TPS 2017 results
During the 2017 edition of the Public Security Tests of the Brazilian voting system, we found vulnerabilities allowing for arbitrary code execution in the voting machine.
Slides of technical lectures reporting our results (in Portuguese):
Encryption and decryption of the file system
The install card uses the custom
ueminix file system, which obfuscates file contents by encrypting their contents with AES-XTS.
Here we release two tools related to that file system:
encall.py: encrypts original files into the
decall.py: decrypts files from the
encdirectory into the
Please note it is needed to provide the disk image (
dsk.img), for the following reasons:
The cipher padding may not be directly read from userspace, therefore we read it from the disk image.
One of the AES-XTS keys is contained in the second sector of the partition. The tools themselves recover this key.
The other AES-XTS key may be recovered from the kernel's
ueminix code and must be set up directly in the tool's source code (
key1 variable). If access to the source code is not available, one can recover this key by emulating the bootloader, dumping the decrypted kernel and reverse engineering it.
Tampering with votes
Just like the voting machine's official software, our voting software simulator is a 32-bit software. Therefore, if you have a 64-bit system, you need to install the 32-bit libraries to be able to run the simulator. For instance, if you use Debian or Ubuntu, run the following commands:
sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install libqt5multimedia5:i386
To execute the voting software simulator, enter directory
exploit and run
make test_cli to execute the command line interface (CLI) simulator, or run
make test_gui to execute the graphical user interface (GUI) simulator.
To infect the library, install pwntools and run
make exploit_cli to compromise the CLI simulator, or run
make exploit_gui to compromise the GUI simulator.
After that, when the voting simulator is rerun, the malicious code modifies the votes.
To restore the original behaviour, run
How to carry a real attack
A real attack would follow the following steps:
- Obtain an image of the install card contents.
- Reverse engineer the bootloader and the decrypted kernel to obtain the key which ciphers/deciphers other install card's files.
- Decipher the filesystem.
- Run the exploit to infect
- Cipher the modified file to generate an infected install card.