On the weakness of constant blinding PRNG in flash player

Abstract

Constant blinding is considered an effective mitigation against JIT spray attacks. In this paper, we study the design and implementation of constant blinding mechanism in Flash Player and analyse the weakness in its pseudo random number generator (PRNG). We demonstrate how such weakness can be exploited to recover the seed value in PRNG, thus bypass the constant blinding in Flash Player. We propose two methods to circumvent constant blinding in Flash Player. The first method aims at recovering the seed value using cryptanalysis on the PRNG algorithm, which turns out to provide only 21-bit entropy. The second method focuses on ill-considered implementation of PRNG, which puts obvious signature value next to the seed value and makes it easy for attacker to search. To demonstrate the two methods are both practical, we present proof-of-concept attacks based on existing vulnerability. We have reported the issue to Adobe Flash security team and CVE-2017–3000 is assigned to us. To the best of our knowledge, we are the first to analyse the randomness in constant blinding and integrate cryptanalysis in constant blinding bypass. Furthermore, we implement a prototype tool Constant Blinding Enhancement (ConBE) based on dynamic instrumentation framework to defend against our proposed attacks. In ConBE, we provide a stronger defence than the official patch of Flash Player.