Community
cancel
Showing results for 
Search instead for 
Did you mean: 
nadiaivc
New Contributor I
170 Views

Enclave remote attestation from dll

Jump to solution

Hello!
So now I know how to load enclave dll from injected untrusted dll module (running an enclave dll from dll). It works. But now I want to do remote attestation with this structure. For remote attestation I use this sample: https://github.com/intel/sgx-ra-sample . I'm running sp.exe (server) and I create dll from client part and inject it to the target.exe. (sp.exe + client.exe works good). And it stops working on sgx_get_extended_epid_group_id() - no error, no messages - just waiting for the return value. I can't find anything in documentation about it. And of course I can't debug sgx functions to understand why it might not work with dll...


Is it possible in theory to do what I want? 

0 Kudos
1 Solution
nadiaivc
New Contributor I
99 Views

Yes! I tried to use ManualMap from Guided Hacking injector and it works good! But anyway I don't know why it doesn't work with LoadLibrary. If I find the answer, I will write about it.

View solution in original post

11 Replies
JesusG_Intel
Moderator
147 Views

Hello nadia111,


In theory, it is possible to do what you want. While I cannot tell you exactly how to create your DLL solution from the sgx-ra-sample, I can guide you on what to look for.


Ensure that...


  1. Install the latest PSW components.
  2. You can successfully run the sgx-ra-sample as-is.
  3. Pass the correct arguments from the run-client script.


Sincerely,

Jesus G.

Intel Customer Support




nadiaivc
New Contributor I
138 Views

Hello!

Yes, it works successfully for sp.exe and client.exe (I wrote all the arguments as constant values ​​in the code (spid, pri api key, ...) - I know it isn't a good idea, but first of all I want my structure to work). How it works:

nadia111_0-1622702558511.png

After that, I changed the client project settings to .dll and injected this dll into hello.exe.

nadia111_1-1622702943346.pngnadia111_0-1622707347283.png

 

I also tried to avoid sgx_get_extended_epid_group_id (): sgx_get_extended_epid_group_id () always returns 0 for msg0_extended_epid_group_id, so I set this variable to a constant value = 0, but in this situation my program stops working on the next sgx function sgx_ra_get_msg1()

 

JesusG_Intel
Moderator
126 Views

Hi Nadia, I'm not familiar with LoadLibrary. Is there any way to do this without LoadLibrary?


Sincerely,

Jesus G.

Intel Customer Support


nadiaivc
New Contributor I
114 Views

Yes, I will try to use some injectors with different ways to inject dll
But LoadLibrary is the only one documented and "legal" method from all of them

nadiaivc
New Contributor I
100 Views

Yes! I tried to use ManualMap from Guided Hacking injector and it works good! But anyway I don't know why it doesn't work with LoadLibrary. If I find the answer, I will write about it.

View solution in original post

nadiaivc
New Contributor I
7 Views

I have uploaded the complete code to the github (https://github.com/nadiaivc/LoadSGXenclaveInProcess). I hope this can help someone!!

JesusG_Intel
Moderator
73 Views

Hi Nadia,

 

I'm not an expert in DLL linking, and it is beyond the scope of SGX support, but it seems that you are trying to use run-time dynamic linking vs load-time dynamic linking. I am more familiar with load-time: https://docs.microsoft.com/en-us/windows/win.32/dlls/load-time-dynamic-linking.

 

With load-time linking, you don't need to do DLL injection.

 

Sincerely,

Jesus G.

Intel Customer Support

 

nadiaivc
New Contributor I
51 Views

Yes, I use run-time dynamic linking. I want to inject my enclave in different processes (and I don't want to manipulate someone else's .exe code). So I think injection is a good decision for me in this situation, but I'm not sure because I don't have much experience...

JesusG_Intel
Moderator
40 Views

Hello Nadia,


Run time loading of enclave DLLs is possible as we have many customers doing this. Since this is not an SGX limitation, I'm not sure how else to help you. You may be better served by seeking advice on Windows DLL loading from other forums such as StackOverflow.


Sincerely,

Jesus G.

Intel Customer Support


nadiaivc
New Contributor I
32 Views

Yes, I'm not sure why the solution with LoadLibrary doesn't work. And yes, I know it is out of the scope of discussion on this forum, so if I don’t figure it out, I’ll ask the question on other forums.
But anyway I found the solution how to run my DLL in the way I want.  I guess I had to close this topic in the time I found the solution... Sorry!

Thank you for your time! I appreciate it!

JesusG_Intel
Moderator
26 Views

I'm glad you found a solution that works for you, Nadia.


This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply