I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable. - ThreadSky

filippo.abyssdomain.expert • 334 days ago

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

Reposted from Filippo Valsorda

This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.

Looks like this got caught by chance. Wonder how long it would have taken otherwise.

Comments

filippo.abyssdomain.expert•334 days ago

The payload is extracted from the N value (the public key) passed to RSA_public_decrypt, checked against a simple fingerprint, and decrypted with a fixed ChaCha20 key before the Ed448 signature verification.

filippo.abyssdomain.expert•334 days ago

RSA_public_decrypt is a (weirdly named) signature verification function. https://www.openssl.org/docs/manmaster/man3/RSA_public_decrypt.html

(Why "decrypt"? RSA sig verification is the same op of RSA encryption. 🤷‍♂️)

filippo.abyssdomain.expert•334 days ago

The RSA_public_decrypt public key can be attacker-controlled pre-auth by using OpenSSH certificates.

OpenSSH certs are weird in that they include the signer's public key. OpenSSH checks the signature on parsing. https://github.com/openssh/openssh-portable/blob/281ea25a44bff53eefb4af7bab7aa670b1f8b6b2/PROTOCOL.certkeys#L207-L219

filippo.abyssdomain.expert•334 days ago

Here's a script by Keegan Ryan for sending a custom public key in a certificate, which on a backdoored system will reach the hooked function.

https://gist.github.com/keeganryan/a6c22e1045e67c17e88a606dfdf95ae4

filippo.abyssdomain.expert•334 days ago

Apparently the backdoor reverts back to regular operation if the payload is malformed or the signature from the attacker's key doesn't verify.

Unfortunately, this means that unless a bug is found, we can't write a reliable/reusable over-the-network scanner.

filippo.abyssdomain.expert•333 days ago

To clarify, by “gated” I mean it takes the attacker’s private key to use the backdoor (it’s NOBUS); by “unreplayable” I mean that even if we observe an attack against one host, we can’t reuse it against another host (the attacker’s signature is bound to the host public key, but not to the command).

ebolyen.bsky.social•334 days ago

Would there be a timing difference between the malformed payload and signature verification? (I'm assuming both of these branches are novel to the injected code.)

justingarrison.com•334 days ago

Does that mean there’s no PoC exploit code available?

magik.net•334 days ago

Isn't failing preauth still much slower when running the payload? If one has scanned the internet trying to auth with all open ssh servers and recorded how long it took for each, then subsequent scans showing much slower auths would tell you that those hosts are running this exploit.

dims.dev•333 days ago

apparent kill switch? https://gist.github.com/sgammon/ec604c3fabd1a22dd3cdc381b736b03e

rya.nc•334 days ago

Timing attack?

ihaquer.bsky.social•330 days ago

Because RSA is just a public-key-encrypt private-key-decrypt (or vice versa) alg. Signature verification is just a RSA decrypt of some "regular" message digest (like sha512)

filippo.abyssdomain.expert•330 days ago

No, that's the thing, signature *verification* is a RSA *encrypt* of a (formatted) message digest. Notice how signature verification uses the public key, not the private key.

ihaquer.bsky.social•330 days ago

mainly due to (h^e)^d = h^(ed) = h^(de) = (h^d)^e

So sort of definition, what is called "decrypt" and "encrypt"

ihaquer.bsky.social•330 days ago

A private key of a key pair may be used either to:
Decrypt a message only intended for the recipient, which may be encrypted by anyone having the public key
Encrypt a message which may be decrypted by anyone, but which can only be encrypted by one person; this provides a digital signature.

ihaquer.bsky.social•330 days ago

the API has always been symmetric at the openssl level, look here:

struct rsa_meth_st
{
const char *name;
int (*rsa_pub_enc)(...);
int (*rsa_pub_dec)(...);
int (*rsa_priv_enc)(...);
int (*rsa_priv_dec)(...);
...

ihaquer.bsky.social•330 days ago

In openssl nomenclature it is a lol. mathematically speaking it is an encrypt using the public key. Probably it should have been called RSA_sig_verify() or alike for lesser confusion

rya.nc•334 days ago

I need to go check the access logs for this thing https://rya.nc/ssh-vanity.html

jrknox.bsky.social•332 days ago

Is there someplace we can still download it for analysis?

calestyo.bsky.social•331 days ago

https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27#misc-notes lists a number of places with the tarballs. https://git.tukaani.org/ should contain at least most of the locked github repo (plus already clean ups and Lasse announced he might rebase it to drop the evil stuff). There was also another copy of the github repo, but forgot where.

whitemage.co•334 days ago

Thanks for sharing!

calestyo.bsky.social•333 days ago

Is it already known with certain confidence, whether any version of the backdoor automatically pulled in exploit code from remote on it's own?
IOW, are people that had compromised versions, but whose sshd was either not running or behind a firewall guaranteed to be safe and not further compromised?

filippo.abyssdomain.expert•333 days ago

No evidence of it calling home so far

calestyo.bsky.social•333 days ago

*If*, eventually it could be confirmed beyond doubt, and also that the malware code caused no other infestation of the system and only affected sshd, we might be lucky this time.
- most servers likely run stable versions that weren't compromised
- most laptops have no sshd or at least no open one

calestyo.bsky.social•333 days ago

I'm still surprised though, if they really didn't call home to take full control.

Maybe, though, the adversary wanted to keep this very low profile.

In any case, please keep us informed if there should be any new findings or confirmations, on whether people can feel safe :-)
Thanks!

skibum.bsky.social•333 days ago

It's a wild one indeed! Incredibly lucky that Andres Freund caught it when he did! IMHO, ZeroTrust + defense in depth strategy combined with good anomaly detection and continuous monitoring is probably the only practical option to mitigate risks, and contain any damage from such motivated actors!

pelsner.bsky.social•334 days ago

Yup. Only got caught because someone noticed ssh running slow.
😁

Comments

Posting Rules

Reply