Abstract
In this paper authors introduce an algorithm to simplification of UEFI firmware reverse engineering via limiting the amount of code examined on Intel-based systems, which is based on proprietary UEFI protocols searching. The provided implementation of the algorithm is tested on few platforms that are Gigabyte BRIX, Razer Blade Stealth and Intel NUC based on 7th Generation Intel(R) Processor Families. As a result, UEFI modules that contain references to proprietary protocols were defined.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wojtczuk, W., Tereshkin, A.: Attacking Intel BIOS. https://www.blackhat.com/presentations/bh-usa-09/WOJTCZUK/BHUSA09-Wojtczuk-AtkIntelBios-SLIDES.pdf. Accessed 20 July 2019
Duflot, L., Etiemble, D., Grumelard, O.: Using CPU system management mode to circumvent operating system security functions. https://pdfs.semanticscholar.org/62be/ba49b7a9eb50c0a860547cceb2863e994aa2.pdf. Accessed 20 July 2019
System Management Mode Hack: Using SMM for Other Purposes. http://phrack.org/issues/65/7.html. Accessed 20 July 2019
Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM Reloaded. https://cansecwest.com/csw09/csw09-duflot.pdf. Accessed 20 July 2019
Lin, P.: Hacking team uses UEFI BIOS Rootkit to Keep RCS 9 agent in target systems. https://blog.trendmicro.com/trendlabs-securityintelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9agent-in-target-systems. Accessed 20 July 2019
Matrosov, A., Rodionov, E.: UEFI firmware rootkits: myths and reality. https://www.blackhat.com/docs/asia17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-AndReality.pdf. Accessed 20 July 2019
Goryachy, M., Ermolov, M.: Where there’s a JTAG, there’s a way: obtaining full system access via USB. https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf. Accessed 20 July 2019
Loucaides, J., Bulygin, Y.: Platform security assessment with CHIPSEC. https://cansecwest.com/slides/2014/PlatformFirmwareSecurityAssessmentwCHIPSEC-csw14-final.pdf. Accessed 20 July 2019
UEFI Specification Version 2.7. http://www.uefi.org/sites/default/files/resources/UEFISpec2_7_ASept6.pdf. Accessed 20 July 2019
UEFI firmware analyser tool. https://github.com/yeggor/UEFI_RETool. Accessed 20 July 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lebedev, P., Kogos, K., Vasilenko, E. (2020). On Way to Simplify the Reverse Engineering of UEFI Firmwares. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_16
Download citation
DOI: https://doi.org/10.1007/978-981-15-2693-0_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2692-3
Online ISBN: 978-981-15-2693-0
eBook Packages: Computer ScienceComputer Science (R0)