Tag: ThinkPwn

scan_thinkpwn: searches for ThinkPwn vulnerability

~ hucktech ~ Leave a comment

THINKPWN SCANNER: This program is used to scan UEFI drivers extracted from firmware image for ThinkPwn vulnerability in vendor/model agnostic way.
AUTHORS:
@d_olex (aka Cr4sh) — initial Vivisect based version of the program;
@trufae (aka pankake) — radare2 based version (this one);

Read the source code for more user docs, including a detailed source comment about how the code works.

https://github.com/Cr4sh/ThinkPwn/blob/master/scan_thinkpwn.py

More info:
https://github.com/Cr4sh/ThinkPwn
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

CHIPSEC adds capsule parsing and blacklists ThinkPwn

~ hucktech ~ Leave a comment

CHIPSEC has had a few significant updates recently:

https://github.com/chipsec/chipsec/pull/73

https://github.com/chipsec/chipsec/pull/89

[…] It detects EFI binaries which have the following attributes:
1. GUID A56897A1-A77F-4600-84DB-22B0A801FA9A string of vulnerable UEFI SmmRuntime protocol within the contents of EFI binaries
2. Two names (UI strings) ‘SystemSmmRuntimeRt.efi’ and ‘SmmRuntime’ and two GUIDs 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and A56897A1-A77F-4600-84DB-22B0A801FA9A of vulnerable EFI binaries found in different systems[…]