![]() ![]() Of course, this backdoor is rather research tool than malware - to install it you need to have a hardware SPI programmer and physical access to the target machine, but as was shown by other researchers - it’s also possible to weaponise such backdoor with proper UEFI exploit that allows to infect the firmware form running operating system in software only way. ![]() Also, later I wrote additional backdoor payload that allows to escalate privileges of user mode processes under 64-bit GNU/Linux operating system using SMM magic. To achieve a better solution I decided to code some firmware backdoor that runs in SMM and provides an interface that allows to dump SMRAM from less privileged code and do some other useful things. Significant disadvantage of both these ways - they're very model specific and you may spend unpredictable amount of time porting them to some new test platform. The most obvious ways to do it - patch motherboard firmware and disable SMRAM protection to make it accessible for non-SMM code, or write exploit for some firmware vulnerability that allows to read SMRAM contents, like boot script table vulnerability ( CERT VU #976132) that was described in my previous blog post about UEFI. For reverse engineering of SMM code you need to dump somehow a System Management Mode RAM where it lives, which is not that easy. Last several months I spent with learning about SMM and coding SMM backdoor for UEFI based platforms as weekend day project, in this article I want to share the backdoor source code with you and explain how it works.Īctually, the story started when I was inspired by recent research about SMM vulnerabilities by Intel Security (" A New Class of Vulnerabilities in SMI Handlers") and LegbaCore (" How Many Million BIOSes Would you Like to Infect?") teams and decided to audit the firmware of my Intel DQ77KB motherboard for similar vulnerabilities. Since it enables you to customize and optimize various UEFI firmware settings, UEFIFind is a tool for advanced users who want to take full control over their computer.System Management Mode is apparently one of the coolest dark corners of Intel IA-32 architecture. An advanced tool that enables you to adjust UEFI-compatible devices’ settingsĪs far as compatibility goes, the utility supports a wide variety of firmware formats used by well-known motherboard manufacturers, including, but not limited to ASUS, MSI or Gigabyte. The app can also be employed for extracting firmware images from BIOS, which can come in handy for viewing and analyzing various images that are not readily available. Moreover, thanks to the tool, you could even add features that were not available with the default firmware. Making changes to these and other settings doesn’t only help improve the overall performance, but it can also aid fix various issues that were causing constant bugs. The role of the tool is to enable you to edit the UEFI firmware’s settings, including here the boot order of devices, overclocking or the power management. Therefore, you can write scripts to automate tasks and perform various batch operations, a feature that can come in handy for network administrators who need to change multiple firmware images simultaneously, for example. While some may view this as a setback, the advantage – especially for advanced users – is that it is scriptable. The tool doesn’t boast a GUI, but it is rather a console application. Enables you to customize the firmware settings and features as you want UEFIFind is a tool designed to help you with this type of tinkering, as the utility is designed to view and edit firmware that runs on the motherboard. For instance, overclocking the CPU entails modifying some firmware settings to increase the clock speed, adjust the voltage settings and tweak other performance-related settings. If you are interested in tinkering with your computer in a way that would improve its performance significantly, then you may have to make some expert modifications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |