firmware biopsy
play

Firmware Biopsy tweek <tweek@google.com> Enterprise - PowerPoint PPT Presentation

Oct 12, 2022 •28 likes •698 views

Firmware Biopsy tweek <tweek@google.com> Enterprise Infrastructure Protection Agenda Context Read Primitives More Read Primitives Collection at Scale Findings Q & A Context x86 in 2016 (Skylake) DDR SDRAM PEG

  1. Firmware Biopsy tweek <tweek@google.com> Enterprise Infrastructure Protection

  2. Agenda ● Context ● Read Primitives ● More Read Primitives ● Collection at Scale ● Findings ● Q & A

  3. Context

  4. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus PCH

  5. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus PCH SPI System Flash

  6. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus PCH SPI System SMBUS Flash SPI Embedded Controller

  7. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus PCH SPI System SMBUS Flash SPI SPI EC Embedded Controller Flash

  8. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus SATA/PCIe SSD PCH SPI SPI SSD System SMBUS Flash Flash SPI SPI EC Embedded Controller Flash

  9. x86 in 2016 (Skylake) DDR SDRAM PEG CPU GPU DDR SDRAM DMI SMBus SATA/PCIe SSD PCH SPI Thunderbolt USB-C SPI Controller Switch (w EEPROM) Controller SSD System SMBUS Flash Flash USB-C Controller SPI SPI EC Flash Embedded Controller Flash

  10. Firmware on Pixel 2

  11. Firmware on Pixel 2 TPM CPU MC GPU SD CARD AUDIO DSP BIOS/ME SILEGO EC AUDIO SSD WIFI/BT CODEC EC PD BATTERY FUEL GAUGE

  12. Research Firmware / Topic Published Research PCI Option ROM Heasman (2007) Snare (2013) Kovah & LegbaCore (2015) Hard Drive Goodspeed et al. (2013) Network Controller Triulzi (2008) x86 Modes and Design flaws Rutkowska (2009-2015) Cr4sh SMM research (2015-2016)

  13. What is happening in the wild? ● State-sponsored attackers exploiting firmware implants ○ Equation Group, IRATEMONK, DEITYBOUNCE ● Non-state-sponsored attackers picking up ○ Hacking Team

  14. Why is this attractive to attackers? ● High initial investment, but lasts for a long time ● Very low chance of detection ● Remote deployment or hardware interception is still easy

  15. What do defenders want? Increase costs of performing firmware attacks ● Removing trivial to find security flaws ● Increasing chance of detection in the wild ● Reduce length of time you can expect capability will last before being disclosed Ultimately, protecting our users and their data.

  16. Improving the state of detection

  17. Increase knowledge & visibility ● Where is firmware running? ● What firmware is running? ● Is that the firmware intended to be run by the vendor? ● Does this firmware contains known vulnerability?

  18. How to verify that a fleet of devices is running the original vendor firmware?

  19. Read Primitives

  20. Read Primitive ● Method to extract a copy of the running firmware ○ Reliable ○ Generic Complete ○ ● Physical vs Software Trade-off between integrity and scalability of measurement ○ ○ Physical: hook onto pins = easiest, not practical for internal flash ● Limited read primitive ○ Hash of firmware Partial copy ○

  21. Read Primitive (cont’d) ● Detection method more than prevention ● PCR of TPM ○ Similar objective ○ Partial measure of boot environment Limited to boot path ○ Preventative method ○

  22. Software Read Primitive Flaw Userspace Kernel Firmware Measuring this Hardware

  23. Software Read Primitive Flaw From here Userspace Kernel Firmware Measuring this Hardware

  24. One solution ● Similar flaw in today live forensic ○ Investigate the OS from the running kernel ● Increase the number and type of measures ○ For a specific firmware => have two or more read primitives Increase the cost of hiding for an attacker ○

  25. BIOS/UEFI Read Primitives

  26. BIOS/UEFI ● The most well-known firmware ● Stored on the SPI flash Management Ethernet Descriptor BIOS Image Engine (ME) Controller Image Firmware ● Descriptor defines access control between regions ● All latest chipset generation follow a specific Intel standard for their format

  27. SPI Flash 8-PIN SOP 8-PIN WSON Debug Header

  28. Hardware Acquisition

  29. BIOS/UEFI Read Primitive (SPIBAR) ● PCI device exposed by the PCH ● Interact with the flash using memory access ● Used by Flashrom and Chipsec ● Multiple modes ○ Software sequencing: Deprecated, forward white-listed operations to the flash Hardware sequencing: ○ PCH offers standard “API” to interact with flash

  30. BIOS/UEFI Read Primitive (SPIBAR) [1]

  31. Memory-mapped I/O [2]

  32. /dev/mem ● CONFIG_STRICT_DEVMEM ? ● Access to MMIO for uid 0 is allowed ● OSX and Windows requires extra driver for such access

  33. SPIBAR example

  34. SPIBAR example SPIBAR is at: 0xfed1c000 + 0x3800 (constant) = 0xfed1f800

  35. SPIBAR example

  36. SPIBAR example

  37. SPIBAR example Where? (0x00533e63)

  38. SPIBAR example How much? [1-64] Where? (0x00533e63)

  39. SPIBAR example How much? [1-64] What? (r/w) + Go! Where? (0x00533e63)

  40. SPIBAR example How much? [1-64] What? (r/w) + Go! Where? (0x00533e63) Content of the Flash

  41. BIOS/UEFI Read Primitive (0xFF000000) ● 16MB forwarded to the PCH ● “For security reasons, the processor will positively decode this range to DMI. This positive decode ensures any overlapping ranges will be ignored. This ensures that the boot vector and BIOS execute off the PCH.” - Intel Skylake datasheet

  42. PCH caching?

  43. More Read Primitives

  44. PCI Option ROM ● Stored on the PCI device ● Executed by CPU when the device is initialised ● By design, execution of unknown code ● Leveraged by Thunderstrike

  45. GPU Read Primitives ● Multiple memory areas ○ VRAM ○ PCI Option ROM GPU firmware ○ ● Documentation from Nouveau project Describes low-level interface of cards ○ ○ Highly dependent on card generation

  46. Embedded Controller ● Manage battery, fans, sensors ● No standard interface ○ ACPI define two IO port ○ Index I/O for extra reads ● Moving proprietary tech from BIOS to EC Lenovo’s ThinkEngine ○ Apple’s SMC ○ ● Chrome OS ○ Open Source EC ○ Read primitive available using flashrom (in dev mode)

  47. Collection at Scale

  48. Chipsec ● From Intel Advanced Threat research, published in 2014 ● https://github.com/chipsec/chipsec ● Allow inspection of hardware/firmware ● By default, requires kernel driver ● /dev/mem is enough for PCI memory access ● Port to OSX for similar functionalities

  49. GRR ● Google’s IR tool ● Open Source, https://github.com/google/grr ● Highly customizable ○ Integrate Sleuthkit for live disk forensic ○ Integrate Rekall for memory forensic ● Stable ● Design for low-impact (memory footprint) on client

  50. GRR Chipsec ● Integrate Chipsec to GRR ● Open Source since April ● Implemented as a GRR component ● Able to dump the SPI flash image ● Able to inspect hardware/firmware status ○ Quickly extend the functionality in case of incident or public release

  51. GRR Chipsec - BIOS collection

  52. GRR Chipsec - BIOS collection # clients Execution Time (s)

  53. What can go wrong? ● Unsupported platform ○ Older generation only supports software sequencing ○ Unsupported hardware by Chipsec Execution on a VM ○ ● Lack of space to ... Load Chipsec ○ ○ Dump the flash image

  54. Analysis

  55. Comparison ● With what? ○ Previous versions from the same host ○ Official version Other machine with the same BIOS version ○ Different read primitives ○

  56. Granularity ● Considering one blob and hash ○ Lots of noise ○ E.g., BIOS contains variable areas, all flash images will be different ● Deconstructing the blob Vendor specific format ○ Extra care to consider “in-between” regions ○ ○ Some regions will still be out of analysis ○ May need to run control flow analysis to uncover similar code

  57. Implementation ● Leverage existing parsing code ○ UEFI: UEFITools, uefi-firmware-parser ○ ME: me-tools, unhuffme ● Separate server to receive collected images and compare with official versions ● Using manually rules to match / ignore false positives, per vendor/BIOS version

  58. Findings

  59. Unexpected Flash Descriptor content ● Descriptor has access control info for each regions ● When running in OS, CPU should only be able to read certain regions Management Ethernet Descriptor BIOS Image Engine (ME) Controller Image Firmware ● Found some flashes with full access to other regions

  60. Unexpected Management Engine images ● While collecting and analysing BIOS: ○ Able to dump the ME part of the flash image ○ While the flash descriptor explicitly forbid such operation ?? ● ME is usually not readable (Mac excepted) ● Similar machines (manufacturer, BIOS version) did not expose such behaviour

  61. SPI FDOPSS ● Pin strap on the PCH ● If (de)asserted, override flash protection ● Some vendors allow overwrite of this bit using a jumper ● Some vendors connect this pin to the Embedded Controller

  62. SPI FDOPSS [1]

  63. SPI FDOPSS ● Use Chipsec module of GRR to verify if that bit is set ● 4 lines of Python (hack) to read a specific hardware register ● Can also be implemented as a Chipsec module: ○ chipsec/modules/common/spi_fdopss.py

  64. SPI FDOPSS

Recommend

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Pathology Pointers A supplement to Kirk Jones talk Biopsy Adequacy Attempt to biopsy two to

Pathology Pointers A supplement to Kirk Jones talk Biopsy Adequacy Attempt to biopsy two to

11/10/2014 Pathology Pointers A supplement to Kirk Jones talk Biopsy Adequacy Attempt to biopsy two to three lobes Biopsy of superior and basilar segment of one lobe can count as two. Lingula and right middle lobe often behave

197 views • 8 slides
Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura University of Hawaii December 14, 2012 US Firmware Meeting 1 v2 Firmware Version 2 firmware is largely done: New interface to the DAQ

273 views • 5 slides
Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook &lt;keescook@chromium.org&gt; (pronounced Case) Overview Wait, which firmware? Threats Update methods

311 views • 20 slides
Talk Overview malabsorption bowel biopsy Biopsy issues Classic Histology Response to

Talk Overview malabsorption bowel biopsy Biopsy issues Classic Histology Response to

Greenson Sprue 19/3/11 The surgical pathology of How not to sprue-up a small Talk Overview malabsorption bowel biopsy Biopsy issues Classic Histology Response to Treatment Marsh 1 lesion Histologic mimics Peptic

414 views • 23 slides
DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal Demonstrate upstream DAQ functions in firmware before design review - Have implementation ready before May 2020 10-second buffer Hit

466 views • 13 slides
WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background

WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background

WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background ProtoDUNE WIB operated (and continuing) successfully FPGA was an Altera Aria V All-firmware design, included different firmware sets for

843 views • 47 slides
Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS alternative (coreboot, OpenEC) Figure out possible attack vectors via firmware trojans We will take only case of modern PC/Laptop/Server firmware(s).

747 views • 46 slides
OpenPower Jeremy Kerr Firmware developer IBM Linux Technology Center jk@ozlabs.org Firmware

OpenPower Jeremy Kerr Firmware developer IBM Linux Technology Center jk@ozlabs.org Firmware

OpenPower Jeremy Kerr Firmware developer IBM Linux Technology Center jk@ozlabs.org Firmware OpenPower System architecture Development collaboration Linux platform openpowerfoundation.org POWER8 Machine State Register (MSR) PR PR=1

496 views • 36 slides
Evaluation of Transscleral Versus Transvitreal Biopsy Timothy G. Murray, MD MBA FACS Miami

Evaluation of Transscleral Versus Transvitreal Biopsy Timothy G. Murray, MD MBA FACS Miami

Uveal Melanoma Fine Needle Aspiration Biopsy (FNAB) for Molecular Genomic Classification: Evaluation of Transscleral Versus Transvitreal Biopsy Timothy G. Murray, MD MBA FACS Miami Ocular Oncology and Retina (MOOR) Miami, Florida ASRS 2018

246 views • 20 slides
Reversing a firmware uploader &amp; Others NFC stories 1

Reversing a firmware uploader &amp; Others NFC stories 1

7/1/2019 Reversing a Firmware uploader &amp; others NFC stories Reversing a firmware uploader &amp; Others NFC stories 1 file:///D:/projects/pts2019/dist/index.html 1/41 7/1/2019 Reversing a Firmware uploader &amp; others NFC stories

920 views • 41 slides
Status of DUNE DAQ Hardware/Firmware Development Status David Cussans DUNE DAQ Meeting 15 th

Status of DUNE DAQ Hardware/Firmware Development Status David Cussans DUNE DAQ Meeting 15 th

Status of DUNE DAQ Hardware/Firmware Development Status David Cussans DUNE DAQ Meeting 15 th October, 2018 Introduction Concentrating on firmware Agnostic of where it is implemented For TDR firmware will be demonstrated on

661 views • 14 slides
Software/firmware activities @ MZ Working concurrently on support of existent hardware and

Software/firmware activities @ MZ Working concurrently on support of existent hardware and

Software/firmware activities @ MZ Working concurrently on support of existent hardware and pre-phase1 circuitry Software (Jan) and firmware (Uli) for JEM processors Software (Jan, Christian) and firmware (Christian, Patric, Stephan)

645 views • 7 slides
Firmware Projects and Hardware Demonstrators Yuri Gershtein, Rutgers University for

Firmware Projects and Hardware Demonstrators Yuri Gershtein, Rutgers University for

Firmware Projects and Hardware Demonstrators Yuri Gershtein, Rutgers University for Tracklet Team Technical Review 28-Aug-2017 1 Outline Reminder about structure of Firmware Barrel Disk

806 views • 41 slides
Gyn Office Procedures Part 1: 1. Cervical Polyp Removal 2. IUD Removal 3. Vulvar Biopsy (and

Gyn Office Procedures Part 1: 1. Cervical Polyp Removal 2. IUD Removal 3. Vulvar Biopsy (and

Gyn Office Procedures Part 1: 1. Cervical Polyp Removal 2. IUD Removal 3. Vulvar Biopsy (and vulvar lesions) 4. Endometrial Biopsy with interpretation 5. I+D of abscess Part 2: 1. Pessary Placement 2. IUD Insertion Copper T and

641 views • 30 slides
Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K.

Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K.

Introduction Firmware Update Analysis Exploitation Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K. Chen Reversing and Exploiting an Apple Firmware Update Introduction Motivation Firmware Update

2.09k views • 190 slides
Lifecycle for Firmware Presented by UEFI Forum October 23, 2019 Welcome &amp; Introductions

Lifecycle for Firmware Presented by UEFI Forum October 23, 2019 Welcome &amp; Introductions

How to Create a Secure Development Lifecycle for Firmware Presented by UEFI Forum October 23, 2019 Welcome &amp; Introductions Moderator: Brian Richardson Panelist: Eric Johnson Firmware Ecosystem Development Manager Engineering Manager

423 views • 38 slides
filtering for trigger primitive Ba Babak Abi UK DUNE firmware Meeting 30 30 May 20 2018 18

filtering for trigger primitive Ba Babak Abi UK DUNE firmware Meeting 30 30 May 20 2018 18

DPM firmware R&amp;D filtering for trigger primitive Ba Babak Abi UK DUNE firmware Meeting 30 30 May 20 2018 18 &amp; 1 DPM Fir irmware R&amp;D Three main aims : I. DUNEs new DPM initial tests. (Oct 2018) RAM &amp; SSD

96 views • 8 slides
Status of ETM firmware SungHyun Kim Hanyang University TRG/DAQ Workshop Sep 05. 2016 1

Status of ETM firmware SungHyun Kim Hanyang University TRG/DAQ Workshop Sep 05. 2016 1

Status of ETM firmware SungHyun Kim Hanyang University TRG/DAQ Workshop Sep 05. 2016 1 Contents GTX Link status btw TMM &amp; ETM TSim Buffer &amp; Study B2L Status Cosmic Run (Aug, 2016) ETM Firmware Status 2 Optical

481 views • 28 slides
Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

avatar 2 Marius Muench 34c3 - December 29, 2017 Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples 5. Conclusion 1 Binary Firmware Analysis Motivation Amount of embedded devices steadily

3.29k views • 51 slides
IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel Morel | CEA / LIST / DACLE Damien Courouss | CEA / LIST / DACLE NEWCAS Mnchen, Germany 2019 -06-24 BFUs BOOTLOADERS AND FIRMWARE

299 views • 10 slides
If you arent currently doing this, you should! Can remove cervical polyps and small (&lt;2cm)

If you arent currently doing this, you should! Can remove cervical polyps and small (&lt;2cm)

Part 1: Cervical or endometrial polyp removal 1. IUD removal 2. Vulvar biopsy (and vulvar lesions) 3. Endometrial biopsy (and interpretation of EMB 4. results) Part 2: Pessary placement 1. IUD insertion Copper T and Mirena 2. Part 3:

794 views • 27 slides
Educational Presentation Educational Presentation to the ECCC to the ECCC OralCDx Brush Biopsy

Educational Presentation Educational Presentation to the ECCC to the ECCC OralCDx Brush Biopsy

Educational Presentation Educational Presentation to the ECCC to the ECCC OralCDx Brush Biopsy Brush Biopsy - - OralCDx Technique and Indications Technique and Indications Mark Rutenberg CEO &amp; Founder, CDx Laboratories March 6, 2008

526 views • 52 slides
Myocarditis - Dilated Cardiomyopathies: The Role of Endomyocardial Biopsy Diagnostic,

Myocarditis - Dilated Cardiomyopathies: The Role of Endomyocardial Biopsy Diagnostic,

Myocarditis - Dilated Cardiomyopathies: The Role of Endomyocardial Biopsy Diagnostic, Prognostic and Therapeutic Implications Stamatis Adamopoulos, MD, PhD Onassis Cardiac Surgery Center, Athens, Greece Evolution of Acute Viral Myocarditis

746 views • 70 slides

More recommend