Uncategorized

VbiosFinder and rom-parser

VBiosFinder: extract a VBIOS from a BIOS update.

This tool attempts to extract a VBIOS from a bios update.

Dependencies include: UEFIDump and rom-parser.

https://github.com/coderobe/VBiosFinder

—–

UEFIDump, of course, is included with UEFITool. But rom-parser is new to me.

To view ROM contents:
usage: rom-parser [ROM file]

This program does not have support for reading the ROM from pci-sysfs, please do this manually in advance, ex:
cd /sys/bus/pci/devices/0000:01:00.0/
echo 1 > rom
cat rom > /tmp/image.rom
echo 0 > rom

Pass the resulting image file as the argument to this program.
To modify ROM conents:
usage: rom-fixer [ROM file]
Obtain ROM as above, program prompts for modifying ROM vendor and device IDs and invalid checksums.
IMPORTANT: rom-fixer will update the ROM file in place. Make a backup!

https://github.com/awilliam/rom-parser

Standard
Uncategorized

Embedi: UEFI BIOS holes. So much magic. Don’t come inside.

24 October, 2017
UEFI BIOS holes. So Much Magic. Don’t Come Inside.
In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect such scope of vendors like Acer, ASRock, ASUS, Dell, HP, GIGABYTE, Lenovo, MSI, Intel, and Fujitsu. This white paper is intended to describe how to detect a vulnerability in a motherboard firmware with the help of the following tools: Intel DAL, UEFITool, CHIPSEC, RWEverything, and how to bypass the patch that fixes this vulnerability.[…]

https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside

Standard
Uncategorized

Alex blogs and updates UEFITool!

Double entry for Alex: he’s got a new blog post on Intel Boot Guard, plus he’s updated UEFITool!

“[…]Today I released a new build of UEFITool with visual validation of Intel Boot Guard coverage. The code pushed to the github repository. A standalone binary of UEFITool can be downloaded here.[…]”

https://github.com/LongSoft/UEFITool

View story at Medium.com

 

Standard
Uncategorized

UEFITool updated to A40

I missed this. In mid-February, the ‘new engine’ branch of  UEFITool (and the other command line tools) were updated from A32 to A40.

*  Decoding of JEDEC chip IDs and LZMAF86 sections support added in A33
*  GoToOffset dialog (Ctrl+G) and CPU microcode info added in A35
*  Internal GUID database (override in runtime also possible) added in A40
*  Various bugfixes

https://github.com/LongSoft/UEFITool/tree/new_engine

https://github.com/LongSoft/UEFITool/commits/new_engine

https://github.com/LongSoft/UEFITool/releases

 

Standard