Share
## https://sploitus.com/exploit?id=C03D3031-B5D3-53B6-A60A-C9EC0AE40F3C
# DDS Security Test

This is a ROS 2 DDS security testing environment, based on ROS 2 Foxy. ## Project Overview

This project demonstrates a permission bypass vulnerability within the ROS 2 SROS2 security framework. By modifying the permission files for signatures, attackers can enable nodes to subscribe to topics that they should not access. ## Environment Requirements

- Docker

## Quick Start

### Build the Image

```bash
docker build -t dds-test .
```

### Run the PoC

```bash
docker run -it dds-test ./poc.sh
```

## Explanation of the PoC Script

The `poc.sh` script performs the following steps:

1. **Create a key library** โ€“ Uses the `ros2 security` tool to generate keys and certificates for both talkers and listeners.
2. **Configure correct permissions** โ€“ Configures the talker to be able to publish the `chatter` topic, while the listener can only subscribe to the `something_else` topic.
3. **Run normal communication** โ€“ Verifies that nodes can communicate properly under the correct permissions.
4. **Create malicious permissions** โ€“ Demonstrates how an attacker can modify the permission files so that the listener can subscribe to the `chatter` topic.
5. **Run malicious communication** โ€“ Verifies that nodes can subscribe to topics that they were not allowed to access before using malicious permissions.

## Key Files

- `Dockerfile` โ€“ Configuration for the ROS 2 Foxy environment.
- `poc.sh` โ€“ The PoC demonstration script.

## Demonstration

### Build and Run the Docker Vulnerability Environment
![alt text](image/1.png)

### Run the poc
![alt text](image/2.png)

### poc Execution
Explanation of the configuration file:
![alt text](image/3.png)

### Normal Situation
![alt text](image/4.png)
The listener cannot receive messages published by the taker.

### Attack
![](image/5.png)

### Effect
![alt text](image/6.png)
The listener can now receive messages published by the taker.

## References

- [ROS 2 SROS2 Documentation](https://docs.ros.org/en/foxy/Tutorials/Security/Understanding-The-Security-Framework.html)