Some talks from the 31C3 with info relevant to EFI/BIOS hacking

Discussion in 'BIOS Mods' started by en4rab, Dec 29, 2014.

  1. en4rab

    en4rab MDL Novice

    Oct 27, 2009
    44
    7
    0
    #1 en4rab, Dec 29, 2014
    Last edited: Dec 30, 2014
    This years Chaos Communications Congress seems to have brought some great talks on attacks against the PC architecture, some which might be relevant to modding UEFI firmware, so I thought id post some links for anyone interested.

    The first was AMD x86 SMU firmware analysis where Rudolf Marek describes how he recovered the HMAC key used to hash the SMU firmware blob allowing him to run custom firmware on the SMU.
    Description: https://31c3.cc/cccsync/congress/2014/Fahrplan/events/6103.html
    Videos: http://media.ccc.de/browse/congress...u_firmware_analysis_-_rudolf_marek.html#video
    Or on youtube: https://www.youtube.com/watch?v=yE_PMcwltzo

    The second Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer where Rafal Wojtczuk and Corey Kallenberg describe bypassing the protections that prevent you from flashing the UEFI firmware by attacking SMM mode.
    Description: https://31c3.cc/cccsync/congress/2014/Fahrplan/events/6129.html
    Videos: http://media.ccc.de/browse/congress..._rafal_wojtczuk_-_corey_kallenberg.html#video
    Or on youtube: https://www.youtube.com/watch?v=ths65a9LH6Y

    The third Thunderstrike: EFI bootkits for Apple MacBooks where Trammell Hudson describes how to use a thunderbolt option rom to subvert the apple EFI firmware update process and flash firmware signed by someone other than apple.
    Description: https://31c3.cc/cccsync/congress/2014/Fahrplan/events/6128.html
    Videos: http://media.ccc.de/browse/congress...r_apple_macbooks_-_trammell_hudson.html#video
    Or on youtube https://www.youtube.com/watch?v=5BrdX7VdOr0