Monday, October 10, 2016

DMA attacking over USB-C and Thunderbolt 3

I just got an Intel NUC Skull Canyon that has an USB-C port capable of Thunderbolt 3. Thunderbolt is interesting since it's able to carry PCI Express which is Direct Memory Access (DMA) capable. I have previously demonstrated how it is possible to DMA-attack macs over Thunderbolt 2 in my DEF CON talk "Direct Memory Attack the Kernel".

To attack my MacBook Air in the DEF CON demo I used a Sonnet Echo ExpressCard Thunderbolt 2 to ExpressCard adapter together with a PCILeech ExpressCard.

I also got a Thunderbolt 3 to Thunderbolt 2 adapter from Startech and I wanted to try it on the NUC to see if it's possible to use it for DMA attacks, or if Thunderbolt has been secured. The setup looks like this: NUC -> Startech TB3 to TB2 adapter -> Sonnet TB2 to ExpressCard adapter -> PCILeech ExpressCard.

There exists a BIOS setting for the Thunderbolt Security Level. The default setting is Unique ID. The other possible security levels are Legacy Mode, One time saved Key and DP++ only. The Legacy Mode is of special interest when it comes to DMA attacking.
Thunderbolt Security Level in BIOS - Unique ID is the default.

Thunderbolt 3 with Unique ID (Default)
It was not possible to access memory before the OS started - when the computer was still in BIOS/UEFI mode. The PCILeech device wasn't initialized at all.

It was not possible to access memory in Linux. Ubuntu detected that the Sonnet Echo ExpressCard adapter was connected but there was a lot of error messages; probably due to lack of driver support. No driver was installed in this test.
Error messages when connecting the Sonnet Echo ExpressCard adapter to the Startech adapter.
It was not possible to access memory straight out of the box in Windows 10 with the Unique ID Thunderbolt Security Mode. Windows 10 first didn't react at all to the Thunderbolt devices connected. The devices were then disconnected and the proper Thunderbolt drivers from Intel was installed. When the Startech Thunderbolt 3 to Thunderbolt 2 adapter was connected nothing happened at all.

When the Sonnet Echo ExpressCard Thunderbolt 2 to ExpressCard adapter was connected Windows popped up a prompt asking to approve the adapter. Administrative privileges was required to approve the Sonnet Thunderbolt 2 to ExpressCard adapter. It seems like the Thunderbolt 3 to Thunderbolt 2 adapter from Startech is transparent in this setup - while the Sonnet adapter is not. The Sonnet adapter was approved by the logged on administrator.
Approve Thunderbolt Devices administrative box.
After the Sonnect Echo ExpressCard device was approved the PCILeech device was inserted into the Sonnet adapter. Windows did not react at all. The PCILeech device was working. It seems like if the Thunderbolt Security Mode set to Unique ID and do have a Sonnet adapter approved you are at risk for DMA attacks even though the PCILeech may never have been connected to the system previously.

On the other hand if you are just running Windows 10 and never connected a PCI Express adapter, like the Sonnet Echo ExpressCard, you should be secure.

Thunderbolt 3 in Legacy Mode
Just like previously it was not possible to access memory before the OS started - when the computer was still in BIOS/UEFI mode. The PCILeech device wasn't initialized at all.

Dumping memory over Thunderbolt 3 is working perfectly on a locked Ubuntu 16.04 LTS provided that the Thunderbolt Security Level is set to Legacy Mode in the BIOS settings. If Thunderbolt security is set to Legacy Mode just plug in the PCILeech device via the adapters into the Thunderbolt 3 port in the NUC and start dumping. It's as easy as that. No drivers are required on the target system. In the example below the adapters and the PCILeech device was connected to the Linux system for the very first time.
Dumping 32GB memory over USB-C/Thunderbolt 3 on Ubuntu 16.04 LTS.

Accessing the memory of a Windows 10 system also works if the Thunderbolt Security Level is set to Legacy Mode. It is possible to access the memory of a Windows 10 system by just plugging in the adapters and the PCILeech device - no drivers are required on the target system - it just works! There was no need to install the Intel Thunderbolt drivers in order to access the memory.
Windows 10 system shell spawned over Thunderbolt 3.

Other
The setup was incompatible with the other two remaining Thunderbolt Security Levels.

Not all USB-C connectors support Thunderbolt 3. 

Conclusion
The default Thunderbolt security settings are secure - unless you approve a Thunderbolt to PCI Express adapter like the Sonnet Echo ExpressCard.

Also set a BIOS password to prevent an attacker to change into Legacy Mode without you noticing.