Skip to content
/ xom-switch Public
forked from R3dFruitRollUp/xom-switch

xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system. It aims to mitigate code disclosure guided ROP attacks.

License

GPL-2.0 license
0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FOGSEC/xom-switch

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
experiments
experiments
 
 
presentation
presentation
 
 
src
src
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

XOM-Switch

(eXecutable-Only Memory Switch)

xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system. It aims to mitigate code disclosure guided ROP attacks. This is is the 1st tool using Intel's Memory Protection Keys (MPK) feature for XOM enabling. xom-switch protects all code modules in the runtime including executable and dependent libraries without requiring source code or heavyweight binary translation/rewriting. xom-switch uses non-intrusive way to intercept program runtime by instrumenting program loader (ld.so).

Background

Why eXecutable-Only Memory

Hardware Support

Software Enabling

Getting Started

Platform Prerequsites

To run xom-switch properly, you need to have hardware and OS support first:

  • Intel CPU with protection keys feature on, e.g, INTEL® XEON® SCALABLE PROCESSORS AND
  • Linux kernel 4.9 or later. OR
  • Use VM in AWS, choose Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) and then C5 Instance.

Software Prerequsites

xom-switch requires two tools:

  • gcc
  • python 2.7
  • radare2, a static binary analyzer, which could be found in here

Components

xom-switch consists of three modules:

  • rewriter: static binary rewriter.
  • patch: C code piece that will be patched into program loader
  • analysis: analyzer of the program loader using radare2

Patching

  • install python 2.7 and radare2
  • patch your loader: src/analysis/patch-loader.sh /lib64/ld-linux-x86-64.so.2 /your/new/ld.so
  • copy your loader to system dir: sudo mv /your/new/ld.so /lib64/ld-xom.so
  • patch your libc.so (optional): src/analysis/patch-libc.sh /lib/x86_64-linux-gnu/libc.so.6 /your/new/libc.so

Note: patching your libc allows you to apply XOM to their child processes spawned through execve(2).

Running

  • apply XOM to your program: /lib64/ld-xom.so /path/to/your/program
  • apply XOM to your program and its children: LD_PRELOAD=/your/new/libc.so /lib64/ld-xom.so /path/to/your/program

License

This code is published under GPLv2 version.

Project Status

This code is for demo purpose only and the status of code is alpha.

Task List

  • Support CentOS 7.2.
  • Support CentOS 7.4.
  • Support Ubuntu 17.04.
  • Support Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) with C5 instance.

About

xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system. It aims to mitigate code disclosure guided ROP attacks.

Topics

linux attack x86 rop executable-only-memory code-disclosure

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Python 87.0%
  • Shell 6.1%
  • C 5.1%
  • Assembly 1.6%
  • Other 0.2%