HPE iLO5 Firmware Security - Go Home Cryptoprocessor, You're Drunk!

Presented at Black Hat USA 2021, Aug. 5, 2021, 11:20 a.m. (40 minutes).

At the core of HPE Gen10 servers lies the Integrated Lights Out 5 (iLO 5) out-of-band management technology. Coming with new hardware and software, it introduced a cornerstone feature described as a "silicon root of trust". When you are not designing your own hardware and security (as Google with its Titan security module for example) you have to rely on the manufacturer of your equipment to provide you with best-in-class security. In such a situation, the iLO5 chipset is both your first and last line of defense.

At the start of 2020, we observed that the new HPE iLO5 firmware (versions greater or equal to 2.x) would come as an encrypted binary blob; now deterring any efforts of public scrutiny by the cyber-security community. That is why we decided to perform a complete review of the encryption mechanism and to analyze the security implications of the new firmware packaging.

This research led us to completely reverse-engineer the new encryption mechanism, the new boot chain, as well as the cryptographic co-processor this feature relies upon. To extract the encryption keys from the system-on-chip (SOC) we exploited software vulnerabilities, both old ones and a new one we discovered and reported during this study; we also discovered and investigated the presence of an unknown debug port (presumably JTAG) on the motherboards of one of our servers (MicroServer family).

Finally, we will demonstrate the impact of these new findings in operational environments. Based on new knowledge, we developed an exploitation script to recover the clear text credentials of all the accounts on the iLO5 system, directly from the host operation system. Placed in the context of a motivated attacker this would allow a very fast and efficient lateralization, possibly crossing production and administration networks segmentation.

What are the lessons learned of this new feature and analysis and how much trust can we put in the HPE iLO 5 secure element technology? Is it still possible for a motivated attacker to intercept the delivery of a server and implant a backdoored firmware in it?


Presenters:

  • Alexandre Gazet - Senior Security Engineer, Airbus
    Alexandre Gazet currently is a senior security engineer at Airbus Security Research Team after having previously worked as a senior security researcher at Quarkslab. He specializes in reverse engineering, low-level and embedded systems security. He has spoken at security conferences worldwide, including Black Hat USA, REcon, Hack In The Box, and SSTIC. He is also a co-author of the reverse engineering textbook, Practical Reverse Engineering: x86, x64, Windows kernel, and obfuscation, published by John Wiley & Sons.
  • Fabien Périgaud - Reverse Engineering Team Tech Lead, Synacktiv
    Fabien Périgaud is now the RE team Tech Lead at Synacktiv after having previously worked as a reverse engineer at Airbus Defence and Space Cybersecurity. He is mainly focused on reverse engineering and vulnerability research, with a specific enthusiasm for embedded devices. He has spoken at security conferences worldwide, including NoSuchCon, Recon, SSTIC, ZeroNights, and Insomni'hack.
  • Joffrey Czarny - Red Team Lead, Medallia
    Joffrey Czarny is a red team leader at Medallia, Security researcher and VoIP hacker at night, Ambassador of Happiness and Healthy Living. Since 2001, he is a pentester the red teamer who has released advisories and tools on VoIP Cisco products, Active Directory, and SAP and he has spoken at various security-focused conferences including Hack.lu, Troopers, ITunderground, Hacktivity, HITB, SSTIC, REcon, and Black Hat Arsenal.

Links:

Similar Presentations: