Retro-BIOS: Sources and/or disassembly listings to BIOS and firmware

January 17, 2019 ~ hucktech ~ Leave a comment

Sources and/or disassembly listings to BIOS of ex-USSR PC clones and the like. Sources and/or disassembly listings of the DEC Rainbow 100 BIOS (an early PC with VT100/VT102 capability).

https://github.com/shattered/retro-bios

bios-pw.org: Password generator for BIOS

January 4, 2019 ~ hucktech ~ Leave a comment

https://bios-pw.org/

https://github.com/bacher09/pwgen-for-bios

http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

This is an old tool, not a new tool, which I just noticed.

SeaBIOS 1.12.0 released

November 17, 2018 ~ hucktech ~ Leave a comment

Kevin O’Connor announced release 1.12.0 of SeaBIOS:

New in this release:
* Initial support for “TPM CRB” hardware
* Improved cdrom media reporting in the boot menu on QEMU
* Improved floppy support on real floppy hardware
* SeaVGABIOS support for QEMU “bochs-display” and QEMU “ramfb” displays
* Several bug fixes and code cleanups

https://seabios.org/Releases#SeaBIOS_1.12.0

more info about this release:
https://mail.coreboot.org/pipermail/seabios/2018-November/012576.html

Linux Unattended Installation – Tools to create an unattended installation of a minimal setup of Linux

November 4, 2018 ~ hucktech ~ Leave a comment

This project provides all you need to create an unattended installation of a minimal setup of Linux, whereas minimal translates to the most lightweight setup – including an OpenSSH service and Python – which you can derive from the standard installer of a Linux distribution. The idea is, you will do all further deployment of your configurations and services with the help of Ansible or similar tools once you completed the minimal setup. Use the build-iso.sh script to create an ISO file based on the netsetup image of Ubuntu. Use the build-disk.sh script to create a cloneable preinstalled disk image based on the output of build-iso.sh. […]UEFI and BIOS mode supported.[…]

https://github.com/core-process/linux-unattended-installation

AMI updates Aptio’s AMI Firmware Update (AFU), a Secure Update Utility

October 24, 2018 ~ hucktech ~ Leave a comment

[…]AFU still supports older SMM methodologies for older systems, but such methodologies cannot be used when the platform is equipped with modern BIOSes.[…]

https://ami.com/en/tech-blog/ami-firmware-update-afu-tool-a-secure-update-utility-for-aptio-v-uefi-bios-firmware/

Two guys, one laptop (hacking a Toshiba BIOS laptop)

September 10, 2018 ~ hucktech ~ Leave a comment

This is a great story about hacking a BIOS-level locked Toshiba laptop by @dsredford and @q3k. There will be plenty of hardware hacking, reverse engineering and perseverance. And some crypto as well. https://t.co/pXqe531jgy pic.twitter.com/a7WCwwjJU1

— Bad Cyber (@badcybercom) September 8, 2018

This is a great story about hacking a BIOS-level locked Toshiba laptop. There will be plenty of hardware hacking, reverse engineering and perseverance. And some crypto as well.[…] The whole process took 3 years – but the actual work took about 2 weeks, the rest was Michał waiting for Sergiusz to dump the chips. They reported their findings to Toshiba, which promised to deliver updates and change the encryption scheme.[…]

https://badcyber.com/two-guys-one-laptop/

A Universal Windows Bootkit: An analysis of the MBR bootkit referred to as “HDRoot”

August 20, 2018 ~ hucktech ~ Leave a comment

[Good Read] A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as “HDRoot”

This blog is choc full of excellent details and analysis methodology.
Be sure to check out the git repos as well.https://t.co/1gs9uOA0P4

— Casey Smith (@subTee) August 19, 2018

http://williamshowalter.com/a-universal-windows-bootkit/

FireEye: BIOS Boots What? Finding Evil in Boot Code at Scale

August 12, 2018 ~ hucktech ~ Leave a comment

BLOG | BIOS Boots What? Finding Evil in Boot Code at Scale!

Read about the challenges we faced examining boot records at scale and our solution to finding evil boot records in large enterprise networks: https://t.co/Dn0nus79Oc #Infosec #DFIR pic.twitter.com/xoR66C75V4

— FireEye (@FireEye) August 8, 2018

Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace, the exploitation of the classic BIOS boot process is still very much a threat to enterprises around the world. Furthermore, since malware that tampers with the boot process (aka bootkits) execute before the operating system, such compromises often persist even after incident responders think the incident has been remediated. This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.[…]

https://www.fireeye.com/blog/threat-research/2018/08/bios-boots-what-finding-evil-in-boot-code-at-scale.html

UEFI_Basic: A BASIC programming language interpreter for UEFI

August 11, 2018 ~ hucktech ~ Leave a comment

In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!

So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):

A BASIC interpreter for UEFI.

https://github.com/logern5/UEFI_Basic

BIOS and the IBM PC Technical Reference

July 20, 2018 ~ hucktech ~ Leave a comment

Nice, another online source to this classic document. There are a few other sources online, if you search. If you’ve never read this book, it is a great read, with the source to the PC BIOS listed, a great way to learn assembly language.

The 1981 IBM PC Technical Reference Manual appendix A includes the extensively commented 8088 assembly source code for the system's BIOS. https://t.co/FBDzDJ1Geo pic.twitter.com/cI2UsmJbgI

— Trammell Hudson ⚙ (@qrs) July 20, 2018

NyanMBR: Nyancat in the MBR

July 19, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2017/12/01/nyan-load-and-efi-example/

There’s also a nyan for BIOS, not only the above UEFI one!

one of those options should boot this: https://t.co/UVwTsooGWY

— Karl (@supersat) July 19, 2018

NYAN ALL THE MBRs!

A 16 bit Nyan cat demo small enough to fit in the master boot record of a disk.

BEFORE YOU CONTINUE: USE ON YOUR OWN RISK, PLAYING WITH MBRs IS LIKE PLAYING WITH FIRE. DO NOT BE ON FIRE!

https://github.com/brainsmoke/nyanmbr

Writing simple BIOS bootloaders using NASM

June 19, 2018 ~ hucktech ~ Leave a comment

x86 assembly doesn’t have to be scary! I've written up a small but interactive (built in NASM and x86 emulator in the browser) to show you how easy it is to write simple boot loaders!https://t.co/003KKyWiLX pic.twitter.com/RQUJwlXHCG

— Ben Cox (@Benjojo12) June 18, 2018

https://blog.benjojo.co.uk/post/interactive-x86-bootloader-tutorial

The tutorial ends with a pointer to some BIOS interrupts. It should have mentioned Ralph Brown’s classic list.

http://www.cs.cmu.edu/~ralf/files.html

https://en.wikipedia.org/wiki/Ralf_Brown%27s_Interrupt_List

memory loading

iPXE-Boot-Server: Setup iPXE to support both BIOS and UEFI

June 9, 2018 ~ hucktech ~ 1 Comment

Step by step guide for how to build your own PXE boot server supporting both legacy BIOS and EFI hardare

Build your own PXE boot server

This article is a step by step guide for building your own PXE boot infrastructure which can be used to boot both legacy BIOS and EFI based hardware from network. There are many articles on the Internet for building PXE boot infrastructure however I found most of them does not work for EFI based hardware. I use iPXE as the boot image and dnsmasq as DHCP & TFTP server and I found it’s dead simple to setup those two software.

https://github.com/boliu83/ipxe-boot-server

AMI releases info on AMIBIOS8

June 1, 2018 ~ hucktech ~ Leave a comment

I’m not sure, but I think AMI just updated AMIBIOS8 (I see a slew of new PDFs, but no press release or Tweet, so unclear):

https://ami.com/en/products/bios-uefi-firmware/amibios-8/

https://ami.com/en/resources/resource-library/?product=AMIBIOS%208&productid=17&type=datasheets

https://ami.com/en/resources/resource-library/?product=AMIBIOS%208&productid=17&type=related

CheckBIOSDisk: Check uefi/legacy bios and gpt/mbr disk type for WinPE

May 28, 2018 ~ hucktech ~ Leave a comment

This is a Win32 console application for Windows Preinstall Environment system. The gaol is checking PC uses UEFI BIOS (or with CSM) must ensures the disk type is GPT format, otherwise the legacy BIOS must using MBR format for disk layout. C++ code only does windows executing diskpart and reg commands and checks results to improve function, because requester is lazy and having lack knowledge on his job to design commands flow.

https://github.com/sharowyeh/checkbiosdisk

PS: Another tool by author:

https://github.com/sharowyeh/NvGpuUtility

Automating BIOS to UEFI with 1E tools

May 26, 2018 ~ hucktech ~ Leave a comment

Sliding into the holiday weekend with some cool content, live on the blog! https://t.co/EqfYEcp1TP #BIOStoUEFI #Windows10 pic.twitter.com/QmwhwY94WR

— 1E (@1E_Global) May 25, 2018

https://www.1e.com/blogs/2018/05/25/automating-bios-to-uefi-with-1e-tools/

Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities

May 4, 2018 ~ hucktech ~ Leave a comment

UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia

We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.

From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)

https://www.fruct.org/program20

Intel seeks BIOS/UEFI Tools Developer

April 8, 2018 ~ hucktech ~ Leave a comment

BIOS-UEFI Firmware Tools Engineer

As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]

https://jobs.intel.com/ShowJob/Id/1573600/BIOS%20UEFI%20Firmware%20Tools%20Engineer

PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(

PS: Intel HR: spaces in URLs is generally frowned upon.

DiskImageCreator: designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS

March 30, 2018March 31, 2018 ~ hucktech ~ Leave a comment

[[
UPDATE: adding URL, which I forgot in original post:
https://github.com/tsunghowu/DiskImageCreator
]]

DiskImageCreator : A python utility to process the input raw disk image and sign MBR/partitions with given corresponding keys.

Signing Tool for boot security validation.

This python utility is designed to provide a baseline for people who may be interested in attaching the machine with secure boot process built-in. The secure boot process is a customized chain-of-trust boot flow in UEFI BIOS. It will exam the target disk image(in MBR) and see if it is properly signed by the root key controlled by owner. This utility is to help owner to create a signed image with owner keys.

This tool is designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS.

AMI on Intel’s BIOS end-of-life announcement

December 2, 2017 ~ hucktech ~ Leave a comment

Intel says bye to #BIOS by 2020: What does it mean for AMI, and for end users? https://t.co/U0556im20W pic.twitter.com/JHSABIMg0f

— American Megatrends (@AMI_PR) November 29, 2017

https://ami.com/en/tech-blog/intel-says-bye-to-bios-by-2020/

The UEFI Forum likes to frame UEFI -vs- BIOS, and has a 3-5 Class heirarchy of those systems, including having to deal with UEFI systems that also provide BIOS via Compatibility Support Module (CSM), referring to BIOS as Legacy Mode. If you look at BIOS outside of the framing of the UEFI Forum, it is usually based security, and UEFI has some security where BIOS has none. But there’s another ‘class’: non-UEFI coreboot, optionally secured with Verified Boot, with a BIOS payload. UEFI Forum doesn’t include this in their Class heirarchy… AFAICT, the mainstream IBVs have given up on BIOS and migrated to UEFI. The only places where BIOS will probably remain are in Purism boxes, where they will use TPM+Heads to secure BIOS, or on Chrome boxes, where they will use coreboot Verified Boot to secure BIOS, or in SeaBIOS-based VMs. When Intel stops offering Intel’s implementation of BIOS, maybe this means that the remaining BIOS users will switch to the open source SeaBIOS project, which is great news. Getting rid of the complex class of dual UEFI/BIOS systems will be a joy. 🙂