Author: hucktech

Lecture: Modchips of the State: Hardware implants in the supply-chain

~ hucktech ~ 1 Comment

https://twitter.com/qrs/status/1072141831620755457

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

We don’t know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9597.html

35c3 Chaos West : 9 out of 10 x86_64 firmware vendors will hate this talk!

~ hucktech ~ Leave a comment

9 out of 10 x86_64 firmware vendors will hate this talk!

We’ll give a short introduction what you might find in your machines firmware and tell the story of two hackers that magically found tens of thousands x86_64 firmware images in their backyard as well as their journey to explore common configuration fuckups, update frequencies and potential security risks.

https://fahrplan.chaos-west.de/35c3chaoswest/talk/7ZSFL9/

https://fahrplan.chaos-west.de/35c3chaoswest/talk/

(Let’s hope the publish this repository of images….)

Drill Apple Core: Up and Down – Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit

~ hucktech ~ Leave a comment

https://www.blackhat.com/eu-18/briefings/schedule/index.html#drill-apple-core-up-and-down—fuzz-apple-core-component-in-kernel-and-user-mode-for-fun-and-profit-12923

Click to access eu-18-Wu-Drill-Apple-Core.pdf

VmcsAuditor – A Bochs-Based Hypervisor Layout Checker

~ hucktech ~ Leave a comment

https://rayanfam.com/topics/vmcsauditor-a-bochs-based-hypervisor-layout-checker/

https://github.com/SinaKarvandi/VMCS-Auditor

VMCS Auditor

CVE-2018-12155, INTEL-SA-00202: Intel Integrated Performance Primitives advisory

~ hucktech ~ Leave a comment

Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 12/05/2018

A potential security vulnerability in Intel® IPP may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Intel recommends that users of Intel® IPP update to 2019 update1 or later. Updates are available for download […]  Intel would like to thank an Wichelmann (Universität zu Lübeck), Ahmad Moghimi (Worcester Polytechnic Institute), Thomas Eisenbarth (Universität zu Lübeck) and Berk Sunar (Worcester Polytechnic Institute) for reporting this issue and working with us on coordinated disclosure.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12155

https://software.intel.com/en-us/intel-ipp

https://software.intel.com/en-us/ipp-dev-reference

MNT Reform DIY Laptop: A free and open source modular computing platform

~ hucktech ~ Leave a comment

MNT Reform DIY Laptop
A free and open source modular computing platform
Goals: Security, Transparency, Hackability — All power to the user!
Thoroughly understand it on the electrical, mechanical and software levels
Take it apart, modify and upgrade it without regret
Repair it yourself with simple 3D printed parts and the hardware store
Reclaim your privacy and security: No microphone, camera or management engine

https://mntmn.com/reform/

https://www.crowdsupply.com/mnt/reform/updates/prototype-unboxing-videos

https://blog.hackster.io/mnt-reform-a-modular-open-source-diy-arm-based-laptop-3fdcb901e830

Formal Verification of RISC-V cores with riscv-formal

~ hucktech ~ Leave a comment

Learn how to use formal Assertion Based Verification (ABV) and open-source tools to formally verify HDL designs, and how to use the properties and formal test benches in the riscv-formal framework to formally verify RISC-V cores with ease. This tutorial is aimed specifically at HDL design engineers without in-depth knowledge of formal methods who want to add formal ABV to their verification toolbox.

http://www.clifford.at/papers/2018/riscv-formal/

https://tmt.knect365.com/risc-v-summit/agenda/1#track-1_formal-verification-of-risc-v-processor-implementations-space-limited

https://github.com/SymbioticEDA/riscv-formal

Making Sure A Heterogeneous Design Will Work

~ hucktech ~ Leave a comment

Why the addition of multiple processing elements and memories is causing so much consternation. An explosion of various types of processors and localized memories on a chip or in a package is making it much more difficult to verify and test these devices, and to sign off with confidence.[…]

Making Sure A Heterogeneous Design Will Work

IBM: Let’s Not Speculate: Discovering and Analyzing Speculative Execution Attacks

~ hucktech ~ Leave a comment

[…]We plan to release our tool, SPECULATOR , which we used
to investigate speculative execution behavior, as open source.[…]

Speculative execution attacks exploit vulnerabilities at a CPU’s microarchitectural level, which, until recently, remained hidden below the instruction set architecture, largely undocumented by CPU vendors. New speculative execution attacks are released on a monthly basis, showing how aspects of the so-far unexplored microarchitectural attack surface can be exploited. In this paper, we generalize speculative execution related attacks and identify common components. The structured approach that we employed helps us to identify potential new variants of speculative execution attacks. We explore one such variant, SPLITSPECTRE, in depth and demonstrate its applicability to a real-world scenario with the SpiderMonkey JavaScript engine. Further, we introduce SPECULATOR, a novel tool to investigate speculative execution behavior critical to these new microarchitectural attacks. We also present our findings on multiple CPU platforms.

https://domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/d66e56756964d8998525835200494b74!OpenDocument&Highlight=0,RZ3933

Dynetics: seeks Weapons System Analysis, Hardware and Embedded Firmware

~ hucktech ~ Leave a comment

This is new kind of role for the new cyberwar era. I wish Consumer Reports was doing likewise for consumer devices.

Weapon System Analysis – Hardware and Embedded Firmware

Job responsibilities/focus areas include:

Embedded hardware and firmware characterization and vulnerability analysis of foreign weapon systems including missiles and radars.

Reversing Huawei router firmware, part 5

Zephyr Project: MCUboot Security Part 1

~ hucktech ~ 1 Comment

MCUboot Security Part 1
By Zephyr Project
November 28, 2018

Zephyr Project member David Brown, a Senior Engineer with Linaro Ltd., shares the best practices for security in this blog post, which first ran on Brownian Motion.

This is the first in what I hope to be a series of posts about the MCUboot bootloader from a security perspective. Please note that although I work in security, I am by no means a cryptographer. I appreciate any feedback on any and all flaws in my analysis. The MCUboot Project is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables easy software upgrade. The essential problem that MCUboot seeks to solve is how to allow firmware updates, while still maintaining some kind of integrity and control over what firmware can be run on the device. The easiest way to prevent unauthorized firmware from running on a device is to configure the flash to be immutable. Unfortunately, this prevents potential security updates (as well as functionality improvements). MCUboot solves this by itself being a small amount of code that can be placed in an immutable section of flash. It then can verify the main code before allowing it to execute, as well as control updates to that code. MCUboot is configurable, and these configuration choices affect the security promises that MCUboot is able to make.[…]

https://www.zephyrproject.org/mcuboot-security-part-1/

https://www.davidb.org/post/mcuboot-security-1/

https://mcuboot.com/

 

Intel: using SGX to improve blockchain security

~ hucktech ~ Leave a comment

Intel has a new post about using SGX to help with blockchain security.

https://itpeernetwork.intel.com/blockchain-intel-sgx/

https://www.intel.com/content/www/us/en/security/blockchain-overview.html

Wow, blockchain-based thinking is one thing I don’t want to see to have any part of my firmware. I wish I could wake up and blockchain would just end up being a bad dream about some snake oil.

2 possible ASUS UEFI malware issues?????

~ hucktech ~ Leave a comment

Two threads on ASUS issues that might be malicious, but will probably end up to be other kinds of defects. Sorry, no better summary of the issues:

Tecj nightmare
byu/Champtastic1 intechsupport

https://tcsltesting.blogspot.com/2018/11/asus-uefi-rootkit.html