Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → intel → Xom Switch

intel / Xom Switch

Licence: gpl-2.0

Programming Languages

python

139335 projects - #7 most used programming language

XOM-Switch

(eXecutable-Only Memory Switch)

xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system. It aims to mitigate code disclosure guided ROP attacks. This is is the 1st tool using Intel's Memory Protection Keys (MPK) feature for XOM enabling. xom-switch protects all code modules in the runtime including executable and dependent libraries without requiring source code or heavyweight binary translation/rewriting. xom-switch uses non-intrusive way to intercept program runtime by instrumenting program loader (ld.so).

BlackHat Asia 2018 Description and Presentation

xom-switch could run in Amazon AWS C5 Instance. Try it out!

Fedora 28 will support GOT protection in lazy binding using memory protection keys. Link1, Link2.

Background

Why eXecutable-Only Memory

Protect randomized code.
Defend against JIT-ROP Attack.
Defend against Hacking Blind Attack.

Hardware Support

Software Enabling

Getting Started

Platform Prerequsites

To run xom-switch properly, you need to have hardware and OS support first:

Intel CPU with protection keys feature on, e.g, INTEL® XEON® SCALABLE PROCESSORS AND
Linux kernel 4.9 or later. OR
Use VM in AWS, choose Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) and then C5 Instance.

Software Prerequsites

xom-switch requires two tools:

common tools: bc, binutils, gcc, python 2.7
radare2 (v2.3.0): a static binary analyzer, which could be found in here

Components

xom-switch consists of three modules:

binary rewriter: a static binary rewriter for x86 ELF binaries.
patch: C code pieces (see tutorial to write your own instrumentation) that will be patched into program loader.
analysis: analyzer/instrumentor of the program loader using radare2.

Patching

install python 2.7 and radare2
patch your loader: src/analysis/patch-loader.sh /lib64/ld-linux-x86-64.so.2 /your/new/ld.so
copy your loader to system dir: sudo mv /your/new/ld.so /lib64/ld-xom.so
patch your libc.so (optional): src/analysis/patch-libc.sh /lib/x86_64-linux-gnu/libc.so.6 /your/new/libc.so

Note: patching your libc allows you to apply XOM to their child processes spawned through execve(2).

Running

apply XOM to your program: /lib64/ld-xom.so /path/to/your/program
apply XOM to your program and its children: LD_PRELOAD=/your/new/libc.so /lib64/ld-xom.so /path/to/your/program

License

This code is published under GPLv2 version.

Project Status

This code is for demo purpose only and the status of code is beta.

Know Limitation

xom-switch has known limitation in the following cases:

When binaries has data embedded in the middle of code, xom-switch may crash. To avoid that xom-switch has a white list embedded in code. see
Since code modules (exe and libs) are not compiled with XOM support, there would be at least two code pages (the 1st and last code page) for each module where code and data co-exist. xom-switch avoids the issue by marking them as readable and executable. In the future, we will solve that using static analysis.

Task List

[x] Support CentOS 7.2.
[x] Support CentOS 7.4.
[x] Support Ubuntu 16.04.
[x] Support Ubuntu 17.04.
[x] Support simple instrumentation like function interception.
[x] Support Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) C5 VM.
[ ] Adding page fault handling to let go legitimate data read.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 51

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (1) 🔗