DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...

More documents

Recommendations

Info

PERSISTENCEFIRMWARE FLASH‣ Manipulating firmware‣ We can add/replace a driver in the volume‣ Re-flash it from the OS with flashrom‣ Problems‣ Apple’s boot ROM (pre-EFI) checks FV signature!‣ (Allegedly - this would explain my bricked test machine)‣ Might not be as easy as with commodity hardware‣ Newer machines use WP flag on flash‣ Need to flash from early EFI stages‣ See Invisible Things Lab - “Attacking Intel BIOS”De Mysteriis Dom Jobsivs - Black Hat USA2012
PERSISTENCEFIRMWARE FLASHOOPSDe Mysteriis Dom Jobsivs - Black Hat USA2012
Page 1 and 2: DE MYSTERIIS DOM JOBSIVS:MAC EFI RO
Page 3 and 4: AGENDA‣ Things I will talk aboutI
Page 5 and 6: INTRODUCTIONI WANT A COOL BOOT SCRE
Page 8 and 9: II. EFI FUNDAMENTALSDe Mysteriis Do
Page 10 and 11: EFI ARCHITECTUREPUTTING THE “SUCK
Page 12 and 13: EFI ARCHITECTURE‣ Tables - pointe
Page 14 and 15: EFI ARCHITECTURE‣ Some telling ex
Page 16 and 17: III. DOING BAD THINGS WITHEFIDe Mys
Page 18 and 19: DOING BAD THINGS WITH EFIATTACKING
Page 24 and 25: ATTACKING THE KERNEL‣ Patch the k
Page 26 and 27: ATTACKING THE KERNELStart of kernel
Page 28 and 29: ATTACKING THE KERNELPATCHING THE KE
Page 31 and 32: ATTACKING THE KERNEL‣ What’s ou
Page 33 and 34: ATTACKING THE KERNEL‣ Preparing o
Page 35 and 36: ATTACKING THE KERNELOTHER HALF-ASSE
Page 37 and 38: ‣ In ascending order of awesome
Page 39 and 40: PERSISTENCEEFI SYSTEM PARTITION‣
Page 41 and 42: PERSISTENCEPCI DEVICE EXPANSION ROM
Page 43 and 44: PERSISTENCEFIRMWARE FLASH‣ Apple
Page 48 and 49: V. EVIL MAID ATTACKSDe Mysteriis Do
Page 50 and 51: EVIL MAID ATTACKSWHAT CAN WE DO WIT
Page 52 and 53: EVIL MAID ATTACKSIT’S MY JOB TO K
Page 54 and 55: EVIL MAID ATTACKSTHUNDERBOLT TO GIG
Page 56 and 57: DEMO‣ Evil maid using USB‣ Boot
Page 58 and 59: DEMODe Mysteriis Dom Jobsivs - Blac
Page 60 and 61: IN CASE MY DEMO BROKEHERE’S SOME
Page 62 and 63: DEFENCEEFI FIRMWARE PASSWORD?‣ Ha
Page 64 and 65: DEFENCEUEFI SECURE BOOT‣ Issues
Page 66 and 67: REFERENCES‣ UEFI Spec‣ http://w

DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?