The Unbearable Lightness of BMC’s

August 11, 2018 ~ hucktech ~ Leave a comment

The Register has a bit of background on BMC attacks, based on the recent presentation at Blackhat:

https://twitter.com/nicowaisman/status/1027944454781632513

https://www.blackhat.com/us-18/briefings/schedule/#the-unbearable-lightness-of-bmcs-10035

https://www.theregister.co.uk/2018/08/10/data_center_hacking/

Microsoft Blackhat speculative execution slides posted

August 11, 2018 ~ hucktech ~ Leave a comment

Slides posted for the #BHUSA presentation by @anders_fogh & @CTurtE on systematizing and mitigating speculative execution side channels vulnerabilities: https://t.co/4OoqLupyRT

— Matt Miller (@epakskape) August 10, 2018

Click to access us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf

HALO: HAribote-os LOader for EFI (and UEFI-Hello)

August 11, 2018 ~ hucktech ~ Leave a comment

HALO is a new boot loader for a project I’m not yet familiar with. A related new project from the same author first caught my eye, a UEFI app template that uses an interesting build project, including Rake and LLVM.

https://github.com/neri/uefi-hello

https://github.com/neri/uefi-hello/blob/master/Rakefile

https://github.com/neri/halo

UEFI_Basic: A BASIC programming language interpreter for UEFI

August 11, 2018 ~ hucktech ~ Leave a comment

In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!

So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):

A BASIC interpreter for UEFI.

https://github.com/logern5/UEFI_Basic

Android boot flow and Verified Boot docs updated

August 10, 2018 ~ hucktech ~ Leave a comment

Last week, Google updated the documentation on the Android boot flow and Verified Boot:

https://source.android.com/security/verifiedboot/

https://source.android.com/security/verifiedboot/verified-boot

https://source.android.com/security/verifiedboot/boot-flow

Google seeks Fall Intern for LinuxBoot

August 10, 2018 ~ hucktech ~ Leave a comment

See tweet:

I am looking for a FALL intern to work on @LinuxBootOrg-related boot security projects at Google this year! (~Oct-Dec, Bay Area) Must be in school, at any level (Bachelor's – PhD). DMs are open.

— chris @hugelgupf@hachyderm.io (@hugelgupf) August 8, 2018

Detours now open source

August 10, 2018 ~ hucktech ~ Leave a comment

Nice to see that Microsoft has open-sourced Detours!

Wasn’t aware of that Detours for x64/ARM64 was open sourced. Could be handy or a good reference implementation to make your own. CC @brucedang https://t.co/dAz6ujxjGA

— Satoshi Tanda (@standa_t) August 10, 2018

https://github.com/Microsoft/Detours

https://github.com/microsoft/Detours/wiki

Rosenbridge: Hardware backdoors in some x86 CPUs

August 10, 2018 ~ hucktech ~ 1 Comment

https://t.co/uCAENAwSdM amazing work by @xoreaxeaxeax from #blackhatusa2018

— Maxim Goryachy (@h0t_max) August 9, 2018

GOD MODE UNLOCKED: hardware backdoors in some x86 CPUshttps://t.co/Ph0IAL0Pyw
White paper coming tomorrow. @BlackHatEvents pic.twitter.com/qhZ1vFI7pL

— domas (@xoreaxeaxeax) August 9, 2018

https://github.com/xoreaxeaxeax/rosenbridge

Eclypsium: Remotely Attacking System Firmware

August 10, 2018 ~ hucktech ~ 1 Comment

At BlackHat, Eclypsium gave a great talk with an overview of platform firmware security threats, focusing on network-based attacks, including poorly-tested OEM firmware update implementations.

Don't miss our presentation "Remotely Attacking System Firmware" with @jessemichael & @HackingThings at #BlackHat2018 tomorrow 1:30pm in South Pacific F: https://t.co/QmDabencJ3 pic.twitter.com/ipZ85gjFVE

— Alex Bazhaniuk (@ABazhaniuk) August 7, 2018

Here is the video from our @BlackHatEvents presentation "Remotely Attacking System Firmware", and as customary with such things, calculator must be involved.https://t.co/4EkAoRjeZs

— Mickey (@HackingThings) August 9, 2018

“Update Mechanism Flaws Allow Remote Attacks on UEFI Firmware” by @LindseyOD123 covering most recent research presented by @Eclypsium’s @HackingThings @jessemichael & @ABazhaniuk at #BHUSA https://t.co/XIOp6ZszJl

— Yuriy Bulygin (@c7zero) August 8, 2018

Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

https://www.blackhat.com/us-18/briefings/schedule/index.html#remotely-attacking-system-firmware-11588

Booting the Mac: loading boot.efi and Secure Boot

August 10, 2018 ~ hucktech ~ 1 Comment

Booting the Mac: loading boot.efi and Secure Boot https://t.co/h6xBXlkI72

— Howard Oakley, Eclectic Light Co (@howardnoakley) August 10, 2018

Booting the Mac: loading boot.efi and Secure Boot

MicroPython for UEFI and Intel MicroPython-based UEFI test framework released

August 10, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/03/20/intel-implementing-micropython-as-a-uefi-test-framework/

MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:

https://lists.01.org/pipermail/edk2-devel/2018-August/028339.html

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg

https://micropython.org/

Free Software Foundation certifies 2 new devices for ‘Respect Your Freedom’ program

August 6, 2018 ~ hucktech ~ Leave a comment

Actually, these two devices were certified back in May, recent FSF RYF program activity is a status update:

The Zerocat Chipflasher and Minifree Libreboot X200 Tablet are now both certified to Respect Your Freedom. Our program helps users to find hardware that they can trust to come with freedom inside: https://t.co/a1MnYPzP55

— Free Software Foundation (FSF) @fsf@hostux.social (@fsf) August 2, 2018

Re: ChipFlasher: https://firmwaresecurity.com/2018/05/30/zerocat-chipflasher/

https://www.fsf.org/blogs/licensing/respects-your-freedom-certification-program-continues-to-grow

https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

http://www.zerocat.org/shop-en.html

https://minifree.org/product/libreboot-x200-tablet/

BUSSide: a hardware hacking tool

August 6, 2018 ~ hucktech ~ Leave a comment

Non destructive (SPI flash) firmware dumping https://t.co/FB2SegcBhk with the BUSSide https://t.co/eXDYD8m8T6 and @infosectcbr

— Silvio Cesare (@silviocesare) August 6, 2018

http://busside.com.au/

https://store.bsidescbr.com.au/products/busside

FOSSbytes: How To Enter BIOS Utility (UEFI Settings) On All PCs And Boot From USB?

August 6, 2018 ~ hucktech ~ Leave a comment

Different manufacturers assign a specific key (or key combination) to boot into BIOS/UEFI directly. In this article, we hope to provide the possible keys in all PC to enter UEFI or BIOS mode[…]

How To Enter BIOS Utility (UEFI Settings) On All PCs And Boot From USB?

Article has a table with entries of most OEMs.

Regarding XDA’s stance on Huawei’s decision to stop bootloader unlocking

August 5, 2018 ~ hucktech ~ Leave a comment

Regarding XDA's stance on Huawei's decision to stop bootloader unlocking https://t.co/8muEHOqJHO pic.twitter.com/fj998VfThH

— XDA (@xdadevelopers) August 4, 2018

Back in April, Huawei’s form to request a bootloader unlock code mysteriously disappeared. Late May, the form returned but with a warning that the service would no longer work after 60 days. As promised, Huawei’s form is no longer available, meaning it’s no longer possible to unlock the bootloader of Huawei or Honor devices. This has obviously been disappointing to many users on our forums, but it’s been especially disappointing for us, the XDA Portal team. Some have wondered when we would be addressing the elephant in the room – that is, Honor’s sponsorship agreements with XDA – in light of this recent news. Here’s where we stand.[…]

https://www.xda-developers.com/xda-huawei-decision-stop-bootloader-unlocking/

VivienneVMM: a stealthy debugging framework implemented via an Intel VT-x hypervisor

August 5, 2018 ~ hucktech ~ Leave a comment

VivienneVMM – a stealthy debugging framework implemented via an Intel VT-x hypervisorhttps://t.co/FlqzkvI5dx

— Nicolas Krassas (@Dinosn) August 4, 2018

VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor. The driver exposes a hardware breakpoint control interface which allows a user mode client to set and clear breakpoints. These breakpoints are invisible to the guest.

https://github.com/changeofpace/VivienneVMM

BlueHat v18: First STRONTIUM UEFI Rootkit Unveiled

August 5, 2018 ~ hucktech ~ Leave a comment

@jiboutin and I will be there to present the first publicly known Sednit/APT28's UEFI rootkit. Very excited about it! #APT28 #Sednit #UEFI #Rootkit https://t.co/52SD8GSUSE

— Freddrickk (@Freddrickk_) August 2, 2018

Microsoft is proud to announce the schedule for #BlueHatv18. The conference will be held Sept 25-27, 2018 in Redmond, WA. Thank you to all who submitted abstracts for consideration. This is a strong schedule. #bluehat https://t.co/vvHQL0KVIk

— Phillip Misner (@phillip_misner) August 2, 2018

https://blogs.technet.microsoft.com/bluehat/2018/08/02/announcing-the-bluehat-v18-schedule/

MrChromebox has UEFI updates for Skylake/Kabylake Chromeboxes

August 3, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/MrChromebox/status/1025217121410850816

https://mrchromebox.tech/

zircon-uefi: mirror of the zircon UEFI headers

August 3, 2018August 3, 2018 ~ hucktech ~ Leave a comment

There’s a new mirror of the Google Fuschsia UEFI headers:

https://github.com/no92/zircon-uefi

See-also:

https://fuchsia.googlesource.com/zircon/+/master/docs/ddk/driver-development.md

https://en.wikipedia.org/wiki/Google_Fuchsia

UEFI bootloader for Google Fuchsia

FBI: Cyber Actors Use IoT Devices as Proxies for Malicious Cyber Activities

August 2, 2018 ~ hucktech ~ Leave a comment

Reboot your IoT Devices regularly!

FBI Releases Article on Securing the Internet of Things https://t.co/fsPmGXrC1L

— CISA Cyber (@CISACyber) August 2, 2018

https://www.ic3.gov/media/2018/180802.aspx

https://www.ic3.gov/media/2017/171017-1.aspx

“Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.”

https://www.us-cert.gov/ncas/tips/ST17-001

https://www.us-cert.gov/ncas/current-activity/2018/08/02/FBI-Releases-Article-Securing-Internet-Things

https://www.us-cert.gov/ncas/tips/ST17-001