Author: hucktech

MASCAB: a Micro-Architectural Side-Channel Attack Bibliography

~ hucktech ~ Leave a comment

https://twitter.com/rspreitzer_/status/858310012317335552

MASCAB: a Micro-Architectural Side-Channel Attack Bibliography
Cryptography is a fast-moving field, which is enormously exciting but also quite challenging: resources such as the IACR eprint archive and CryptoBib help, but even keeping track of new results in certain sub-fields can be difficult, let alone then making useful contributions. The sub-field of micro-architectural side-channel attacks is an example of this, in part as the result of it bridging multiple disciplines (e.g., cryptography and computer architecture). I’ve found this particularly challenging (and so frustrating) over say the last 5 years; the volume of papers has expanded rapidly, but the time I’d normally allocate to reading them has been eroded by other commitments (as evidenced by a pile of printed papers gathering dust on my desk). In the end, I decided to tackle this problem by progressively a) collating papers I could read, then b) reading them one-by-one, but in no particular order, and attempting to summarise their contribution (and so organise the sub-field as a whole in my head). MASCAB is the result: after starting to advise MSc and PhD students on how to navigate the sub-field, it seems likely to be of use to others as well.[…]

https://github.com/danpage/mascab/

PCILeech 2.0 released

~ hucktech ~ Leave a comment

https://github.com/ufrisk/pcileech

 

lk-reducer: Linux Kernel reducer

~ hucktech ~ Leave a comment

[…]Enter the Linux Kernel reducer, or lk-reducer for short. This tool helps avoid some of the problems we have discussed thus far. It works by monitoring file system access while building the Linux kernel. (By no means is its utility limited to the Linux Kernel, but it is simply where we found a need.) This is possible because providing the Linux Kernel source code is a legal requirement under the Linux GNU Public License (LGPL). By monitoring the build process, we are able to determine which files from within the source tree have been used to build the final kernel image. Some files will inevitably not get used and thus we can determine that they are not needed. Therefore, they can be eliminated from review during a source code audit. This saves time during both manual and automated source code reviews. The current incarnation of the tool is a slight modification of an implementation by Jann Horn. The first incarnation consisted of using strace(1) and a bunch of shell scripts to monitor calls to the open(2) system call. Jann developed his version around the Linux inotify subsystem. His implementation is much more clean and performant. My only modifications were to let the user decide how to process the monitoring results based on a data file. The tool generates a file called “lk-reducer.out” that shows whether each file was Accessed, Untouched, or Generated. Let us see it in action![…]

http://www.droidsec.org/blogs/2017/05/22/a-simple-tool-for-linux-kernel-audits.html

ltmdm64_poc

~ hucktech ~ Leave a comment

https://twitter.com/vpikhur/status/866881935477399552

Windows 7 SP1 x64 Code Integrity Bypass POC using ltmdm64.sys
Bug was found in ltmdm64.sys!DriverEntry driver incorrectly uses RtlQueryRegistryValues API it also lacks security cookies across entire binary except GsDriverEntry function. This PoC was created back in 2014 and submitted later to MSRC they were not able to located the driver authors but also didn’t take any action on fixing the problem. ltmdm64.sys is shipped since Windows Vista and present in digitally signed catalog files. This PoC is detected by Windows Defender as Exploit:Win64/Ropero.A

https://github.com/int0/ltmdm64_poc

 

SSD drive vulnerabilities

~ hucktech ~ Leave a comment

SSD Drives Vulnerable to Attacks That Corrupt User Data
By Catalin Cimpanu
NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called “programming vulnerabilities” that can be exploited to alter stored data or shorten the SSD’s lifespan. During the past few years, SSDs have slowly replaced classic disk-based HDDs as […]

https://www.bleepingcomputer.com/news/hardware/ssd-drives-vulnerable-to-attacks-that-corrupt-user-data/

ATM machines and firmware security

~ hucktech ~ Leave a comment

An article from the ATM industry on BIOS:

ATM malware attacks: Head them off at the BIOS
May 19, 2017 | by Suzanne Cluckey

[…][Our concern] as a control company is making sure that the network vulnerabilities are sealed up … we continue to see attacks on the BIOS. Finding a toolset that allows you to change the password, change the settings and secure the BIOS of those machines is important to a lot of those customers.[…]

 

https://www.atmmarketplace.com/articles/atm-malware-attacks-head-them-off-at-the-bios/

IBM Monacle and PowerVM firmware updates

~ hucktech ~ Leave a comment

[…]Under the Hood of Power Firmware Maintenance

The Service Processor of the server is running an embedded operating system with complex power firmware applications running on it; one of which is an application responsible for handling code updates. […]

https://www.ibm.com/developerworks/community/wikis/home?lang=en_us#!/wiki/Power%20Systems/page/Monocle%20Patch%20Management

AWS CloudHSM firmware updates

~ hucktech ~ Leave a comment

[…]In this post, I demonstrate how to update your current CloudHSM devices and client instances so that you are using the most current versions of software and firmware. If you contact AWS Support for CloudHSM hardware and application issues, you will be required to update to these supported versions before proceeding. Also, any newly provisioned CloudHSM devices will use these supported software and firmware versions only, and AWS does not offer “downgrade” options.[…]

https://aws.amazon.com/blogs/security/how-to-update-aws-cloudhsm-devices-and-client-instances-to-the-software-and-firmware-versions-supported-by-aws/

 

Dell Inspiron 20-3052 BIOS update concerns

~ hucktech ~ Leave a comment

If you have this Dell, be careful about the current update, multiple users have the problem. Quoting the Register article:

As one forum wag noted: “Some send out ‘WannaCry’, others send out BIOS upgrades”.

https://www.theregister.co.uk/2017/05/18/dell_bios_update_borks_pcs/

http://en.community.dell.com/support-forums/desktop/f/3514/t/20012309?pi21953=1

http://en.community.dell.com/support-forums/desktop/f/3514/p/19435778/20050222

PS: These are nice references from Dell’s support wiki:

http://en.community.dell.com/support-forums/desktop/w/desktop/3624.beep-codes-and-psa-diagnostic-chart

http://en.community.dell.com/support-forums/desktop/w/desktop/3634.extremely-long-psa-code-chart

 

SiFive Coreplex IP for RISC-V

~ hucktech ~ Leave a comment

RISC-V is a free and open instruction set architecture based on modern design techniques and decades of computer architecture research. With over 60 member companies and a robust software ecosystem, RISC-V is set to be the standard architecture in all modern computing devices, from 32-bit embedded microcontrollers to 64-bit application processors and datacenter accelerators and beyond. SiFive Coreplex IP are the most widely deployed RISC-V cores in the world and are the lowest risk, easiest path to RISC-V. SiFive Coreplex IP are fully synthesizable and verified soft IP implementations that scale across multiple design nodes, making them ideal for your next SoC design.

https://www.sifive.com/products/coreplex-risc-v-ip/

 

Textplained

~ hucktech ~ Leave a comment

“On its brand new online store, French start-up Texplained (Valbonne, France) presents itself as the leading expert in the reverse engineering and security analysis of integrated circuits. The company aims to review every major IC on the market to create a library of detailed information and analysis about IC hardware from leading chip manufacturers.[…]”

http://www.smart2zero.com/news/hacking-secure-chips-common-good

http://www.texplained.com/texplained