also they have for example frame rate integrity verification so the signed frame rate like like upload to the PLC and stuff like that so they are making it more complex but what we have to know is that if in their like threat model which like lots of people make or this security ecosystem which they built if they have a feature which undermines the same security ecosystem which they designed I mean they I think it's obvious that they have to remove like with the case of bootloader case in the special access feature it is one of the good examples so and of course customers also have to know because if they have such which and they need it as long as customers know it's fine but when they don't they can't risk calculate this risk in their strategy or in this threat model which they have so and also they have to think about we think about security via obscurity maybe they allow us for example as researchers who access their devices better and easier to investigate it more we are still doing it but it's just taking longer and I believe that there are lots of saying more to be done on like PLCs and Siemens will need will not be the last one which we are working on so we have to thank some people Torsten Holtz our supervisor is not here Thomas Alexander Marina Lucian Nikita and Robin for their help in their work and now we are going to answer questions thank you so yeah feel free to line up for the microphones or write your questions in the Elisa room there you go hello yeah so there's one question from the internet did you check the MC7 parser if yes did you find any hidden unknown machine 7 instruction on it or something so just is it recorded or I have to repeat it again so they ask that if we check the MC7 parser okay so it's fine so we didn't like truly investigate at MC7 parser but we are working on it right now hello how were you able to find the MFG security password that's a very long story first of all like we had we had it in front of us for a long long time until Siemens introduced this anti debugging feature and after that like we had to find other ways other means to find it to find like similar function like similar ways that allow us because one thing which we then discuss here is that we didn't tell you about how we for example executed that instruction before in the PLC it was involved some works which we received help from some researchers in Netherlands and in France so this is this was something informed by Siemens in 2013 I think they knew about it but until 2016 they patched it and then it became out like basically they tried to protect their PLCs from this kind of attack it was never published before so we were using it and we don't want to talk about it because the original authors didn't want to talk about it but we replicated what they were that what they were doing and then once we really had to look for other ways like then it opened our eyes that there are some other functionalities as well there so such as for example bootloader but before we before we need it like we never actually looked at this thing so it was like in front of us for like two years and maybe one interesting piece of a background story on this is that we actually in the previous technique that we use we actually overwrote the conditional jump that would lead to this special excess feature being executed with an unconditional jump so we basically cut out 60% of the whole code of the firmware image by accident and then I just because of the hunch that I was talking about before that there is just too much functionality I revisited it and actually realized that it was exactly the spot that we overwrote before and we had to basically replace it and use it for our own sake is there any boot time security other than the CRC check so do are you able to modify the contents of the spy flash and get arbitrary code execution that way as well so depends in which year you are talking about 2017 2016 so we are talking about the same models of the PLC but in 2017 and 2018 no so you could basically just take out SPR flash or write it and that was fine but if you were overwriting and it caused a halt in the CPU core it would again trigger that anti debugging technology which they have with this watchdog basically but from like frame very integrity verification well basically once you write to the framework is written to the NAND flash but it's just a CRC check some but during the update process no there are some cryptographic check but once it's written no there are some problems which there which again it's a still ongoing work and we don't want to discuss about it but nice cat thank you hi thanks for your talk could you elaborate on your communication with the vendor and the timeline yes so first of all we know about this problem for like one year and a half before we reported to the vendor and the primary reason was that we were using it for some other project this actually this result is actually from a site project rather than the main project because the main project is still something else and it's a still ongoing but from the side of that project we had that access and because we were worried that's reporting to the vendor they can't fix it with software update and then do not allow all other CVEs which we find from this other project we didn't want to eventually at 2019 Thomas Weber wanted to talk about his talk on the like basically this JTAG interface with four core site and then we decided to actually talk about it as well but other than that we actually talk in June icing with Siemens and they confirmed that there is this hardware-based special access feature and they are they say that they are going to remove it and that was it we also send them a write-up for them to read so there is one less question from the signal angel over there yeah so there's another question from the internet if tools like flash ROM doesn't have support for unknown SPI flash ROM chip then how do you usually extract firmware if you don't want to decap chip or use SOIC 8 socket can you repeat it again I didn't get the question did you if tools like flash ROM does not have support for unknown SPI flash ROM chip then how do you ex usually extract firmware if you don't want to decap chip and use SOIC 8 socket so first of all we never actually decap the SPI flash so that's we just did it for the CPU and just because we want we know that Siemens re-labeled their PLC so it's not their own CPU is from Renaissance but that's why we did the decapping so story of decapping setting it aside but from other things so basically there are still this functionality this bootloader functionality which actually lets you read the content of the memory so that's one thing you can read obviously you don't even need that thanks to one of my students we now know that actually you don't even need to take out the bootloader chip we basically can just connect directly in the board and dump the the framework Marcelo that's his name for God's sake he's here actually but anyway so you can just directly read it and yeah I don't think the reading part especially some part of it is protected especially in the recent versions which you can't read everything but besides that I don't think there is any hardware now yet I'm sure that they are working on that and we are working also on something to bypass that so okay that was all next talk is gonna be about delivery robots Sasha in 20 minutes so let's give them a hand for attending