Sources and/or disassembly listings to BIOS of ex-USSR PC clones and the like. Sources and/or disassembly listings of the DEC Rainbow 100 BIOS (an early PC with VT100/VT102 capability).
Tag: BIOS
bios-pw.org: Password generator for BIOS
https://github.com/bacher09/pwgen-for-bios
http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html
This is an old tool, not a new tool, which I just noticed.
SeaBIOS 1.12.0 released
Kevin O’Connor announced release 1.12.0 of SeaBIOS:
New in this release:
* Initial support for “TPM CRB” hardware
* Improved cdrom media reporting in the boot menu on QEMU
* Improved floppy support on real floppy hardware
* SeaVGABIOS support for QEMU “bochs-display” and QEMU “ramfb” displays
* Several bug fixes and code cleanups
https://seabios.org/Releases#SeaBIOS_1.12.0
more info about this release:
https://mail.coreboot.org/pipermail/seabios/2018-November/012576.html
Linux Unattended Installation – Tools to create an unattended installation of a minimal setup of Linux
https://github.com/core-process/linux-unattended-installation
AMI updates Aptio’s AMI Firmware Update (AFU), a Secure Update Utility
[…]AFU still supports older SMM methodologies for older systems, but such methodologies cannot be used when the platform is equipped with modern BIOSes.[…]
Two guys, one laptop (hacking a Toshiba BIOS laptop)
This is a great story about hacking a BIOS-level locked Toshiba laptop. There will be plenty of hardware hacking, reverse engineering and perseverance. And some crypto as well.[…] The whole process took 3 years – but the actual work took about 2 weeks, the rest was Michał waiting for Sergiusz to dump the chips. They reported their findings to Toshiba, which promised to deliver updates and change the encryption scheme.[…]
https://badcyber.com/two-guys-one-laptop/
A Universal Windows Bootkit: An analysis of the MBR bootkit referred to as “HDRoot”
FireEye: BIOS Boots What? Finding Evil in Boot Code at Scale
Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace, the exploitation of the classic BIOS boot process is still very much a threat to enterprises around the world. Furthermore, since malware that tampers with the boot process (aka bootkits) execute before the operating system, such compromises often persist even after incident responders think the incident has been remediated. This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.[…]
UEFI_Basic: A BASIC programming language interpreter for UEFI
In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!
So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):
A BASIC interpreter for UEFI.
BIOS and the IBM PC Technical Reference
Nice, another online source to this classic document. There are a few other sources online, if you search. If you’ve never read this book, it is a great read, with the source to the PC BIOS listed, a great way to learn assembly language.
Click to access IBM_5150_Technical_Reference_6025005_AUG81.pdf
NyanMBR: Nyancat in the MBR
Re: https://firmwaresecurity.com/2017/12/01/nyan-load-and-efi-example/
There’s also a nyan for BIOS, not only the above UEFI one!
NYAN ALL THE MBRs! A 16 bit Nyan cat demo small enough to fit in the master boot record of a disk. BEFORE YOU CONTINUE: USE ON YOUR OWN RISK, PLAYING WITH MBRs IS LIKE PLAYING WITH FIRE. DO NOT BE ON FIRE!
Writing simple BIOS bootloaders using NASM
https://blog.benjojo.co.uk/post/interactive-x86-bootloader-tutorial
The tutorial ends with a pointer to some BIOS interrupts. It should have mentioned Ralph Brown’s classic list.
http://www.cs.cmu.edu/~ralf/files.html
https://en.wikipedia.org/wiki/Ralf_Brown%27s_Interrupt_List
iPXE-Boot-Server: Setup iPXE to support both BIOS and UEFI
Step by step guide for how to build your own PXE boot server supporting both legacy BIOS and EFI hardare
Build your own PXE boot server
This article is a step by step guide for building your own PXE boot infrastructure which can be used to boot both legacy BIOS and EFI based hardware from network. There are many articles on the Internet for building PXE boot infrastructure however I found most of them does not work for EFI based hardware. I use iPXE as the boot image and dnsmasq as DHCP & TFTP server and I found it’s dead simple to setup those two software.
https://github.com/boliu83/ipxe-boot-server
AMI releases info on AMIBIOS8
I’m not sure, but I think AMI just updated AMIBIOS8 (I see a slew of new PDFs, but no press release or Tweet, so unclear):
https://ami.com/en/products/bios-uefi-firmware/amibios-8/
https://ami.com/en/resources/resource-library/?product=AMIBIOS%208&productid=17&type=datasheets
https://ami.com/en/resources/resource-library/?product=AMIBIOS%208&productid=17&type=related
CheckBIOSDisk: Check uefi/legacy bios and gpt/mbr disk type for WinPE
This is a Win32 console application for Windows Preinstall Environment system. The gaol is checking PC uses UEFI BIOS (or with CSM) must ensures the disk type is GPT format, otherwise the legacy BIOS must using MBR format for disk layout. C++ code only does windows executing diskpart and reg commands and checks results to improve function, because requester is lazy and having lack knowledge on his job to design commands flow.
https://github.com/sharowyeh/checkbiosdisk
PS: Another tool by author:
https://github.com/sharowyeh/NvGpuUtility
Automating BIOS to UEFI with 1E tools
Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities
UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia
We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.
From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)
Intel seeks BIOS/UEFI Tools Developer
BIOS-UEFI Firmware Tools Engineer
As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]
https://jobs.intel.com/ShowJob/Id/1573600/BIOS%20UEFI%20Firmware%20Tools%20Engineer
PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(
PS: Intel HR: spaces in URLs is generally frowned upon.
DiskImageCreator: designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS
[[
UPDATE: adding URL, which I forgot in original post:
https://github.com/tsunghowu/DiskImageCreator
]]
DiskImageCreator : A python utility to process the input raw disk image and sign MBR/partitions with given corresponding keys.
Signing Tool for boot security validation.
This python utility is designed to provide a baseline for people who may be interested in attaching the machine with secure boot process built-in. The secure boot process is a customized chain-of-trust boot flow in UEFI BIOS. It will exam the target disk image(in MBR) and see if it is properly signed by the root key controlled by owner. This utility is to help owner to create a signed image with owner keys.
This tool is designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS.
AMI on Intel’s BIOS end-of-life announcement
https://ami.com/en/tech-blog/intel-says-bye-to-bios-by-2020/
Click to access Brian_Richardson_Intel_Final.pdf
The UEFI Forum likes to frame UEFI -vs- BIOS, and has a 3-5 Class heirarchy of those systems, including having to deal with UEFI systems that also provide BIOS via Compatibility Support Module (CSM), referring to BIOS as Legacy Mode. If you look at BIOS outside of the framing of the UEFI Forum, it is usually based security, and UEFI has some security where BIOS has none. But there’s another ‘class’: non-UEFI coreboot, optionally secured with Verified Boot, with a BIOS payload. UEFI Forum doesn’t include this in their Class heirarchy… AFAICT, the mainstream IBVs have given up on BIOS and migrated to UEFI. The only places where BIOS will probably remain are in Purism boxes, where they will use TPM+Heads to secure BIOS, or on Chrome boxes, where they will use coreboot Verified Boot to secure BIOS, or in SeaBIOS-based VMs. When Intel stops offering Intel’s implementation of BIOS, maybe this means that the remaining BIOS users will switch to the open source SeaBIOS project, which is great news. Getting rid of the complex class of dual UEFI/BIOS systems will be a joy. 🙂
You must be logged in to post a comment.