This repository contains several exploits that we developed in the course of our research on memory corruption bugs in SGX enclaves. The full results of our research are published at USENIX Security 2020.
| Project | Vulnerable Version | Exploit | Comment |
|---|---|---|---|
| Intel GMP Demo | 9533574 | Intel SGX GMP Demo Exploit | ✔️ Fixed |
| Rust SGX SDK TLSClient | v1.0.9 | Rust TLSClient Overlap Exploit | ✔️ Fixed |
| WolfSSL | d330c53 | WolfSSL Exploit | ✔️ Fixed |
| TaLoS | all | - TaLoS Exploit - TaLoS Arbitrary Read - TaLoS Arbitrary Write |
❌ Not fixed, Project not maintained: Issue |
| Synaptics SynaTEE Driver | 5.2.3535.26 | Exploit not public | ✔️ Fixed (CVE-2019-18619) |
| Goodix Fingerprint Driver | 2.1.32.200 | Exploit not public | ✔️ Fixed (DSA-2020-138) |
Install the Intel SGX driver and the Intel SGX SDK.
Note: The PoC exploits contain hard-coded addresses that depend on the compiled enclaves included in the repository.
The exploit code follows the make principles of the SGX SDK:
- Use
makein the respective directories to compile the exploit - Run the exploit using:
./app
All exploits overwrite the instruction pointer in the enclave, some also include follow up code to also control the stack pointer. Therefore there are different outputs when executing the exploits: Some will return a simple value to indicate the result, others just crash after the exploit hijacked the control flow and jumped to a bogus address. None of the PoC exploits will harm you or your setup in any way!
The Intel GMP Demo shows how to use the GMP library inside an SGX enclave. Insufficient input validation made it possible to read and write arbitrary memory including the secure region.
The Rust SGX SDK provides a compatibility layer to enable enclave development using the memory-safe Rust-language. The demonstrative implementation of a TLS Client/Server application contained a design flaw that can be used to hijack the control flow.
WolfSSL is a portable SSL/TLS library that can be used in an SGX enclave. The SGX layer contained a conceptual error that allowed an attacker to hijack the control flow.
Warning: The project is unmaintained and is still vulnerable!
The TaLoS project provides TLS termination for nginx or apache inside an SGX enclave. We demonstrate:
- Control Flow Hijacking using an insufficiently validated pointer,
- Arbitrary Read using a NULL-pointer dereference,
- Arbitrary Write using a race condition.
These PoC exploits are part of the research that we present in our USENIX Security 2020 paper. If you want to refer to these exploits or our paper in academic work, please use the following BibTeX entry for citation:
@InProceedings{cloosters2020teerex,
title = "{TeeRex:} Discovery and Exploitation of Memory Corruption Vulnerabilities in {SGX} Enclaves",
author = "Tobias Cloosters and Michael Rodler and Lucas Davi",
booktitle = "29th {USENIX} Security Symposium ({USENIX} Security '20)",
year = "2020",
}