[…]So what else is cool about this is, this is just one combination of invalid bytes that creates a PLD instruction the processor can ingest. There’s all sorts of combinations that will cause this same thing to happen
BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper. To run BootStomp’s analyses, please read the following instructions. Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.[…]
print “[!] Usage: “ + sys.argv + “ <oeminfo.img> <exploit_oeminfo.img>\n“
Lots of links to read at the end of the github readme web page.
uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.
Supports following architectures out of the box: x86, x64, ARM, ARM64.
What is it GOOD for?
* Emulate bare metal code (bootloaders, embedded firmware etc)
* Emulate standalone functions
meloader is an Intel Management Engine a.k.a Intel ME firmware loader plugin for IDA.[…]
Konstantin Yurchenko has a new project to help IDA Pro users with UEFI blobs:
OSX Reverser has a new blog post on Apple EFI firmware passwords:
[…] This is when I had an idea! How about creating an EFI emulator and debugger using the Unicorn Engine framework? I had a feeling this wouldn’t be extremely hard and time consuming because the EFI environment is self contained – for example no linkers and syscalls to emulate. I also knew that this binary was more or less isolated, only using a few Boot and RunTime services and very few external protocols. Since the total number of Boot and RunTime services are very small this meant that there wasn’t a lot of code to be emulated. And with a couple of days work the EFI DXE Emulator was born. To my surprise I was finally able to run and debug an EFI binary in userland, speeding the reverse engineering process up immensely and quickly providing insight to previously tricky code. […]
Looking forward to an URL to this EFISwissKnife IDA plugin, and ESPECIALLY this new Unicorn-based EFI emulator! I can’t find an URL yet, though. 😦