Uncategorized

Dmytro on Apple PCI-E Thunderbolt

Standard
Uncategorized

Dmytro on PCI-E/SMM vulnerability

Dmytro has an interesting 6-part twitter post on PCI-e security:

Standard
Uncategorized

PCILeech 2.0 released

https://github.com/ufrisk/pcileech

 

Standard
Uncategorized

PCIleech progress continues…

 

https://github.com/ufrisk/pcileech

Standard
Uncategorized

Attacking UEFI Runtime Services

Ulf has an informative new article (and video) about attacking UEFI Runtime Services on Linux-based systems using PCILeech:

Attackers with physical access are able to attack the firmware on many fully patched computers with DMA – Direct Memory Access. Once code execution is gained in UEFI/EFI Runtime Services it is possible to use this foothold to take control of a running Linux system. The Linux 4.8 kernel fully randomizes the physical memory location of the kernel. There is a high likelyhood that the kernel will be randomized above 4GB on computers with sufficient memory. This means that DMA attack hardware only capable of 32-bit addressing (4GB), such as PCILeech, cannot reach the Linux kernel directly. Since the EFI Runtime Services are usually located below 4GB they offer a way into Linux on high memory EFI booting systems. Please see the video below for an example of how an attack may look like. […]

Full post:

http://blog.frizk.net/2017/01/attacking-uefi-and-linux.html

 

Standard