I made ThinkPwn exploit more reliable, now it works on EFI 2.x firmwares with new versions of SMM related protocols https://t.co/8F6EtxQgX2
— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) August 16, 2016
Also, on EFI 2.x you don’t need to bruteforce callback handle value to trigger the vuln during RT phase from OS, constant GUID is enough
— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) August 16, 2016
Oh, and btw, now you can build ThinkPwn for 32-bit firmwares (not sure that there’s any vulnerable 32-bit boards itw except Intel Galileo)
— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) August 16, 2016
https://github.com/Cr4sh/ThinkPwn/commit/d496e7d9a4bbb1e2903a94802760d52c1e46c037
https://github.com/Cr4sh/ThinkPwn/
Firmware Security 