William reviews CrScreenshotDxe

William has done another tool review, this time of Nikolaj’s CrScreenshotDxe tool. He does must longer blog posts on tool reviews than me, so it is always nice to see another review from him. 🙂

[…] “Nikolaj did us all a great service by posting this utility on Github.  It was easy to integrate and worked flawlessly.” […]

http://www.basicinputoutput.com/2016/08/the-joy-of-crscreenshotdxe.html

https://github.com/LongSoft/CrScreenshotDxe

https://firmwaresecurity.com/2016/01/04/screenshot-taking-uefi-dxe-driver/

tool: ebiso: UEFI bootable ISO image creator

Vladimir Gozora just created ebiso, an UEFI bootable ISO image creator, a newly-created UEFI-centric project on Github. It is so

The Primary intention of ebiso was to create simple bootable UEFI ISO image for ReaR on SLES11.

*  currently supports only 8.3 file name convention (Joliet might follow in future)
*  no additional dependencies
*  released under GPL
*  currently under heavy testing 😉
*  more info will come (maybe)

The project is new, unclear if it’ll work with non-SLES11 ISOs. Ebiso aside, rear looks like an interesting project as well:

Relax-and-Recover is the leading Open Source bare metal disaster recovery and system migration solution. It is a modular framework with many ready-to-go workflows for common situations. Relax-and-Recover produces a bootable image. This image can repartition the system. Once that is done it initiates a restore from backup. Restores to different hardware are possible. Relax-and-Recover can therefore be used as a migration tool as well. Currently Relax-and-Recover supports various boot media (incl. ISO, PXE, OBDR tape, USB or eSATA storage), a variety of network protocols (incl. sftp, ftp, http, nfs, cifs) as well as a multitude of backup strategies (incl. IBM TSM, HP DataProtector, Symantec NetBackup, Bacula, rsync).

More info:

https://github.com/gozora/ebiso

https://github.com/rear/rear

tool: ThunderGate

I just learned about ThunderGate, by Saul St John, The current version is 0.8.499, initial release was 4 months ago. It is a Python RE tool for Apple Thunderbolt Ethernet (and other) controllers, with PCI Option ROM, and UEFI support! I’m excerpting the readme and usage output below, see the URLs for full details, including omitted scary warning disclaimers:

ThunderGate is a collection of tools for the manipulation of Tigon3 Gigabit Ethernet controllers, with special emphasis on the Broadcom NetLink 57762, such as is found in Apple Thunderbolt Gigabit Ethernet adapters. Tigon3 controllers contain a variety of architectural blocks, including a PCI endpoint, an 802.3 media access controller, on-chip ram, DMA read and write engines, nonvolatile storage, and one or more MIPS processors. These features are exposed by ThunderGate through an easy-to-use Python interface, allowing for reverse engineering, development, and deployment of custom firmware and applications. Examples provided include a userspace VFIO tap driver, a firmware application capable of monitoring and manipulating network traffic and host memory, and a PCI option rom containing an EFI boot services driver which can either inhibit the employ or compromise the effectivity of Intel I/O MMU address translation (VT-d). The ThunderGate firmware implements a network protocol allowing for remote control of the device and host system by an Ethernet-connected peer. Currently supported actions include reading and writing from device and host memory, forging network traffic, sending host interrupts, and manipulation of PCI capabilities configuration.

$ py/main.py -h
usage: main.py [-h] [-v] [-d] [-t] [-s] device
  device        BDF of tg3 PCI device
  -h, –help     show this help message and exit
  -i, –install  install thundergate firmware
  -u, –uio      use uio pci generic interface
  -v, –vfio     use vfio interface
  -d, –driver   load userspace tap driver
  -t, –tests    run tests
  -s, –shell    ipython cli

More Information:
https://github.com/sstjohn/thundergate
http://thundergate.io/

new fuzzing tool: Fuddly

K0retux has created a new Fuddly, a fuzzing and data manipulation framework. It is a Python based (v2 or v3) command line tool. Fuddly uses a graph-based data model that enables: to represent complex data formats and also to mix them, complex data manipulations, to dissect/absorb existing data, and generation & mutation fuzzing strategy. Fuddly’s fuzzing automation framework enables: target abstraction, monitoring means based on independant probes, replay & logging, data manipulation based on disruptors (objects that implement specific data transformation), and virtual operator abstraction.

Fuddly is a fuzzing and data manipulation framework whose main objectives are: 1) To allow users to build data model that: 1.1) mix very accurate representations for certain aspects with much coarser ones for others that are outside the focus of the testing; leaving open the way of refining the other parts should the need arise; 1.2) may be combined with each other; 1.3) enable to dissect raw data for analyzing them and enable to absorb them within the data model for manipulation; 1.4) enable to mix up generation and mutation fuzzing techniques. 2) To represent the data in a way that simplify the process of fuzzing and especially to enable the implementation of elaborated transformations. By ‘’elaborated’’ we mean the capability to act on any data part (that is not necessarily contiguous) while preserving consistency of dependent parts if so desired. This amounts to allowing transformations to be articulated around syntactic criteria—e.g., modification of an integer depending on the size of the field hosting it—or semantic ones—e.g., alteration of a value regarding its meaning for a given data format or protocol, alteration of specific data sub-parts forming a sound group for a given data format or protocol. 3) To automate the fuzzing process relying on various fuddly’s sub-systems enabling: the communication with the target, to follow and monitor its behavior and to act accordingly (e.g., deviate from the protocol requirements like sequencing, timing constraints, and so on), thanks to data model search and modification primitives, while recording every piece of information generated during this process and enabling to replay it.

https://github.com/k0retux/fuddly