awesome-embedded-and-iot-security: Awesome List on embedded and IoT security.

From the makers of the FACT firmware tool:

https://github.com/fkie-cad/awesome-embedded-and-iot-security

See-also: https://github.com/PreOS-Security/awesome-firmware-security and
https://github.com/uefitech/resources and
https://firmwaresecurity.com/2018/11/25/awesome-uefi/ and


7 new security advisories from Intel

The post-DEF CON/Black Hat queue: 🙂

Intel® Computing Improvement Program Advisory
INTEL-SA-00283
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html

Intel® Processor Identification Utility for Windows* Advisory
INTEL-SA-00281
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html

Intel® Remote Displays SDK Advisory
INTEL-SA-00277
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html

Intel® Driver & Support Assistant Advisory
INTEL-SA-00276
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html

Intel® Authenticate Advisory
INTEL-SA-00275
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html

Intel® NUC Advisory
INTEL-SA-00272
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html

Intel® RAID Web Console 2 Advisory
INTEL-SA-00246
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html

new zine: Paged Out!

https://pagedout.institute/

https://pagedout.institute/download/PagedOut_001_beta1.pdf

See-also: related zines like Phrack and POC||GTFO.

Firmware_Slap: Discovering vulnerabilities in firmware through concolic analysis and function clustering

Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools.

https://github.com/ChrisTheCoolHut/Firmware_Slap

Firmware Slap

Platform Security Summit ‏ 2019 date set

The Platform Security Summit for 2019 will be in Redmond, WA (West Coast). Last year it was in Fairfax, VA (East Coast). I’m guessing there’ll be more talks from Microsoft this year. 🙂

The web site still talks about the 2018 event, the above tweet is the only “CFP” I have yet seen for the 2019 event.

Videos from last year:

https://www.platformsecuritysummit.com/2018/videos/

ARM: The Security Arms Race on Devices

Sitel Amin of ARM has a new blog post about ARM-based mobile security technologies:

We are in the middle of a security arms race on devices. It is a never-ending cycle where hackers will think of new ways to find vulnerabilities and where we in the industry constantly try to stay one step ahead with innovations that lead to better and stronger security. […]

https://community.arm.com/developer/ip-products/security/b/security-ip-blog/posts/security-on-devices

BlackHat 2019 USA presentations starting to become available…

Some BlackHat presentations are starting to become available to the public:

https://www.blackhat.com/us-19/briefings/schedule/

Not yet on: https://www.blackhat.com/html/archives.html

Android_Universal: Android Universal Boot Rooting Toolkit

Boot to root 🙂 Converts stock boot images and adds hidden root (accessible via netcat session), patches selinux and adds adb. Tested with Android 4.x – 9.x.

https://github.com/bkerler/android_universal

oreboot: a fork of coreboot, with C removed, written in Rust

https://github.com/oreboot/oreboot

oreboot is a downstream fork of coreboot, i.e. oreboot is coreboot without ‘c’. oreboot will only target truly open systems requiring no binary blobs. oreboot is mostly written in Rust, with assembly where needed. oreboot currently only plans to support LinuxBoot payloads.

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

Hmm, I can’t find the source code, just a blog and a PDF. Maybe I missed it…

[…] To help security researchers, we have developed LLDBFuzzer, which is based on the LLVM Project’s next-generation debugger called Low Level Debugger (LLDB). We tested LLDBFuzzer on a MacPro’s AMD graphic drivers. These drivers are used to accelerate and optimize 2D, 3D and video rendering, and they contain many interfaces that the user space can access; these features make them a good target for LLDBFuzzer. LLDB is not suitable for debugging low-level kernel components, but it can debug almost all the kernel extensions and XNU codes after the required hardware is operational. Based on these features, this is the novel fuzzing architecture of LLDBFuzzer […]

https://blog.trendmicro.com/trendlabs-security-intelligence/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script/

Figure. 1

Dell_PFS_Extract.py: Dell PFS BIOS Extractor

Plato has written a new tool to his collection of BIOS Utilities:

https://github.com/platomav/BIOSUtilities

https://github.com/platomav/BIOSUtilities/tree/master/Dell%20PFS%20BIOS%20Extractor

Inspired from https://github.com/LongSoft/PFSExtractor-RS by Nikolaj Schlej

FWAnalyzer: a tool to analyze filesystem images

Re: https://firmwaresecurity.com/2019/03/27/automating-firmware-security-with-fwanalyzer/

The main idea of FwAnalyzer is to provide a tool for rapid analysis of filesystem images as part of a firmware security Q&A check suite. FwAnalyzer takes a configuration file that defines various rules for files and directories and runs the configured checks against a given filesystem image. The output of FwAnalyzer is a report, which contains the list of files that violate any of the rules specified in the configuration. The report further contains meta information about the filesystem image and, if configured, information extracted from files within the analyzed filesystem. The report is formatted using JSON so it can be easily integrated as a step in a larger analysis.

https://github.com/cruise-automation/fwanalyzer

https://www.fwanalyzer.io/

fwanalyzer

AMD System Programming manual updated

AMD updated: “AMD64 Architecture Programmer’s Manual Volume 2: System Programming” in July 2019. The last update was back in September 2018. Changes:
3.31 Added CLWB and WBNOINVD details.
Clarified FP error pointer save/restore behavior.
Corrected description of APIC Software Enable functionality.
Clarified canonical address checking behavior.
Clarified fault generation for instructions that cross page or segment boundaries.

https://www.amd.com/system/files/TechDocs/24593.pdf

SecureLayer7: How to Start IoT device Firmware Reverse Engineering

IoT device Firmware Reverse Engineering is a process to understand the device architecture, functionality and vulnerabilities present in the device incorporating different methods. Firmware is a piece of code written for specific hardware to perform different operations and control the device. In this blog, we will learn how to access the file system of a TP-Link Router TL-WR841N.[…]