More info:
https://www.youtube.com/watch?v=yr56SaJ_0QI
Month: April 2020
New Fuzzing mailing list
No Starch Press: The Hardware Hacking Handbook (ETA: July 2020)
The Hardware Hacking Handbook
by Colin O’Flynn and Jasper van Woudenberg
July 2020 (Estimated), 300 pp.
The Hardware Hacking Handbook is a deep dive into hardware attacks on embedded systems, perfect for anyone interested in designing, analyzing, and attacking devices. You’ll start with a crash course in embedded systems and threats to them, as well as hardware interfaces and how to set up a test lab, all while learning invaluable theoretical background. Real-life examples and hands-on labs throughout allow you to explore hardware interfaces and complete various side channel or fault attacks on real devices. You’ll learn fault injection attacks and methods like voltage glitching, clock glitching, and optical and electromagnetic fault injection, side channel power analysis, and differential fault analysis.
WindowsHwAccess: Windows Driver for Hardware and ACPI Access
Roughly like the kernel mode driver that CHIPSEC uses. With ACPI-parsing code. And Windows-centric.
firmware_variables: Python library for controlling UEFI variables in Windows
A new Python library, Windows-centric, for UEFI variables manipulation.
OpenBMC: BMC network security audit tool
The OpenBMC project has a new security tool!
Purpose: Provide shell scripts to expose security aspects of an operational OpenBMC system from the point of view of an agent on the BMC’s management network trying to get access. The intended use is to provide information needed to audit the BMC’s interfaces, not to perform a security test. For example, the script detects if the BMC rejects TLS 1.1 and accepts TLS 1.2. The primary value the scripts provide is a starting point for what to look at, how to get the information, and where to learn more.
See the last 2 lines of current script, they are looking for some help.
Script: https://lists.ozlabs.org/pipermail/openbmc/2020-April/021186.html
More info: https://github.com/openbmc/openbmc
os-indications: tool for setting the OsIndications UEFI variable
This small utility when run will set the OsIndications UEFI variable for booting into firmware setup.
RTFM (it has a manpage!):
https://gitlab.com/JohnoKing/os-indications/-/blob/master/os-indications.8
https://gitlab.com/JohnoKing/os-indications
see-also:
https://blog.fpmurphy.com/2016/04/uefi-os-indication-variables.html
Intel blogged on OsIndications, but they changed their site and the post is apparently is no longer available:
https://software.intel.com/en-us/firmware/library/using-os-indications-uefi
NatEFI – my personal C++ UEFI application development library
Another UEFI dev environment.
This is my header library for C++17 trying to be UEFI 2.8 compliant. Can’t guarantee anything. You’re probably better off using any other header set. Also you need LLVM to build the example/test. This thing is just straight copying information from the UEFI specification, so you’re free to do anything you want to do with the header file. Just don’t take credit for creating it or something.
OWASP IoTGoat: deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices
Hardware Debugging for Reverse Engineers Part 2: JTAG, SSDs and Firmware Extraction
Android Booting Shenanigans
If you are interested in the Android boot process, this is helpful:
Canadian Centre for Cyber Security: Cyber Centre Data Centre Virtualization Report: Best Practices for Data Centre Virtualization
Canada has published security guidance, which includes a bit of firmware security.
Firmware Security 