The Palinopsia Bug

Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM

This document describes a method of reading and displaying previously used framebuffers from a variety of popular graphics cards. In all 4 tested laptops the content of the VRAM was not erased upon reboot. It is also possible to show that the content of the host VRAM can be accessed from a VirtualBox guest, thereby leaking possibly confidential information from a trusted host into an untrusted guest machine.

Affected drivers and operating systems

The following combinations of operating systems and drivers were tested and shown to be susceptible to leaking previous frame buffers into VRAM:

Linux using the open source radeon driver for AMD/ATI cards Linux usig the open source nouveau-driver for nVidia-cards Linux using the closed source nVidia-driver Windows using the closed source AMD/ATI catalyst driver

We did not test any other systems or drivers.

Cards affected

During testing, the following 4 cards proved to be susceptible to this method:

ATI Radeon HD3750 ATI Radeon HD4350/4550 nVidia NVS 5400M nVidia GeForce GT650M

Note: The cards above are all the AMD and nVidia cards available at the time of testing. It is therefore highly likely that a lot more cards exhibit this behaviour.

On a laptop with an Intel HD4000 and a dedicated nVidia card where the OS can switch between cards, one has to force the usage of the dedicated card to read from VRAM. The internal graphics card seems to be unaffected at the moment. Tests showed that in this setup only programs forced to run on the dedicated card will leak data to VRAM.

Proof of Concept

The basic idea of the proof-of-concept code is remarkably simple: It allocates a number of texture buffers in VRAM without initializing them, then directly renders them onto the screen, thereby accessing previously used buffers.

The Code available here uses the SDL2 library.

In most Linux distributions it can be compiled using the following command: g++ main.cpp -std=c++11 `pkg-config --libs --cflags sdl2` -o poc

The proof of concept executable excepts 3 arguments: ./poc <width> <height> <vram in megabytes>

The first two arguments represent the width and height of buffers that should be allocated. The last argument represents the amount of VRAM to be allocated. To avoid crashes, this should be slightly lower than the actually available VRAM.

After the buffers are allocated, they can be navigated by using the following keys:

Left/Right: go forward/backward a single frame

Up/Down: go forward/backward ten frames

Space: save current buffer to *.bmp

What can be reconstructed?

The quality of the result seems to be dependent on the combination of the graphics hardware and the driver. Some combinations produce allmost perfect screenshots documenting user behaviour, while others produce fragmented frames with what seems to be interlacing. The example frames below demonstrate this effect. We are sure, that some math magic could help here.

Reboot

3 out of 4 tested laptops did not erase or overwrite their VRAM upon reboot! This offers a potential attack surface for an attacker trying to read confidential information from a locked computer he has physical access to. A possible attack on a Windows-machine might look like this:

The user works on a confidential document and locks their screen The attacker gains physical access and reboots the system (from the lockscreen) into a live system of their choice The attacker reads out the VRAM and recovers screenshots of the document

This scenario was tested on a Lenovo Thinkpad W500 with a ATI Radeon HD3750 graphics card. Below is a screenshot from within the Windows system, with a mock-up confidential document:

"screenshot" of the same document after rebooting into a Xubuntu live system and running the proof of concept code:

While the document is not entirely readable due to fragmentation and interlacing, the color coding shows us that the entirety of the screen might still be recoverable from VRAM. There are also clearly readable fragments.

Tails

Even 'the amnesiac icongnito live system' (tails) seems to be susceptible to this attack. Fragmented screens of a terminated tails session were recoverable after rebooting into a different operating system. This partially defeats the 'amnesiac' property of the system.

The following two screenshots document this experiment:

booting into tails generating an RSA private key and opening it in gedit viewing parts of the private key in xubuntu after reboot





Accessing host VRAM from inside a VirtualBox VM

If the "3D-Acceleration" feature of VirtualBox is activated, running the proof-of-concept code from inside the VM provides the ability to read framebuffers from the host system.

The following experiment was conducted to demonstrate this behaviour:

The host system (arch linux on a laptop running a ATI HD4350/4550 card) is booted Wikipedia and Youtube are opened in Chromium A VirtualBox VM running Ubuntu 14.04 is booted The proof of concept code is executed. The recovered frames belong to the host system and clearly show the visited websites

Gallery

The following are interesting screens that where recovered using the proof of concept code:

The i3lock screen during password entry, containing some interesting artifacts:

Some textures recovered after a few rounds of counterstrike:source:

What we didn't test

It might be possible to leak the content of the VRAM of hardware-accelerated server systems that run thin client

infrastructures. In the scariest possible way this means that an attacker could read the memory of any machine running in a company. This could also affect big players providing virtual desktops in the cloud.

Disclaimer:

As time and money are things we don't have in huge amounts, we were limited in our testing. Everything was done on a student budget in our free time.

Why full disclosure?

The methods described in this document is not limited to a single vendor or operating system, and has the potential to endanger private data. Furthermore, the basic concept is so remarkably simple that it seems unlikely that this is the first discovery of this behaviour. Therefore, full disclosure seems to be the ethical choice.

Mitigation

If you use you computer to access sensitive data, TURN IT OFF after usage, so VRAM is disconnected from power.

Be wary of virtual machines with access to hardware accelerated graphics.