Full Report
Lexmark is a common printer brand that the author had looked at before. In a recent update, the Firmware encryption process was changed so they decided to take a look at it after being nudged from a friend. After putting in a persistent backdoor and upgrading the firmware, they were ready to reverse engineer the system. In the previous version, it was using an AES key stored at some location on the file system. When trying the old script, the decryption failed. After exploring the OS on the newly upgraded system, they found references to WTM. After some snooping around, they eventually found out that WTM is the Wireless Trusted Module that handles trusted boot. On Lexmark printers, there was a rustlang init binary and a rustlang kernel module for interacting with the chips WTM interface. The WTM client interacts via netlink sockets. They really didn't want to deal with reversing the kernel driver though. So, instead, they patched the netlink sockets to use regular sockets in the PLT table. Why? Just to make it easier. Using good ol' TCP, we could implement the kernel side server for the client. More importantly, this allows for emulation of the init binary, giving us a better test env. After simulating a good amount of the kernel driver over TCP, the client sends the kernel driver the key! Yep, it was that simple - intercept traffic to see the key. The vendor did a better job at adding encryption to the device. The problem is that a previously pwned device already has access to it. Retrofitting a new process to an old device doesn't work because of this reason. Interesting post!
Analysis Summary
# Research: Retrofitting Encrypted Firmware is a Bad Idea™
## Metadata
- **Authors:** blasty (@_blasty)
- **Institution:** Independent Research / haxx.in
- **Publication:** haxx.in
- **Date:** September 23, 2024
## Abstract
This research examines the security of Lexmark’s updated firmware encryption mechanism. Following a significant update in 2023 that introduced new encryption and rollback prevention, the author investigates how these "secure" features are implemented. By leveraging a persistent backdoor on a previously compromised device, the researcher demonstrates that retrofitting hardware-based security (a Wireless Trusted Module) onto existing platforms often fails if the initial chain of trust is already broken. The study culminates in the successful interception of AES-256 root filesystem keys by emulating kernel-level communication.
## Research Objective
The research aims to bypass Lexmark's new firmware encryption and rollback prevention. It specifically addresses whether adding a "Wireless Trusted Module" (WTM) and hardware-backed encryption can successfully secure a device that was previously vulnerable to compromise.
## Methodology
### Approach
1. **Persistence:** Utilizing a pre-existing root backdoor to survive a firmware upgrade.
2. **Reverse Engineering:** Analyzing the `init` binary (written in Rust) and identifying new references to "WTM" (Wireless Trusted Module).
3. **Kernel Interception:** Instead of reversing the complex WTM kernel driver, the researcher patched the `init` binary's Procedure Linkage Table (PLT) to redirect Netlink socket calls to standard TCP sockets.
4. **Emulation/Simulation:** Building a TCP server to simulate the kernel driver's behavior, allowing the researcher to act as a "man-in-the-middle" between the WTM client and the WTM hardware.
### Dataset/Environment
- Lexmark Printer (specifically models involving the "granite2-color-lite" architecture).
- Firmware version: CXLBL.230.037 (and prior).
- Operating Environment: Embedded Linux with a Marvell-based WTM.
### Tools & Technologies
- **Rustlang:** The language used for the new `init` and kernel modules.
- **Netlink Sockets:** Used for communication between userspace and the WTM driver.
- **GDB/Radare2:** For binary analysis and patching.
- **Python:** For creating the decryption oracle and automated scripts.
## Key Findings
### Primary Results
1. **Flawed Retrofitting:** Security updates that rely on hardware secrets are ineffective if the device allows persistent unauthorized access (backdoors) from older, less secure versions.
2. **Weak Key Exposure:** The WTM client (init binary) transmits the high-entropy AES-256 root filesystem key directly to the kernel driver.
3. **Oracle Creation:** A rooted printer can be turned into a "decryption oracle," where an attacker simply replays messages to the WTM to receive the unwrapped filesystem key.
### Supporting Evidence
- Successful decryption of the `content_rootfs.bin` Squashfs filesystem using keys intercepted via the patched Netlink-to-TCP bridge.
- Recovery of a 0x20 byte high-entropy string that validated as the AES-256 key.
### Novel Contributions
- **PLT Patching Technique:** A clever "shortcut" approach to bypass reversing kernel drivers by redirecting Netlink traffic to a user-controlled TCP socket for easier inspection and emulation.
- **WTM Analysis:** Identification of the Marvell-based Wireless Trusted Module as the root of trust in modern Lexmark devices.
## Technical Details
The WTM acts as a standalone secure processor. Lexmark implemented a Rust-based `init` process that talks to a kernel module (`wtm.ko`) via Netlink. This module interacts with the WTM hardware via an interface (likely PCIe or SPI). By patching the `init` binary's calls to `socket()`, `bind()`, and `send()`, the researcher forced the process to send its "secure" requests over a network-observable TCP port rather than the internal Netlink bus.
## Practical Implications
### For Security Practitioners
- **Trust Maturity:** Hardware-backed security (TPMs, WTMs) is only as strong as its implementation. If the "Secure" module gives up the key to any process that asks correctly, the hardware is just an obfuscation layer.
### For Defenders
- **Total Lifecycle Security:** Once a device's root of trust is compromised, software updates cannot fully restore security unless they can invalidate all previous persistent states (which often risks "bricking" the device).
### For Researchers
- **Bypassing Kernel Complexity:** The research highlights that you don't always need to reverse-engineer the kernel; modifying how userspace talks to the kernel is often a lower-cost path to success.
## Limitations
- **Access Requirement:** The attack requires an already compromised device (initial root access) to intercept the keys.
- **Hardware Specificity:** The success of the decryption depends on the specific Marvell WTM implementation used by Lexmark.
## Comparison to Prior Work
Previous Lexmark firmware updates used static AES keys stored in a predictable location on the filesystem. This update represents a shift toward **hardware-bound keys**, a significantly more modern approach that failed here primarily due to the "retrofitting" problem and the lack of rate-limiting/authentication between the WTM and the host OS.
## Real-world Applications
- **Firmware Analysis:** Tools provided by the researcher allow others to unpack and inspect Lexmark firmware for further vulnerability research.
- **Forensics:** Provides a method for extracting data from encrypted printer filesystems during authorized investigations.
## Future Work
- Exploring arbitrary code execution (ACE) on the WTM processor itself.
- Investigating if the WTM firmware (by Marvell) contains its own set of vulnerabilities independent of the Lexmark integration.
## References
- [Lexmark Decryption Tools (GitHub)](https://github.com/blasty/lexmark/)
- [Original Blog Post](https://haxx.in/posts/wtm-wtf/)
- [Crowdstrike Lexmark Research](https://www.crowdstrike.com/blog/how-to-compromise-a-printer-in-3-simple-steps/)