Apple: new/updated T2 chip and Secure Boot support articles

July 16, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/12/apple-releases-new-systems-with-t2-chip-and-uefi-secureboot/ and

Apple KB article on Secure Boot

the latter Apple support article on Secure Boot has been updated recently:

About Secure Boot

https://support.apple.com/en-us/HT208330

Mac computers that have the Apple T2 chip

https://support.apple.com/en-us/HT208862

IA32-doc: Intel Manual definitions in C and YAML

July 15, 2018July 15, 2018 ~ hucktech ~ Leave a comment

So, I did this: https://t.co/tc0CErrVjo

If you ever wanted to write your own hypervisor, experiment with SGX, perf. counters, fiddle with CPUID or MSRs, just include this file and you're good to go. https://t.co/49ZzQXcQPW

No more tiring copy-paste-editing from Intel Manual.

— Petr Beneš (@PetrBenes) July 14, 2018

IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.

TODO

? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
? Add final Reserved field to bitfields
? Possibility to split into multiple .h
?? Add doxygen main page
??? Add AMD
Find what else is missing
Fix 32/64 bitfields for MSR registers
Add possibility for bitfields to have both UINT32/UINT64 members

https://github.com/wbenny/ia32-doc

Symbolic Deobfuscation: From Virtualized Code Back to the Original

July 14, 2018 ~ hucktech ~ Leave a comment

[BLOG] Symbolic Deobfuscation: From Virtualized Code Back to the Original https://t.co/IDmojyQGiO Work presented at DIMWA 2018 by @JonathanSalwan

— quarkslab (@quarkslab) July 12, 2018

This micro blog post introduces our research regarding symbolic deobfuscation of virtualized hash functions in collaboration with the CEA and VERIMAG. Since 2016 we have been playing around symbolic execution and binary deobfuscation in order to (1) test and improve our binary protector (Epona) (2) improve our DSE (Dynamic Symbolic Execution) framework (Triton). Last week we published at DIMVA 2018 a part of this research focusing on attacking virtualization based-software protections and specially when hash functions are virtualized in order to protect integrity checks, identifications etc. For this study we relied on an open-use source protector (Tigress) and provided scripts and results of our attack as well as some solutions of the Tigress challenge.[…]

https://blog.quarkslab.com/symbolic-deobfuscation-from-virtualized-code-back-to-the-original-dimva-2018.html

ElcomSoft: USB Restricted Mode inside out

July 14, 2018 ~ hucktech ~ Leave a comment

V. Katalov, “USB Restricted Mode Inside Out” (via @ElcomSoft blog) https://t.co/nV9dhbW3ZW

— Arrigo Triulzi (@cynicalsecurity) July 13, 2018

USB Restricted Mode Inside Out https://t.co/sVoEHqpDUM

— DFIR Training (@DFIRTraining) July 12, 2018

https://blog.elcomsoft.com/2018/07/usb-restricted-mode-inside-out/

Crowdsupply: MNT Reform: Open Source DIY Laptop for hacking, customization, and privacy

July 14, 2018 ~ hucktech ~ Leave a comment

#ComingSoon to @crowd_supply : MNT Reform – Open Source #DIY Laptop for Hacking, Customization and Privacy https://t.co/igdY7Svwst pic.twitter.com/xJYSpQ9ZGa

— maker.io (@MakerIO) July 13, 2018

https://www.crowdsupply.com/mnt/reform

Mitigating Spectre with Site Isolation in Chrome

July 14, 2018July 14, 2018 ~ hucktech ~ Leave a comment

https://t.co/HOFGjNiZf1

— Shawn C – citypw@ioc.exchange (@citypw) July 14, 2018

https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html

IfrViewer and DumpHii

July 14, 2018 ~ hucktech ~ Leave a comment

https://github.com/topeterk/DumpHii
UEFI EDKII Shell command that stores all available Hii packages (DumpHii)

https://github.com/topeterk/IfrViewer

Viewer for IFR structures

UEFIrand: Entropy visualization example using RDRAND

July 14, 2018 ~ hucktech ~ Leave a comment

UEFI application. Entropy visualization example. Use RDRAND instruction.

https://github.com/manusov/UEFIrand

Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

July 14, 2018 ~ hucktech ~ 1 Comment

Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms.

https://dl.acm.org/citation.cfm?id=3199673

Yubikey Linux FDE UEFI Secure Boot tutorial

July 13, 2018 ~ hucktech ~ Leave a comment

YubiKey Full Disk Encryption

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI, using Arch Linux.

This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA) via YubiKey. It contains:

+ YubiKey encrypted root (/) and home (/home) folder on separated partitions
+ Encrypted /boot partition
+ UEFI Secure boot (self signed boot loader)

https://github.com/sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi

https://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/

Microsoft Surface Pro 2 TPM firmware update issues

July 13, 2018 ~ hucktech ~ Leave a comment

Win10 Defender running on Surface Pro 2 says the TPM chip needs a firmware update. Microsoft hasn't shipped one — and hasn't committed to shipping one. Should security-conscious/BitLocker folks with four-year-old SP2 machines just dump them? https://t.co/hTScI85zbc

— Ask Woody https://infosec.exchange/@askwoody (@AskWoody) July 13, 2018

https://www.computerworld.com/article/3289630/microsoft-windows/surface-pro-2-owners-wonder-will-microsoft-ship-tpm-firmware-that-works.html

Tianocore Security Advisories page updated

July 13, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

at least one of these recent Intel bugs should also be in the Tianocore Security Advisories list, and at least one of them was just added to it:

https://legacy.gitbook.com/book/edk2-docs/security-advisory/details

eg:

https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html

Pentecost UEFI: we estimate the security of UEFI firmware with CHIPSEC

July 12, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/yeggorv/status/1016438496641216513

https://xakep.ru/2018/07/09/uefi-pentest/

https://translate.google.com/translate?hl=en&sl=ru&u=https://xakep.ru/2018/07/09/uefi-pentest/

CopperheadOS: continuing with new team

July 12, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/06/04/copperheados-company-problems/ and https://firmwaresecurity.com/2018/06/21/canebrakeos-based-on-copperheados/

it looks like CopperheadOS is continuing:

#CopperheadOS will be:

1) Continuing with contingency plans for our customers. No more SPOF.

2) Keeping our original licensing – free for personal use, non-commercial requires licensing agreement

3) Source code will be available on Github soon, though we may move platforms.

— CopperheadOS (@CopperheadOS) July 11, 2018

Copperhead's new team have successfully patched all builds with July's update and will be providing them to our customers shortly.

— CopperheadOS (@CopperheadOS) July 11, 2018

This is unequivocally false. #CopperheadOS will be continuing with proper contingency plans for our customers. https://t.co/i0WWhjIXQG

— CopperheadOS (@CopperheadOS) July 11, 2018

#CopperheadOS source code will be added back on Github in due time. We have some house cleaning to do.

— CopperheadOS (@CopperheadOS) July 11, 2018

https://copperhead.co/android/

https://github.com/copperheados

ARM Research Summit

July 12, 2018 ~ hucktech ~ Leave a comment

Register now for Arm Research Summit to hear all about activities within Arm research and our academic ecosystem. https://t.co/wTgRKKC4zo https://t.co/nWtIWbvmSM

— Eric Van Hensbergen (@_ericvh) July 12, 2018

The third-annual Arm Research Summit – an academic summit to discuss future trends and disruptive technologies across all sectors of computing – will be returning to Cambridge, UK on 17-19 September 2018.

https://www.arm.com/company/events/research-summit

https://eu.eventscloud.com/ehome/index.php?eventid=200174782&tabid=200415056

IC protection taxonomy

July 12, 2018 ~ hucktech ~ Leave a comment

MCU hackers – help me out? Trying to build a taxonomy of the various kinds of read/write/execute protection that manufacturers have implemented. Find stuff I've missed!https://t.co/uu6CxJwp7T

— Andrew Zonenberg @azonenberg@ioc.exchange (@azonenberg) July 12, 2018

The goal of this document is to describe all of the various types of “lock bit” that have been observed in the wild on shipping devices, with the eventual goal of creating a generic API for setting/querying them on an arbitrary IC.Obviously not all devices will implement most/all of these protections.[…]

https://docs.google.com/document/d/1i7lhwwVLWgqZCXt98MyOjboFtru6KB5-bKzYOfUS9zY/edit#

IBM: UEFI fixes for Spectre variants 4 and 3a (CVE-2018-3639 CVE-2018-3640)

July 12, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/micsieg/status/1017402630606290944

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unified-extensible-firmware-interface-uefi-fixes-in-response-to-spectre-variants-4-and-3a-cve-2018-3639-cve-2018-3640/

Apple releases new systems with T2 chip and UEFI SecureBoot

July 12, 2018 ~ hucktech ~ 1 Comment

Looks like Apple released MacBookPros w/ T2 chip today. These support SecureBoot, and have enough under the hood security changes that it looks like it's time to update my personal laptop

— Xeno Kovah (@XenoKovah) July 12, 2018

Also, now that there's T2 stuff that's less than $5k hopefully people can poke at it a bit more 😉

— Xeno Kovah (@XenoKovah) July 12, 2018

Apple SecureBoot stoped being iMacPro exclusive today with a release of new MacBookPros. All features are available, including recently added UEFI SB compatibility.
Test it, poke it, break it, report the result, it's the best way for us to make it better.https://t.co/bTdEXBAZvZ

— Nikolaj Schlej (@NikolajSchlej) July 12, 2018

https://www.apple.com/newsroom/2018/07/apple-updates-macbook-pro-with-faster-performance-and-new-features-for-pros/

Intel-SA-00118: Intel Converged Security Management Engine (Intel CSME) 11.x issue

July 11, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.[…]

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html

PS: I guess ME is now CSME now?