OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 12:17 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Attacking VMs
PostPosted: Fri May 30, 2014 10:36 am 
Offline
Member
Member

Joined: Sun May 26, 2013 10:12 am
Posts: 65
Hello,
I am reading about http://en.wikipedia.org/wiki/Blue_Pill_(software)
So I was thinking about what will happen, if anybody will blue-pill VM with own virtualized mapping of BIOS and SMM.
Can I run my own SMM code in virtual machine?
Was the VM escape fixed?


Top
 Profile  
 
 Post subject: Re: Attacking VMs
PostPosted: Fri May 30, 2014 11:35 am 
Offline
Member
Member
User avatar

Joined: Wed Mar 21, 2012 3:01 pm
Posts: 930
What are you up to, lopidas? Your interesting in SMM is worrying.

You seem to have misunderstood what Blue Pill is. It's not a way to escape a virtual machine, it's a method for rootkitting an existing installation of an operating system by running it inside a virtual machine, in an effort to be as reliable and undetectable as possible. If you are able to control what a computer boots, you might as well just boot your own operating system, which would give you just as much control. The purpose of a rootkit is to hide its presence for from the user, they can't do more than a normal custom operating system can. This is not a bug, as such, the bug is whatever allowed the installation of the rootkit.


Top
 Profile  
 
 Post subject: Re: Attacking VMs
PostPosted: Fri May 30, 2014 11:42 am 
Offline
Member
Member

Joined: Sun May 26, 2013 10:12 am
Posts: 65
But the attack relies at being able to escape the virtual machine, if I understand it right.


Top
 Profile  
 
 Post subject: Re: Attacking VMs
PostPosted: Fri May 30, 2014 11:53 am 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8561
Location: At his keyboard!
Hi,

lopidas wrote:
But the attack relies at being able to escape the virtual machine, if I understand it right.


If I remember right; it was a 2 part thing. First part is to exploit massive security holes in an OS to get CPL=0 access, then use that to install the VM (to prevent rootkit detection).

As a way to prevent this, most firmware has an "enable/disable hardware virtualisation" setting now (so it can be disabled if/when you're not using virtualisation). Sadly, very few systems have an "enable/disable massive security holes in the OS" setting, which would've been preferable. ;)


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
 Post subject: Re: Attacking VMs
PostPosted: Fri May 30, 2014 1:09 pm 
Offline
Member
Member

Joined: Sun May 26, 2013 10:12 am
Posts: 65
I can control my kernel to get to ring 0 :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Majestic-12 [Bot] and 31 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group