Skip to main content
SpringerLink
Log in

On Way to Simplify the Reverse Engineering of UEFI Firmwares

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1132))

Included in the following conference series:

  • 1116 Accesses

Abstract

In this paper authors introduce an algorithm to simplification of UEFI firmware reverse engineering via limiting the amount of code examined on Intel-based systems, which is based on proprietary UEFI protocols searching. The provided implementation of the algorithm is tested on few platforms that are Gigabyte BRIX, Razer Blade Stealth and Intel NUC based on 7th Generation Intel(R) Processor Families. As a result, UEFI modules that contain references to proprietary protocols were defined.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wojtczuk, W., Tereshkin, A.: Attacking Intel BIOS. https://www.blackhat.com/presentations/bh-usa-09/WOJTCZUK/BHUSA09-Wojtczuk-AtkIntelBios-SLIDES.pdf. Accessed 20 July 2019

  2. Duflot, L., Etiemble, D., Grumelard, O.: Using CPU system management mode to circumvent operating system security functions. https://pdfs.semanticscholar.org/62be/ba49b7a9eb50c0a860547cceb2863e994aa2.pdf. Accessed 20 July 2019

  3. System Management Mode Hack: Using SMM for Other Purposes. http://phrack.org/issues/65/7.html. Accessed 20 July 2019

  4. Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM Reloaded. https://cansecwest.com/csw09/csw09-duflot.pdf. Accessed 20 July 2019

  5. Lin, P.: Hacking team uses UEFI BIOS Rootkit to Keep RCS 9 agent in target systems. https://blog.trendmicro.com/trendlabs-securityintelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9agent-in-target-systems. Accessed 20 July 2019

  6. Matrosov, A., Rodionov, E.: UEFI firmware rootkits: myths and reality. https://www.blackhat.com/docs/asia17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-AndReality.pdf. Accessed 20 July 2019

  7. Goryachy, M., Ermolov, M.: Where there’s a JTAG, there’s a way: obtaining full system access via USB. https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf. Accessed 20 July 2019

  8. Loucaides, J., Bulygin, Y.: Platform security assessment with CHIPSEC. https://cansecwest.com/slides/2014/PlatformFirmwareSecurityAssessmentwCHIPSEC-csw14-final.pdf. Accessed 20 July 2019

  9. UEFI Specification Version 2.7. http://www.uefi.org/sites/default/files/resources/UEFISpec2_7_ASept6.pdf. Accessed 20 July 2019

  10. UEFI firmware analyser tool. https://github.com/yeggor/UEFI_RETool. Accessed 20 July 2019

Download references

Author information

Authors and Affiliations

  1. National Research Nuclear University MEPhI, Kashirskoe Sh. 31, 115409, Moscow, Russia

    Philip Lebedev, Konstantin Kogos & Egor Vasilenko

Authors
  1. Philip Lebedev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantin Kogos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Egor Vasilenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantin Kogos .

Editor information

Editors and Affiliations

  1. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Universiti Sains Malaysia, Penang, Malaysia

    Nibras Abdullah

  3. Universiti Sains Malaysia, George Town, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lebedev, P., Kogos, K., Vasilenko, E. (2020). On Way to Simplify the Reverse Engineering of UEFI Firmwares. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-2693-0_16

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-2692-3

  • Online ISBN: 978-981-15-2693-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation