Tag: Intel

Intel-SGX-SSL

~ hucktech ~ Leave a comment

The Intel Software Guard Extensions SSL (Intel SGX SSL) cryptographic library is intended to provide cryptographic services for Intel Software Guard Extensions (SGX) enclave applications. The Intel SGX SSL cryptographic library is based on the underlying OpenSSL Open Source project, providing a full-strength general purpose cryptography library. The API exposed by the Intel SGX SSL library is fully compliant with unmodified OpenSSL APIs.

https://github.com/01org/intel-sgx-ssl

 

automated-efi-fw-update

~ hucktech ~ Leave a comment

automattically update server and adapter firmware using efi shell

This Updatepack automates and simplifies the update process of Intel Servers and Adapters. […] Supported Devices:

Intel S2600WT Server Board Family
Intel RMS3JC080 RAID Controller
Intel RMS3CC080 RAID Controller
Intel RES3TV360 SAS Expander
QLogic BR1860-2 Converged Network Adapter
Lenovo N2225 SAS Host Bus Adapter

https://github.com/thost96/automated-efi-fw-update

Careful, this Github project includes some binary-only *.EFI files, no source code included.

Intel announces Core-X series

~ hucktech ~ Leave a comment

Intel introduced the new Intel® Core™ X-series processor family on May 30, 2017. Intel’s most scalable, accessible and powerful desktop platform ever, it includes the new Intel® Core™ i9 processor brand and the Intel® Core™ i9 Extreme Edition processor – the first consumer desktop CPU with 18 cores and 36 threads of power. The company also introduced the Intel® X299, which adds even more I/O and overclocking capabilities.

https://newsroom.intel.com/editorials/new-intel-core-x-series-processors-scale-accessibility-and-performance-go-extreme/
https://newsroom.intel.com/press-kits/intel-core-x-series-processors/
http://www.intel.com/content/www/us/en/products/processors/core/x-series.html
https://newsroom.intel.com/tag/intel-core-x-series/

Intel SSD Toolbox EoP vulnerability

~ hucktech ~ Leave a comment

Intel® Solid State Drive Toolbox™ Escalation of Privilege Vulnerability

Intel ID: INTEL-SA-00074
Product family: Intel® Solid State Drive Toolbox™
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: May 30, 2017

There is an escalation of privilege vulnerability in the Intel® Solid State Drive Toolbox™ versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.[…]

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00074&languageid=en-fr

Reversing Intel ME’s ROMP module

~ hucktech ~ Leave a comment

Reverse-engineering the Intel Management Engine’s ROMP module
Youness Alaoui, Hardware enablement developer

Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work. First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me. The first thing I wanted to try and reverse was the ROMP module. It is one of the two modules that me_cleaner doesn’t remove, and given how small it is (less than 1KB of code+data), I thought it would be a good starting point. Turns out my hunch was right, as I finished reverse engineering that module after only a couple of days.[…]

https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/

https://github.com/kakaroto/purism-playground

Intel AMT story, continued

~ hucktech ~ Leave a comment

A little bit more (warning: a few of these are related to Intel ME hardware, not Intel AMT firmware):

Rumor has it that OpenAMT can also be used for AMT detection:
https://sourceforge.net/p/openamt/wiki/Home/

AMT advisory from ASUS:
https://www.asus.com/News/uztEkib4zFMHCn5r

http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-8-2017/

https://community.rapid7.com/community/nexpose/blog/2017/05/11/on-the-lookout-for-intel-amt-cve-2017-5689

http://www.govinfosecurity.com/intels-amt-flaw-worse-than-feared-a-9901

Is Intel’s Management Engine Broken?

https://twitter.com/4Dgifts/status/862326241659150336

 

Linux kernel EGP_PGT_DUMP build option

~ hucktech ~ Leave a comment

Sai Praneeth Prakhya of Intel submitted V2 of an Intel UEFI diagnostic patch for the Linux kernel, the new version adds x86 support.

[PATCH V2] x86/efi: Add EFI_PGT_DUMP support for x86_32, kexec
EFI_PGT_DUMP, as the name suggests dumps efi page tables to dmesg during kernel boot. This feature is very useful while debugging page faults/null pointer dereferences to efi related addresses. Presently, this feature is limited only to x86_64, so let’s extend it to other efi configurations like kexec kernel, efi=old_map and to x86_32 as well. This doesn’t effect normal boot path because this config option should be used only for debug purposes.

Changes since v1:
1. Call efi_dump_pagetable() only once from efi_enter_virtual_mode() – as suggested by Boris

For more info, see the patch on the linux-(kernel,efi) lists.

Intel AMT story, continued

~ hucktech ~ Leave a comment

https://www.us-cert.gov/ncas/current-activity/2017/05/07/Intel-Firmware-Vulnerability

https://github.com/CerberusSecurity/CVE-2017-5689

https://github.com/chipsec/chipsec/issues/212

https://support.lenovo.com/us/en/product_security/len-14963

http://en.community.dell.com/support-forums/laptop/f/3518/p/20011922/20995860

http://en.community.dell.com/techcenter/extras/m/white_papers/20443914

http://en.community.dell.com/techcenter/extras/m/white_papers/20443937

https://support.hp.com/us-en/document/c05507350

https://community.qualys.com/thread/17263-qids-or-scanning-advice-for-intel-amt-sa-00075

https://www.tenable.com/sc-dashboards/intel-sa-00075-detection

https://www.tenable.com/blog/intel-amt-vulnerability-detection-with-nessus-and-pvs-intel-sa-00075

https://vuldb.com/?id.100794

Intel AMT chip bug suspected backdoor, but likely coding error
[…]Some researchers accused the vulnerability of being a backdoor. Tatu Ylonen, the inventor of the Secure Shell protocol told SC Media Charlie Demerjan, the researcher who spotted the flaw, claims to have been in discussions over bug with Intel for years urging them t to fix it. “If his claim is true (I have no reason to doubt it but have no independent evidence), then it begins to sound very much like a backdoor,” Demerjan said. “I mean, if someone knows their product has a vulnerability that undermines the security of pretty much every enterprise server in the world and most security tools, wouldn’t they want to disclose it to the government, one of their biggest customers?”[…]

https://www.scmagazine.com/intel-amt-flaw-likely-just-coding-error/article/655449/

[…]What is clear, however, is that this flaw (which has existed for more than 9 years) truly is somewhere between nightmarish and apocalyptic. Taking no action is not an option.

http://www.securityweek.com/exploitable-details-intels-apocalyptic-amt-firmware-vulnerability-disclosed

Intel AMT story, continued

~ hucktech ~ Leave a comment

Business-class personal computers *ARE* impacted.

 

There is an NMap module for AMT now:

https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5689.nse

http://thehackernews.com/2017/05/intel-amt-vulnerability.html

https://www.ssh.com/vulnerability/intel-amt/

https://github.com/bartblaze/Disable-Intel-AMT

https://github.com/travisbgreen/intel_amt_honeypot

https://isc.sans.edu/forums/diary/Do+you+have+Intel+AMT+Then+you+have+a+problem+today+Intel+Active+Management+Technology+INTELSA00075/22364/

Intel ME: based on Minix?

~ hucktech ~ 2 Comments

https://twitter.com/lordbaco/status/861216983488004098

“[…]In addition, when we looked inside the decompressed vfs module, we encountered the strings “FS: bogus child for forking” and “FS: forking on top of in-use child,” which clearly originate from Minix3 code. It would seem that ME 11 is based on the MINIX 3 OS developed by Andrew Tanenbaum :)[…]”

http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html

http://www.minix3.org/

 

Intel AMT story, continued

~ hucktech ~ Leave a comment

https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/

https://downloadcenter.intel.com/download/26755

http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

https://twitter.com/_embedi_/status/860541834606632961

Click to access Silent-Bob-is-Silent.pdf

Intel NUC SMM exploit

~ hucktech ~ Leave a comment

Intel® Branded NUC’s Vulnerable to SMM exploit
Intel ID:      INTEL-SA-00068
Product family:      Intel® NUC Kits
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Important
Original release:      May 02, 2017
Last revised:      May 02, 2017

Intel is releasing updated BIOS firmware for a privilege escalation issue. This issue affects Intel® NUC Kits listed in the Model Number section below. The issue identified is a method that enables malicious code to gain access to System Management Mode (SMM). A malicious attacker with local administrative access can leverage vulnerable BIOS to execute arbitrary code outside of SMRAM while system is running in System management mode (SMM), potentially compromising the platform. Intel products that are listed below should apply the update. Intel highly recommends updating the BIOS of all Intel® NUC’s to the recommended BIOS or later listed in the table of affected products. Intel would like to thank Security Researcher Dmytro Oleksiuk for discovering and reporting this issue.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00068&languageid=en-fr

a bit more on the Intel AMT story…

~ hucktech ~ Leave a comment

http://www.kb.cert.org/vuls/id/491375

https://mattermedia.com/blog/disabling-intel-amt/

 

“Recently there was a branch of news and comments on Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege – INTEL-SA-00075 (CVE-2017-5689). Maksim Malyutin, a member of our Embedi research team, was first to discover this vulnerability. There has been a lot of disinformation presented as “fact” and a tremendous amount of baseless assumptions being floated around by some media outlets ever since the news was released Intel representatives have asked Embedi to hold off on disclosing any technical details regarding this issue until further notice. The vulnerability is a serious threat and the prevention measures from exploitation is a timely process for users – timely, but necessary.[…]”

https://www.embedi.com/news/mythbusters-cve-2017-5689

https://twitter.com/hdmoore/status/859451077099479042

http://thehackernews.com/2017/05/intel-server-chipsets.html

more on Intel AMT story

~ hucktech ~ Leave a comment

Time for IBVs and OEMs to start issuing Intel AMT reports, not just from Intel. Lenovo has one:

https://support.lenovo.com/us/en/product_security/len-14963

https://downloadcenter.intel.com/download/26754/INTEL-SA-00075-Mitigation-Guide

(I hope no FUD is coming from this blog. However, I can see why people would merge two background technologies they have no control over. For example:

https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/

more on Intel AMT news

~ hucktech ~ Leave a comment

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

http://mjg59.dreamwidth.org/48429.html

https://twitter.com/qrs/status/859190413424566272