BSidesMCR 2018: Modern MacOS Security by Michael Jack
Show transcript [en]
thank you afternoon guys I hope you're more week after lunch and so I'll make you a new frame on Twitter there so no graduate of Alberta uni and the form of a staffer of the Alberta ethical hacking Society the current proper gaffer is kicking about and I was going to call them out because if you work for a company and have money and you should speak to her about sponsoring our conference or cover up the present at the society we'd love to have you and I would say those marquess and I love cryptography not a cryptographer modern mathematician can barely tell the time most days and by the wall of work with practical deployments of encryption etcetera
etcetera and so unlike parts with worthless talk and there's no we ordained in this talk and we're basically looking at a high-level summary of more than Mac where security and it's turnover and basically what Apple's done and what they've added to kind of higher than the operating system know that it's actually getting some adoption and people might actually care about attacking it so mad props to all of these people and Howard Oakley join us and Levin Patrick Wardle and are absolute forces of nature when it comes to Marc research and Harold Oakley has like two free blog posts a week and perfect world oh you're probably all and familiar with if you've even briefly looked at macquaire
security in the last couple of years Jonathan 11 is currently writing essentially the the Mac OS Bible and it's a trilogy of books and one user why and volunteer nowand and one on insecurities insecurities and get them off Amazon if you're looking at mac OS security or working at Marquess internals it's basically the defender of work and at the moment and he's done a number of presentations and see the Edwards for a walk on ETFs and she's a digital forensics person and from our Hudsons you know Kovac or econ breaking Rafael and the what are three of those all know what Apple do more level security fi security and those are basically the guys who are the masters of EFI on Matt
and Pedro vilaça as well and he's done a lot of stuff and rich Troughton and so anyone in the room that is a Marc administrator or works after like more than like five max because I will buy you a drink because I feel so sorry for you most of this when you're doing research into Mac and your Google and stuff half of it is just mark admins crying because they've changed something and not documented anywhere so I feel for you and if anyone has any questions just shout them out or raise your hand or wherever you feel least weird about doing and probably remind me to repeat them or if I say something and I'm wrong
also show that at me and because I don't know how much time we're gonna have left for questions but we'll see so uh high level look at gatekeeper and why we do encryption on Mac OS and set system integrity protection which is probably and the most kind of fundamental change we've seen in the last couple of years and EFI firmware security and the new t2 chip and the iMac proof and the 2018 might be pros some security tools and then a tool that I've been working on myself so hi Sierra 10:13 like sex as the client release and the new hotness is Mojave probably the second week of September and some of this stuff will cover that and I'll try
and remember to explicitly call it over and but it should be mostly about what is in High Sierra so what is current and just to diffuse this debate so you don't come up to me in the pub we are in show at me about how Windows is better than Matt and Bryan large windows especially if you're on Windows 10 as far more secure than Matt mainly because it's more mature has been in the enterprise getting the [ __ ] kicked out of it by you know every apt Under the Sun for the last you know 10 10 20 years you know whatever and whereas you know everyone that's been using a Mac for the last
tank mostly mostly hawkers so you're not going to know if you're owned in the first place anyway or like RSS right and who's you know hacking photographers and and these types of people right so the adoption has been war so there's you know not a huge amount of incentive for Apple to secure so the the first thing is gatekeeper so gatekeeper is essentially that the arbiter of what you can and can't run them on your system it's basically called sign-in back so anything so by default to run an application on Mac High Sierra has to be called sang by either Apple and Apple again but through the App Store or if you're a third party if you're a third
party developer you have to have a sign-in sir and from Apple but you can still distribute apps out with the the App Store right and it also has a blacklist of known bad stuff that we'll get into and despite the fact that that's kind of movie on the way out so the first part of this way back in like ten point seven ten points X was quarantine so the idea behind us is basically that the the user should give explicit consent before something don't leads from the internet has run on their system so this is not gatekeeper and this is quarantine so basically says you've got this thing as done all this from the internet it should tell you it
tells you where it was downloaded from and when and basically says you know do you want to open this and this worked through excuse me this this is managed through an extended attribute Condor quarantine and you can basically if you're an app developer and your app download stuff like a the main one is a browser and you can basically opt-in to a site in this type to anything you don't want and but applications do need to say no most browsers do and you can probably say in step this so if you're just you know if you're right in just a down order and but that's kind of the the og of gatekeeper if you will so
actual gatekeeper mainly pays attention to code signing no I think there is some stuff of our check and F European really overtly malicious but that's kind of vaguely mentioned by some of the reverse engineers that have looked at us and so I thought that's kind of weekly and it's a non peak blah blah basically so we have no idea what is in the update but presumably it's new information on syrups have been revoked and they've introduced a new thing that's coming in in Mojave called out normalization so the I love slides in this because I kind of forgot a couple of things and like sandbox and because who really needs that but we'll get into
that and the idea of an organization is that you basically upload the app to Apple they scan it for you know some bad bad behavior they don't really tell you how or what that involves and then the authorize it so they attach a whole ticket to it and the idea is that if that app as is then compromised you can just revoke that an organization took it rather than having to revoke the whole em sign-in certificate for that developer right and there's also a kind of different first launch experience with motorized apps as well where instead of seeing and Buono so instead of just seeing this this sort of all - like in sign your get your app
wall go in there right so if you try and run code by default that's unsigned so this is an application called hot turkey if you've got a touch bar it will it will trigger a haptic event every time you touch it which is when you get a new one of a touch bar it's really useful and I just hold down escape unbeknownst to you month away nothing works right and basically just say no and that's not quite the end of the story if you go into system preferences you can you can just override this if I remember rightly as well if you in service double YF quad Kunia if you right-click and click open in the context menu you're you're also
sidestep that's right so it's not the most stringent enforcement in the world but for most people who are not power users and I think the app will think that that is enough so you should be able to see there as well that there are only two options I think as of ceará you can only run up from the app store or from the App Store and from third-party sources but our site so you can still disable this to run to basically be in the off position so HP CTL and software policy configuration and gives you an interface to this so you can do SP CTL tat and master disable and you run all the unsigned code so on
iOS the restrict code sighted enforcement across the West if you're not called signed you don't get to run and your pages and memory have to be called signed blah blah blah now you can enable this on Mac OS but if you use something like homebrew and everything breaks and then you panic until you remember the EMSA CTL variables don't persist across reboots and I hadn't ripped my heart top but you can enable this and things like enabling and enforcing code signing on libraries and that sort of thing right and so you can go around the mess with SS CTL if you wanna and try and harden your map so another thing that's mentioned in there
and that was recently introduced is this kernel extension user consent so no kernel extension sign in or text is enforced and you also have to get explicit approval from the user and through system for efference a--'s right now I didn't have any screenshots for this on Tommo 40 minutes ago when VMware decided there was an update and an update and it gave me this lovely prompt for some screenshots so the first time you try and Ward a text it will tell you this I open system preferences and not too dissimilar to the thing we saw earlier where it just said you know bypass and you will get this alone right so I've not got a section on
sandbox and because I kind of just forgotten sandbox another thing but sandbox on Mac OS is pretty much you know the standard sandbox and you get your privilege separation file system protection and one of the things that kind of stands out with sandbox and em from an apples perspective as this idea of entitlement and is the idea that and instead of like having blacklist and we just disallow everything and if an app wants to do something you have to explicitly opt-in to that right so if you want to have access to the camera or to forwards now you probably experienced this on on iOS and they're bringing the similar sort of system and to marquess with the same
kind of level of enforcement if you want to access to the camera your app us to explicitly define that with an entitlement and and then you get a nice system prompt that says do you want our access to the camera mate and yes or no so on Mac OS this is brokered through system said securing privacy and the privacy but right you've probably seen this before and it's really easy to see what entitlements apps have now for the most part you only be prompted for this when the app actually am tries to use it so an app can have an entitlement for your camera access but if you've never used a part of the app with the that
needs the camera then you won't be prompted for it right so join us and Lavin's 2g2 you can do the same thing with the court that end up good sign - and you're tardy - dump and in tight pack entitlements and but this is just quicker so you can see that the calendar application the in belt one is explicitly explicitly explicitly request an access to the users address book and their location and the calendar itself right and I think it had something else on us yeah so this is from one of our post WWDC sessions and for marquess these are all going to be enforced through entitlements and going from Mojave and going forward right so currently we have
the stuff on the left hand side and you can opt-in so if you're a responsible developer you can opt into using the correct api's and having an entitlement etc and but if you're and you have to do that if you're going to the App Store but if you're distributing on your you just have you know Satan sort of occur and you could bypass this stuff but from Mojave going forward and that is all going to be brokered via entitlements and through the API so if you try and access this by worth the API and you're basically just going to be denied now the stuff on the left-hand side here and it's all going to be
protected and Mojave and going forward and you won't as an application developer you wouldn't be able to access this via the the prompting system right and users are going to have to give you authorization to what Apple calls an application they are or system data right and Mail and Safari browsing history is still available but the rest of it will be protected and by the way right you won't be able to access that and we'll come on to a bit about that when we talk about set later on as well and how that's kind of enforced so perfect Ward are a couple of years ago came up with the idea of dial-up of hijack in which if Keith is taken about
you speak them about DLL injection on Windows basically the same concept and where we just shove some your librarian to the path for selection and we order malicious library instead and so the the solution they came up with us is that and the what they call our path randomization I think is the official title and and the problem that they had is that gatekeeper would only check the signature or the chord sign on the art bundle but if you were packaging your app and a dmg and you can just shove some other random stuff in there that was not so nice and and you the app could basically call that using the relative path and the dmg right so
basically they just pick some random directory on boot and they shove it into em that directory and it's randomized so it can and call out in Colo and water libraries based on Rails path and the other thing they did for this is you can now sign DM G's as a whole so rather than shipping your app with like some other stuff that's unsigned you just sang the whole D and ship that and then called spare Corvair cord sign and verification has done in the on the whole thing right so ex protect is basically the N built kind of antivirus but it's entirely signature based and and hybrid oakley who I mentioned earlier as a brilliant blog
post on with us from a few days ago and speculate about that's longevity going forward so ex protect basically has a massive a couple of files and P list and I are a file that contains signatures for malware the the Apple knows about and if those signatures have on your system and ex protect flags up says you know you've got some malware and in the system tries to remove that with the malware removal tool which I think I have a slide on but pretty simple that's what it says in the ten removes malware right not a whole lot going on there and X protect was the conjure for when Apple said basically no more this outdated
flash or Silverlight a more Java and basically what they would do is that an ex corde David who then the old versions of Java and silver weight even if you're a fan of run them and expert eight would come and stop you to e to update and so that was the the conger fuller so unlike gatekeeper which gets updated weekly M X protect updates are we're far more sporadic and the last update we had four X protect the I was like March and so you know a few good few months ago now and obviously we know that there is new malware that has been kicking about in that time and obviously we would expect Apple knows a trillion dollar
company to build the tracks with trap amalgam right so he basically speculates that they've not be that so there must be something else in the works and that they're going to bring into the place that's right and it's Apple and he'll even document the [ __ ] that they I didn't actually tell you about so there was basically no finding out about the future of this until arrives Murli removal to remove malware pretty simple and so in terms of disk encryption and iOS as kind of the premier the premier platform for disk encryption and we have Hardware back key store and para file encryption and with a PFS which we'll get into in a minute
and you can even encrypt files different sections of the file under different keys and wonderful stuff Mac OS has been lagging behind they used to ship TPMS and Macs and they had TPMS and never used them and they took TPMS out and shoved them in our iPhones and and encrypted up so final volt is the the fde solution as Bensons lion which along our way although um pretty standard stuff here and firewall and the one on windows that walker and they're called fill disk encryption but they're actually not fill disk encryption and technically the volume level encryption right and 128-bit AES and XTS mode and we're not going to get into the cryptography of that but basically a ES and XTS mode is
the standard if you want to do volume encrypt volume level encryption and it's on by default as of El Capitan I believe now is on by default but key escrow is also on by default so you get a recovery key that you can either you know write down and take a picture of em or the OS can shut a copy off to iCloud so that you can sign in to your iCloud account excuse me to unlock your disk and they use pbkdf2 as well and it's pretty good there's no reason at all certified so there's no reason to think otherwise and one interesting thing about firewall is that when you enable it when you reboot
and you boot into the West and it prompts you for your username and password and for the first time you're not actually running on X at you at that point you the the carrier wasn't actually responsible for that you're actually in an EFI environment and the reason that you can tell this and the people that have reverse-engineered if you try and move your mouse pointer around on that screen you probably notice there's much much swarm because the efi drivers and four-pointer interaction are way more simple than what we have in and the Karen all right so that's how an EFI environment that's been designed to work like your normal organ screen that you would get if you just cause the weather
under the sleep resume cycle right so that was volume level encryption with EPF s we now have filesystem encryption so each of s pores that was what we used to have this didn't support encryption by default when the introduced File Vault they also had them to despair what we know as core storage which is basically just not logical volume manager and the rapper of course storages what why with us today encryption on HFS hfs+ now each of s+ dead also support m para file encryption but only through the extended attribute system and so not really a first-class citizen and the original each offense is from like 85 1985 so I guess all that I am and this is also almost older than I
am as well and so they decided that it was about time for something better every Apple device now pretty much runs on flash and unless you buy a marker they're not bathe in like five years and so the cool of APs Oh where's you at the cool of APs and encryption is fundamental and so it's know basically what other people of termina first-class citizen there's para file encryption and there's even other support from what we've had on iOS for a while and called the feasible storage so the idea the idea behind this bian de and with para file encryption you need to decrypt the file metadata so you can get a pointer to the the
by your key so if we encrypt all the file mer they are in one key and in shove it and a special per memory when we want to do like a secure remote wipe rather than front of zero all the flash which is like super you know secure delete on flash is pretty difficult to do what we can do is just go down a level and talk to the man and delete this one key that encrypts the filesystem air they are and if you can't decrypt the file system add they are while they are still on desk and it is completely unreadable because these are all randomly generated mes 256-bit keys and from the key store and it's not in
such a way that the application processor never actually gets to see and the rat the the key in the state the secure Enclave season right and as i've mentioned you can even spare encrypt the same file parts of under different keys and I forget why they need this I think it's something to do with snap shorten and versioning which is also an EP FS so we don't we're gonna skip that slide I think yep we are gonna skip that site and what is that slave so om on EPF s so previously and when I talked about the EFI environment forgetting your password on HFS+ and when you turned on file volt how to convert the whole file system to
core storage and then set up this efi partition so you can watch on loca now on EPF s that's done by default whether or not you're a firewall or not so you should be able to see there that we have an efi partition on the main desk but then inside the AP FS container and you have the the actual source lash so the root filesystem but we also have amp reboot which is basically the environment for you to walk in and for the first time and the standard recovery partition so sir is kind of the the better set or internal affairs root as sort of the biggest change I think we've seen in mark and recently and
they're doing some really interesting things to extend that to third-party applications which we'll get into but essentially it's a hardened and mechanism designed as a part of defense and death right and the introduced in El Cap and tweet prva Martell introduced at WWDC a.m. in 2015 and it basically exists to protect the West while it was aids on the desk and at Rotten time so the idea here is that we reduce the attack surface and by basically women and what root can actually do to harm the system shoot an attacker escalate to root now I'm not a reverse engineer and exploit developer but before enough of them on Twitter you will sudden you will quickly realize that there's a lot of
wall hanging or at least realize we all hang in LPE fruit at local privilege escalations fruit in microwaves right and so limits the power of root pains that was its name rootless and and it basically reduces to a sandbox that runs on the entire system applies to all running apps and processes regardless of whether you've opted it into the to the actual app sandbox right and and you have so there's a file system flag and a process flag basically called restricted so no one Marquess you have two types of objects you have those are restricted which can't be tampered what they're tampered by a tampered with even by root and then everything else which you can
still freely [ __ ] off right so if you watch the WWDC DC session from 2015 what the what M Pierre talks about is that most of us are running single user systems right I actually think I know anyone except my uncle who has more than one user on his Mac right so share it among call Charlie on that one and and most of the time we're all running as admin by M does anyone run as a normal user on their Mac this guy one one two guys okay so you know not great em so do as I say not as I do I'll do that either and I want to type in another username and password every
time and you know and I think we have something else here and yeah and so because because of this it's really easy for an attacker to escalate to root once they get called exec on the box right I mean the simplest way is just to prompt the user and you've probably seen this on iOS as well where the App Store just out of nowhere throws up a thing that says you know what is your what is your password I've performed nothing right and you can basically do the same thing on Mac you know some application wants to make a change to your system get me a root password easy or lpe right and once your root and you know you cuz its UNIX
you're your golden wood right if you want to swap out the character and just pop a new one and that's fine and you know if you want to replace a launch T that's fine if you want to just turn off good sailing yeah fine perfect so and surf is enforced by the Karen or and the belief if I'm remembering this right and it's the Apple mobile file integrity text which they basically just ported over from iOS and which which does this enforcement so this won't save you against Karen or X points fight if you have memory corruption in the kernel and you can just you you will be able to navigate run that's right but the idea
here being is obviously that hopefully and finding bugs and then find an exploitable bugs and actually exploiting them and hopefully that's more difficult to do in kernel and and that as an userland right so the three main takeaways here is that with SAP enabled you can't write to system locations you can interfere with system processes and kernel extensions have to be signed so in terms of file system protection and the stuff on the left is what is protected now there are some caveats to this and there's a configuration file called rootless kampf and within some of these directories and there are individual directories that are an exception so the most that can mean one that you're probably familiar
with as user local and if you use homebrew m or something like GPG tools and they'll install at the user local and I think there's a slide next but these are all marked or restricted flags so when you're doing LS you do a tackle and dump the flags out and the modifications to this it doesn't just apply to the file system if you try and access the block device as well and the kernel will intercept that and prevent the the rate from happening so it's pretty full stack protection right and obviously we have to have some way to write to the system because we have to update the system so these are only installable and again this is this
access is brokered by entitlements so in this case it'll be an apple private entitlements like m condo apple dot private or installer I think is the one M so it has to be an Apple signed and install and signing an apple st. package or the software update mechanism again brokered through entitlements so what are we looking at there I think that's user or is that the sandbox thing ok yeah so basically M system library sandbox there's a file called rootless kampf if we grip and for kernel extension management so in rootless comm some and directories will have a target at them and that basically signals em if you have I think that is our entitlement and
things so if you have a entitlement to see that you can be a kernel extension manager then you're allowed to write to these locations and it's either that or they're just descriptive tags to remind Apple engineers but the grants from that and so you can see the system library extensions is in there and for the system library caches cord or Apple docx docx cashes is in there well then there's a star that covers the next two directories so those two of the star next to them are not set protected but the text or caches so if we run the extended attributes to and West them off for that MKX Takahashi's file we see that it's got the condor our portal
rootless and extended attribute and the tag saying what sort of service that's extended to right now the directory extensions isn't protected by set right there's no restricted flag there although it does have the system unto each flag set but every file within that directory is protected by SEP right so I've picked the sandbox kext and you just have to take my word for it that all those texts are protected by sir and these flags are not sticky so you can quite happily and copy paste the text out of there dumped onto your desktop and and it won't then be protected by SEP em on your desktop right so you can still take system binaries and you know
get them out and do things with them so slash user a for trying touch a file and there even a pseudo l-29 without operation drop into user local which as we discussed earlier is not protected by SEP and wets me right without any problems and so sir also protects the West one time so the main thing here is you can attach if a debugger you can't D trace and you can't tell so you can issue the Cal command but system D will basically just start the process back up instantaneously and again these run with a restrictive flag or they'll have a restricted section header on the binary and you can't do stuff like fork and exec so if you try
and fork a protected process and take control the child process sep will just reset the macports and you won't be able to control that child and all of the dial-up and environment variables are ignored so you can't just eject and random libraries or whatever into those processes now obviously this pros this poses some problems like if you're a Karen or extension developer and or you just want to like do stuff to your system and they've taken I consider what a power away from us so we have to build to configure this somehow and csr so configurable software restrictions utility and as the way we go so the circuit configuration is stored an NVRAM env rama's itself or right into NVRAM as
itself protected their bicep and the configuration is persistently stored in there and the next slide so if you if you try and read so that the variable and NVRAM and csr act of corn effect no I think from my test and what I've seen is that previously CSR active conflict would be say even with SEP enable but it seems know that that variable only exists if you have our custom configuration and wiki that so the the behavior I think now is that it's not say and if it's not set the system just assumes sup is enabled with field protections and the other thing years of the state is protected across installs so you know if you install a new ace is
still going to be there and unfortunately kind of if you have multiple installs of ceará and the BR you're the Mojave BIA and on hardware supplies to all install the races right because of the configuration stored at NVRAM and we only have one nvm so pretty simple csru top stars will tell you you know if you're all good and obviously you can't just do CSR util disabled from userland and because that would K that defeat the point of the whole thing right you have to boot into the recovery us or reboot command R and this is a syphilis environment little wait you can figure that pretty simple so you can enable set and you can enable set with certain
things selectively disabled now this is undocumented behavior for the the utility and and it will tell you that but you can still yeah undocumented argument that's really small and you can still disable stuff sorry oh that's super Archer Jesus anything hit me one of these and you can still enable it with stuff like K exciting disabled so if you are a kernel extension developer I don't just want to run around if a naked Mac you can still enable most of set but turn off the requirement for K X sign and write em or or whatever dtrace debug I mean these types of things but now already that's good so and interestingly and Mojave they're bringing and sort of pseudo set
to third-party applications so apples M market for it as enhanced runtime and basically I think ever sleepless yep so that's good that's what was useful Beasley this is an optin thing and it gives you binaries and processes and similar to status to the system binaries that are marked as restricted very so stuff like cold sided enforcement and all executable pages and may only have to be signed and all libraries etc have to be silent frameworks so there there's an entitlement so you use entitlements to opt out of these if you need them certain things so you can for example there's an entitlement to have library site by anyone else in your team but if you want to run like a third party
library and you're after then Wheatly disabled chord sign or use that entitlement M can't be debugged can't act as a debugger and interestingly if you're running with the enhanced one time if you've not am explicitly declared that you need access to and the camera or any of the other protected resources if you're enhanced one time up tries to access this resource the system will just instantly kill the app it won't even prompt the user for when you can give you the user that the prompt dialog right it will just kill your app so it's basically set em for third-party apps and and it should be you know pretty useful for harden stuff like password managers these types of things
and security sense of applications and it's all brokered via the same sort em same system in the kernel and so again you're gonna need a carrot that care and I exploit to subvert this so I think this is the only section we are talking about other attacks because there are some really interesting stuff in terms of firmware attacks and if you watched em Gelinas camp member named Nellie the earlier it was talking about the horse pool security and she showed the video of the guy with the USBC cable plugged into the Mac and it starts doing some stuff and if I start running up a DME attacks someone threw something at me and getting rid of the magnetic MagSafe
and just half an Us PC and was not a great idea in my opinion interestingly the cable that they ship you if your Mac is charged only so that's their solution to that I just don't have a data cable and to plug it into some dodgy charger but anyway guys then so since they went to Intel from PowerPC in like 2006 Apple is running EFI which is based on the UEFI standard but Ark will be an apple and it's not like anything close to the UEFI standard as we know it it's some Apple custom version of EFI and so this is basically what replaced by off so if you're not familiar of at EFI and this is what takes your
system from when you're at the power on button to Boonton em all the all level stuff set in the heart of it up to boon to the care and all running through the kernel and then dropping you into your user lines right so this sense all this up this is the fight nation so tremolo Hudson so this is to tax so they set the second one has a large improvement on the first and work based on at what the might from Al Hudson as you know clover and quarry kallenberg and presented a CCC in Germany and the same surly thunderstrike one is a EFI boot via Thunderball adapters and ThunderStick two is an EFI boot cat worm via software
and then there's like a bonus one where you can route cat efi from user 1m but we'll get into that so when Tamar was looking at how Apple does EFI he basically realized there's there's normal TPM right there's no hardware back trust so the software check out the PLM software and as it turns out which is a simple crc32 and so you can make changes calculate a new CRC and you're good to go so the blast tool is used to apply a new firmware updates and after an update is blessed you have this recovery mode boot where it's a special type of boot so the new EFI firmware can be ordered and written to flash and an interesting
thing about this is that these things called option roms which are basically like drivers that you can like ship with like a fundable device to extend the functionality of that they will be awarded at the same time and because you're doing a flash update the flash what don't bets aren't said so you can just write to flash so if your option ROM is malicious it can just write to efi and you've got a boot cut pretty set and so I should mention that his work was based on earlier work by a guy called snare and DEF corner blackhat in 2012 and where he pointed this out like three or four years beforehand and or just dead bug at all opponent so um
Thunder strike two trying to the same thing but they turned into one so you basically get root somehow by just asking the user for a rope or whatever and there is a kernel extension that ships with Mac OS but as an audit called like hardware a direct not text something like that you basically get root would this Karen or module to access RAM and you hook the s3 sleep resume script so the sv sleep resume script is a thing that handles and save and stay and stuff of that when you close the lid and then open the lid back up and mess with that so that it doesn't reset the flash walk don't bets over ATF I search the the
boss that Thunderbolt runs on was a cause the search for a thunderbolt devices and then just write European your optional peeled that does this to the Thunderbolt devices and now when that thunderbolt base gets plugged into another Mac it will do the same thing a boot get that Mac and so on and so forth and now you have a boot cut worm from efi pretty great and the reason that you're able to do this em step three is because the s3 script was just stored unprotected and Ram so once your root and you've got access through and the kernel extensions Ram you just go in there and mess around with that and now you might notice that there is a slight
footnote to that that it's not always necessary to who the s3 sleep resume script and this is blog school is just wonderful and the concept was proposed again by Rafael and Corey m31 c3 so the same year the trommel introduced under strike one mmm and it basically says that all so these are the involves their s3 sleep resume script and not properly said in the flash walk them but now when pebble vilaça was looking into this he was you know messing around for and he noticed that basically you shot the let you open the lid and the West doesn't reset the flash octane this so you just write EFI from user so yeah if I book it from user life
wonderful and so whatever Eiffel was doing there you know pretty pretty not great so they've kind of learn from this they did hire three of those guys I just mentioned so you would hope that you know once they got the men they actually paid attention to them and no that's enough yeah I think yeah so if you have a firmware password set which you should and opposite option wrong execution is just disallowed and by default now there is yep I think that's just a demonstration yep so mode command basically just says if you want to boot another desk that's not the normal boot disk you need the firmware password and there is a thing where you can allow
option or more than but it will still see that option rooms are disallowed so that's kind of broken at the moment but it does require some mad key combination trace and I'm not aware of and in addition to this they added this binary called EFI check and hi Sierra I want to say so basically runs weekly and it basically just checks the integrity of your EFI so the the worldly people are jus wonderful paper on EFI security and Mark ecosystem called apple of your EFI wonderful - wonderful paper and a great presentation at MX toolbar in Argentina and so this runs weekly and it doesn't do any remediation it just says you know if your EFI isn't what's expected over
and fires are report off to Apple so you can run it yourself and pretty easily and this is hopefully what you'll see so this means your EFI is fine and Tramel did go back and run thunderstrike and this dead catch it although it does caveat that with you know Thunderstrike was not trying to do any hidin or obfuscation so interestingly efi check doesn't work on t2 max so even after you would the kernel extension and it just doesn't work so there is an interest and post by Jonathan Levin we disassembled or he examines the structure of the bread u.s. empty and there is some mention of the efi utils which is another thing but i would
speculate that they've moved efi checked into the the t2 which will come on to that we actually wonderful so the t2 is basically an application core processor a security core processor that's an iMac Pro and the 2018 MacBook Pros with touch bar it's a repurposed a10 runs arm 64 and doesn't have some of the normal security stuff running on it and we would expect no sorry does have some of the security stuff like mmm Apple mobile file integrity and which is being speculated that it could later be opened up to the third-party use but what this basically gives us is real fool disk encryption and secure boot on a map which is wonderful it also handles
the system management or the audio control and the SSD can for an image processing so they basically consolidate a bunch of stuff into mmm I might throw a macro touch bar so secure boot is quite interesting because on iOS Apple has the ability to basically signal which versions of iOS they kind of trust by not signing the updates anymore so you can downgrade to an old version sans exploit or unless a porcine in it and secure boot essentially introduces us to Marquess right so if you are on full security and it will ensure the west as signed and trusted by Apple so I've no idea how that is going to actually point out because we've only
had and 10.13 dot sex so we've not actually seen this movie here and so basically if it's not if it can't be verified reach out up or get a new verification information and effort still can't be verified and it will reconstruct it'll prompt you to and run the install and reconstruct the brook and stuff medium-security does the same thing but as long as it's just trusted by Apple then you're fighting so any old version that's previously been signed is fine and you have no security as well right this works with Windows as well if you've got boot camp so you get an secure boot for Windows which is pretty nice and so I mean I have five
minutes left perfect pay them and disk encryption now is real disk encryption so because the t2 is the SSD confor and all data is encrypted via the t2 before it touches the flash and you have a winding speeding trip ship as well so basically there's no performance and even if you don't have firewall enabled the t2 is still encrypted everything before it hits the flash so now we have the exact same disk encryption as what we have on iOS and on max of t2 chips and and this is obviously wonderful because now we have a hardware of trust for decrypt encrypted data we had something similar with the t1 but for the SSD this is
proper and through this contraption right and in theory I think this should also defeat some of the cold attacks because the T to the the keys will never be in RAM because there will be in the RAM of the t2 and the application process are similar to iOS should never see these keys and so I'm just gonna skip this bit because I'm running that time but basically Patrick Wardle makes excellent tools and you should go out a look at his website for them and I'll run antivirus some of that I know anyone who even makes decent anti-virus for Mac that be worth running and hasn't that the base TV in the world I have heard
that does it even vomit Mac that is impressive and so I've retina two recently called my muzzle Mac OS walk down based on Patrick waddles know defunct too this is wetland bash as was written in Objective C and I was going to do them over but out of time so I'm just gonna hock my wares here and you can go get it off github I just pushed the writ the we s release about an hour ago and basically just audits so tells you if security settings are enabled and if they're not and you can run faxes and you can do individually and I thought I have time for questions but we can certainly discuss all of this hello so
the cuny for free minute spa will certainly be in the public eye and I will have margaritas mainly margaritas and that's jeans from the start so this guy I mentioned earlier is now arrived so does anyone have two and a half minutes worth of questions this man yep
well I thought we would kind of be here by now after that that big deal with IBM but it seems like they've kinda done the thing that was maps where they said we're not gonna bother with this public transport nonsense some third-party app developer app developer can come in and do it so I think they've just left at the jump pretty much and they are their forums are a goldmine of mock admins crying basically because they don't document anything I mean it's quite impressed about you mean they must have to try internally to just not document stuff like there's broham I'm just interested in understanding how yours almost all differs from say SS cat Pro
which is the Center for in their Security's own security auditing tool so much there's probably much better written and so I've actually never heard of that but I imagine that it probably caught a pointy excuse the same commands and but there's probably much more stable than maintenance and not about scripts so
just wanted to know what you thought of the COS and lockdown benchmark you come through in if you've got any comments on it and no I'm not toy
Related talks
39:16
42:21
46:25
47:26
46:12
48:32