## https://sploitus.com/exploit?id=C03D3031-B5D3-53B6-A60A-C9EC0AE40F3C
# DDS Security Test
This is a ROS 2 DDS security testing environment, based on ROS 2 Foxy. ## Project Overview
This project demonstrates a permission bypass vulnerability within the ROS 2 SROS2 security framework. By modifying the permission files for signatures, attackers can enable nodes to subscribe to topics that they should not access. ## Environment Requirements
- Docker
## Quick Start
### Build the Image
```bash
docker build -t dds-test .
```
### Run the PoC
```bash
docker run -it dds-test ./poc.sh
```
## Explanation of the PoC Script
The `poc.sh` script performs the following steps:
1. **Create a key library** โ Uses the `ros2 security` tool to generate keys and certificates for both talkers and listeners.
2. **Configure correct permissions** โ Configures the talker to be able to publish the `chatter` topic, while the listener can only subscribe to the `something_else` topic.
3. **Run normal communication** โ Verifies that nodes can communicate properly under the correct permissions.
4. **Create malicious permissions** โ Demonstrates how an attacker can modify the permission files so that the listener can subscribe to the `chatter` topic.
5. **Run malicious communication** โ Verifies that nodes can subscribe to topics that they were not allowed to access before using malicious permissions.
## Key Files
- `Dockerfile` โ Configuration for the ROS 2 Foxy environment.
- `poc.sh` โ The PoC demonstration script.
## Demonstration
### Build and Run the Docker Vulnerability Environment

### Run the poc

### poc Execution
Explanation of the configuration file:

### Normal Situation

The listener cannot receive messages published by the taker.
### Attack

### Effect

The listener can now receive messages published by the taker.
## References
- [ROS 2 SROS2 Documentation](https://docs.ros.org/en/foxy/Tutorials/Security/Understanding-The-Security-Framework.html)