Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Re: https://firmwaresecurity.com/2015/12/30/brainfuck-for-efi/
There’s a second Brainfuck for UEFI, this one with JIT support:
https://github.com/m4tx/uefi-jitfuck
https://github.com/m4tx/uefi-jitfuck/releases
https://gitlab.com/oytunistrator/uefi-jitfuck (a fork of above, I believe)
(T
https://twitter.com/coolstarorg/status/1028677996578660352
Everything we know about Campfire, Google’s secretive project to get Windows 10 running on Chromebooks.[…]
https://www.xda-developers.com/chromebooks-chrome-os-windows-10-dual-boot-apple-boot-camp-campfire/
Update: there’s also a UEFI one here:
Click to access DC26_UEFI_EXPLOITATION_MASSES_FINAL.pdf
https://twitter.com/campuscodi/status/1028720894762524674
https://media.defcon.org/DEF%20CON%2026/
https://www.blackhat.com/us-18/briefings/schedule/index.html
Hmm, I don’t see presentations for BSidesLV yet:
“Scout” is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios, such as:
Collecting information on the address space of the debuggee – recon phase and exploit development
Exploring functionality of the original executable by accessing and executing selected code snippets
Adding and testing new functionality using custom debugger instructions
We have successfully used “Scout” as a debugger in a Linux Kernel setup, and in an embedded firmware research, and so we believe that it’s extendable API could prove handy for other security researchers in their research projects.
ApfsDriverLoader
Open source apfs.efi loader based on reverse-engineered Apple’s ApfsJumpStart driver
Loads apfs.efi from ApfsContainer located on block device.
Apfs driver verbose logging suppressed.
Version system: connects each apfs.efi to the device from which it was retrieved
Supports AppleLoadImage protocol provides EfiBinary signature check
WARNING: Please load AppleLoadImage.efi right before ApfsDriverLoader, or just put it inside drivers64uefi folder of your Clover bootloader
AppleLoadImage
Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware.
It provides safe EFI binary loading into memory by verifiyng it’s signature.
Also gives ability to use native ApfsJumpStart driver from Apple firmware
WARNING: ApplePartitionDriver needed
AppleDxeImageVerificationLib
This library provides reverse-engineered Apple’s crypto signature algorithms.
https://twitter.com/FireEye/status/1027219284152541184
Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace, the exploitation of the classic BIOS boot process is still very much a threat to enterprises around the world. Furthermore, since malware that tampers with the boot process (aka bootkits) execute before the operating system, such compromises often persist even after incident responders think the incident has been remediated. This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.[…]
Re: https://firmwaresecurity.com/2018/06/13/copperheados-and-androidhardening-project/
https://twitter.com/DanielMicay/status/1028402254703820800
Hardware-based attestation app for select Android devices. It can do either local verification with another Android device via QR code or scheduled server-based verification. It primarily relies on Trust On First Use using the hardware-backed keystore and key attestation. The initial unpaired verification relies on key attestation root.
https://github.com/AndroidHardening/Auditor/releases/tag/1
https://github.com/AndroidHardening/Auditor
https://play.google.com/store/apps/details?id=app.attestation.auditor
utk: generic UEFI tool kit meant to handle rom images. Usage:
utk parse <rom-file>
utk extract [–force] <rom-file> <directory-to-extract-to>
utk assemble <directory-to-extract-to> <out-rom-file>
fmap: parses flash maps. Usage:
fmap checksum [md5|sha1|sha256] FILE
fmap extract i FILE
fmap jget JSONFILE FILE
fmap jput JSONFILE FILE
fmap summary FILE
fmap usage FILE
fmap verify FILE
Click to access iot_risk_workshop_agenda.pdf
NIST’s Cybersecurity for IoT Program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale. This workshop will help the program through the development of the Cybersecurity for IoT Program and Privacy Engineering Program’s publication on an introduction to managing IoT cybersecurity and privacy risk for federal systems. This will include work to date identifying typical differences in cybersecurity and privacy risk for IoT systems versus traditional IT systems, considerations for selecting and using technical controls to mitigate IoT cybersecurity and privacy risk, and basic cybersecurity and privacy controls for manufacturers to consider providing in their IoT products. A pre-read document has been posted to help guide conversation.
The Register has a bit of background on BMC attacks, based on the recent presentation at Blackhat:
https://twitter.com/nicowaisman/status/1027944454781632513
https://www.blackhat.com/us-18/briefings/schedule/#the-unbearable-lightness-of-bmcs-10035
https://www.theregister.co.uk/2018/08/10/data_center_hacking/
HALO is a new boot loader for a project I’m not yet familiar with. A related new project from the same author first caught my eye, a UEFI app template that uses an interesting build project, including Rake and LLVM.
https://github.com/neri/uefi-hello
In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!
So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):
A BASIC interpreter for UEFI.
Last week, Google updated the documentation on the Android boot flow and Verified Boot:
https://source.android.com/security/verifiedboot/
https://source.android.com/security/verifiedboot/verified-boot
https://source.android.com/security/verifiedboot/boot-flow
See tweet:
Nice to see that Microsoft has open-sourced Detours!
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Firmware Security 
You must be logged in to post a comment.