YsummarY, use Tab ↹, Return/Enter and go back (⌘ + ←) to navigate.

38C3 - ACE up the sleeve: Hacking into Apple's new USB-C Controller

YouTube Video

This YouTube video details a security researcher’s reverse engineering of Apple’s Ace2 and Ace3 USB-C controllers. Key points include:

I. Background and Motivation:

  • Previous work on the Lightning connector’s debugging capabilities (Tamarind cable).
  • Apple’s switch to USB-C removed these features, but the new Ace controllers still offer potential vulnerabilities.
  • The Ace3 controller’s location between the main processor and the USB-C port makes it a critical target for gaining persistence. A successful exploit could allow code execution even in DFU mode, bypassing typical system security measures (similar to Checkmate exploits).

II. Ace2 Reverse Engineering:

  • The Ace2 (predecessor to Ace3, used in older MacBooks) is a rebranded Texas Instruments chip with a documented datasheet, making initial research easier.
  • The researcher obtained the Ace2 firmware by physically accessing the chip’s debugging port (initially requiring soldering).
  • The firmware consists of patches to a ROM, making reverse engineering challenging.
  • The researcher developed AceTool to communicate with the Ace chips, enabling actions like rebooting.
  • Firmware updates are protected by RSA-3072, but signature verification only occurs during updates, leaving a window for exploitation. A backdoor can be created due to the lack of secure boot.
  • The researcher developed ace2dump, leveraging the IOKernelRW kernel extension to bitbang SWD over GPIOs for firmware extraction, eliminating the need for physical access. This also allowed the creation of taming-kernel, an open-source OpenOCD driver for bitbanging SWD.

III. Ace3 Reverse Engineering Challenges and Successes:

  • The Ace3 is undocumented and used in iPhone 15 and M3 MacBook Pros. The lack of documentation and the difficulty of accessing the hardware on the iPhone 15 led the researcher to focus on the MacBook Pro.
  • Initial attempts to use the GPIO SWD attack failed due to unknown GPIO pinouts; brute-forcing was attempted but unsuccessful.
  • Physical access to debug ports on the MacBook Pro allowed confirmation of suspected GPIOs.
  • Flash dumps revealed patches, not the entire firmware. High-entropy regions indicated encryption keys or hashes.
  • A side-channel attack using an SDR and EM radiation was developed to find optimal timing for fault injection. Using the chip select line as a trigger improved signal alignment.
  • The researcher used electromagnetic fault injection (EMFI) to achieve code execution and read the firmware. A cheap EMFI setup was eventually used to avoid damage to the expensive MacBook.
  • After numerous attempts (and a destroyed CNC machine!), the researcher successfully patched the USBW command handler to read out firmware from the Ace3’s RAM.

IV. Conclusion:

  • The researcher successfully dumped the Ace3 firmware using fault injection, highlighting the vulnerability of even seemingly secure components.
  • This demonstration highlights the effectiveness of combining reverse engineering, side-channel analysis, and fault injection to compromise embedded systems.
  • The project emphasizes the cost and time involved in this type of research.

The presentation is highly technical and focuses on the intricacies of the reverse engineering process, including the tools and techniques employed. The researcher also shares humorous anecdotes about the challenges encountered.

Next: nothing is going to change
Prev: CHINA Suspends Bonds