CVE-2018-1000205: U-Boot

June 26, 2018 ~ hucktech ~ 1 Comment

“This vulnerability has been received by the NVD and has not been analyzed.”

https://nvd.nist.gov/vuln/detail/CVE-2018-1000205

Two more BadUSB-related articles

June 25, 2018 ~ hucktech ~ Leave a comment

How to create "trojanized" USB key for redteam/social engineering using ADS, shortcuts, HTA, macro_pack, etc. Drop DLL payload with stealth, no knowledge of target file-system, and no Internet connection.https://t.co/oyVOlCxhmB

— Emeric Nasi (@EmericNasi) June 23, 2018

http://blog.sevagas.com/?Advanced-USB-key-phishing

#ICYMI Unit 42 looked into the Tick group's tactic of weaponizing secure USB drives to target air-gapped critical systems. Get the full report https://t.co/ld3i87vdql

— Palo Alto Networks (@PaloAltoNtwks) June 24, 2018

https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/

RISC-V implementations filled with blobs

June 25, 2018 ~ hucktech ~ 2 Comments

Intel, ARM, and especially POWER will be loving this moment:

Blobs everywhere. https://t.co/YImMrx1qXj Currently the SoC vendors and OEM tend to lockdown and throw out more binary blobs thank you think. Since 2010 it increased drastically. So be prepared for more #blobs in "open" systems #firmware

— Zaolin (@_zaolin_) June 25, 2018

All this said, note that the HiFive is no more open, today, than your average ARM SOC; and it is much less open than, e.g., Power. I realize there was a lot of hope in the early days that RISC-V implied “openness” but as we can see that is not so. There’s blobs in HiFive.

https://www.phoronix.com/scan.php?page=news_item&px=RISC-V-Not-All-Open-Yet

c2rust.com: C to Rust translator

June 25, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2017/04/08/corrode-rust-to-c-translator/

There’s another C to Rust translator:

I've been working on a translator for turning C code into Rust code. Try it out! https://t.co/tqFhNDyAx2

— Eric Mertens (@glguy) June 23, 2018

https://c2rust.com/

We've been trying to translate a handful of different open-source projects along the way to guide and test our work. Check out https://t.co/48XBB6tSoG for more details.

— Eric Mertens (@glguy) June 23, 2018

https://github.com/immunant/c2rust/tree/master/examples

WiFi HID Injector – An USB Rubberducky / BadUSB On Steroids

June 25, 2018 ~ hucktech ~ 1 Comment

WHID –#WiFi HID Injector – An USB #Rubberducky / #BadUSB On Steroids
Author: @LucaBongiorni
cc @WHID_Injector #BlackHatArsenal https://t.co/47DB5bo4Cz

— Hack with GitHub (@HackwithGithub) June 25, 2018

https://github.com/whid-injector/WHID

Network kernel debugging of virtual Windows via KDNET

June 25, 2018 ~ hucktech ~ Leave a comment

Debug Hyper-V VMs with KDNET – https://t.co/VvlUET8xUP

— Andy Luhrs (@aluhrs13) June 22, 2018

Setting Up Network Debugging of a Virtual Machine – KDNET
This topic describes how to configure a kernel debugging connection to a Hyper-V virtual machine (VM).[…]

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-network-debugging-of-a-virtual-machine-host

International Journal of Proof-of-Concept or Get The F**k Out (PoC||GTFO) issue 0x18 released

June 25, 2018 ~ hucktech ~ Leave a comment

https://www.alchemistowl.org/pocorgtfo/

I made a mirror of PoC||GTFO and added PDF contents as standard files, as some of them are troublesome to open on some readers nowadays.https://t.co/7YWwQaDgV7

— Ange (@angealbertini) June 24, 2018

PoC||GTFO 0x18 is now available on the EU #IPv6-connected mirror!

Come claim your copy and check one of the two valid MD5s…https://t.co/qD2iVPJ0x6

— Arrigo Triulzi (@cynicalsecurity) June 25, 2018

Well, something I would have never expected: the @britishlibrary crawls & archives my PoC||GTFO mirror. They also do so with a perfectly clear User-Agent!

They link to PoC||GTFO 0x7 in the contest of file formats and preservation.

This is beautiful.https://t.co/F4Ni4mY1Yb

— Arrigo Triulzi (@cynicalsecurity) June 25, 2018

shimdemo: UEFI PXE + shim transparent loader demo

June 25, 2018 ~ hucktech ~ Leave a comment

This is a simple proof of concept illustrating the use of shim (with the transparent loader enhancements) to load iPXE, which in turn boots an operating system.

https://github.com/ipxe/shimdemo

Two articles on how to update your platform firmware

June 24, 2018 ~ hucktech ~ Leave a comment

Mac and Windows uses:

https://lifehacker.com/how-to-update-your-bios-to-protect-against-vulnerabilit-1826423812

Ubuntu Linux users:

https://help.ubuntu.com/community/BIOSUpdate

NVIDIA Graphics Firmware Update Tool for DisplayPort Displays

June 24, 2018 ~ hucktech ~ Leave a comment

This appears to be a new public tool, 1.0 release out this month.

I hope NVIDIA also makes a release for Linux, not just Windows.

To enable the latest DisplayPort 1.3 / 1.4 features, your graphics card may require a firmware update. Without the update, systems that are connected to a DisplayPort 1.3 / 1.4 monitor could experience blank screens on boot until the OS loads, or could experience a hang on boot. The NVIDIA Firmware Updater will detect whether the firmware update is needed, and if needed, will give the user the option to update it. […]

http://www.nvidia.com/object/nv-uefi-update-x86.html

Two Peerlyst firmware security resources

June 24, 2018 ~ hucktech ~ Leave a comment

Help us build out a career guide for learning #firmwaresecurity https://t.co/027sFCsRGg

— Claus Cramon Houmann (@ClausHoumann) March 17, 2018

https://www.peerlyst.com/posts/friday-career-how-to-become-a-firmware-security-specialist-peerlys

A new @Peerlyst wiki on #hardwaresecurity and #firmwaresecurity for you to enjoy or add more to. #cybersecurity https://t.co/duprFrdZin

— Peerlyst (@Peerlyst) June 18, 2018

https://www.peerlyst.com/posts/the-hardware-security-and-firmware-security-wiki-peerlyst

Mr. Crowbar – framework to reverse binary file formats

June 24, 2018 ~ hucktech ~ Leave a comment

Kindof reminds me of Scapy for binary file formats!

If you don't mind Python I made a toolkit which might be close to what you're after https://t.co/o1gfLTVuBx

— @moralrecordings@digipres.club (@moralrecordings) June 22, 2018

Mr. Crowbar is a Django-esque model framework that makes it super easy to work with proprietary binary formats while reverse engineering. File formats are described with Python classes that allow ORM-like free modification of structures and properties, which in turn can be validated and converted back to the binary equivalent at any time. The eventual goal is to provide a library for storing file format information that retains the readability of a text file, while providing instant read/write support for almost no cost.[…]

doc/source/_static/mrcrowbar.png

arm_now: QEMU-based tool to setup VMs for security research

June 24, 2018 ~ hucktech ~ Leave a comment

arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose. https://t.co/03mmx9G4YM

— Frank ⚡ (@jedisct1) June 23, 2018

arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose.

https://github.com/nongiach/arm_now

Alt Text

RE-Canary: Detecting Reverse Engineering with Canary Tokens

June 23, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/qrs/status/1010259931373633538

https://twitter.com/qrs/status/1010541545638985729

Uploaded slides for my RE-Canary talks https://t.co/ubAYFS1LKf was submitted to black hat but got rejected so here it is (for free)

— Collin Mulliner (@collinrm) June 22, 2018

Click to access Detecting_Reverse_Engineering_with_Canaries_CanSecWest2018.pdf

https://www.mulliner.org/blog/blosxom.cgi/security/re_canary.html

http://www.mulliner.org/collin/

hwloc – tool to discover hardware resources

June 23, 2018 ~ hucktech ~ Leave a comment

The OpenMPI project has a tool called hwloc that helps identify hardware, useful beyond parallel/high-performance computing. It even generates ASCII artwork!

Re: Intel hyper-threading security issues: Posted by Peter Kjellström on Jun 23… … This is sliding OT a bit I guess, but may I suggest the fairly mature hwloc (used by many projects in need of numa/core/smt topology): https://t.co/4JxQGotTuM $ lstopo… https://t.co/B8DIRbXlym

— Open Source Security mailing list (@oss_security) June 23, 2018

#hwloc 2.0.0 released, brings better support for hybrid and non-volatile memories, as well as lots of API cleanups. Lots of goodies for improved #hardware #locality on your #HPC platforms. https://t.co/xuFPE0cAnL https://t.co/SdZIMzG3cq

— Brice Goglin (@bgoglin) February 5, 2018

Did you know #hwloc may export #topology in #ASCII art?
$ lstopo -.txthttp://t.co/5F6ryskaRJ pic.twitter.com/S78aneXmGv #HPC via @bgoglin

— HPC Guru (@HPC_Guru) April 21, 2015

Great article from @daschl describes how to discover hardware architecture in Rust (@rustlang) using hwloc library: https://t.co/L2rZjmj1v0

— David Beck (@dbeck74) May 7, 2016

http://nitschinger.at/Discovering-Hardware-Topology-in-Rust/

The Hardware Locality (hwloc) software project aims at easing the process of discovering hardware resources in parallel architectures. It offers command-line tools and a C API for consulting these resources, their locality, attributes, and interconnection. hwloc primarily aims at helping high-performance computing (HPC) applications, but is also applicable to any project seeking to exploit code and/or data locality on modern computing platforms.

https://www.open-mpi.org/projects/hwloc/

https://github.com/open-mpi/hwloc

https://www.open-mpi.org/projects/hwloc/doc/v2.0.1/

Sample hwloc output

Quarks In The Shell – Episode IV

June 22, 2018 ~ hucktech ~ Leave a comment

[BLOG] Quarks In The Shell – Episode IV https://t.co/fKgmripWuk About obfuscation and Epona, IRMA and malware analysis at scale, automation and tooling in vulnerability research, hardware attacks on IoT devices, "computers" hiding under the hood of cars.

— quarkslab (@quarkslab) June 22, 2018

[…]One may need dedicated tools, like a debugger for a firmware or a baseband, or a disassembler to be able to read the instructions properly.[…]

https://blog.quarkslab.com/quarks-in-the-shell-episode-iv.html

ApfsSupportPkg – Open source apfs.efi loader based on reverse-engineered Apple’s ApsfJumpStart driver

June 22, 2018 ~ hucktech ~ Leave a comment

Apple has a new file system, APFS. This causes Hackintosh people lots of grief. There are lots of Apple APFS binaries online, and now there’s this:

https://github.com/acidanthera/ApfsSupportPkg

Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware. Gives ability to use native ApfsJumpStart driver from Apple firmware

Credits:
cugu for awesome research according APFS structure
CupertinoNet and Download-Fritz for Apple EFI reverse-engineering
vit9696 for codereview and support in the development
savvas

cPlusPkg: UEFI BIOS C++ package

June 22, 2018 ~ hucktech ~ Leave a comment

https://github.com/open-workspace/uefi-bios

uefi-bios C++ package

CERT speculative execution wiki

June 22, 2018 ~ hucktech ~ Leave a comment

https://vuls.cert.org/confluence/display/Wiki/Vulnerabilities+Associated+with+CPU+Speculative+Execution

Created by Will Dormann, last modified by Art Manion on 2018-06-19

Vincent to keynote Open Source Firmware Conference

June 22, 2018June 22, 2018 ~ hucktech ~ Leave a comment

Vincent has a new blog post out, with lots of photos of legacy (pre-UEFI) hardware, and various news items, such as:

[…]Following on the spirit of openness, I was honored to be invited to keynote the upcoming open source firmware summit https://osfc.io/. The landing page for my talk will be https://osfc.io/talks/keynote. This should follow the arc on reducing friction and providing transparency for host firmware development.[…]

http://vzimmer.blogspot.com/2018/06/system-firmware-past-present-future.html