Uncategorized

Pete Batard adds ARM support for VS2017 to Tianocore

Pete Batard  is adding Visual Studio for ARM support to the Tianocore UEFI dev toolchain:

This is a v2 of the previous patch, that takes into account the alignment of suppressed level 4 warnings between IA32, X64 and ARM, and that also removes compiler options that weren’t actually needed. The following series adds ARM compilation support for the VS2017 toolchain. With these patches, VS2017 toolchain users should be able to compile regular UEFI ARM applications using EDK2. Note that, unlike ARM64 support, ARM support does not require a specific update of Visual Studio 2017, as the ARM toolchain has been available from the very first release. We tested compiling and running the full UEFI Shell with this series, as well as a small set of applications and drivers, and found no issues. With an additional patch [1], it is also possible to use this proposal to compile a complete QEMU ARM firmware. As the patch shows, the changes that need to be applied to the EDK2 sources to achieve this are actually very minimal. However, the generated firmware does not currently boot, possibly because of the following warnings being generated by the MS compiler[…[]At this stage, since the goal of this series is to allow users to compile regular ARM UEFI applications using the VS2017 toolchain, I have non plans to spend more time on the QEMU firmware issues, especially as I suspect that reducing the firmware size back to 2 MB may not be achievable without Microsoft altering their compiler. I am however hopeful that ARM specialists can take this matter over eventually…

[1] https://github.com/pbatard/edk2/commit/c4ce41094a46f4f3dc7ccc64a90604813f037b13

More info:
http://pete.akeo.ie/2017/05/compiling-desktop-arm-applications-with.html
https://lists.01.org/mailman/listinfo/edk2-devel
https://visualstudio.uservoice.com/forums/121579-visual-studio-ide/suggestions/18614308-add-arm-support-back
https://blogs.msdn.microsoft.com/vcblog/2017/10/23/arm-gcc-cross-compilation-in-visual-studio/
https://github.com/microsoft/vslinux/issues
https://github.com/Microsoft/VSLinux/issues/110

See-also:
http://shadetail.com/blog/using-visual-studio-code-for-arm-development-introduction/

Note that Pete is not from the Microsoft Visual Studio team, he’s just doing their work for them… I hope the VS team gives Pete a complementary subscription to their commercial product! [Strange, I don’t think I’ve ever seen Microsoft add suppport for their own tools to Tianocore, it is always an external vendor that does Microsoft’s work…]

 

Standard
Uncategorized

CLKscrew: for ARM-based SoCs

CLKscrew: Exposing the Perils of Security-Oblivious Energy Management

This repository contains alpha-version code to explore the use of CLKscrew on ARM-based SoCs.

https://www.blackhat.com/docs/eu-17/materials/eu-17-Tang-Clkscrew-Exposing-The-Perils-Of-Security-Oblivious-Energy-Management.pdf

https://github.com/0x0atang/clkscrew

Standard
Uncategorized

Tanenbaum: more comments regarding Intel ME

Re: https://firmwaresecurity.com/2017/11/07/tanenbaum-responds-to-intel-about-minix-based-me/

Andrew adds two more footnotes to his reply to Intel:

[…]Many people (including me) don’t like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel’s business decision and a separate issue from the code it runs.[…] I certainly hope Intel did thorough security hardening and testing before deploying the chip, since apparently an older version of MINIX was used.[…]

[…]If I had suspected they might be building a spy engine, I certainly wouldn’t have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell’s 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden from searching anyone’s property without a search warrant. Many other countries have privacy laws that are in the same spirit. Putting a possible spy in every computer is a terrible development.[…]

https://www.techpowerup.com/238677/minix-creator-andrew-tanenbaum-sends-open-letter-to-intel-over-minix-drama

Standard
Uncategorized

TROMMEL: analyzes embedded devices for vulnerabilities

Embedded Device Vulnerability Analysis Case Study Using Trommel
Madison Oliver, Kyle O’Meara
Researching embedded devices is not always straightforward, as such devices often vastly differ from one another. Such research is difficult to repeat and results are not easily comparable because it is difficult to conceive a standard approach for analysis. This document proposes an initial research methodology for vulnerability analysis that can be applied to any embedded device. This methodology looks beyond preliminary research findings, such as open ports and running services, and takes a holistic, macro-level approach of the embedded device, to include an analysis of the firmware, web application, mobile application, and hardware. In addition, TROMMEL, an open source tool, was created to help researchers during embedded device vulnerability analysis.  This document provides security researchers with a repeatable methodology to produce more thorough and actionable results when analyzing embedded devices for vulnerabilities. As a case study, we analyzed a Wi-Fi camera as a class of embedded devices to demonstrate this methodology is more encompassing than standard research. This methodology can be applied to all embedded devices and should be expanded as the landscape of embedded device evolves.

https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=509271

TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities.
The intended use of TROMMEL is to assist researchers during firmware analysis.
TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.

https://github.com/CERTCC-Vulnerability-Analysis/trommel

Standard
Uncategorized

Cutter 1.0 released (GUI for radare2)

Re: https://firmwaresecurity.com/2017/09/25/iaito-becomes-cutter/

Cutter 1.0 has been released:

https://github.com/radareorg/cutter/releases/tag/v1.0
http://radare.org/

See-also:
https://insinuator.net/2016/10/reverse-engineering-with-radare2-part-3/
https://radare.gitbooks.io/radare2book/content/
https://github.com/ifding/radare2-tutorial

Screenshot

Standard
Uncategorized

Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits

https://www.rand.org/news/press/2017/03/09.html
https://www.rand.org/pubs/research_reports/RR1751.html

 

Standard
Uncategorized

HP ships keylogger in Windows, update available

https://zwclose.github.io/HP-keylogger/

[…]The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not. I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding. They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace. Get the list of affected models and fixed driver at HP website. The update also available via Windows update.[…]

https://zwclose.github.io/HP-keylogger/

https://support.hp.com/us-en/document/c05827409

https://support.hp.com/us-en/document/c05827409

Standard