Thrangrycat - Pwnie Award for Most Under-Hyped Research

#reverse-engineering #hardware-embedded #firmware-analysis #exploit-development #embedded-systems

Focus Areas: 🔧 Hardware Security , 🏭 Industrial Control Systems Security , 📡 IoT Security , 🦠 Malware Analysis , 🎯 Penetration Testing , 🔬 Reverse Engineering

Abstract

Recognized as Pwnie Awards in the year 2019

The 2019 Pwnie Award for Most Under-Hyped Research was awarded to Thrangrycat (😾😾😾), a vulnerability affecting Cisco devices that provides a bypass to their secure boot mechanism via FPGA bitstream manipulation.

The vulnerability affects Cisco’s Trust Anchor module (TAm), a proprietary hardware security module used in a wide range of Cisco products including enterprise routers, switches and firewalls. The research demonstrated that an attacker with root privileges can modify the FPGA anchor bitstream stored in unprotected flash memory, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. Despite being a hardware design flaw, it can be exploited remotely without physical access.

The bugchain allowed full compromise of Cisco routers by modifying the FPGA anchor bitstream in unprotected flash RAM. The research involved novel methods of reliably manipulating FPGA functionality through bitstream analysis and modification without the need for RTL reconstruction.

Thrangrycat was disclosed as CVE-2019-1649 and affects over 100 Cisco product families with FPGA-based Trust Anchor implementations.

From: https://pwnies.com/thrangrycat/ Official site: https://thrangrycat.com/