Uncategorized

Apple seeks UEFI firmware engineer

Mac Firmware Engineer

The Mac Platform Software team is looking for a firmware engineer to join a new Austin-based team responsible for developing Apple’s UEFI implementation and related technologies for the Mac product line. Mac Platform Software is responsible for bringing up macOS and Windows on all new Mac products, including the development and integration of firmware and systems software for macOS and Windows, the development of platform-level features for the Mac, and the leadership of cross-functional debug and optimization efforts across hardware and software teams. A Mac Firmware Engineer is responsible for the development of Apple’s UEFI implementation and its related technologies. UEFI provides the boot firmware for all Mac systems and plays a critical role in system stability, performance, and battery life. This role also contributes to development of the boot loader and firmware update mechanisms, as well as other related technologies. Primary job responsibilities include firmware feature development supporting new Mac software and hardware features, supporting ongoing efforts to improve the quality of shipped Macs in the field, and assisting the larger Mac Platform organization in cross-functional efforts to design and build new Mac products.
* Experience in firmware/BIOS development
* Experience with boot loaders and firmware/kernel interfaces
* Knowledge of UEFI and the x86 platform and standards, including ACPI, SMM, PnP, PCIe, and JEDEC DDR a plus
* Strong understanding of system power management a plus

https://jobs.apple.com/search?job=56183392&openJobId=56183392#&openJobId=56183392

Standard
Uncategorized

Rafal Wojtczuk joins Apple!

Wow, the Apple firmware team keeps getting more and more amazing talent.

Some older reading on Rafal:

https://invisiblethingslab.com/itl/About.html

http://theinvisiblethings.blogspot.com/2008/07/rafal-wojtczuk-joins-invisible-things.html

https://blogs.bromium.com/author/rafalwojtczuk/

 

Standard
Uncategorized

Apple Secure Boot

Apple Insider has a story on new Apple security processor. Caber Sasser reviews a loaner iMac Pro.

http://appleinsider.com/articles/17/12/12/imac-pro-debuts-custom-apple-t2-chip-to-handle-secure-boot-password-encryption-more

 

Standard
Uncategorized

FAT-EFI: FAT EFI loader plugin for Hopper Disassembler

This project is a FAT EFI loader plugin for Hopper Disassembler. Apple uses an extension to the standard PE format for EFI binaries to allow FAT EFI binaries that contain both 32 and 64 bits executables. It is very similar to the FAT format, except for a different magic number and for little endianness. This plugin allows to read these FAT EFI binaries with Hopper Disassembler.[…]

https://github.com/pascalwerz/FAT-EFI

https://www.hopperapp.com/

Similar: https://github.com/0xc010d/EFIFatBinary.hopperLoader

Standard
Uncategorized

efivalidate (and mojo_thor)

Rick Mark has released efivalidate, a macOS-centric Ruby-based EFI checking tool. Also, by same author, Mojo_Thor project has activity. I thought it was a one-time drop, but it is actively being updated:

efivalidate is a ruby utility to take a given input EFI payload from macOS and to compare it against Apple’s validation schema. Being written in ruby this can occur off-box to ensure that the utility itself hasn’t been compromised

https://github.com/rickmark/efivalidate

Loki / Thor / Mojo are a triad of Apple internal tools and malware that infects the SMC, EFI and macOS of Apple MacBooks. It is believed that direct access to the hardware is gained by re-flashing the Thunderbolt controller (via ThorUtil)

https://github.com/rickmark/mojo_thor

https://rickmark.me/

Standard
Uncategorized

Apple macOS High Sierra: can login as root with empty password!

Standard
Uncategorized

Apple SEP story from August, again

[AFAICT nothing new recently, this is just the August story being rehashed again in November, I think…]

Re: https://firmwaresecurity.com/2017/08/17/apple-secure-enclave-processor-sep-firmware-hacked/

https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29

https://github.com/xerub/img4lib

Arg, WordPress inserts the entire contents of Github Gists into posts. To view sepsplit.c, remove the 2 spaces from below URL, or click on 2nd t.co-based URL in above @xerub tweet.

https://gist. github.com /xerub/0161aacd7258d31c6a27584f90fa2e8c

https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf

Hackaday:

Apple’s Secure Enclave Processor (SEP) Firmware Decrypted

Standard