Nov 19, 2021
Researchers footnote: Getting Squirrely.
Hello folks,
Being too impulsive can lead to a lot of mistakes to make up later. That has definitely been the lesson for November as I transition back to university. From paperwork, to project work, to correspondences. Letting it all pile up on a “I’ll do it eventually” list leads to slow progress. Its best to keep all things under a healthy degree of control and routine as well. If I get something to do, getting it done orderly and quickly will be priority.
Impulse by nature brings me to the critter named in the tool in this week’s blog. Squirrel is a component of dotnet framework. It’s specialty is distribution package management. Similar have been around forever from Debian’s ‘apt’, the experimental ‘WinGet’, and recently I’ve touched upon Alpine/Arch ‘apk’ while building a couple systems. While those are system package managers, squirrel is application-centric with nuget packages packed with resources for windows boxes. Repurposing nuget for framework is an approach similar to a contained Docker repo, an approach that combines an installation tool with a system management tool. However, as a resource, squirrel is also a tool that needs to be scoped and locked down appropriately for good security. In the program’s history, that has not been leading in priority.
Squirrel was often bundled with electron apps. These are build once run anywhere style apps powered by chrome that can be run embedded in browsers, or native on any system. Because of these facts and squirrel’s inclusion in the now Windows 11 preinstalled Microsoft Teams package, the package manager has become a de-facto Living Off the Land red team attack technique. [1]
The Internet’s vast network of security researchers have articles which covered squirrel’s shortcomings in depth. I’ll provide links to some of the more digestible bits here. What’s not covered by other outlets is the issues with other programs using it.
My investigation began when I was looking at my own system for tools and file associations. I noticed a Discord package with a file association pointing to Github. Crafty pentesters tend to seek out misconfigurations in default setups, be it username and password combos, starter template web pages, and anything to give their reconnaissance footholds more breadth. Much like how I’ve investigated packages that Nvidia had been using that were advertising to the OS it was a NodeJS server. Naturally, we looked into this. It became apparent that Discord was using squirrel.
Now in my research had I checked the well known LOLBAS script page, I’d find detection rules that list how to determine what applications are using electron and squirrel as a result. [2, 3] However, I also found that there’s a caveat with the development stack. Namely that it’s not the only manager out there. There’s a node flavored stack alternative for dotnet’s nuget-based squirrel. This takes the issue in question out of the equation, while introducing its own complexities. Even with that said, squirrel is also found in desktop apps for Whatsapp, Github Desktop and Slack to name a few.
Here’s how it works. Squirrel begins from a packed EXE, creating a local file from the bundled package, it also installs squirrel to the system a second time which lives on the OS as a floating application. Where the issue comes in is how squirrel is scoped This means the places the tool can get its packages needs to be specified in the dotnet assembly file from creation. This is easy to configure if you’re using the tool’s GUI to start from scratch, much like making an Intune install package, but dotnet assembly itself is hard to make and reverse engineer without some practice. Probing the tool in Dnyspy has led me to a handful of conclusions.
With scoping, you have to consider if squirrel will be allowed to install files from remote servers, local servers and from fileshares. Where, when and how it can be updated matters. From this write up, we can see that it’s possible to remove remote and potentially malicious url’s from the headers and http type restrictions. SMB shares are a different story as this blog dictates. [4] To get files, it checks the package version against what’s in scope to update the software it currently has. This opens the possibility of crafting software supply-chain style attacks. Increment the version number, get your sha-512 variable for the meta file, and bazinga.
While Microsoft seems to have handled this issue by excluding remote sources, other vendors have not. Many of the versions of squirrel out there have version disparities that make android’s OS fragmentation problem look good. From what I’ve gathered, the worst offender is Discord, however Discord only uses squirrel for installing packages on the system that another service that’s not squirrel pulls from its CDN. Still, a user with device access could theoretically make some URL connections and pull packages that look like discord, smell like discord, but is actually a shell.
The source code is readily readable in the source and on Github, but it lacks Microsoft’s remote URL exclusion and instructions on the matter. [5] Squirrel is open source, with patch notes and forks readily available on Github. So people can make, break and fix it however they’d like if a vulnerability exists. This is where my research hit a dead end on a road very well traveled by other researchers and black hatters alike. So I figured I’d cap off this project here and move onto the next thing before we got too impulsive.
As a final note, the quirkiest thing I found with this tool is actually not related to the tool at all, but with the Easy Anticheat software. It uses a similar schema, a metadata file with a UUID and downloaded package, checked with the base game as it loads. It likely has similar exploits although the package manager is a very odd file format. CS:GO was using squirrel from some other reports I stumbled on regarding stack overflows. [6] For Digital Rights Management to use an adapted version of this tool doesn’t surprise me. Their documentation is exclusive to their partners, which is the first time I’ve seen this type of closed, proprietary development tool. It makes sense and once again I’ll leave this one be.
That’s all for now folks. Stay safe.
[1] https://lolbas-project.github.io/lolbas/OtherMSBinaries/Update/
[5] https://github.com/Squirrel/Squirrel.Windows
[6] https://threatpost.com/squirrel-attackers-execute-code-games-cloud-services/175586/
