LoJack / Strontium / Bluehat 18 / F78D2524 / 0xF78D2524

1. Hello everyone! My name is Peter Sherman.
2.  
3. My email address is peter.d.sherman@gmail.com
4.  
5. Here is a series of notes I took in the past to
6. attempt to remove an apparently particularly nasty
7. piece of persistent Windows 7 stealth malware
8. on my HP Pavilion
9. (although, I'm pretty sure I didn't succeed...).
10.  
11. The problem is apparently twofold:
12.  
13. 1) This piece of malware is known by various names/variants
14. 2) 99.9% of the articles on the web DO NOT CONTAIN most of
15. the important information, in ONE PLACE.
16.  
17. That is, you'll get a teensy bit of information here, a
18. teensy bit of information there... and you'll typically
19. get a whole bunch of opinions, many of which trivialize
20. the depth or severity of the problem, and/or are just
21. plain ill-informed.
22.  
23. That is, most haven't done in-depth research.
24.  
25. Advice: DO YOUR OWN IN-DEPTH RESEARCH AND AVOID THE SIMPLE
26. OPINIONS!
27.  
28. Take Mike Abrash's advice and DO NOT ASSUME!
29.  
30. So, without further ado, I present the notes I've put
31. together (thus far) on it:
32.  
33. First off, some of the various things you can search for:
34.  
35. LoJack / Strontium / Bluehat 18 / F78D2524 STOP (0xF78D2524, 0xC0000034, 0x00000000, 0x00000000)
36.  
37. 2019-01-30
38.  
39. * This video seems to be the best one I've seen
40. thus far on how to remove LoJack:
41.  
42. https://www.youtube.com/watch?v=VeoXT0nEcFU
43.  
44. also:
45.  
46. https://www.slideshare.net/MSbluehat/bluehat-v18-first-strontium-uefi-rootkit-unveiled
47.  
48. Related Words/Terms For Further Google (Re)search:
49.  
50. autochk.exe / autoche.exe <- (misspelling intentional)
51. rpcnetp.exe
52. search.namequery.com
53. remotepx.net 103.41.177.43 (old)
54. rdsnet.com 185.86.148.18 (new)
55.  
56. \xd1\x35\x71\x17 -> 209.53.113.23
57. Sednit old domains became Lojax domains)
58. XAgent v3
59. Xtunnel
60. XAgent v4
61. LoJack/LoJax
62. Absolute Software
63. Microsoft Security Response Center (MSRC)
64. Jean-Ian Boutin, ESET
65. Frédéric Vachon, ESET
66. BlueHat v18
67. Strontium
68. ESET
69. RtlInitUnicode(...) // sets unicode string
70. NtOpenKey(...)
71. NtSetValueKey(...) // sets registry key
72.  
73. "Remote Procedure Call (RPC) Net"
74.  
75. \\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager
76. "BootExecute"
77. C:\\Windows\SysWOW64\\rpcnetp.exe
78. C:\\Windows\System32\\rpcnetp.exe
79.  
80. Also, it mentions several tools that seem to
81. appear over and over again:
82.  
83. RWEverything
84. info_efi.exe
85. ReWriter_read.exe ("The first tool that really put us on the right
86. path was this one" -- Tool to dump SPI flash
87. memory content found alongside LoJax sample)
88. IOCTL Descr
89. 0x22280c Writes to memory mapped I/O space
90. 0x222808 Reads from memory mapped I/O space
91. 0x222840 Reads a dword from given PCI configuration register
92. 0x222834 Writes a byte to given PCI configuration register
93.  
94. o Log information on BIOS_CNTL register
95. o Locate BIOS region base address
96. o Read UEFI firmware content and dump it to a file
97.  
98. Reading SPI Flash
99. -Write bytes to be read into HSFC (FDBC = size -1)
100. -Set HSFC to the read command (FCYCLE = 0b00)
101. -(3)Write the address to read in the HSFC (FADDR)
102. -Write 1 to Flash Cycle Go (FGO)
103. -Wait for SPI read cycle completion (HSFS->SCIP == 0)
104. -Read data from FDATAX register
105. LOOP to (3) above...
106.  
107. ReWriter_binary.exe -- slide 51 -- according to authors,
108. this adds the rootkit to the firmware
109. (how exactly?), and writes it back
110. to the SPI flash memory...
111.  
112. Driver Execution Enivronment (DXE) Drivers
113.  
114. o PE/COFF images
115. o Abstract the hardware
116. o Produce UEFI standard interface
117. o Register new services (protocols)
118. o Loaded during the DXE phase of the Platform
119. initialization
120. o Loaded by the DXE dispatcher (DXE Core)
121.  
122. (PDS -- Why does this remind me of the movie "The Net"?)
123.  
124. UEFI firmware layout
125.  
126. o Located in the BIOS region of the SPI flash memory
127. o Contains multiple volumes
128. -Volumes contain files identified by GUIDs
129. -File contains sections
130. -One of these sections is the actual UEFI image
131. -It's more complex than that but it suffices for our
132. purpose
133.  
134. UEFITool is recommended software:
135.  
136. https://github.com/LongSoft/UEFITool
137.  
138. "UEFITool is a cross-platform C++/Qt program for parsing,
139. extracting and modifying UEFI firmware images. It supports
140. parsing of full BIOS images starting with the flash
141. descriptor or any binary files containing UEFI volumes.
142. Original development was started here at MDL forums as a
143. cross-platform analog to PhoenixTool's structure mode with
144. some additional features, but the program's engine was
145. proven to be usefull for another projects like UEFIPatch,
146. UBU and OZMTool."
147.  
148. Apparently in UEFITool, we see that SPI flash memory
149. has a BIOS region, and a ME Region.
150.  
151. (I am not exactly sure what a "Region" is yet...)
152.  
153. One region subtype is "FFSv2"... Google...
154.  
155. FFSv2 seems to be equivalent to UFS2 (Unix File System 2).
156.  
157. It's related to BSD/NetBSD, apparently FFS was created
158. in 1983 for 4.2BSD.
159.  
160. According to Wikipedia:
161.  
162. "In UFS2, Kirk McKusick and Poul-Henning Kamp extended the
163. FreeBSD FFS and UFS layers to add 64-bit block pointers
164. (allowing volumes to grow up to 8 zebibytes),
165. variable-sized blocks (similar to extents), extended flag
166. fields, additional 'birthtime' stamps, extended attribute
167. support and POSIX1.e ACLs. UFS2 became the default UFS
168. version starting with FreeBSD 5.0. FreeBSD also introduced
169. soft updates and the ability to make file system snapshots
170. for both UFS1 and UFS2. These have since been ported to
171. NetBSD, but eventually soft updates (called soft
172. dependencies in NetBSD) was removed from NetBSD 6.0 in
173. favor of the less complex file system journaling mechanism
174. called WAPBL (also referred as logging), which was added
175. to FFS in NetBSD 5.0. OpenBSD has supported soft updates
176. since version 2.9[3] and has had UFS2 (FFS2) support
177. (no ACLs) since version 4.2.[4] Since FreeBSD 7.0, UFS
178. also supports filesystem journaling using the gjournal
179. GEOM provider. FreeBSD 9.0 adds support for lightweight
180. journaling on top of soft updates (SU+J), which greatly
181. reduces the need for background fsck, and NFSv4 ACLs."
182.  
183. (So, what's that BSD-ish thing doing on my PC?)
184.  
185. What follows is copies of the notes from slides in
186. the presentation, but after this there are some
187. additional notes by me about my troubles with
188. Windows XP...
189.  
190. Slide 64:
191.  
192. Parsing the firmware volumes
193. o Parses all the firmware volumes of the UEFI firmware
194. o Looks for 4 specific files:
195. Ip4Dxe (81929601-2880-4659-b857-915a8901bdc8)
196. NtfsDxe (768bedfd-7b4b-4c91-b2ff-6377e3387243)
197. SmiFlash (bc327dbd-b982-4f55-9179-056ad7e987c5)
198. DXE Core
199.  
200. (Note these GUIDs were OCR'd and could be wrong by one
201. by one or more values...)
202.  
203. Slide 65:
204.  
205. Ip4Dxe and DXE Core
206.  
207. o Used to find the firmware volume to install the rootkit
208. o DXE drivers are usually all in the same volume
209. o DXE Core may be in a different volume
210. o The chosen volume will be the one with enough free
211. space available
212.  
213. Slide 66:
214.  
215. NtfsDxe and SmiFlash
216.  
217. o NtfsDxe the AMI NTFS driver
218. o Will be removed if found
219. o SmiFlash metadata are not used
220. o SmiFlash is a known-vulnerable DXE driver
221.  
222. Slide 67:
223.  
224. Adding the rootkit
225.  
226. o Creates a FFS file header (EFI_FFS_FILE_HEADER)
227. o Append the Rootkit file
228. (See slide for screenshot)
229. ((Note, there's a GUID here, starts with
230. 682894B5...)
231. o Write it at the end of the DXE drivers volume or the
232. DXE Core volume
233. o Checks if there's enough free space available
234.  
235. Slide 68:
236.  
237. Write the compromised firmware to the SPI Flash memory
238.  
239. Slide 69
240.  
241. BIOS Write Protection Mechanisms
242.  
243. o Platform exposes write protection mechanisms
244. o Need to be properly configured by the firmware
245. o We'll only cover relevant protections to our research
246. o Won't cover Protected Range Registers
247. o Exposed via the BIOS Control Register (BIOS_CNTL)
248.  
249. (See slides for Image)
250. 13.1.33 BIOS_CNTL-BIOS Control Register
251. (LPC I/F-D31:F0)
252.  
253. Offset Address: DCh Attribute: R/WLO, R/W, RO
254. Default Value: 20h Size: 8 bit
255. Lockable: No Power Well: Core
256.  
257. Slide 70-71
258.  
259. BIOS Write Protection Mechanisms
260.  
261. o To write to the BIOS region BIOS Write Enable
262. (BIOSWE) must be set to 1
263. o BIOS Lock Enable (BLE) allows to lock BIOSWE to 0
264.  
265. BIOS Lock Enable (BLE) - R/WLO.
266. 0 = Setting the BIOSWE will not cause SMI's.
267. 1 = Enables setting the BIOSWE bit to cause SMI's.
268. Once set, this bit can only be cleared by a
269. PLTRST#
270.  
271. PLTRST -- Apparently this is shorthand for
272. "FULL PLATFORM RESET" (Google)
273.  
274. slide 72
275.  
276. o The implementation of BLE is vulnerable
277. o When BIOSWE is set to 1, its value changes in BIOS_CNTL
278. (for a very small amount of time, until SMI...)
279. o A System Management Interrupt (SMI) is triggered
280. o The SMI handler sets BIOSWE back to 0
281. o The SMI handler must be implemented by the firmware
282.  
283. slide 73
284.  
285. "Speedracer" Paper Google
286.  
287. o What if we write to the SPI flash memory before the SMI
288. handler sets BIOSWE to 0?
289. o Race condition vulnerability (Speed Racer)
290. o A thread continuously sets BIOSWE to 1
291. o Another thread tries to write data
292. o Works on multicore processors and single-core
293. processors with hyper-threading enabled
294.  
295. slide 74-75
296.  
297. Intel came up with a patch for this issue
298.  
299. o Platform Controller Hub (2008) family of Intel chipsets
300. introduces a fix for this issue, what they did:
301.  
302. bitmap:
303.  
304. SMM BIOS Write Protect Disable (SMM_BWP) - R/WLO
305. This bit set defines when the BIOS region can be written by
306. the host:
307.  
308. 0 = BIOS region SMM protection is disabled. The BIOS Region
309. is writable regardless of whether processors are in SMM or not.
310. (set this field to 0 for legacy behavior)
311. 1 = BIOS region SMM protection is enabled. The BIOS Region
312. is not writable unless processors are in SMM.
313.  
314. o The firmware must set this bit
315.  
316. slide 76
317.  
318. ReWriter_Binary.exe
319.  
320. o ReWriter_Binary.exe checks these settings
321. o Checks if the platform is properly configured
322. o Implments the exploit for the race condition
323.  
324. slide 77-80
325.  
326. Writing process decision tree:
327.  
328. BIOSWE is set?
329.  
330. Yes: Write UEFI image. Done.
331.  
332. No:
333. BLE is set?:
334. No: Set BIOSWE to 1 and write UEFI image. Done.
335.  
336. Yes:
337. SMM_BWP is set?
338. Yes: FAIL.
339. No: Exploit race condition...
340.  
341. slide 81-85
342.  
343. Writing to SPI Flash
344. -Write bytes to be read into HSFC (FDBC = size -1)
345. -Set HSFC to the write command (FCYCLE = 0b10)
346. -(3)Write the address to write in the HSFC (FADDR)
347. -Write the data chunk to write in the HSFC (FDATAX)
348. -Write 1 to Flash Cycle Go (FGO)
349. -Wait for SPI read cycle completion (HSFS->SCIP == 0)
350. LOOP to (3) above...
351.  
352. slide 86
353.  
354. Let's take a step back
355.  
356. o Software implementation to flash firmware remotely
357. o Hacking Team UEFI rootkit needed physical access
358. o We extracted the UEFI rootkit
359. o Looked at ESET's UEFI scanner telemetry
360. o And...
361.  
362. 87-90 mostly empty
363.  
364. slide 91
365.  
366. UEFI Rootkit: SecDxe
367.  
368. o DXE Driver loaded by the DXE Dispatcher
369. o Unsigned (Secure Boot would catch if enabled...)
370. o File GUID
371. o 682894B5-6B70-4EBA-9E90-A607E5676297
372.  
373. slide 92-94
374.  
375. o This is a graphic. It shows workflow. Note that
376. it has a lot of acronyms that should be transcribed/Googled.
377. (I'll save that exercise for later...)
378.  
379. EFI_EVENT_GROUP_READY_TO_BOOT
380.  
381. ----
382. Side Note: SecureBoot insures that everything that is
383. loaded by the firmware is properly signed...
384. ----
385.  
386. slide 95
387.  
388. UEFI RootKit: SecDxe
389.  
390. o Notify function
391. o InstallS NTFS driver (***** FS DEPENDENT!!! ******)
392. (PDS: Would this happen with another
393. file system, e.g., fat, ext2, ext3,
394. esoteric file system, ?, Can I
395. install Linux and be free? ?)
396. o Drops autoche.exe and rpcnetp.exe
397. o Patches a value in the Windows Registry
398.  
399. slide 96
400.  
401. NTFS driver
402.  
403. o NTFS driver needed to get file-based access to
404. Windows' partition
405. o UEFI firmware don't need an NTFS driver
406. o Only need to read the EFI system partition
407. o Hacking Team's NTFS driver from HT's leak
408. o NtfsDxe project from vector-edk
409.  
410. slide 97
411.  
412. Dropping files
413.  
414. Graphic of source, but not that informative
415. o Drops 2 files, rcpnetp.exe, autoche.exe
416.  
417. slide 100
418.  
419. (NOTE: A specific text pattern is searched for,
420. *that's because it doesn't have the intelligence to
421. open write and close windows registry keys*
422.  
423. OR... because it's trying to avoid REGISTRY LOGGING,
424. if Windows has REGISTRY LOGGING...
425.  
426. FUTURE OS DESIGN: OS could do a hash check on raw registry
427. file when OS is initialized for the first
428. time and it would find this.
429.  
430. Also... future OS should support a
431. REGISTRY LOG of all REGISTRY CHANGES,
432. AND check registry file against a
433. hash which is updated in lock-step
434. (also, log could be hashed in lock-step
435. too...)
436. )
437.  
438. o Modifies Windows Registry via
439. %WINDIR%\System32\config\SYSTEM
440.  
441. o Changes "autocheck autochk *" to
442. "autocheck autoche *"
443.  
444. o HKLM\SYSTEM\CurrentControlSet\Control Session Manager\BootExecute
445.  
446. slide 103
447.  
448. Prevention
449.  
450. o Enable Secure Boot
451. o Keep your UEFI firmware up-to-date
452. o Make sure you have modern chipsets (PCH)
453. o Hope that your firmware configures security
454. mechanisms properly
455. o Firmware security assessments can be done
456. with CHIPSEC (Open Source)
457. (Will check for all things discussed in this slide show)
458.  
459. slide 104
460.  
461. o You need to reflash your UEFI firmware
462. o If it's not an option for you then...
463.  
464. slide 107
465.  
466. White paper available at welivesecurity.com
467.  
468. @jiboutin
469. @Freddrickk_
470.  
471. 2018-05-15
472.  
473. * Now this is weird. I reformat my laptop's hard drive, and decide to try installing
474. first Windows 2000, then Windows XP.
475.  
476. Windows 2000 won't install... period.
477.  
478. Windows XP gives the Blue Screen Of Death with the text:
479.  
480.  
481. "A problem has been detected and Windows has been shut down..."
482.  
483. (There was some other probably-not-helpful-in-diagnosing-the-problem text in the message,
484. but for brevity, that's the start of the text...)
485.  
486. The relevant text is this:
487.  
488.  
489. STOP (0xF78D2524, 0xC0000034, 0x00000000, 0x00000000)
490.  
491.  
492. But... that's not where the story ends...
493.  
494. Googling for F78D2524 does something strange.
495.  
496. It yields only *ONE HIT*.
497.  
498. Like think about this for a second, Google, king of search engines, which usually
499. returns thousands if not millions of search results, for this one hexadecimal number
500. yields only ONE result...
501.  
502. That result is:
503.  
504. http://www.digitaltechglobal.com/a-problem-has-been-detected-windows-xp-pro-re-install.html
505.  
506. (2016-05-16 Update:
507.  
508. That web page, above, matches this one (minus the froofy Javascript animations, especially
509. the "person x has solved computer problem y" continuous pop-up)
510.  
511. http://postthreads.org/support/3824359/STOP-0x0000007B-0xF78D2524-0xC0000034.html
512.  
513. This one was found on Bing incidentally...
514.  
515. So the question is, which web page cloned which other web page, and why?
516. )
517.  
518. Which is a very wierd web page, which seems very intent on getting the visitor (me), to
519. download some kind of dubious .EXE "PC Repair Tool".
520.  
521. What's even more wierd is that it has this little pop-up on the bottom left, which pops
522. up messages like "Bob in Scranton fixed his <xyz> computer problem" or
523. "Joe in Dallas fixed his <xyz> computer problem" (not exactly -- but you get the idea).
524.  
525. Now... here's where things get like "super-dubious"...
526.  
527. I go to BING (Which is a Microsoft Property) and I type in F78D2524.
528.  
529. There's a whole bunch of results.
530.  
531. (Side note: Ask.com yields zero results, but that's a side note).
532.  
533. So now we have two search engines, usually neck-in-neck for search results, one
534. yields one highly dubious search result, while BING yields a much better result
535. set...
536.  
537. So here's the thing.
538.  
539. I'm not willing or ready to point my finger at Google just yet; but if it's not
540. Google's fault, then either
541.  
542.  
543. a) For some reason Google is limiting the results...(?)
544.  
545. b) My upstream provider is modifying Google's results (but, this is through
546. Chrome's https... likely? Hmmm...)
547.  
548. c) Something locally is causing Chrome to abridge their result set...
549.  
550.  
551.  
552. So...
553.  
554.  
555. I don't know what the exact answer there -- is at this juncture...
556.  
557. The plot thickens! Stay tuned!!! <g>
558.  
559. UPDATE:
560.  
561. Even more weird!
562.  
563. I went back to Google and tried it again...
564.  
565. Now there were approximately 262 results. (Note that BING lists over 10,000)
566.  
567. So how do I put this, but,
568.  
569. Whaddup Google?
570.  
571. ?
572.  
573. The plot thickens some more...
574.  
575. 2018-05-15
576.  
577. o Oh, first part of this story: I reformatted my laptop's hard drive, and decided
578. to install Windows 7 x64 SP1 -- but I installed with UEFI secure boot set on:
579.  
580. Result:
581.  
582. "Selected boot image did not Authenticate. Press <Enter> to Continue."
583.  
584. Yup... Windows 7 will not install with UEFI secure (non Legacy) boot on...
585.  
586. 2018-10-07
587.  
588. My computer has a rootkit on it. I'm running Windows 7 and I've run every virus checker and rootkit
589. remover on it, to no avail. The one clue, the ONE CLUE that I have about it is that Windows XP will
590. not install. Windows XP installation fails with a blue screen STOP error, along which one of the
591. codes passed back is F78D2524.
592.  
593. Now... I'm not asking for any help in removing this rootkit. Instead, I've observed some
594. VERY STRANGE BEHAVIOR FROM SEARCH ENGINES when you enter this number.
595.  
596. For example, you would think that Google and Bing would have roughly the same number of entries for
597. something like this. But apparently not!
598.  
599. What is going on?
600.  
601. Well... that's all I know... good luck in your quest to figure out
602. what is going on!