Advertisement

On Way to Simplify the Reverse Engineering of UEFI Firmwares

  • Philip Lebedev
  • Konstantin KogosEmail author
  • Egor Vasilenko
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)

Abstract

In this paper authors introduce an algorithm to simplification of UEFI firmware reverse engineering via limiting the amount of code examined on Intel-based systems, which is based on proprietary UEFI protocols searching. The provided implementation of the algorithm is tested on few platforms that are Gigabyte BRIX, Razer Blade Stealth and Intel NUC based on 7th Generation Intel(R) Processor Families. As a result, UEFI modules that contain references to proprietary protocols were defined.

Keywords

Firmware Reverse engineering UEFI 

References

  1. 1.
    Wojtczuk, W., Tereshkin, A.: Attacking Intel BIOS. https://www.blackhat.com/presentations/bh-usa-09/WOJTCZUK/BHUSA09-Wojtczuk-AtkIntelBios-SLIDES.pdf. Accessed 20 July 2019
  2. 2.
    Duflot, L., Etiemble, D., Grumelard, O.: Using CPU system management mode to circumvent operating system security functions. https://pdfs.semanticscholar.org/62be/ba49b7a9eb50c0a860547cceb2863e994aa2.pdf. Accessed 20 July 2019
  3. 3.
    System Management Mode Hack: Using SMM for Other Purposes. http://phrack.org/issues/65/7.html. Accessed 20 July 2019
  4. 4.
    Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM Reloaded. https://cansecwest.com/csw09/csw09-duflot.pdf. Accessed 20 July 2019
  5. 5.
    Lin, P.: Hacking team uses UEFI BIOS Rootkit to Keep RCS 9 agent in target systems. https://blog.trendmicro.com/trendlabs-securityintelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9agent-in-target-systems. Accessed 20 July 2019
  6. 6.
    Matrosov, A., Rodionov, E.: UEFI firmware rootkits: myths and reality. https://www.blackhat.com/docs/asia17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-AndReality.pdf. Accessed 20 July 2019
  7. 7.
    Goryachy, M., Ermolov, M.: Where there’s a JTAG, there’s a way: obtaining full system access via USB. https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf. Accessed 20 July 2019
  8. 8.
    Loucaides, J., Bulygin, Y.: Platform security assessment with CHIPSEC. https://cansecwest.com/slides/2014/PlatformFirmwareSecurityAssessmentwCHIPSEC-csw14-final.pdf. Accessed 20 July 2019
  9. 9.
    UEFI Specification Version 2.7. http://www.uefi.org/sites/default/files/resources/UEFISpec2_7_ASept6.pdf. Accessed 20 July 2019
  10. 10.
    UEFI firmware analyser tool. https://github.com/yeggor/UEFI_RETool. Accessed 20 July 2019

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Philip Lebedev
    • 1
  • Konstantin Kogos
    • 1
    Email author
  • Egor Vasilenko
    • 1
  1. 1.National Research Nuclear University MEPhIMoscowRussia

Personalised recommendations