Annotated version of my #35c3 presentation "Modchips of the State" about hypothetical SPI bus hardware implants in Supermicro servers' BMC: https://t.co/kEGiK3dhit pic.twitter.com/YhIhDnsaef

— Trammell Hudson ⚙ (@qrs) January 8, 2019

Lecture: Modchips of the State: Hardware implants in the supply-chain

December 10, 2018 ~ hucktech ~ 1 Comment

I'll be discussing practical hardware implant attacks and defenses against the BMC and x86 SPI flash chips at my #35c3 talk, "Modchips of the State", 22:50 on 27 December. See you in Leipzig! https://t.co/E8yxgHttSv pic.twitter.com/VqgsfRZMNW

— Trammell Hudson ⚙ (@qrs) December 10, 2018

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

We don’t know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9597.html

CVE-2018-12169: Tianocore UEFI: Unauthenticated Firmware Chain-of-Trust Bypass

September 25, 2018 ~ hucktech ~ Leave a comment

CVE-2018-12169: Platform sample code firmware included with Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake and Cannon Lake processors contains a logic error allowing a physical attacker to bypass BootGuard firmware authentication. https://t.co/yumrGrTVDH pic.twitter.com/8cErlL7qyE

— Trammell Hudson ⚙ (@qrs) September 24, 2018

CVE-2018-12169 also potentially allows a developer to "jailbreak" their BootGuard protected laptop since the UEFI DXE volume can be replaced with a user provided LinuxBoot ROM image. https://t.co/yHwwMOTyx7 pic.twitter.com/MeWI0DGUBf

— Trammell Hudson ⚙ (@qrs) September 24, 2018

“The issue was reported by Trammell Hudson”

https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12169

https://nvd.nist.gov/vuln/detail/CVE-2018-12169

https://exchange.xforce.ibmcloud.com/vulnerabilities/150223

Trammell on LinuxBoot (NERF) and Heads

November 29, 2017 ~ hucktech ~ Leave a comment

Note that NERF is also called LinuxBoot now.

The LinuxBoot firmware (formerly NERF) is almost working on the Intel S2600wf mainboard. pic.twitter.com/8fvr9Rb0ND

— Trammell Hudson ⚙ (@qrs) November 29, 2017

The NERF project is a collaboration with Ron Minnich at Google (creator of LinuxBIOS and coreboot) that aims to build an open, customizable, and slightly more secure firmware for server machines based on using Linux and Heads in the ROM to replace UEFI as the bootloader. Unlike coreboot, NERF doesn’t attempt to replace the chipset initialization code with opensource. Instead it retains the vendor PEI (Pre-EFI environment) code as well as the signed ACM (authenticated code modules) that Intel provides for establishing the TXT (trusted execution environment). The NERF firmware replaces the DXE (Driver Execution Environment) portion of UEFI with a few open source wrappers, the Linux Kernel and the Heads measured runtime.

https://trmm.net/NERF

https://github.com/osresearch/heads/labels/nerf

https://github.com/osresearch/heads

Trammell: eficheck finds Thunderstrike 2

November 6, 2017November 7, 2017 ~ hucktech ~ Leave a comment

Trammell Hudson tests Apple macOS’s eficheck against Thunderstrike2:

Sometime later today I'll be able to test @XenoKovah's efichecker tool… pic.twitter.com/mKCzdUEEc8

— Trammell Hudson ⚙ (@qrs) November 6, 2017

Success! Thunderstrike 2 was found by the efichecker, although it doesn't take any active steps to conceal itself. pic.twitter.com/Id6DaTRFfa

— Trammell Hudson ⚙ (@qrs) November 6, 2017

https://trmm.net/Thunderstrike
https://trmm.net/Thunderstrike_2
https://support.apple.com/en-us/HT207475

Thunderstrike 2

Purism and Trammell Hudson partnership

April 12, 2017 ~ hucktech ~ Leave a comment

We're proud to announce a partnership w/Trammell Hudson @qrs the creator of Heads, a #Floss firmware for our Libremshttps://t.co/WtO8MuW7CB pic.twitter.com/THgq68t0iH

— Purism (@Puri_sm) April 12, 2017

It looks like Purism is going to use Heads now! I hope other OEMs consider some of the features Heads offers.

http://www.marketwired.com/press-release/security-researcher-trammell-hudson-device-maker-purism-join-forces-set-new-standard-2209477.htm

http://finance.yahoo.com/news/security-researcher-trammell-hudson-device-160000558.html

https://puri.sm/posts/purism-collaborates-with-heads-project-to-co-develop-security-focused-laptops/

Heads!

January 2, 2017 ~ hucktech ~ Leave a comment

Seriously tempted to get a Thinkpad and play with @coreboot_org, Heads and @QubesOS after watching https://t.co/0eJaSL4Rpg

— Dan Smith (@galooph) January 2, 2017

Just watched excellent talk on heads project (https://t.co/8ftF3Yh4Ag) by @qrs at #33c3 https://t.co/wgVnz2Elri

— Yuriy Bulygin (@c7zero) January 2, 2017

I’ve made one brief post on Heads. Earlier I thought it was a new Linux distribution, which is not the case, it is more of a coreboot payload.

Heads looks great! I am currently looking for a used Thinkpad to test one out. I hope others add support for other systems.

If you have not watched the CCC video, check it out, it is very informative.

https://trmm.net/Installing_Heads

https://trmm.net/Category:Heads

33C3: If You Can’t Trust Your Computer, Who Can You Trust?

33rd CCC

December 29, 2016 ~ hucktech ~ Leave a comment

The 33rd Chaos Communication Congress (CCC) takes place in December in Germany. There are MANY great presentations, and CCC is great at making video archives available. Here’s a sample of a few of the presentations, starting with Trammell’s lecture on Heads:

Bootstraping a slightly more secure laptop
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8314.html

What could possibly go wrong with <insert x86 instruction here>?: Side effects include side-channel attacks and bypassing kernel ASLR
Clémentine Maurice and Moritz Lipp
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html

Untrusting the CPU: A proposal for secure computing in an age where we cannot trust our CPUs anymore
jaseg
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8014.html

Virtual Secure Boot: Secure Boot support in qemu, kvm and ovmf
Gerd Hoffmann
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8142.html

Full schedule:
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/schedule.html
https://events.ccc.de/congress/2016/wiki/Main_Page

Heads

October 3, 2016 ~ hucktech ~ Leave a comment

https://twitter.com/fowlslegs/status/782711615816740864

Heads is a very interesting new distro by Trammel Hudson. If you like Qubes or Subgraph or Tails, read about this new distro.

The threat model that Heads proposes to address is very different from that of Tails. Tails’s goal is to allow users to to do computation on a machine in a way that doesn’t leave in trace on that system. This requires that the hardware in the system is trusted, which unfortunately is not the case for many users. Additionally many users need a way to keep state in a permanent way and don’t want to expose this state to random machines. Their machines might be subject to physical attacks that might install untrusted firmware or other devices into the system.[1][2] For these reasons, Tails is not sufficient for many users who want a laptop that they can travel with and want to have some assurances that most adversaries won’t be able to modify the hardware underneath them. Complicating this goal is that modern x86 hardware is full of modifiable state[3] and it is full of dusty corners that can hide malware or unauthorized code. Additionally there is unverifable code running in the Intel Management Engine, which has access to memory, to the network and various other peripherals. As a result we must trust certain entities more than others and this does affect our threat model. This document discusses some of the threats that make building slightly more secure mobile systems very difficult. There is a separate guide on installing Heads on the Thinkpad x230, which covers the practical issues of hardening a laptop against some of the threats described here. […]”

https://trmm.net/Heads

https://trmm.net/Installing_Heads

tool: ReadPhysMem

September 3, 2015 ~ hucktech ~ Leave a comment

Found on the Twitter feed of the The EFI Monster (@osxreverser):

readphysmem – A small utility to read and write to Macs physical memory using default AppleHWAccess.kext https://t.co/yEfwyGHUhm

— The Uninitialized Pointer Guru 🥇 (@osxreverser) September 3, 2015

ReadPhysMem is a small utility to read and write to Macs physical memory using default AppleHWAccess.kext. Quoting the readme:

(c) fG! – 2015 – reverser@put.as – https://reverse.put.asA small utility to read and write to Macs physical memory using default AppleHWAccess.kext.

This kext is loaded by default on Mavericks and Yosemite. It has (finally) been disabled on El Capitan since beta 7 release, since it was a obvious way to bypass and disable the new rootless protection 😉

Trammell Hudson wrote a similar utility using DirectHW.kext (also blacklisted on El Capitan B7). Available at https://github.com/osresearch/rwmem.

The same warning as rwmem applies here. Use with caution, it can easily kernel panic your machine both on reads and writes (particularly on devices mapped areas, SMM ram, etc). If you already know PCI BAR addresses you need to use 4 bytes read size instead of default 8.

It works great to read kernel and other memory, and also BIOS (since it’s mapped/shadowed in physical memory). See also https://github.com/gdbinit/diagnostic_service2 for a real world rootkit application.

DirectHW.kext is a bit more powerful since it allows to read port info. AppleHWAccess.kext only implements memory reads and not ports. For example, it can’t be used to read PCI configuration.

Have fun,

fG!

https://github.com/gdbinit/readphysmem

quiz: define ‘firmworm’

August 4, 2015 ~ hucktech ~ Leave a comment

The pre-conference preview videos are coming out… 🙂 One firmware one that caught my attention:

Thunderstrike 2 “firmworm” for MacBooks Preview Video

A video by Trammell Hudson @qrs of #Thunderstrike2 spreading OS->boot flash->OROM->other laptop boot flash is here: https://t.co/k7U3mHVZup

— LegbaCore (@legbacore) August 3, 2015

We define a "firmworm" as something that only ever spreads and persists in firmware. You know, the place no one ever checks?

— Xeno Kovah (@XenoKovah) August 3, 2015

I will have extra Thunderbolt Ethernet adapters at @BlackHatEvents and @_defcon_ if you need to borrow one. pic.twitter.com/4JLtAzTASN

— Trammell Hudson ⚙ (@qrs) August 3, 2015

Apple EFI vulnerabilities: CVE-2015-3693 and CVE-2015-3692

June 30, 2015June 30, 2015 ~ hucktech ~ Leave a comment

From the security-announce@lists.apple.com announce list, Apple has an EFI update for multiple systems, available from the App Store. Two CVEs are listed:

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking.
CVE-ID
CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may induce memory corruption to escalate privileges
Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates.
CVE-ID
CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)

More Information:
https://support.apple.com/en-us/HT204934
https://lists.apple.com/mailman/options/security-announce/