Author: hucktech
TPM2-UEFI: TCTI module for use with TSS2 libraries in UEFI environment
https://github.com/flihp/tpm2-uefi
This is an implementation of a TCTI module for use with the TCG TPM2 Software Stack (TSS2) in the UEFI environment. This library is built as a static archive libtss2-tcti-uefi.a suitable for linking with UEFI applications.
Bochspwn Reloaded
Bochspwn Reloaded is an instrumentation module for the Bochs IA-32 emulator, similar to the original Bochspwn project from 2013. It performs taint tracking of the kernel address space of the guest operating systems, to detect the disclosure of uninitialized kernel stack/heap memory to user-mode and other data sinks. It helped us identify over 70 bugs in the Windows kernel, and more than 10 lesser bugs in Linux in 2017 and early 2018.
binja-i8086: 16-bit x86 architecture pluginfor Binary Ninja
If you use Binary Ninja and have to look at 8086 binaries, here’s a new plugin that should help:
https://github.com/whitequark/binja-i8086/
2 TPM vulnerabilities: CVE-2018-6622 and CVE-2017-16837
x41-smartcard-fuzzing and qsym
Two new fuzzers, one with more symbolic execution features!
https://github.com/x41sec/x41-smartcard-fuzzing
USBHarpoon Is a BadUSB Attack with A Twist
PCILeech 3.5 released
Intel: efiwrapper, library which simulates a UEFI firmware implementation
EfiWrapper is a library which simulate a UEFI firmware implementation. Its first purpose is to run a subset of the Kernelflinger OS loader to run in a non-UEFI environment.
https://github.com/intel/efiwrapper
Created about 2 years ago. Recently updated.
Intel-microcode has license that prevents redistribution
In case technical issues weren’t enough, the lawyers at Intel have apparently made it more difficult for some open source operating systems to use the latest Intel microcode.
https://twitter.com/stevelord/status/1031819787431804928
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158
https://bugs.gentoo.org/664134
PS: AMD is apparently still blocked at technical issues:
android-efi: x86 bootloader
android-efi is a simple x86 EFI bootloader for Android™ boot images. It accepts the partition GUID and/or path of an Android boot image on the command line, loads the kernel, ramdisk and command line and finally hands over control to the kernel.
No SGX on Intel Android
An Intel response to a question about SGX support on Celadon (Intel’s flavor of Android, tuned for Intel systems):
“By now there is no plan to support SGX for Android. Hope it clarifies.”
https://lists.01.org/pipermail/celadon/2018-August/001280.html
_Three_ Lenovo rootkit variants?
https://tcsltesting.blogspot.com/2018/08/three-lenovo-rootkit-versions.html
From Thompson Cyber Security Labs: https://armor.ai/
Manufacturers analyzed: {‘Toshiba’, ‘Acer’, ‘Lenovo’, ‘Asrock’, ‘Desenvolvida por Positivo Informatica SA’, ‘Razer’, ‘Clevo’, ‘American Megatrends Inc./Advantech’, ‘American Megatrends Inc.’, ‘LG Electronics’, ‘Dell’, ‘ASUSTeK’, ‘Gygabyte’, ‘Intel’, ‘Sony’, ‘Hewlett-Packard’, ‘Apple Inc.’}
Total firmware analyzed: 550
Total firmware with portable executables analyzed: 515
Total portable executables analyzed: 131289
Total portable executables triggering one heuristic: 20964
Total portable executables triggering more than one heuristic: 3178
Average portable executables per ROM: 254
Average portable executables triggering heuristic per ROM: 40
Average portable executables triggering more than one heuristic per ROM: 6
A Universal Windows Bootkit: An analysis of the MBR bootkit referred to as “HDRoot”
barbie’s notes – Firmware 101: Extracting the Firmware
https://twitter.com/barbieauglend/status/1030868222701174784
Extracting the Firmware
In the last post, we discussed how to find important information about how to communicate with the device’s. In this post, we are going to describe the standard approch of getting the code we want to reverse and use the information we collected before.[…]
Dependencies – An open-source modern Dependency Walker for Windows
Haven and evil maids
https://github.com/guardianproject/haven
https://play.google.com/store/apps/details?id=org.havenapp.main
https://guardianproject.github.io/haven/
https://irishtechnews.ie/dealing-with-evil-maid-exploits-and-how-to-protect-your-company/
Dealing with Evil Maid exploits and how to protect your company.
Giulio D’Agostino
August 18, 2018
CyberSecurityMalwareSecurity
An Evil Maid assault is when a device has physically tampered without the device owner’s knowledge. Evil Maid attacks where a bootloader has been installed onto the victim’s computer which defeats full disk encryption. Now, however, thanks to solutions like Edward Snowden’s new Android program, which is called Haven, people can help prevent Evil Maid strikes and protect their devices from physical tampering while they’re not present.[…]This program is vital for those that have sensitive information on their devices and need extra protection against Evil Maid attacks. […]
Seealso: YONTMA and DoNotDisturb
SpeculationControl: PowerShell script
SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown). For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell script output.[…]
hvpp: lightweight C++ Intel x64/VT-x hypervisor for Windows
NVMe Firmware: I Need Your Data
[…]The NVMe ecosystem is pretty new, and things like “what version number firmware am I running now” and “is this firmware OEM firmware or retail firmware” are still queried using vendor-specific extensions. I only have two devices to test with (Lenovo P50 and Dell XPS 13) and so I’m asking for some help with data collection. Primarily I’m trying to find out what NMVe hardware people are actually using, so I can approach the most popular vendors first (via the existing OEMs). I’m also going to be looking at the firmware revision string that each vendor sets to find quirks we need — for instance, Toshiba encodes MODEL VENDOR, and everyone else specifies VENDOR MODEL.[…]
Firmware Security 
You must be logged in to post a comment.