Analytics, and scalability, and UEFI exploitation! Oh my!

Transcript

1. Analytics, and Scalability, and UEFI exploitation! Teddy Reed [email protected] “Oh

   My!”

2. demo= Funmo.begin() firmware = "efi" usb:0.present = "TRUE" usb:0.deviceType =

   "hid" usb:0.port = "0" usb:0.parent = "-1" firmware = "efi" efi64.filename = “/Users/theo/Buffers/ uefi-research/samples/vmware/ efi-trojaned.rom" usb:0.present = "TRUE" usb:0.deviceType = "hid" usb:0.port = "0" usb:0.parent = "-1" Two blank VMs installing standard Windows 7 SP1 or Windows 8 Pro

3. Objectives Demonstrate evil data science using firmware updates Enable audience,

   researchers, and developers to discover firmware vulnerabilities Release some code and have fun! Introduce firmware & UEFI pentesting 1. 2. 3. 4.

4. Overview::Init() Obtain all the UEFIs Identify vendor- specific implementations Reverse

   ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks We’ll keep track of what capabilities and tools are released throughout this presentation.

5. #define Introduction UEFI Unified Extensible Firmware Interface UEFI Forum: 227

   Members (11 are promoters) Windows 8 logo required UEFI Secure Boot Almost every IS/BV, OEM implements UEFI Image © 2005, 2014 Square Enix

6. #define Introduction Security Pre-EFI Initialization Driver Execution Boot Device Select

   System Load Runtime Services Execute Boot loader “MBR” Select PXE SSD CD-ROM Execute EFI- Application Execute device, bus service drivers Create EFI- services CPU Initialize Board Initialize Measure, Verify OS-aware EFI services OS is running UEFI Unified Extensible Firmware Interface

7. #define Introduction Security Pre-EFI Initialization Driver Execution Boot Device Select

   System Load Runtime Services Execute Boot loader “MBR” Select PXE SSD CD-ROM Execute EFI- Application Execute device, bus service drivers Create EFI- services CPU Initialize Board Initialize Measure, Verify OS-aware EFI services OS is running EFI Bootkits Secure Boot Attacks Variable Attacks UEFI Unified Extensible Firmware Interface

8. #define Concepts Security Pre-EFI Initialization Driver Execution Boot Device Select

   Select PXE SSD CD-ROM Execute device, bus service drivers Create EFI- services CPU Initialize Board Initialize Measure, Verify UEFI Unified Extensible Firmware Interface

9. #define Concepts UEFI Unified Extensible Firmware Interface UEFI defines update

   mechanisms & formats System vendors often choose their own Each vendor distributes updates uniquely similarly to most software vendors

10. Unifying UEFI Updates “That’s a Triple U, all the way!”

    Simple JSON-representation of UEFI update context information • Release Time • Criticality • Affected Products • Patch Notes • Update Binary(ies) • Dell • Lenovo • Gigabyte • ECS • HP • Intel • MSI • AsRock […] #! FORK ME https://github.com/theopolis/uefi-spider

11. Unifying UEFI Updates “That’s a Triple U, all the way!”

    Optiplex 9020 A00 2013-06-05 07:12:30 A02 2013-09-23 03:08:01 A01 2013-07-16 07:21:46 ?? ????-??-?? ?:??:?? A03 2013-09-23 08:41:01 A07 2014-01-16 00:00:00 A04 2013-11-25 05:23:27 A05 2013-12-18 00:00:00 https://github.com/theopolis/uefi-spider

12. Unifying UEFI Updates “That’s a Triple U, all the way!”

    https://github.com/theopolis/uefi-spider Optiplex 9020 A00 2013-06-05 07:12:30 A02 2013-09-23 03:08:01 A01 2013-07-16 07:21:46 ?? ????-??-?? ?:??:?? A03 2013-09-23 08:41:01 A07 2014-01-16 00:00:00 A04 2013-11-25 05:23:27 A05 2013-12-18 00:00:00 What happened to A06, why are A02/03 5 hours apart?

13. Update Ecosystem Vendor Updates UEFI Size Format Feeling Dell 3214

    384 9.81G HDR/PFS :| Intel 1193 1193 6.36G Capsule :) HP 2359 397 13.40G Flash/Logo :( Lenovo ?? 193ish 2.58G Capsule D:< ASRock 3092 481 4.64G Flash :) Gigabyte 5176 412 6.94G Flash :) MSI 1138 507 3.85G Flash :)

14. Update Ecosystem Vendor Updates UEFI Size Format Feeling Dell 3214

    384 9.81G HDR/PFS :| Intel 1193 1193 6.36G Capsule :) HP 2359 397 13.40G Flash/Logo :( Lenovo ASRock 3092 481 4.64G Flash :) Gigabyte 5176 412 6.94G Flash :) MSI 1138 265 3.85G Flash :) ECS While scraping: ! Only 1 NullPointerDereference! Only 1 JScript injection vulnerability!

15. Update Ecosystem Vendor Updates UEFI Size Format Feeling Dell 3214

    384 9.81G HDR/PFS :| Intel 1193 1193 6.36G Capsule :) HP 2359 397 13.40G Flash/Logo :( Lenovo ASRock 3092 481 4.64G Flash :) Gigabyte 5176 412 6.94G Flash :) MSI 1138 265 3.85G Flash :) ECS Also, I would HATE to be Lenovo’s DB designers or on their update data entry team… ! Twice as many exceptions!

16. Update Ecosystem Total size of updates: 54,204,997,483 Size after dedup:

    21,722,824,704

17. Overview::recon() Obtain all the UEFIs Identify vendor- specific implementations Reverse

    ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks

18. What’s in an update? There are tons of wacky code/data

    embedding examples { { { { Firmware Capsule/ Flash Descriptor Firmware Volumes Firmware FileSystem Tiano/EFI NTFS FAT Padding Raw Firmware File Firmware File Firmware File Encapsulation Firmware File Firmware File Firmware File Depex Exp UEFI PE32 MORE!?!?! MEbx iAMT Trojans PM Configs Microcode

19. What’s in an update? There are tons of wacky code/data

    embedding examples { { { { Firmware Capsule/ Flash Descriptor Firmware Volumes Firmware FileSystem Tiano/EFI NTFS FAT Padding Raw Firmware File Firmware File Firmware File Encapsulation Firmware File Firmware File Firmware File Depex Exp UEFI PE32 MORE!?!?! MEbx iAMT Trojans PM Configs Microcode

20. RCEing Updates #! FORK ME There are a few awesome

    Firmware Volume, BIOS/ROM, and Flash filesystem parsers Nikolaj Schlej: https://github.com/NikolajSchlej/UEFITool https://github.com/theopolis/uefi-firmware-parser Python module for manipulating firmware-related structures, including: Dell updates, Intel ME, UEFI FV/FD/FFSs/FFs/FSs and Capsule, etc

21. RCEing Updates https://github.com/theopolis/uefi-firmware-parser Print Extract Inject Replace Maintain integrity where

    possible, optionally regenerate CRCs, add padding if needed One-stop tool for manipulating deeply embedded commodity firmware-objects For good: and evil:

22. demo.inspect! theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_injector.py --guid c57ad6b7-0515-40a8-219d-551652854e37 --injection ./evil.efi ./efi64.rom -o

    efi-trojaned.rom [#] Opening firmware as UEFI firmware volume. Parsing FV at index (volume). [#] Firmware objects parsed. [#] Injecting (replacing) FirmwareFile c57ad6b7-0515-40a8-219d-551652854e37. [#] Regenerating firmware children structures (from injection point). [#] Regeneration complete, child objects parsed. [#] Rebuilding complete firmware with injection. ffs size mismatch old=3715000 new=3115389 599611 [#] Rebuild complete, injection successful. Wrote: efi-trojaned.rom [#] Injected firmware written to efi-trojaned.rom. theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_parser.py ./efi64.rom Parsing FV at index (0x0). Firmware Volume: 8c8ce578-8a3d-4f1c-3599-896185c32dd3 attr 0x0007feff, rev 2, size 0x200000 (2097152 bytes) Firmware Volume Blocks: (32, 0x10000) File 0: 1b45cc0a-156a-428a-62af-49864da0e6e6 (EFI_PEI_APRIORI_FILE_NAME_GUID) type 0x02, attr 0x00, state 0x07, size 0x2c (44 bytes), (freeform) Section 0: type 0x19, size 0x14 (20 bytes) (Raw section) File 1: df1ccef6-f301-4a63-6196-fc6030dcc880 type 0x03, attr 0x00, state 0x07, size 0x3a04 (14852 bytes), (security core) Section 0: type 0x10, size 0x39cc (14796 bytes) (PE32 image section) Section 1: type 0x15, size 0x14 (20 bytes) (User interface name section) Name: SecMain Section 2: type 0x14, size 0xc (12 bytes) (Version section section) File 2: ffffffff-ffff-ffff-ffff-ffffffffffff type 0xf0, attr 0x00, state 0x07, size 0x68 (104 bytes), (ffs padding) File 3: 52c05b14-0b98-496c-3bbc-04b50211d680 type 0x04, attr 0x10, state 0x07, size 0x9a98 (39576 bytes), (pei core) Section 0: type 0x19, size 0x1c (28 bytes) (Raw section) Section 1: type 0x10, size 0x9a44 (39492 bytes) (PE32 image section) Section 2: type 0x15, size 0x14 (20 bytes) (User interface name section) Name: PeiCore Section 3: type 0x14, size 0xc (12 bytes) (Version section section) File 4: ffffffff-ffff-ffff-ffff-ffffffffffff type 0xf0, attr 0x00, state 0x07, size 0x68 (104 bytes), (ffs padding) [……]

23. demo.inspect! theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_injector.py --guid c57ad6b7-0515-40a8-219d-551652854e37 --injection ./evil.efi ./efi64.rom -o

    efi-trojaned.rom [#] Opening firmware as UEFI firmware volume. Parsing FV at index (volume). [#] Firmware objects parsed. [#] Injecting (replacing) FirmwareFile [#] Regenerating firmware children structures (from injection point). [#] Regeneration complete, child objects parsed. [#] Rebuilding complete firmware with injection. ffs size mismatch old=3715000 new=3115389 599611 [#] Rebuild complete, injection successful. Wrote: efi-trojaned.rom [#] Injected firmware written to efi-trojaned.rom. theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_parser.py ./efi64.rom Parsing FV at index (0x0). Firmware Volume: Firmware Volume Blocks: File 0: 1b45cc0a-156a-428a-62af-49864da0e6e6 Section 0: File 1: df1ccef6-f301-4a63-6196-fc6030dcc880 Section 0: Section 1: Name: SecMain Section 2: File 2: ffffffff-ffff-ffff-ffff-ffffffffffff File 3: 52c05b14-0b98-496c-3bbc-04b50211d680 Section 0: Section 1: Section 2: Name: PeiCore Section 3: File 4: ffffffff-ffff-ffff-ffff-ffffffffffff [……] Firmware FileSystem Tiano/EFI Padding Raw apriori file PeiCore SecMain Firmware Volumes { { { Raw UEFI PE32 Name str UEFI PE32 Name Str Raw

24. demo.inspect! theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_injector.py --guid c57ad6b7-0515-40a8-219d-551652854e37 --injection ./evil.efi ./efi64.rom -o

    efi-trojaned.rom [#] Opening firmware as UEFI firmware volume. Parsing FV at index (volume). [#] Firmware objects parsed. [#] Injecting (replacing) FirmwareFile [#] Regenerating firmware children structures (from injection point). [#] Regeneration complete, child objects parsed. [#] Rebuilding complete firmware with injection. ffs size mismatch old=3715000 new=3115389 599611 [#] Rebuild complete, injection successful. Wrote: efi-trojaned.rom [#] Injected firmware written to efi-trojaned.rom. theo@ubuntu:/mnt/hgfs/Buffers/uefi-research/samples/vmware$ python /mnt/hgfs/git/uefi-firmware-parser/scripts/fv_parser.py ./efi64.rom Parsing FV at index (0x0). Firmware Volume: Firmware Volume Blocks: File 0: 1b45cc0a-156a-428a-62af-49864da0e6e6 Section 0: File 1: df1ccef6-f301-4a63-6196-fc6030dcc880 Section 0: Section 1: Name: SecMain Section 2: File 2: ffffffff-ffff-ffff-ffff-ffffffffffff File 3: 52c05b14-0b98-496c-3bbc-04b50211d680 Section 0: Section 1: Section 2: Name: PeiCore Section 3: File 4: ffffffff-ffff-ffff-ffff-ffffffffffff [……] Inject into an update: !      $  python  fv_injector.py              -­‐-­‐guid  c57ad6b7-­‐0515-­‐40a8-­‐219d-­‐551652854e37              -­‐-­‐injection  ./evil.efi  ./efi64.rom  -­‐o  efi-­‐trojaned.rom

25. What’s in an update? There are tons of wacky code/data

    embedding examples { { { { Firmware Capsule/ Flash Descriptor Firmware Volumes Firmware FileSystem Tiano/EFI NTFS FAT Padding Raw Firmware File Firmware File Firmware File Encapsulation Firmware File Firmware File Firmware File Depex Exp UEFI PE MORE!?!?! MEbx iAMT Trojans PM Configs Microcode

26. What’s in an update? UEFI PE32 { [IMAGE_OPTIONAL_HEADER64] Magic: 0x20B

    MajorLinkerVersion: 0x8 MinorLinkerVersion: 0x0 SizeOfCode: 0x800 SizeOfInitializedData: 0xC200 SizeOfUninitializedData: 0x0 AddressOfEntryPoint: 0x1008 BaseOfCode: 0x1000 ImageBase: 0x1000000 SectionAlignment: 0x1000 FileAlignment: 0x200 […] SizeOfImage: 0xF000 SizeOfHeaders: 0x400 CheckSum: 0xFBAF Subsystem: 0xA DllCharacteristics: 0x0 […] LoaderFlags: 0x0 NumberOfRvaAndSizes: 0x10 [IMAGE_SECTION_HEADER] Name: .text Misc: 0x7EC Misc_PhysicalAddress: 0x7EC Misc_VirtualSize: 0x7EC VirtualAddress: 0x1000 SizeOfRawData: 0x800 PointerToRawData: 0x400 [IMAGE_SECTION_HEADER] Name: .data Misc: 0xBF80 Misc_PhysicalAddress: 0xBF80 Misc_VirtualSize: 0xBF80 VirtualAddress: 0x2000 SizeOfRawData: 0xC000 PointerToRawData: 0xC00 [IMAGE_SECTION_HEADER] Name: .reloc Misc: 0xC Misc_PhysicalAddress: 0xC Misc_VirtualSize: 0xC VirtualAddress: 0xE000 SizeOfRawData: 0x200 PointerToRawData: 0xCC00 [IMAGE_FILE_HEADER] Machine: 0x8664 NumberOfSections: 0x3 TimeDateStamp: 0x4B8B66BB [Mon Mar 1 07:03:23 2010 UTC] PointerToSymbolTable: 0x0 NumberOfSymbols: 0x0 SizeOfOptionalHeader: 0xF0 Characteristics: 0x2022 }

27. demo.inspect!, “lame…” There are plenty of tools that patch U/EFI

    and BIOS updates already, for legitimate purposes https://github.com/NikolajSchlej/PMPatch https://github.com/untermensch/Injector https://github.com/waweber/slicloader https://github.com/NikolajSchlej/UEFITool Hackintosh Pirating Now we have a flexible tool that accomplishes! predefined goals with pervasiveness

28. Overview::reverse() Obtain all the UEFIs Identify vendor- specific implementations Reverse

    ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks

29. Protection Domains 3: Userland 0: Kernel -2: SMM -3: ME

    Computer Science defines protection domains as rings where the outer rings imply less privilege Mockingly, researchers and hackers define low-level environments as negative rings as they allow higher privilege Scariness = (ring) × -1

30. Protection Domains Traditional and practical cyber defense applied here Network

    Applications Middleware Security 3: Userland 0: Kernel -2: SMM -3: ME Scariness = (ring) × -1

31. #define Subzero 3: Userland 0: Kernel -2: SMM -3: ME

    Scariness = (ring) × -1 “Sub” zero rings are the highest privilege

32. #define Subzero And Subzero is a scary dude Image ©

    1992, 2009 Midway Games

33. Subzero Attack Surface typedef struct { EFI_GUID OemGuid; UINT32 HeaderSize;

    // // UINT8 OemHdrData[]; // } EFI_CAPSULE_OEM_HEADER; ! typedef struct { EFI_GUID CapsuleGuid; UINT32 HeaderSize; UINT32 Flags; UINT32 CapsuleImageSize; UINT32 SequenceNumber; EFI_GUID InstanceId; UINT32 OffsetToSplitInformation; UINT32 OffsetToCapsuleBody; UINT32 OffsetToOemDefinedHeader; UINT32 OffsetToAuthorInformation; UINT32 OffsetToRevisionInformation; UINT32 OffsetToShortDescription; UINT32 OffsetToLongDescription; UINT32 OffsetToApplicableDevices; } FRAMEWORK_EFI_CAPSULE_HEADER; OEM provided, unsigned data

34. Subzero Attack Surface ISV/OEM provided tools, GUIs, “features” Useless UEFI

    “games” FTP file browsing SATA/NTFS browsing Within-UEFI non-TLS updates Image parsing (within GUIs) Memory-sensitive APIs OS/User-controlled NVRAM Other network services: UPnP, DHCP, SMB

35. Subzero Attack Surface Misunderstood (by implementers) SecureBoot variables PeiSecurityPpi  

    __ImageVerificationLib   ! Samsung UEFI bug SecureBootEnable bit SETUP_MODE bit SPI flash write bits

36. Update Analysis #! FORK ME https://github.com/theopolis/subzero Consumes the output JSON

    from uefi-spider Web-based UI for browsing, inspecting firmware objects Vulnerability hunting platform powered by statistics Several offline Map/Reduce scripts

37. Overview::analyze() Obtain all the UEFIs Identify vendor- specific implementations Reverse

    ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks

38. Subzero Security Patching “1-days from Hell… get it?” 141c142,144 <

    if ( sub_FFC40CE8(0x60u) != -1 || sub_FFC40CE8(0x64u) != -1 ) --- > sub_FFC40D21(0xCF8u, 0x8000F8DC); > sub_FFC40D0F(0xCFCu, 2u); > if ( sub_FFC40D08(0x60u) != -1 || sub_FFC40D08(0x64u) != -1 ) [update, product, and vendor not shown] “Hell… subzero… hahaha!”

39. Subzero Security Patching “1-days from Hell… get it?” Comparing EIP

    disassembly is tedious Updates are mostly roll-ups and feature/bug fixes Registers and EFI variable locations are unique [update, product, and vendor not shown] 141c142,144 < if ( sub_FFC40CE8(0x60u) != -1 || sub_FFC40CE8(0x64u) != -1 ) --- > sub_FFC40D21(0xCF8u, 0x8000F8DC); > sub_FFC40D0F(0xCFCu, 2u); > if ( sub_FFC40D08(0x60u) != -1 || sub_FFC40D08(0x64u) != -1 )

40. Subzero Vulnerability Hunting Memory-manipulation UEFI protocol APIs Trusted Computing and

    secure boot GUIDs Implementation-varied Tiano deviations Variances in updated products Lagged reference implementation rollups Small deltas in update times Updates correlated with security announces Patch notes or criticality labels

41. Subzero Vulnerability Hunting Memory-manipulation! UEFI protocol APIs Trusted Computing and

    secure boot GUIDs Implementation-varied Tiano deviations Variances in updated products Lagged reference implementation rollups Small deltas in ! update times Updates correlated ! with security announces Patch notes or ! criticality labels

42. Subzero Vulnerability Hunting Memory-manipulation! UEFI protocol APIs From the UEFI

    Pre-EFI Core Interface Specification: CopyMem() AllocatePool() AllocatePages() SetMem() typedef     VOID     (EFIAPI  *EFI_PEI_COPY_MEM)  (              IN  VOID  *Destination,              IN  VOID  *Source,              IN  UINTN  Length     );    

43. Subzero Vulnerability Hunting Memory-manipulation! UEFI protocol APIs ~/git/edk2$  grep  -­‐rn

     “CopyMem  (“  .  |  wc  -­‐l   3454 Disassembly for PEI API “Services” lookup and usage as pseudo-FLIRT signatures Elasticsearch + Disassembly = CopyMem changes

44. Subzero Vulnerability Hunting Small deltas in ! update times !

    Dell VNHYR 5s Dell FKWXJ 9s Dell GT9WH 2286s Dell V76CK 10250s Dell 9XPHF 10260s Dell 8CKTP 10688s Dell VHW00 19980s Dell 0MHFX 31003s Dell V49WK 52593s Dell 747D9 57284s MSI 7851v14 86400s HP cp_125425_1 86400s HP cp_102216_1 86400s HP cp_121648_1 86400s MSI 7760v13 172800s MSI 7673v15 172800s MSI 7676vA2 172800s MSI 7681v14 172800s MSI 7846v15 259200s MSI 7673v1D 1 bytes MSI 7673v1E 3 bytes MSI 7759v18 3 bytes MSI 7680v14 465 bytes MSI 7750v31 484 bytes MSI 7676vA2 538 bytes MSI 7751vHA 671 bytes MSI 7788v13 841 bytes MSI 7681vM8 2159 bytes MSI 7681vN6 2159 bytes Dell V89FN 2924 bytes Dell FMGCM 4122 bytes Dell 1RJW0 4122 bytes Dell 6DF38 5870 bytes Dell KCXX0 13787 bytes Dell W8N5N 19927 bytes Dell PKPRV 124304 bytes Dell JX37K 212383 bytes Dell VNHYR 247310 bytes Dell 2GNVV 322353 bytes

45. Subzero Vulnerability Hunting Updates correlated ! with security announces

46. Subzero Vulnerability Hunting Updates correlated ! with security announces

47. Subzero Vulnerability Hunting Updates correlated ! with security announces

48. Subzero Vulnerability Hunting Updates correlated ! with security announces

49. Subzero Vulnerability Hunting Patch notes or ! criticality labels

50. Subzero Vulnerability Hunting Patch notes or ! criticality labels

51. Subzero Vulnerability Hunting Patch notes or ! criticality labels Fixes

    - Not Applicable. Enhancements - Updated thermal table. - Updated Intel CPU micro code. - Enhanced BIOS Security. - Supported Graphic card M6100.

52. Subzero Vulnerability Hunting Patch notes or ! criticality labels

53. Overview::analyze!() Obtain all the UEFIs Identify vendor- specific implementations Reverse

    ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks

54. Most-used EFI Application

55. Most-used EFI Application

56. Download PE32 & RE

57. autochk_dropper

58. rpcnetp_dropper autochk.exe is running as a Windowsnative mode process (post-kernel)

    linked to ntdll.dll Before the Win32 subsystem no signing, no obfuscation

59. Dropper Chain (UEFI) DXE Computrace Driver (UEFI) DXE dmidbg64 Application

    (UEFI) DXE (unpacked) autochk.exe Patcher (WinNative) weaponized autochk.exe (Win32) Backdoor RAT rpcnetp.exe Network C&C Fun… Full Computrace (UEFI) PEI SMM Computrace Driver

60. Dropper Chain (UEFI) DXE Computrace Driver (UEFI) DXE dmidbg64 Application

    (UEFI) DXE (unpacked) autochk.exe Patcher (WinNative) weaponized autochk.exe (Win32) Backdoor RAT rpcnetp.exe Network C&C Fun… Full Computrace (UEFI) PEI SMM Computrace Driver

61. Hijacking Dropper (UEFI) DXE Computrace Driver (UEFI) DXE dmidbg64 Application

    (UEFI) DXE (unpacked) autochk.exe Patcher (WinNative) weaponized autochk.exe (Win32) Backdoor RAT rpcnetp.exe Network C&C Fun… Full Computrace (UEFI) PEI SMM Computrace Driver

62. Hijacking Dropper (UEFI) DXE Computrace Driver (UEFI) DXE dmidbg64 Application

    (UEFI) DXE (unpacked) autochk.exe Patcher (WinNative) weaponized autochk.exe (Win32) Backdoor RAT rpcnetp.exe Network C&C Fun… Full Computrace (UEFI) PEI SMM Computrace Driver

63. Trivial Computrace Takeover

64. Trivial Computrace Takeover

65. Trivial Computrace Takeover

66. Trivial Computrace Takeover

67. Trivial Computrace Takeover

68. Subzero Pentesting WMIC/Powershell to profile platform & BIOS version Database

    of all updates, match target system’s Inject selected payload as DXE driver and flash Post Exploitation / Subzero Persistance

69. Subzero Pentesting Firmware signing and Secure Boot prevent this hijacking

    or any other trivial root kit injection But how many systems are signing by default?

70. Overview::_winning() Obtain all the UEFIs Identify vendor- specific implementations Reverse

    ia32/ x86/am64 UEFI assembly Extract non- signed code portions Inject and modify UEFI code Identify non- signed products Pinpoint potential 1-day vulnerabilities Isolate security related UEFI code changes Inject POST exploit RAT Integrate pentesting frameworks

71. demo.__exit() <Insert MSF session as Windows boots>

72. demo._details() 17.5 Kb payload binary Installed as a Windows 7/8

    service with various dependencies Todo: inject larger payloads while maintaining UEFI volumes, files, and capsule integrity Todo: verify product adherence to Secure boot UEFI variables and FileSystemSection attributes

73. Thanks! Questions!? https://github.com/theopolis/subzero https://github.com/theopolis/uefi-spider https://github.com/theopolis/uefi-firmware-parser