SWAP: NSA Exploit of the Day

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:

SWAP

(TS//SI//REL) SWAP provides software application persistence by exploiting the motherboard BIOS and the hard drive's Host Protected Area to gain periodic execution before the Operating System loads.

(TS//SI//REL) This technique supports single or multi-processor systems running Windows, Linux, FreeBSD, or Solaris with the following file systems: FAT32, NTFS, EXT2, EXT3, or UFS1.0.

(TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS and TWISTEDKILT to write the Host Protected Area on the hard drive on a target machine in order to implant SWAP and its payload (the implant installer). Once implanted, SWAP's frequency of execution (dropping the playload) is configurable and will occur when the target machine powers on.

Status: Released / Deployed. Ready for Immediate Delivery

Unit Cost: $0

Page, with graphics, is here. General information about TAO and the catalog is here.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Posted on February 6, 2014 at 2:07 PM • 32 Comments

Comments

4g5nk54jgn54kjnFebruary 6, 2014 2:44 PM

You can dump the code using a driver or real mode OS.

FYI it's BIOS code that sets the HPA registers not firmware ROM. It may be possible to do it from the ROM backdoor though through intercepting and injecting ATA register calls.

I also wonder if NSA and Computrace have any deal? Computrace implants BIOS rootkits at the foundry on a lot of units..

At least it's not another boring PCB, although the radar and sonar PCBs were interesting..

Jon CFebruary 6, 2014 3:18 PM

The NSA is a joke, it would be easier to make a list of all the things they haven't exploited yet... Another day, another exploit I guess...

DFebruary 6, 2014 3:32 PM

On the Solaris side given the above info it appears it must be Solaris 10 (or earlier) on x86. SPARC systems don't have a BIOS and system with Solaris 11 don't use any of the listed filesystems as the root filesystem since they use ZFS.

3kjfn3kjfnFebruary 6, 2014 5:19 PM

I know there are partial lists of all these kids, but why isn't anyone maintaining a complete list? It's all pretty interesting stuff even if it is old and like low-classification..

FigureitoutFebruary 6, 2014 6:49 PM

3kjfn3kjfn
--Uh the leaksource.wordpress blog Bruce links to, top link is a "complete list" so far. There's no bluetooth one so it's still hidden, criminals use it at pay terminals daily too. I'm waiting on all the GSM ones, Typhon HX, Nebula, Genesis, EBSR, Candygram, and Picasso.

We also need simplified tutorials for dumping code, kind of interested in this at the moment, especially boot sequence. Found a few "unknown ID's" in PCI devices in a computer I just left lying around in my house, errors at RAM addresses, and one tool didn't mince words w/ "YOU HAVE A VIRUS RETARD", ok not the retard part. Annoying b/c I need to get deeper to see if malicious or just malfunctioning or normal. Plus these tools couldn't find a simple BIOS pw, it was way off, so maybe not the best tools. 2 of them I wanted to turn into air-gapped pc's would likely run the SOMBERKNAVE exploit and my basement has huge windows for even IR comms lol.

It's kind of fun to hunt malware and nullify it, but it's annoying when detection tools get physically tampered.

DBFebruary 6, 2014 7:32 PM

When oh when will people eventually understand that open source is the only way out of this mess. Fully open BIOSes, fully open hard drive firmwares, open hardware designs, and fully open source operating systems. All governments can coerce all closed systems to be compromised very easily, whereas open systems have the world's eyes watching and it becomes much harder for them to do that covertly and secretly.

Also simpler is better and more secure. Just as an overly complicated financial system supports fraud, so also an overly complicated hardware/software system advances "Swiss cheese" security.

65535February 6, 2014 8:29 PM

@ 4g5nk54jgn54kjn

You raise a good question. I have always suspected that “lowjack” enabled computers call home no matter what type of AV you have on them. These things are persistent. It would be interesting to know if Computrace is in bed with the NSA.

I see that the implant again requires remote access (SMM or iAMT ?) or “interdiction” to be viable. I notice that ext4 file system is not on the list.

“Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS and TWISTEDKILT to write the Host Protected Area on the hard drive on a target machine in order to implant SWAP and its payload (the implant installer). Once implanted, SWAP's frequency of execution (dropping the playload) is configurable and will occur when the target machine powers on.” –NSA

Next, I have seen a computer (Core 2 Duo) with the iAMT lockout and Deepfreeze applied (XP Pro SP3). When it is booted a red x is located on the LAN icon and a blue check mark. The machine can run and get to the internet – but it flushes all added files upon reboot.

I wonder if this setup will stop “Swap” or any other “persistent” implant (this assumes the machine was clean before the iAMT was turned-off and the Deepfreeze program applied).

4g5nk54jgn54kjnFebruary 6, 2014 9:42 PM

@65535: I remember defeating and reverse engineering DeepFreeze in school in the 90s. It didn't use ATA features, just NT drivers and shadow volumes. I think now days it still uses a NT driver but patches the ATA driver and does out-of-bounds volume caching..

Spaceman SpiffFebruary 6, 2014 9:57 PM

@65535
Regarding ext4 - it is ext2 with a journaling capability, such as is ext3, so it is likely vulnerable as well. At this point btrfs may be safe, but likely not for long, and it is still in beta - not suitable for production systems.

MirarFebruary 7, 2014 2:09 AM

I wonder if NSA has something to do with how hard it is to get a system to boot from btrfs or zfs... :)

AndrewFebruary 7, 2014 4:18 AM

If the NSA ever has funding problems, they can simply build the worlds largest bitcoin mining botnet.

So what is the solution? Might as well set all your passwords to "qwerty" and have done with it!

Perhaps their remit should be expanded to removing all malware (except their own) from the world's computers. At least we would get some benefit to their having access to everything which seems to be the case..

rogerhFebruary 7, 2014 4:22 AM

Would it be possible for malign persons to capture this or similar exploits, reverse engineer and then sell on for malign purposes? If so the implications look a bit worrying. I am thinking of some kind of honeytrap operation.

Snarki, child of LokiFebruary 7, 2014 6:26 AM

@Andrew:

well, if you want a bit of EXTRA security, set your password to "dvorak".

(and yes, I know that's not how the keys are arranged)

domeFebruary 7, 2014 7:53 AM

FBI is collecting every malware, may they want to check what from NSA is detectable in the real world so far?

CarpeFebruary 7, 2014 9:55 AM

So, does anyone know how or of any tools to access the HPA and/or prevent it from being used? What about SSD's? On a side note, obscure filesystems sure are looking more and more promising, such as BTRFS and HAMMER because it feels like they might be one step ahead of the NSA tools.

FigureitoutFebruary 7, 2014 10:41 AM

Carpe
--I second that, preferably open source tools, not something I buy/pay for and then have done by either sending my machine off by mail (interdiction) or just drop off.

I found a little tool I never heard of, Sleuth Kit, which claims can remove the HPA from ATA drives. I haven't used it, just DBAN now and it doesn't wipe HPA so I may try this out.

http://www.sleuthkit.org/sleuthkit/desc.php

I also want tools on other chips too though, maybe binwalk. This guy is good too, found the Dlink router backdoor and he's de-obfuscating firmware:

http://www.devttys0.com/blog/

We need more walkthroughs, thorough and well documented.

65535February 7, 2014 9:12 PM

@ 4g5nk54jgn54kjn

Deepfreeze can be defeated if you have physical access to the machine. But, the new versions are fairly solid. Some people say that Deepfreeze does flash the bios (I don’t know if that is true).

My experience with Deepfreeze is negative. The thaw space is a problem. Newer Deepfreeze editions do what they advertise but DF causes a problem when installing updates and patches. It’s more of a hassle than it is worth.


@ Spaceman Spiff
“…ext4 - it is ext2 with a journaling capability, such as is ext3, so it is likely vulnerable as well.”

I would suspect that they are vulnerable also. I do see ext4 in production servers and they seem to work as expected.

FigureitoutFebruary 8, 2014 7:04 AM

Jones
--Gracias. I'm assuming will work on a Western Digital.

65535
--Yep, motherboard jumpers provide a nice reliable method into your computer and LiveBoots, nothing new there though, just reliable. Some security would be added if each company had some non-intuitive sequence to reset CMOS, or random time limits. So attacker would need to fingerprint the motherboard and research the sequence beforehand...

http://en.wikipedia.org/wiki/Deep_Freeze_%28software%29#Limitations_and_security

Clive RobinsonFebruary 8, 2014 7:50 AM

@ 65535, 4g5nk54jgn5,

There are a number of issues relating to file systems that are often put into "server grade" systems which consiquently flow down into desktop et al systems.

Some problems are benifitial (increase performance) others are downright harmfull such as some types of journalling system used on Flash Media / Solid State Drives.

It's actually very dificult to write a "one size fits all" filesystem and the general solution is throw out features and simplify to the bare minimum with a three level system consisting of an OS API a translation layer and device specific API that talks to sirectly to the hardware. The performance is to be blunt generaly quite bad as well as being fragile in use.

I've done this several times and my advice is if you want,

A, A social life.
B, To sleep at night.

Is don't bother, especialy if your goal is some kind of obsfication. Because you will always have a smarter better resoursed enemy who will get your source code or reverse engineer the runtime (for some older 8/16bit CPUs I used to be able to read understand and debug the disasembler output faster than trying to find then scatch through badly written "high level" source for hardware drivers).

Then there is a second issue "encryption" the big problem is the misconception / misunderstanding of the "Shannon Channel" concept / model. One usually fundemental assumption is that a "message" is communicated across a communication channel either once or is repeated "as is" under a different key. This is just not true for hard drives under normal user use.

You find that to work effectivly the encryption cannot be "bolted on" at any level above the raw hardware level. You have to build it in at each logical container level. So sector level, block level, allocation level, serectory level, drive level, then in the OS directory, user and file levels.

Whilst it is possible to leave out some container levels if --and only if-- the underlying structure is both well known and consistent, it's not if either is not true. Which is the case when you move from traditional elecromechanical /magnetic storage to solid state storage.

EtienneFebruary 10, 2014 10:28 AM

@Figureitout

You cannot remove the HPA feature from a hard disk, that would involve changing the hard disk firmware.
You can usually check the HPA content using an IDE to USB converter, because they are so crap they cannot send the ATA HPA commands to the hard disk, so any HPA limit is not set and you can read the HPA content.
You can do some things with the Gujin bootloader, if the HPA has not been set and frozen by the BIOS, that protects against Windows/Linux drivers wanting to hide stuff in either HPA or DCO.
For UEFI newer boot system, you obviously have to trust your provider.

FigureitoutFebruary 10, 2014 7:20 PM

Etienne
--Hmm ok, well I have some tools to try it. If they fail (or me) then I'll try yours. I have one HDD that I can annihilate. I take it you wrote the Gujin bootloader? You need to get on this wiki page:

http://en.wikipedia.org/wiki/Host_protected_area#cite_note-4

Some NSA exploits uses HPA[4] for application persistence.

Check out the 4th reference lol, those guys are quick! And trust my provider w/ UEFI? Lol good one.

Dave WalkerFebruary 11, 2014 3:34 AM

@D: You're spot on, with your Solaris assessment.

However, the ANT catalogue as released, is pretty old; it pre-dates Solaris 11, and also pre-dates the version of Solaris 10 (Update 4, I think) which introduced ZFS root filesystems. So, at time of publication, all Solaris x86 installations could be compromised.

As well as wondering whether ANT tools have since been extended to cover ZFS (which is increasing in popularity, and is getting traction and support on an increasing number of platforms), I wonder whether the BIOS hacks which enable the persistence of the attack, would be picked up by a TPM in a measured boot.

EtienneFebruary 11, 2014 3:58 AM

@Figureitout:
Yes, I wrote Gujin, but I would not say Gujin aim is to help manipulate the HPA: It tries to do the right thing when it encounters a partition defined over the HPA (did happen long time ago when you had to set the HPA to lie to the BIOS about disk size so that the BIOS would not crash due to too big a disk size), and Gujin tries to freeze the disk configuration (HPA&DCO) before loading Linux/Windows so that nobody can do "bad things" during operating system initialization.
The wiki is quite incomplete about HPA protection by password and few other details, but I do not have the time to complete it now...

FigureitoutFebruary 12, 2014 12:12 AM

Etienne
--Ok, cool. Well, the older tools may work on my older pc I'm trying to uninfect right now. Me & my dad suspected botnet malware; don't know how but a plus is the clock is off so there will be errors in malware comms. However, I assume the worst has been done to this HDD, and the one I'm going to hack to death. I know for fact I have hidden encrypted volumes on the HDD of this PC I'm using now, I lost control of it a long time ago. Basically testing how long this PC will live...Dirty pictures, time to clean this pigsty up.

Clive Robinson
--I mean, it's just 1 malware. I know I'm up against some pretty good hackers and every computer obviously exposed to the 'net is irreversibly corrupted in my view. My only hope is, so many newbs are more interested in java programming than the hard basics of bare metal building and programming, that their "sophisticated" turd java programs won't run on the machine I'm going to build.

On the flip side, taking the my mom's PC which me and my dad couldn't immediately diagnose (that's a longterm project for me now), the "specialists" recommended an entire new motherboard. Prime example that the technology has gotten out of control, and what a waste when I bet I could count on my hand the IC's that failed due to sh*t quality or some powerful virus.

EtienneFebruary 12, 2014 3:44 AM

@Figureitout:
- Clock is off could simply be that the battery on the motherboard is empty.
- For the disk, first check it's SMART status, it may be simply failing physically (try extensive SMART test which can last around 30 minutes). Then put that disk on a IDE/SATA to USB adapter and copy the whole image onto another PC, you are sure the HPA will never be set on an USB adapter. You may simply have read errors, showing a failing hard drive.
- For DCO it is more complex because it can be saved in between power-downs. Still a good indication is if you can see the same number of sectors as is written on the sticker on the hard disk itself.
Gujin (in fact its debugging versions) could help you to dump all the HD configuration just after power-up (no O.S. interactions, be sure to power-on boot and not hot reboot), but because of the amount of data to display you either have to boot DOS from USB to create a debug file named DBG by executing dbgdisk.exe from Gujin (see http://rumorscity.com/2013/12/04/how-to-create-a-dos-bootable-usb-drive/ to boot DOS) or use a serial interface to capture the debug using dbgdisk_com1.img (then you do not need to boot DOS).

FigureitoutFebruary 12, 2014 1:36 PM

Etienne
--Yeah, I know the battery drained from sitting in a closet for years. Thanks for info, the HDD "works", but yeah just concerned about some missing memory...

TenThousandDeathsAndStillDyingFebruary 12, 2014 7:52 PM

I guess nobody has pointed it out yet so let me channel Captain Obvious:

SoftWare Access Persistent = SWAP

Yes Open Hardware would be nice, especially if you could truly verify it yourself without major capital investments. It would not stop network interdiction. It would not save the internet.

And of course the NSA is already profiting both in money and influence through using all these tools at their own discretion no matter how illegal and unethical.

These things should be both obvious and considered proven unless there is specific verifiable evidence to the contrary. If -—by some ridiculous collective failure to live up to human nature— they weren't true yesterday you can bet they're true today now that everyone knows.

Anything else is to intentionally drown oneself in willful ignorance. Things are far worse than they seem but nearly everyone seem to chase for deeper depths of denial. With a nod and a wink an appropriate name for this could be "Freedom theater".

FigureitoutFebruary 12, 2014 9:55 PM

TenThousandDeathsAndStillDying
--Who cares what the word stands for? People trying to change the situation (like me and many others, they're out there) don't assume success and I certainly realize how bad it is...The internet got screwed when companies monopolized each other and now in many locations there are very limited choices for ISP's, which use the infrastructure owned by even fewer companies.

You need to really read up on securing a network, I would say that's a problem to solve after you have a trustworthy computer. Like the infected pc I'm using now, still using it to get information; eventually going to cut it off and start fresh. Nick P could probably really help you out there, Mike the goat too, a network engineer.

The last thing this world needs is another defeatist who's given up. Go cry somewhere else.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..